Sample code for 30+ languages & platforms
Pascal (Lazarus/Delphi)

AWS Security Token Service (STS) AssumeRole

See more AWS Security Token Service Examples

Returns a set of temporary security credentials that you can use to access AWS resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access.

Chilkat Pascal (Lazarus/Delphi) Downloads

Pascal (Lazarus/Delphi)
program ChilkatDemo;

// Demonstrates using the Chilkat Pascal wrapper via the C bridge DLL.
// Builds as a console application under Lazarus (FPC) or Delphi.

{$IFDEF FPC}
  {$MODE DELPHI}
{$ENDIF}
{$APPTYPE CONSOLE}

uses
  {$IFDEF UNIX}
  cthreads,
  {$ENDIF}
  SysUtils,
  CkDllLoader,
  Chilkat.AuthAws,
  Chilkat.Rest,
  Chilkat.Xml;

// ---------------------------------------------------------------------------

procedure RunDemo;
var
  success: Boolean;
  rest: TRest;
  bTls: Boolean;
  port: Integer;
  bAutoReconnect: Boolean;
  authAws: TAuthAws;
  responseXml: string;
  xml: TXml;
  AssumeRoleResponse_xmlns: string;
  SourceIdentity: string;
  Arn: string;
  AssumedRoleId: string;
  AccessKeyId: string;
  SecretAccessKey: string;
  SessionToken: string;
  Expiration: string;
  PackedPolicySize: Integer;
  RequestId: string;

begin
  success := False;

  //  This example requires the Chilkat API to have been previously unlocked.
  //  See Global Unlock Sample for sample code.

  rest := TRest.Create;

  //  Connect to the Amazon AWS REST server.
  //  such as https://sts.us-west-2.amazonaws.com/
  bTls := True;
  port := 443;
  bAutoReconnect := True;
  success := rest.Connect('sts.us-west-2.amazonaws.com',port,bTls,bAutoReconnect);

  //  Provide AWS credentials for the REST call.
  authAws := TAuthAws.Create;
  authAws.AccessKey := 'AWS_ACCESS_KEY';
  authAws.SecretKey := 'AWS_SECRET_KEY';
  //  the region should match our URL above..
  //  See https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
  authAws.Region := 'us-west-2';
  authAws.ServiceName := 'sts';

  rest.SetAuthAws(authAws);

  //  Sample Request
  //  https://sts.amazonaws.com/
  //  ?Version=2011-06-15
  //  &Action=AssumeRole
  //  &RoleSessionName=testAR
  //  &RoleArn=arn:aws:iam::123456789012:role/demo
  //  &PolicyArns.member.1.arn=arn:aws:iam::123456789012:policy/demopolicy1
  //  &PolicyArns.member.2.arn=arn:aws:iam::123456789012:policy/demopolicy2
  //  &Policy={"Version":"2012-10-17","Statement":[{"Sid":"Stmt1",
  //  "Effect":"Allow","Action":"s3:*","Resource":"*"}]}
  //  &DurationSeconds=3600
  //  &Tags.member.1.Key=Project
  //  &Tags.member.1.Value=Pegasus
  //  &Tags.member.2.Key=Team
  //  &Tags.member.2.Value=Engineering
  //  &Tags.member.3.Key=Cost-Center
  //  &Tags.member.3.Value=12345
  //  &TransitiveTagKeys.member.1=Project
  //  &TransitiveTagKeys.member.2=Cost-Center
  //  &ExternalId=123ABC
  //  &SourceIdentity=Alice
  //  &AUTHPARAMS

  rest.AddQueryParam('Version','2011-06-15');
  rest.AddQueryParam('Action','AssumeRole');
  rest.AddQueryParam('DurationSeconds','3600');

  rest.AddQueryParam('RoleSessionName','testAR');
  rest.AddQueryParam('RoleArn','arn:aws:iam::123456789012:role/demo');
  rest.AddQueryParam('PolicyArns.member.1.arn','arn:aws:iam::123456789012:policy/demopolicy1');
  rest.AddQueryParam('PolicyArns.member.2.arn','arn:aws:iam::123456789012:policy/demopolicy2');
  rest.AddQueryParam('Policy','{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:*","Resource":"*"}]}');
  rest.AddQueryParam('Tags.member.1.Key','Project');
  rest.AddQueryParam('Tags.member.1.Value','Pegasus');
  rest.AddQueryParam('Tags.member.2.Key','Team');
  rest.AddQueryParam('Tags.member.2.Value','Engineering');
  rest.AddQueryParam('Tags.member.3.Key','Cost-Center');
  rest.AddQueryParam('Tags.member.3.Value','12345');
  rest.AddQueryParam('TransitiveTagKeys.member.1','Project');
  rest.AddQueryParam('TransitiveTagKeys.member.2','Cost-Center');
  rest.AddQueryParam('ExternalId','123ABC');
  rest.AddQueryParam('SourceIdentity','Alice');

  responseXml := rest.FullRequestNoBody('GET','/');
  if (rest.LastMethodSuccess <> True) then
    begin
      WriteLn(rest.LastErrorText);
      Exit;
    end;

  //  A successful response will have a status code equal to 200.
  if (rest.ResponseStatusCode <> 200) then
    begin
      WriteLn('response status code = ' + rest.ResponseStatusCode);
      WriteLn('response status text = ' + rest.ResponseStatusText);
      WriteLn('response header: ' + rest.ResponseHeader);
      WriteLn('response body: ' + responseXml);
      Exit;
    end;

  //  Examine the successful XML response (shown below)
  xml := TXml.Create;
  xml.LoadXml(responseXml);
  WriteLn(xml.GetXml());

  //  Sample response:

  //  <AssumeRoleResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
  //    <AssumeRoleResult>
  //    <SourceIdentity>Alice</SourceIdentity>
  //      <AssumedRoleUser>
  //        <Arn>arn:aws:sts::123456789012:assumed-role/demo/TestAR</Arn>
  //        <AssumedRoleId>ARO123EXAMPLE123:TestAR</AssumedRoleId>
  //      </AssumedRoleUser>
  //      <Credentials>
  //        <AccessKeyId>ASIAIOSFODNN7EXAMPLE</AccessKeyId>
  //        <SecretAccessKey>wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY</SecretAccessKey>
  //        <SessionToken>
  //         AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQW
  //         LWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGd
  //         QrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU
  //         9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz
  //         +scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==
  //        </SessionToken>
  //        <Expiration>2019-11-09T13:34:41Z</Expiration>
  //      </Credentials>
  //      <PackedPolicySize>6</PackedPolicySize>
  //    </AssumeRoleResult>
  //    <ResponseMetadata>
  //      <RequestId>c6104cbe-af31-11e0-8154-cbc7ccf896c7</RequestId>
  //    </ResponseMetadata>
  //  </AssumeRoleResponse>

  //  Sample parse code:

  AssumeRoleResponse_xmlns := xml.GetAttrValue('xmlns');
  SourceIdentity := xml.GetChildContent('AssumeRoleResult|SourceIdentity');
  Arn := xml.GetChildContent('AssumeRoleResult|AssumedRoleUser|Arn');
  AssumedRoleId := xml.GetChildContent('AssumeRoleResult|AssumedRoleUser|AssumedRoleId');
  AccessKeyId := xml.GetChildContent('AssumeRoleResult|Credentials|AccessKeyId');
  SecretAccessKey := xml.GetChildContent('AssumeRoleResult|Credentials|SecretAccessKey');
  SessionToken := xml.GetChildContent('AssumeRoleResult|Credentials|SessionToken');
  Expiration := xml.GetChildContent('AssumeRoleResult|Credentials|Expiration');
  PackedPolicySize := xml.GetChildIntValue('AssumeRoleResult|PackedPolicySize');
  RequestId := xml.GetChildContent('ResponseMetadata|RequestId');

  //  Save the session token XML to a file for use by another Chilkat example..
  success := xml.SaveXml('qa_data/tokens/aws_session_token.xml');


  rest.Free;
  authAws.Free;
  xml.Free;

end;

// ---------------------------------------------------------------------------

begin

  try
    RunDemo;
  except
    on E: Exception do
      WriteLn('Unhandled exception: ', E.ClassName, ': ', E.Message);
  end;

  WriteLn;
  {$IFDEF MSWINDOWS}
  WriteLn('Press Enter to exit...');
  ReadLn;
  {$ENDIF}
end.