documenting the new aws/sts endpoint
This commit is contained in:
parent
f251b13aaa
commit
0b5e35c8cd
|
@ -84,6 +84,7 @@ lease_id aws/creds/deploy/7cb8df71-782f-3de1-79dd-251778e49f58
|
||||||
lease_duration 3600
|
lease_duration 3600
|
||||||
access_key AKIAIOMYUTSLGJOGLHTQ
|
access_key AKIAIOMYUTSLGJOGLHTQ
|
||||||
secret_key BK9++oBABaBvRKcT5KEF69xQGcH7ZpPRF3oqVEv7
|
secret_key BK9++oBABaBvRKcT5KEF69xQGcH7ZpPRF3oqVEv7
|
||||||
|
security_token <nil>
|
||||||
```
|
```
|
||||||
|
|
||||||
If you run the command again, you will get a new set of credentials:
|
If you run the command again, you will get a new set of credentials:
|
||||||
|
@ -95,8 +96,23 @@ lease_id aws/creds/deploy/82d89562-ff19-382e-6be9-cb45c8f6a42d
|
||||||
lease_duration 3600
|
lease_duration 3600
|
||||||
access_key AKIAJZ5YRPHFH3QHRRRQ
|
access_key AKIAJZ5YRPHFH3QHRRRQ
|
||||||
secret_key vS61xxXgwwX/V4qZMUv8O8wd2RLqngXz6WmN04uW
|
secret_key vS61xxXgwwX/V4qZMUv8O8wd2RLqngXz6WmN04uW
|
||||||
|
security_token <nil>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
If you want keys with an STS token use the 'sts' endpoint instead of 'creds.'
|
||||||
|
|
||||||
|
```text
|
||||||
|
$vault read aws/sts/deploy
|
||||||
|
Key Value
|
||||||
|
lease_id aws/sts/deploy/31d771a6-fb39-f46b-fdc5-945109106422
|
||||||
|
lease_duration 3600
|
||||||
|
lease_renewable true
|
||||||
|
access_key ASIAJYYYY2AA5K4WIXXX
|
||||||
|
secret_key HSs0DYYYYYY9W81DXtI0K7X84H+OVZXK5BXXXX
|
||||||
|
security_token AQoDYXdzEEwasAKwQyZUtZaCjVNDiXXXXXXXXgUgBBVUUbSyujLjsw6jYzboOQ89vUVIehUw/9MreAifXFmfdbjTr3g6zc0me9M+dB95DyhetFItX5QThw0lEsVQWSiIeIotGmg7mjT1//e7CJc4LpxbW707loFX1TYD1ilNnblEsIBKGlRNXZ+QJdguY4VkzXxv2urxIH0Sl14xtqsRPboV7eYruSEZlAuP3FLmqFbmA0AFPCT37cLf/vUHinSbvw49C4c9WQLH7CeFPhDub7/rub/QU/lCjjJ43IqIRo9jYgcEvvdRkQSt70zO8moGCc7pFvmL7XGhISegQpEzudErTE/PdhjlGpAKGR3d5qKrHpPYK/k480wk1Ai/t1dTa/8/3jUYTUeIkaJpNBnupQt7qoaXXXXXXXXXX
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
If you get an error message similar to either of the following, the root credentials that you wrote to `aws/config/root` have insufficient privilege:
|
If you get an error message similar to either of the following, the root credentials that you wrote to `aws/config/root` have insufficient privilege:
|
||||||
|
|
||||||
```text
|
```text
|
||||||
|
@ -152,6 +168,10 @@ Amazon services. If you are planning on using these credential in a pipeline,
|
||||||
you may need to add a delay of 5-10 seconds (or more) after fetching
|
you may need to add a delay of 5-10 seconds (or more) after fetching
|
||||||
credentials before they can be used successfully.
|
credentials before they can be used successfully.
|
||||||
|
|
||||||
|
If you want to be able to use credentials without the wait, consider using the STS
|
||||||
|
method of fetching keys. IAM credentials supported by an STS token are available for use
|
||||||
|
as soon as they are generated.
|
||||||
|
|
||||||
## API
|
## API
|
||||||
|
|
||||||
### /aws/config/root
|
### /aws/config/root
|
||||||
|
@ -355,10 +375,47 @@ credentials before they can be used successfully.
|
||||||
{
|
{
|
||||||
"data": {
|
"data": {
|
||||||
"access_key": "...",
|
"access_key": "...",
|
||||||
"secret_key": "..."
|
"secret_key": "...",
|
||||||
|
"secret_token": null
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
</dd>
|
</dd>
|
||||||
</dl>
|
</dl>
|
||||||
|
|
||||||
|
|
||||||
|
### /aws/sts/
|
||||||
|
#### GET
|
||||||
|
|
||||||
|
<dl class="api">
|
||||||
|
<dt>Description</dt>
|
||||||
|
<dd>
|
||||||
|
Generates a dynamic IAM credential with an STS token based on the named role.
|
||||||
|
</dd>
|
||||||
|
|
||||||
|
<dt>Method</dt>
|
||||||
|
<dd>GET</dd>
|
||||||
|
|
||||||
|
<dt>URL</dt>
|
||||||
|
<dd>`/aws/sts/<name>`</dd>
|
||||||
|
|
||||||
|
<dt>Parameters</dt>
|
||||||
|
<dd>
|
||||||
|
None
|
||||||
|
</dd>
|
||||||
|
|
||||||
|
<dt>Returns</dt>
|
||||||
|
<dd>
|
||||||
|
|
||||||
|
```javascript
|
||||||
|
{
|
||||||
|
"data": {
|
||||||
|
"access_key": "...",
|
||||||
|
"secret_key": "...",
|
||||||
|
"secret_token": "..."
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
</dd>
|
||||||
|
</dl>
|
||||||
|
|
Loading…
Reference in New Issue