Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
VM::EC2::Security::TokUser)Contributed Perl DocumenVM::EC2::Security::Token(3)

       VM::EC2::Security::Token	- Temporary security token object

	use VM::EC2;
	use VM::EC2::Security::Policy

	# under	your account
	$ec2 = VM::EC2->new(...);  # as	usual
	my $policy = VM::EC2::Security::Policy->new;
	my $token = $ec2->get_federation_token(-name	 => 'TemporaryUser',
					       -duration => 60*60*3, # 3 hrs, as seconds
					       -policy	 => $policy);
	print $token->sessionToken,"\n";
	print $token->accessKeyId,"\n";
	print $token->secretAccessKey,"\n";
	print $token->federatedUser,"\n";

	my $serialized = $token->credentials->serialize;

	# get the serialized token to the temporary user

	# under	the temporary user's account
	my $serialized = get_data_somehow();

	# create a copy	of the token from its serialized form
	my $token = VM::EC2::Security::Credentials->new_from_serialized($serialized);

	# open a new EC2 connection with this token. User will be
	# able to run all the methods specified	in the policy.
	my $ec2	  = VM::EC2->new(-security_token => $token);
	print $ec2->describe_images(-owner=>'self');

	# convenience routine; will return a VM::EC2 object authorized
	# to use the current token
	my $ec2	  = $token->new_ec2;
	print $ec2->describe_images(-owner=>'self');

       VM::EC2::Security::Token	objects	allow you to grant a user access to
       some or all of your EC2 resources for a limited period of time. The
       user does not have to have his own AWS account.

       Token objects are returned by calls to VM::EC2->get_federation_token()
       and get_session_token().	The former call	is used	to create a temporary
       user with privileges restricted to those	listed in the accompanying
       policy (a VM::EC2::Security::Policy object). The	latter call is used in
       conjunction with	multi-factor authentication devices, such as smart
       cards. The tokens returned by get_session_token() are not associated
       with a user account nor a policy, and grant privileges to all EC2
       actions and resources. Both federation and session tokens have an
       expiry time between a few seconds and 36	hours.

       A VM::EC2::Security::Credentials	object contained within	the token
       contains	the temporary secret access key, acess key ID, and a session
       token string that unlocks the access key. The credentials object	can be
       serialized into a form suitable for sending to a	user via a secure
       channel,	such as	SSL or S/MIME e-mail, and unserialized at the
       receiving end into a copy of the	original credentials object.

       Either the token	object,	or its contained credentials object can	be
       used passed to VM::EC2->new() via the -security_token parameter in
       order to	gain access to EC2 resources.

	credentials()	  -- The VM::EC2::Security::Credentials	object
			       that contains the session token,	access key ID,
			       and secret key.

	federatedUser()	 -- the	VM::EC2::Security::FederatedUser object	that
			       contains	information about the temporary	user

	packedPolicySize() -- A	percentage value indicating the	size of	the policy in
				packed form relative to	the maximum allowed size.
				Policies in excess of 100% will	be rejected by the

	secret_access_key()-- Convenience method that calls the	credentials object's
			       secret_access_key() method.

	access_key_id()	--    Convenience method that calls the	credentials object's
			       access_key_id() method.

	session_token()	--    Convenience method that calls the	credentials object's
			       session_token() method.

	new_ec2(@args)	--    Convenience method that returns a	VM::EC2	object authorized
			       with the	current	token. You may pass any	of the arguments
			       accepted	by VM::EC2->new(), except that -access_key and
			       -secret_key will	be ignored if present.

       When used in a string context, this object will interpolate as the
       session token, and can be used for the -security_token parameter	in

       VM::EC2 VM::EC2::Generic	VM::EC2::Security::Credentials

       Lincoln Stein <>.

       Copyright (c) 2011 Ontario Institute for	Cancer Research

       This package and	its accompanying libraries is free software; you can
       redistribute it and/or modify it	under the terms	of the GPL (either
       version 1, or at	your option, any later version)	or the Artistic
       License 2.0.  Refer to LICENSE for the full license text. In addition,
       please see DISCLAIMER.txt for disclaimers of warranty.

perl v5.32.0			  2020-08-23	   VM::EC2::Security::Token(3)


Want to link to this manual page? Use this URL:

home | help