AwsIamAuthentication (Spring Vault 2.1.1.RELEASE API)

Skip navigation links

Spring Vault

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- org.springframework.vault.authentication.AwsIamAuthentication

All Implemented Interfaces:

ClientAuthentication
```
public class AwsIamAuthentication
extends Object
implements ClientAuthentication
```
AWS IAM authentication using signed HTTP requests to query the current identity.
AWS IAM authentication creates a signed HTTP request that is executed by Vault to get the identity of the signer using AWS STS GetCallerIdentity. A signature requires AWSCredentials to calculate the signature.
This authentication requires AWS' Java SDK to sign request parameters and calculate the signature key. Using an appropriate AWSCredentialsProvider allows authentication within AWS-EC2 instances with an assigned profile, within ECS and Lambda instances.

Since:

1.1

Author:

Mark Paluch

See Also:

AwsIamAuthenticationOptions, AWSCredentialsProvider, RestOperations, Auth Backend: aws (IAM), AWS: GetCallerIdentity

Constructor Summary

Constructors
Constructor and Description
`AwsIamAuthentication(AwsIamAuthenticationOptions options, RestOperations vaultRestOperations)` Create a new `AwsIamAuthentication` specifying `AwsIamAuthenticationOptions`, a Vault and an AWS-Metadata-specific `RestOperations`.

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected static Map<String,String>`	`createRequestBody(AwsIamAuthenticationOptions options)` Create the request body to perform a Vault login using the AWS-IAM authentication method.
`VaultToken`	`login()` Return a `VaultToken`.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - AwsIamAuthentication
```
public AwsIamAuthentication(AwsIamAuthenticationOptions options,
                            RestOperations vaultRestOperations)
```
    Create a new AwsIamAuthentication specifying AwsIamAuthenticationOptions, a Vault and an AWS-Metadata-specific RestOperations.
    
    Parameters:
    
    options - must not be null.
    
    vaultRestOperations - must not be null.
- Method Detail
  - login
```
public VaultToken login()
                 throws VaultException
```
    Description copied from interface: ClientAuthentication
    
    Return a VaultToken. This method can optionally log into Vault to obtain a token.
    
    Specified by:
    
    login in interface ClientAuthentication
    
    Returns:
    
    a VaultToken.
    
    Throws:
    
    VaultException
  - createRequestBody
```
protected static Map<String,String> createRequestBody(AwsIamAuthenticationOptions options)
```
    Create the request body to perform a Vault login using the AWS-IAM authentication method.
    
    Parameters:
    
    options - must not be null.
    
    Returns:
    
    the map containing body key-value pairs.

Skip navigation links

Spring Vault

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

Copyright © 2016–2018 Pivotal Software, Inc.. All rights reserved.