public class AwsIamAuthentication extends Object implements ClientAuthentication
AWS IAM authentication creates a signed
HTTP request that is
executed by Vault to get the identity of the signer using AWS STS
GetCallerIdentity. A signature requires
AWSCredentials
to calculate the signature.
This authentication requires AWS' Java SDK to sign request parameters and calculate the
signature key. Using an appropriate AWSCredentialsProvider
allows authentication within AWS-EC2 instances with an assigned profile, within ECS and
Lambda instances.
AwsIamAuthenticationOptions
,
AWSCredentialsProvider
,
RestOperations
,
Auth Backend: aws
(IAM),
AWS:
GetCallerIdentityConstructor and Description |
---|
AwsIamAuthentication(AwsIamAuthenticationOptions options,
RestOperations vaultRestOperations)
Create a new
AwsIamAuthentication specifying
AwsIamAuthenticationOptions , a Vault and an AWS-Metadata-specific
RestOperations . |
Modifier and Type | Method and Description |
---|---|
protected static Map<String,String> |
createRequestBody(AwsIamAuthenticationOptions options)
Create the request body to perform a Vault login using the AWS-IAM authentication
method.
|
VaultToken |
login()
Return a
VaultToken . |
public AwsIamAuthentication(AwsIamAuthenticationOptions options, RestOperations vaultRestOperations)
AwsIamAuthentication
specifying
AwsIamAuthenticationOptions
, a Vault and an AWS-Metadata-specific
RestOperations
.options
- must not be null.vaultRestOperations
- must not be null.public VaultToken login() throws VaultException
ClientAuthentication
VaultToken
. This method can optionally log into Vault to obtain a
token
.login
in interface ClientAuthentication
VaultToken
.VaultException
protected static Map<String,String> createRequestBody(AwsIamAuthenticationOptions options)
options
- must not be null.Copyright © 2016–2019 Pivotal Software, Inc.. All rights reserved.