public class AwsIamAuthentication extends Object implements ClientAuthentication, AuthenticationStepsFactory
AWS IAM authentication creates a signed HTTP request that is
executed by Vault to get the identity of the signer using AWS STS
GetCallerIdentity. A signature requires
AWSCredentials to calculate the signature.
This authentication requires AWS' Java SDK to sign request parameters and calculate the
signature key. Using an appropriate AWSCredentialsProvider
allows authentication within AWS-EC2 instances with an assigned profile, within ECS and
Lambda instances.
AwsIamAuthenticationOptions,
AWSCredentialsProvider,
RestOperations,
Auth Backend: aws
(IAM),
AWS:
GetCallerIdentity| Constructor and Description |
|---|
AwsIamAuthentication(AwsIamAuthenticationOptions options,
RestOperations vaultRestOperations)
Create a new
AwsIamAuthentication specifying
AwsIamAuthenticationOptions, a Vault and an AWS-Metadata-specific
RestOperations. |
| Modifier and Type | Method and Description |
|---|---|
static AuthenticationSteps |
createAuthenticationSteps(AwsIamAuthenticationOptions options)
Creates a
AuthenticationSteps for AWS-IAM authentication given
AwsIamAuthenticationOptions. |
protected static AuthenticationSteps |
createAuthenticationSteps(AwsIamAuthenticationOptions options,
com.amazonaws.auth.AWSCredentials credentials) |
protected static Map<String,String> |
createRequestBody(AwsIamAuthenticationOptions options)
Create the request body to perform a Vault login using the AWS-IAM authentication
method.
|
AuthenticationSteps |
getAuthenticationSteps()
Get the
AuthenticationSteps describing an authentication flow. |
VaultToken |
login()
Return a
VaultToken. |
public AwsIamAuthentication(AwsIamAuthenticationOptions options, RestOperations vaultRestOperations)
AwsIamAuthentication specifying
AwsIamAuthenticationOptions, a Vault and an AWS-Metadata-specific
RestOperations.options - must not be null.vaultRestOperations - must not be null.public static AuthenticationSteps createAuthenticationSteps(AwsIamAuthenticationOptions options)
AuthenticationSteps for AWS-IAM authentication given
AwsIamAuthenticationOptions. The resulting AuthenticationSteps
reuse eagerly-fetched AWSCredentials to prevent blocking I/O during
authentication.options - must not be null.AuthenticationSteps for AWS-IAM authentication.protected static AuthenticationSteps createAuthenticationSteps(AwsIamAuthenticationOptions options, com.amazonaws.auth.AWSCredentials credentials)
public VaultToken login() throws VaultException
ClientAuthenticationVaultToken. This method can optionally log into Vault to obtain a
token.login in interface ClientAuthenticationVaultToken.VaultExceptionpublic AuthenticationSteps getAuthenticationSteps()
AuthenticationStepsFactoryAuthenticationSteps describing an authentication flow.getAuthenticationSteps in interface AuthenticationStepsFactoryAuthenticationSteps describing an authentication flow.protected static Map<String,String> createRequestBody(AwsIamAuthenticationOptions options)
options - must not be null.Copyright © 2016–2020 Pivotal Software, Inc.. All rights reserved.