Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | provisional |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Synopsis
- data CachedAccessToken = CachedAccessToken {}
- cachedAccessToken_startUrl :: Lens' CachedAccessToken Text
- cachedAccessToken_region :: Lens' CachedAccessToken Region
- cachedAccessToken_accessToken :: Lens' CachedAccessToken (Sensitive Text)
- cachedAccessToken_expiresAt :: Lens' CachedAccessToken UTCTime
- fromSSO :: forall m withAuth. MonadIO m => FilePath -> Region -> Text -> Text -> Env' withAuth -> m Env
- relativeCachedTokenFile :: MonadIO m => Text -> m FilePath
- readCachedAccessToken :: MonadIO m => FilePath -> m CachedAccessToken
- roleCredentialsToAuthEnv :: RoleCredentials -> AuthEnv
Documentation
data CachedAccessToken Source #
Instances
:: forall m withAuth. MonadIO m | |
=> FilePath | |
-> Region | |
-> Text | Account ID |
-> Text | Role Name |
-> Env' withAuth | |
-> m Env |
Assume a role using an SSO Token.
The user must have previously called aws sso login
, and pass in the path to
the cached token file, along with SSO region, account ID and role name.
(fromFilePath
understands the sso_
variables
used by the official AWS CLI and will call fromSSO
for you.) This function
uses fetchAuthInBackground
to refresh the credentials as long as the token
in the sso/cache
file is not expired. When it has, the user will need to
aws sso login
again.
https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
relativeCachedTokenFile :: MonadIO m => Text -> m FilePath Source #
Return the cached token file for a given sso_start_url
Matches
botocore,
so that we find tokens produced by aws sso login
.
readCachedAccessToken :: MonadIO m => FilePath -> m CachedAccessToken Source #