Slide 53
Slide 53 text
AWS Deep Night in 福岡 Part.2 53
AWSへのログイン情報の管理
単独アカウント・Organizationsの親アカウントの場合
# AWS SDK for Ruby
assume_credential = Aws::AssumeRoleCredentials.new(
client: Aws::STS::Client.new,
role_arn: "arn:aws:iam::#{family_account_id}:role/OrganizationAccountAccessRole",
role_session_name: "SessinName",
policy: "Policy",
)
issuer_url = "https://mysignin.internal.mycompany.com/"
console_url = "https://console.aws.amazon.com/"
signin_url = "https://signin.aws.amazon.com/federation"
session_json = {
:sessionId => assume_credential.credentials[:access_key_id],
:sessionKey => assume_credential.credentials[:secret_access_key],
:sessionToken => assume_credential.credentials[:session_token]
}.to_json
get_signin_token_url = signin_url + "?Action=getSigninToken" +
"&SessionType=json&Session=" + CGI.escape(session_json)
returned_content = URI.parse(get_signin_token_url).read
signin_token = JSON.parse(returned_content)['SigninToken']
signin_token_param = "&SigninToken=" + CGI.escape(signin_token)
issuer_param = "&Issuer=" + CGI.escape(issuer_url)
destination_param = "&Destination=" + CGI.escape(console_url)
login_url = signin_url + "?Action=login" + signin_token_param +
issuer_param + destination_param