• Your recent searches
Amazon-S3-Thin
4 results

 view release on metacpan or  search on metacpan

lib/Amazon/S3/Thin/Credentials.pm  view on Meta::CPAN 

package Amazon::S3::Thin::Credentials;

=head1 NAME

Amazon::S3::Thin::Credentials - AWS credentials data container

=head1 SYNOPSIS

    my $credentials = Amazon::S3::Thin::Credentials->new(
        $aws_access_key_id, $aws_secret_access_key,
        # optional:
        $aws_session_token
    );
    
    my $key = $credentials->access_key_id();
    my $secret = $credentials->secret_access_key();
    my $session_token = $credentials->session_token();

1;

=head1 DESCRIPTION

This module contains AWS credentials and provide getters to the data.

    # Load from arguments
    my $creds = Amazon::S3::Thin::Credentials->new($access_key, $secret_key, $session_token);

    # Load from environment
    my $creds = Amazon::S3::Thin::Credentials->from_env;

    # Load from instance profile
    my $creds = Amazon::S3::Thin::Credentials->from_metadata(role => 'foo', version => 2);

    # Load from ECS task role
    my $creds = Amazon::S3::Thin::Credentials->from_ecs_container;

=cut

use strict;
use warnings;

use Carp;
use JSON::PP ();
use LWP::UserAgent;

my $JSON = JSON::PP->new->utf8->canonical;

sub new {
    my ($class, $key, $secret, $session_token) = @_;
    my $self = {
        key => $key,
        secret => $secret,
        session_token => $session_token,
    };
    return bless $self, $class;
}

=head2 from_env()

Instantiate C<Amazon::S3::Thin::Credentials> and attempts to populate the credentials from
current environment.

Croaks if either AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY are not set but supports the
optional AWS_SESSION_TOKEN variable.

    my $creds = Amazon::S3::Thin::Credentials->from_env;

=cut

sub from_env {
    my ($class) = @_;

    # Check the environment is configured
    croak "AWS_ACCESS_KEY_ID is not set" unless $ENV{AWS_ACCESS_KEY_ID};
    croak "AWS_SECRET_ACCESS_KEY is not set" unless $ENV{AWS_SECRET_ACCESS_KEY};

    my $self = {
        key => $ENV{AWS_ACCESS_KEY_ID},
        secret => $ENV{AWS_SECRET_ACCESS_KEY},
        session_token => $ENV{AWS_SESSION_TOKEN}
    };
    return bless $self, $class;
}

=head2 from_metadata()

Instantiate C<Amazon::S3::Thin::Credentials> and attempts to populate the credentials from
the L<EC2 metadata service|https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html>. An instance can have multiple IAM
roles applied so you may optionally specify a role, otherwise the first one will be used.

In November 2019 AWS released L<version 2|https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/> of the instance metadata service which
is more secure against Server Side Request Forgery attacks. Using v2 is highly recommended thus
it is the default here.

    my $creds = Amazon::S3::Thin::Credentials->from_metadata(
        role => 'foo',      # The name of the IAM role on the instance
        version => 2        # Metadata service version - either 1 or 2
    );

=cut

sub from_metadata {
    my ($class, $args) = @_;

    my $ua = $args->{ua} // LWP::UserAgent->new;



( run in 2.396 seconds using v1.01-cache-2.11-cpan-5837b0d9d2c )