aws-lc-rs is a cryptographic library using AWS-LC for its cryptographic operations. The library strives to be API-compatible with the popular Rust library named ring.
aws_sdk_sts::assume_role() is hard to use, because the Credentials returned by assume_role (aws_sdk_sts::types::Credentials) do not implement the trait ProvideCredentials; for that, you need something like aws_sdk_sts::config::Credentials.
Solution:
Ideally, you would provide some way to very simply use the output of assume_role to create clients of the other aws sdks.
At a minimum, you would provide, in the documentation of assume_role, the code needed to make that happen, which is something like
let types_cred = creds.credentials.unwrap();
let config_creds = aws_sdk_sts::config::Credentials::new(
types_cred.access_key_id(),
types_cred.secret_access_key(),
Some(types_cred.session_token().to_string()),
Some(std::time::SystemTime::UNIX_EPOCH + std::time::Duration::from_secs(types_cred.expiration().secs() as u64)),
"SomeProvider"
);
let cred_prov = aws_sdk_kms::config::SharedCredentialsProvider::new(config_creds);
let kms_config = aws_sdk_kms::config::Builder::from(&sdk_config)
.credentials_provider(cred_prov)
Does this change any public APIs? If yes, explain.
Might add a new API, does not affect any existing ones.
ajewellamz
commented
1 month ago
Problem:
aws_sdk_sts::assume_role() is hard to use, because the Credentials returned by assume_role (aws_sdk_sts::types::Credentials) do not implement the trait ProvideCredentials; for that, you need something like aws_sdk_sts::config::Credentials.
Solution:
Ideally, you would provide some way to very simply use the output of assume_role to create clients of the other aws sdks.
At a minimum, you would provide, in the documentation of assume_role, the code needed to make that happen, which is something like
Might add a new API, does not affect any existing ones.