Can not use STS for a single request

[chris-brace]

I would like to use STS for a single request (to SSM) but not for anything else in the lifetime of my application. The documents clearly show how to use STS for all requests. Is there support for this?

[chris-brace]

Currently i am invoking sts and storing the token myself, then merging the auth bits into a config by hand like this:

  defp do_request(request, true) do
    role_arn = "MY_ROLE"
    session_name = "MY_SESSION"
    sts_request = ExAws.STS.assume_role(role_arn, session_name, duration: 3600)

    {:ok,
     %{
       body: %{
         access_key_id: access_key_id,
         secret_access_key: secret_access_key,
         session_token: session_token
       }
     }} = ExAws.request(sts_request)

    cfg = [
      access_key_id: access_key_id,
      security_token: session_token,
      secret_access_key: secret_access_key
    ]

    conf = ExAws.Config.new(:ssm, cfg)
    ExAws.request!(request, conf)
  end

N.B.: you should definitely cache the key for a bit less than the duration if you were to do this for real. thats what authcache in exaws is supposed to be for but its unclear how to use it for this usecase

[vanetix]

Hey @chris-brace I actually don't have an answer here without reading a bit about the AuthCache specifically. The way you're merging in auth credentials into the request options is similar to how I implemented role assumptions within a service. If I recall correctly, AuthCache is specifically for caching credentials that are service role assumptions - for example I have a service running on ECS or EC2 and I make a request out to the metadata API to get credentials.

Hope this makes sense! If not, I can figure out the proper answer here and possibly contribute some better documentation around the internal ExAws.AuthCache!