STS: Temporary Session Tokens
In aws.iam: AWS IAM Client Package

Description Usage Arguments Details Value References Examples

Get a temporary credentials (i.e., a Session Token)

get_session_token(duration = 900, id, code, tags, use = FALSE, ...)

get_federation_token(duration = 900, name, policy, use = FALSE, ...)

get_caller_identity(...)

assume_role(
  role,
  session,
  duration,
  id,
  code,
  externalid,
  policy,
  tags,
  transitive.tags,
  use = FALSE,
  ...
)

`duration`	numeric, optional, duration for which the credentials should be valid, in seconds, between 900 and 129600. If not set, the back-end can decided.
`id`	string, optional, the serial number or Amazon Resource Number for a multi-factor authentication (MFA) device.
`code`	If `id` is specified, the value provided by the MFA device.
`tags`	named character vector or named list of scalars, optional, if specified then the supplied key/value pairs (names are keys) are passed as session tags.
`use`	logical (default `FALSE`), specifying whether to use these credentials for subsequent requests. If `TRUE`, any currently used credentials are stored in a package environment (see `save_credentials`) and the requested tokens overwrite them in the relevant environment variables. `restore_credentials()` can then be used to restore environment variables based on those from the saved environment and `delete_saved_credentials()` deletes the credentials without restoring them.
`...`	Additional arguments passed to `stsHTTP`.
`name`	The name of the federated user.
`policy`	A character string specifying a JSON-formatted role policy. For `assume_role`, if `role` is an object of class “iam_role”, this will be inferred automatically.
`role`	string, role ARN or an object of class “iam_role”.
`session`	string, name of the temporary session, can be arbitrary and is mainly used to disambiguate multiple sessions using the same role.
`externalid`	A unique identifier that is used by third parties when assuming roles in their customers' accounts.
`transitive.tags`	character vector, optional, specifies names of the session tags which will be passed to subsequent sessions in the role chain.

get_caller_identity returns the account ID and ARN for the currently credentialled user. This can be used to confirm that an assumed role has indeed been assumed.

get_session_token and get_federation_token generate and return temporary credentials.

Details about the underlying behavior of the various API endpoints can be found at Requesting Temporary Security Credentials.

A list.

API Reference: GetCallerIdentity API Reference: GetSessionToken API Reference: GetFederationToken API Reference: AssumeRole API Reference: AssumeRoleWithSAML API Reference: AssumeRoleWithWebIdentity

## Not run: 
get_caller_identity() # check current identity

x <- get_session_token() # get token (T1) but do not use
set_credentials(x)       # now use those credentials

x <- get_session_token(use = TRUE) # get and use another temp token (T2)
get_caller_identity() # check that token is in use

# assume a role
r <- assume_role("arn:aws:iam::111111111111:role/my-role", "test", use=TRUE)
get_caller_identity() # check that the role has been assumed

restore_credentials() # return to credentials of T2
restore_credentials() # return to credentials of T1
restore_credentials() # return to root credentials
get_caller_identity() # check identity, again

## End(Not run)