AWSRootCredentials: AWS Root Credential Manager

In AlonzoBarnett/RcurlAWS: Interface for R to AWS focused on credential management and generic API requests.

Description

R6 implementation of AWS Root credential searches and management

AWSRootCredentials$new(AWS_ACCESS_KEY_ID = NULL, AWS_SECRET_ACCESS_KEY = NULL, sourceFile = NULL, profileName = "default", .silent = T)

AWSRootCredentials$print()

Usage

AWSRootCredentials

Arguments

AWS_ACCESS_KEY_ID	Your AWS root account access id
AWS_SECRET_ACCESS_KEY	Your AWS root account secret key
sourceFile	Location of credentials file ex. ~/.aws/.credential
profileName	Name of the profile you wish to invoke 'defualt' is used unless otherwise explicitly declared

Format

An object of class R6ClassGenerator of length 24.

Details

On initialization if you pass an access and secret key, the search is skipped and the keys you passed are used. Print method, prints only *s to protect your keys.

You can use $ to force print of an attribute if you really want to have it hanging around on your screen.

If no arguments are provided, credential priority... not search order but what will be returned if found... is loosely based on typical SDK fashion:

1. Environment variables "AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY"

2. Credentials file

It is assumed your credentials file follows the guidelines at: https://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.htmlAWS CLI Configuration and Credential Files

If you have multiple profiles in the credentials file, a profile labeled "default" will be searched for UNLESS you explicitly declare the profile name to return.

Differences from SDK Implementations

1. If Credentials file pointed to explicitly, then this is the only location checked. This is a more intuative behavior; if I tell you where to look, don't give me results from some other location.

2. Instance MetaData is not searched; this is done with AWSTemporaryCredentials$new().

AWSRootCredentials are a simpler class of credentials (only access and secret keys are necessary. AWSTemporaryCredentials, which are Role based, are generated by STS. I opted to treat root and temporary credentials as distinct class references. This seems less confusing for an end-user then trying to track what will be returned by a single class when referencing the two different credential sources.

See Also

Other credential management functions: AWSTemporaryCredentials, RcurlAWS, credsFromInstanceMetadata, genCredentialFilePath, getCredentials, getProfiles, getSTSCredentials, parseCredentialFile, stsGenContentString, tempCredentialHandler

Examples

## Not run: rootCreds <- AWSRootCredentials$new()
## Not run: rootCreds <- AWSRootCredentials$new(credentialPrefix = "/i/hide/my/files")
Provide filenames if not using 'config' & 'credentials'
## Not run: rootCreds <- AWSRootCredentials$new(
   credentialPrefix = "/i/hide/my/files")
## End(Not run)
   credentialFileName = 'myCreds',
   configFileName = 'myConfig'
)
## Not run: rootCreds <- AWSRootCredentials$new(AWS_ACCESS_KEY_ID = "blahblah", AWS_SECRET_ACCESS_KEY = "blahblah")
## Not run: rootCreds
## Not run: rootCreds$AWS_ACCESS_KEY_ID
## Not run: rootCreds$AWS_SECRET_ACCESS_KEY
rootCreds$profileSettings

AlonzoBarnett/RcurlAWS documentation built on May 15, 2019, 10:47 a.m.