Created
December 8, 2014 02:18
-
-
Save uzresk/15922b836ec7a159101f to your computer and use it in GitHub Desktop.
STS(Security Token Service)を使ってアカウント間のリソースを共有する ref: http://qiita.com/uzresk/items/dc79545721575bce5721
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Statement": [{ | |
| "Effect": "Allow", | |
| "Action": "sts:AssumeRole", | |
| "Resource": "arn:aws:iam::xxxxxxxxxxxxxx:role/EC2FullAccessRole" | |
| }] | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package aws.ec2.sts; | |
| import com.amazonaws.auth.AWSCredentialsProvider; | |
| import com.amazonaws.auth.BasicSessionCredentials; | |
| import com.amazonaws.auth.profile.ProfileCredentialsProvider; | |
| import com.amazonaws.regions.Region; | |
| import com.amazonaws.regions.Regions; | |
| import com.amazonaws.services.ec2.AmazonEC2; | |
| import com.amazonaws.services.ec2.AmazonEC2Client; | |
| import com.amazonaws.services.ec2.model.DescribeTagsRequest; | |
| import com.amazonaws.services.ec2.model.DescribeTagsResult; | |
| import com.amazonaws.services.ec2.model.Filter; | |
| import com.amazonaws.services.ec2.model.TagDescription; | |
| import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient; | |
| import com.amazonaws.services.securitytoken.model.AssumeRoleRequest; | |
| import com.amazonaws.services.securitytoken.model.AssumeRoleResult; | |
| public class Ec2InstanceListUseSTS { | |
| /** Aのリソースにアクセスするためのロールの*/ | |
| private static final String ARN = "arn:aws:iam::xxxxxxxxxxxx:role/EC2FullAccessRole"; | |
| public static void main(String[] args) { | |
| // BアカウントのProviderを取得する。 | |
| AWSCredentialsProvider provider = new ProfileCredentialsProvider( | |
| "uzr_api"); | |
| // STSサービスを利用するためのClientを取得します。 | |
| AWSSecurityTokenServiceClient client = new AWSSecurityTokenServiceClient( | |
| provider.getCredentials()); | |
| AssumeRoleRequest request = new AssumeRoleRequest().withRoleArn(ARN) | |
| .withDurationSeconds(3600) | |
| .withRoleSessionName("EC2FullAccess_uzr_session"); | |
| AssumeRoleResult result = client.assumeRole(request); | |
| // Aアカウントのリソースにアクセスするための一時的な認証情報を取得します。 | |
| BasicSessionCredentials tempCredential = new BasicSessionCredentials( | |
| result.getCredentials().getAccessKeyId(), | |
| result.getCredentials().getSecretAccessKey(), | |
| result.getCredentials().getSessionToken()); | |
| // 一時的な認証情報を使って、EC2のインスタンス一覧のタグ名を取得します。 | |
| AmazonEC2 ec2 = new AmazonEC2Client(tempCredential); | |
| ec2.setRegion(Region.getRegion(Regions.AP_NORTHEAST_1)); | |
| DescribeTagsRequest describeTagRequest = new DescribeTagsRequest() | |
| .withFilters(new Filter().withName("resource-type").withValues( | |
| "instance")); | |
| DescribeTagsResult tagsResult = ec2.describeTags(describeTagRequest); | |
| for (TagDescription description : tagsResult.getTags()) { | |
| System.out.println(description.getKey() + " : " | |
| + description.getValue()); | |
| } | |
| } | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment