This credential provider tries to get credentials from the EC2 metadata service.
These are the errors we trap when attempting to talk to the instance metadata service. Any of these imply the service is not present, no responding or some other non-recoverable error. @private
@return [Object,nil]
@return [Float]
@return [Float]
@return [String] Defaults to '169.254.169.254'.
@return [Integer] Defaults to port 80.
@param [Hash] options @option options [String] :#ip_address ('169.254.169.254') @option options [Integer] :port (80) @option options [Float] :#http_open_timeout (1) @option options [Float] :#http_read_timeout (1) @option options [Object] :#http_debug_output (nil) HTTP wire
traces are sent to this object. You can specify something like $stdout.
# File lib/aws/core/credential_providers.rb, line 233 def initialize options = {} @ip_address = options[:ip_address] || '169.254.169.254' @port = options[:port] || 80 @http_open_timeout = options[:http_open_timeout] || 1 @http_read_timeout = options[:http_read_timeout] || 1 @http_debug_output = options[:http_debug_output] end
Makes an HTTP Get request with the given path. If a non-200 response is received, then a FailedRequestError is raised. a {FailedRequestError} is raised. @param [Net::HTTPSession] session @param [String] path @raise [FailedRequestError] @return [String] Returns the http response body.
# File lib/aws/core/credential_providers.rb, line 297 def get session, path response = session.request(Net::HTTP::Get.new(path)) if response.code.to_i == 200 response.body else raise FailedRequestError end end
(see AWS::Core::CredentialProviders::Provider#get_credentials)
# File lib/aws/core/credential_providers.rb, line 259 def get_credentials begin http = Net::HTTP.new(ip_address, port) http.open_timeout = http_open_timeout http.read_timeout = http_read_timeout http.set_debug_output(http_debug_output) if http_debug_output http.start # get the first/default instance profile name path = '/latest/meta-data/iam/security-credentials/' profile_name = get(http, path).lines.map(&:strip).first # get the session details from the instance profile name path << profile_name session = JSON.parse(get(http, path)) http.finish credentials = {} credentials[:access_key_id] = session['AccessKeyId'] credentials[:secret_access_key] = session['SecretAccessKey'] credentials[:session_token] = session['Token'] credentials rescue *FAILURES => e {} end end