CODEWITHSUNDEEP
iosamazon-web-servicescredentialstemporary
iOS
iOS

Reputation: 423

To generate temporary credentials using "AssumeRole" api AWS iOS sdk

I am newbie to AWS iOS SDK. I am trying to generate temporary security credentials using "assumeRole" api from iPhone app. I added the AWSSecurityTokenService,AWSRuntime frameworks in my project. Below is the code. 

#import <AWSSecurityTokenService/AWSSecurityTokenService.h>
#import <AWSSecurityTokenService/SecurityTokenServiceAssumeRoleRequest.h>
#import <AWSSecurityTokenService/SecurityTokenServiceAssumeRoleResponse.h>
#import <AWSSecurityTokenService/AmazonSecurityTokenServiceClient.h>

- (void)viewDidLoad
{
    [super viewDidLoad];
    TSC = [[AmazonSecurityTokenServiceClient alloc]init];
    request = [[SecurityTokenServiceAssumeRoleRequest alloc]init];
    request.roleArn = @"arn:aws:iam::xxxxxxxxxx:role/test";
    request.roleSessionName = @"Bob";
    request.policy = @"None";
    request.durationSeconds=[NSNumber numberWithInt:3600];
    request.externalId=@"abc";

    //[self assumeRole:request];
    @try {
        response =  [TSC assumeRole:request];
        NSLog(@"%@ is response",response);
    }
    @catch (AmazonClientException *exception) {
        NSLog(@" \n\n\nexception %@ \n\n\n", exception);
    }
    @finally {
        NSLog(@"Done");
    }    
}

I got the below error message and exception. Any help would be appreciated.

objc[1938]: Class AXEmojiUtilities is implemented in both /Applications/Xcode5-DP.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.0.sdk/System/Library/PrivateFrameworks/AccessibilityUtilities.framework/AccessibilityUtilities and /Applications/Xcode5-DP.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.0.sdk/usr/lib/libAXSpeechManager.dylib. One of the two will be used. Which one is undefined. 2013-01-17 17:16:51.807 AssumeRoleTest[1938:3207] NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9807) 2013-01-17 17:16:51.810 AssumeRoleTest[1938:c07]
exception AmazonServiceException { RequestId:(null), ErrorCode:(null), Message:Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “sts.amazonaws.com” which could put your confidential information at risk." UserInfo=0xa381cb0 {NSErrorFailingURLStringKey=https://sts.amazonaws.com/, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSErrorFailingURLKey=https://sts.amazonaws.com/, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “sts.amazonaws.com” which could put your confidential information at risk., NSUnderlyingError=0x8a64a70 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “sts.amazonaws.com” which could put your confidential information at risk.", NSURLErrorFailingURLPeerTrustErrorKey=} }

  1. One more question. How to give the policy details in request? I mean directly can i paste the json format?

    { "Statement": [ { "Effect": "Allow", "Action": [ "s3:Put*", "s3:Get*" ], "Resource": [ "*" ] } ] }

Upvotes: 0

Views: 1154

Answers (1)

Bob Kinney
Bob Kinney

Reputation: 9020

I am one of the maintainers of the AWS SDK for iOS. I'll try to address your questions/issues one at a time.

  1. It is important to understand that the AssumeRoleRequest is a signed request and does require that your AmazonSecurityTokenServiceClient be initialized with credentials. You may want to consider using AssumeRoleWithWebIdentityRequest instead. We have a sample that shows how to use web identity federation.
  2. Setting policy to "None" will likely result in an error. You should either supply the JSON of the policy you want to supply or nil. This policy must be a subset of the permissions set on the role you are assuming.
  3. The SSL error you are receiving would seem to imply that you are either getting bad DNS results or may be behind some kind of proxy. Do other AWS services give you similar results?

Finally, you should only need the following import lines in your code:

#import <AWSRuntime/AWSRuntime.h>
#import <AWSSecurityTokenService/AWSSecurityTokenService.h>

Upvotes: 1

Related Questions