SSO / Client / get_role_credentials

get_role_credentials

SSO.Client.get_role_credentials(**kwargs)

Returns the STS short-term credentials for a given role name that is assigned to the user.

See also: AWS API Documentation

Request Syntax

response = client.get_role_credentials(
    roleName='string',
    accountId='string',
    accessToken='string'
)

Parameters:

• roleName (string) –

  [REQUIRED]

  The friendly name of the role that is assigned to the user.

• accountId (string) –

  [REQUIRED]

  The identifier for the AWS account that is assigned to the user.

• accessToken (string) –

  [REQUIRED]

  The token issued by the CreateToken API call. For more information, see CreateToken in the IAM Identity Center OIDC API Reference Guide.

Return type:

dict

Returns:

Response Syntax

{
    'roleCredentials': {
        'accessKeyId': 'string',
        'secretAccessKey': 'string',
        'sessionToken': 'string',
        'expiration': 123
    }
}

Response Structure

• (dict) –

  • roleCredentials (dict) –

    The credentials for the role that is assigned to the user.

    • accessKeyId (string) –

      The identifier used for the temporary security credentials. For more information, see Using Temporary Security Credentials to Request Access to AWS Resources in the AWS IAM User Guide.

    • secretAccessKey (string) –

      The key that is used to sign the request. For more information, see Using Temporary Security Credentials to Request Access to AWS Resources in the AWS IAM User Guide.

    • sessionToken (string) –

      The token used for temporary credentials. For more information, see Using Temporary Security Credentials to Request Access to AWS Resources in the AWS IAM User Guide.

    • expiration (integer) –

      The date on which temporary security credentials expire.

Exceptions

• SSO.Client.exceptions.InvalidRequestException

• SSO.Client.exceptions.UnauthorizedException

• SSO.Client.exceptions.TooManyRequestsException

• SSO.Client.exceptions.ResourceNotFoundException