get_role_credentials

SSO.Client.get_role_credentials(**kwargs)

Returns the STS short-term credentials for a given role name that is assigned to the user.

See also: AWS API Documentation

Request Syntax

response = client.get_role_credentials(
    roleName='string',
    accountId='string',
    accessToken='string'
)

Parameters

• roleName (string) --

  [REQUIRED]

  The friendly name of the role that is assigned to the user.

• accountId (string) --

  [REQUIRED]

  The identifier for the AWS account that is assigned to the user.

• accessToken (string) --

  [REQUIRED]

  The token issued by the CreateToken API call. For more information, see CreateToken in the IAM Identity Center OIDC API Reference Guide .

Return type

dict

Returns

Response Syntax

{
    'roleCredentials': {
        'accessKeyId': 'string',
        'secretAccessKey': 'string',
        'sessionToken': 'string',
        'expiration': 123
    }
}

Response Structure

• (dict) --

  • roleCredentials (dict) --

    The credentials for the role that is assigned to the user.

    • accessKeyId (string) --

      The identifier used for the temporary security credentials. For more information, see Using Temporary Security Credentials to Request Access to AWS Resources in the AWS IAM User Guide .

    • secretAccessKey (string) --

      The key that is used to sign the request. For more information, see Using Temporary Security Credentials to Request Access to AWS Resources in the AWS IAM User Guide .

    • sessionToken (string) --

      The token used for temporary credentials. For more information, see Using Temporary Security Credentials to Request Access to AWS Resources in the AWS IAM User Guide .

    • expiration (integer) --

      The date on which temporary security credentials expire.

Exceptions

• SSO.Client.exceptions.InvalidRequestException
• SSO.Client.exceptions.UnauthorizedException
• SSO.Client.exceptions.TooManyRequestsException
• SSO.Client.exceptions.ResourceNotFoundException