Overview
Provides a Command-line Interface (CLI) that supports programmatic use of IaaS/PaaS products provided by SCP.
This guide provides a brief description of IAM service and how to call CLI.
Version
| Version | Status | Supported Until |
|---|---|---|
| 1.0 | CURRENT | - |
This is the multi-page printable view of this section. Click here to print.
STS
- 1: CLIs
- 1.1: Acquire temporary role credential
- 1.1.1: 1.0
- 1.2: Acquire temporary role credential from SAML Assertion
- 1.2.1: 1.0
- 1.3: Create new Signature based on Session Token
- 1.3.1: 1.0
1 - CLIs
1.1 - Acquire temporary role credential
1.1.1 - 1.0
scpcli sts sts assume role
--role_session_name <value>
--role_indicator <value>
[--duration_seconds <value>]
Description
Acquire temporary role credential
State ACTIVE (CURRENT)
| Version | Supported Until |
|---|---|
| 1.0 | - |
Parameters
| Name | Type | Description | Example |
|---|---|---|---|
| role_session_name required | string | Identifier for the assumed role session | - |
| role_indicator required | string | Identifier of the role to assume. [offering:account_id:role_name] | - |
| duration_seconds optional | integer | Duration of seconds of the role session | - |
Responses
| Name | Description | Example |
|---|---|---|
| assumed_role_user | SRN and assumed role ID | |
| credentials | Temporary security credentials |
1.2 - Acquire temporary role credential from SAML Assertion
1.2.1 - 1.0
scpcli sts sts assume role with saml
--saml_assertion <value>
--role_indicator <value>
--principal_indicator <value>
[--duration_seconds <value>]
Description
Acquire temporary role credential from SAML Assertion
State ACTIVE (CURRENT)
| Version | Supported Until |
|---|---|
| 1.0 | - |
Parameters
| Name | Type | Description | Example |
|---|---|---|---|
| saml_assertion required | string | BASE64 encoded SAML response | - |
| role_indicator required | string | Identifier of the role to assume. [offering:account_id:role_name] | - |
| principal_indicator required | string | Identifier of the SAML provider in IAM. [offering:account_id:provider_name] | - |
| duration_seconds optional | integer | Duration of seconds of the role session | - |
Responses
| Name | Description | Example |
|---|---|---|
| assumed_role_user | SRN and assumed role ID | |
| audience | Value of Recipient attribute of SubjectConfirmationData element of SAML | |
| credentials | Temporary security credentials | |
| issuer | Value of Issuer element of SAML | |
| subject | Value of NameID element in the Subject element of SAML | |
| subject_type | Format of nameID |
1.3 - Create new Signature based on Session Token
1.3.1 - 1.0
scpcli sts sts object store authorization
--x_amz_date <value>
--x_amz_content_sha256 <value>
--url <value>
--method <value>
[--region <value>]
[--service <value>]
Description
Create new Signature based on Session Token
State ACTIVE (CURRENT)
| Version | Supported Until |
|---|---|
| 1.0 | - |
Parameters
| Name | Type | Description | Example |
|---|---|---|---|
| x_amz_date required | string | Date and time at which the request is signed | - |
| x_amz_content_sha256 required | string | SHA256 hash of the request body | - |
| url required | string | The URL of the request | - |
| method required | string | HTTP method used in the request | - |
| region optional | string | Region where the request is made | - |
| service optional | string | Service to which the request is made | - |
Responses
| Name | Description | Example |
|---|---|---|
| Authorization | Authorization header for object store authentication |