AwsClient - Documentation

AwsClient

AWS external account client. This is used for AWS workloads, where AWS STS GetCallerIdentity serialized signed requests are exchanged for GCP access token.

Constructor

new AwsClient(options)

Instantiates an AwsClient instance using the provided JSON object loaded from an external account credentials file. An error is thrown if the credential is not a valid AWS credential.

Parameters:

Name	Type	Description
`options`		The external account options object typically loaded from the external account JSON credential file.

Members

AWS_EC2_METADATA_IPV4_ADDRESS

AWS_EC2_METADATA_IPV6_ADDRESS

Methods

(async) retrieveSubjectToken()

Triggered when an external subject token is needed to be exchanged for a GCP access token via GCP STS endpoint. This will call the AwsSecurityCredentialsSupplier to retrieve an AWS region and AWS Security Credentials, then use them to create a signed AWS STS request that can be exchanged for a GCP access token.

Returns:

Type	Description
	A promise that resolves with the external subject token.