Document Center

AssumeRole

Last Updated: Aug 25, 2016

Interface description

 You can use this interface to obtain a temporary identity to assume a role.

Request parameters

Action

  • Type: String
  • Required: Yes
  • Description: A required system parameter. The parameter value is “AssumeRole”.

RoleArn

  • Type: String
  • Required: Yes
  • Description: Role resource descriptor. Each role has a unique resource descriptor (Arn). You can view the resource descriptor of a role in RAM role management.

RoleSessionName

  • Type: String
  • Required: Yes
  • Description: You can use this parameter to identify different tokens in order to indicate who is using a specific token, which facilitates audit.
  • Format: ^[a-zA-Z0-9\.@\-_]+$ (consisting of 2 to 32 characters)

Policy

  • Name: Policy
  • Type: String
  • Required: No
  • Description: The length is restricted to 1024 bytes. You can use this parameter to restrict permissions of the generated tokens. If this parameter is not set, the return token will have all permissions of a specific role.

DurationSeconds

  • Name: DurationSeconds
  • Type: Integer
  • Required: No
  • Description: Specified expiration duration, in seconds. The expiration duration ranges from 900 seconds to 3600 seconds, and the default value is “3600”.

Return parameters

Credentials

AssumedRoleUser

Operation examples

HTTP Request

  1. https://sts.aliyuncs.com?Action=AssumeRole
  2. &RoleArn=acs:ram::1234567890123456:role/adminrole
  3. &RoleSessionName=alice
  4. &DurationSeconds=3600
  5. &Policy=<url_encoded_policy>
  6. &<Public request parameters>

HTTP Response

XML format

  1. <AssumeRoleResponse>
  2.     <RequestId>6894B13B-6D71-4EF5-88FA-F32781734A7F</RequestId>
  3.     <AssumedRoleUser>
  4.         <arn>acs:sts::1234567890123456:assumed-role/AdminRole/alice</arn>
  5.         <AssumedRoleUserId>344584339364951186:alice<AssumedRoleUserId>
  6.     </AssumedRoleUser>
  7.     <Credentials>
  8.         <AccessKeyId>STS.L4aBSCSJVMuKg5U1vFDw</AccessKeyId>
  9.         <AccessKeySecret>wyLTSmsyPGP1ohvvw8xYgB29dlGI8KMiH2pKCNZ9</AccessKeySecret>
  10.         <SecurityToken>CAESrAIIARKAAShQquMnLIlbvEcIxO6wCoqJufs8sWwieUxu45hS9AvKNEte8KRUWiJWJ6Y+YHAPgNwi7yfRecMFydL2uPOgBI7LDio0RkbYLmJfIxHM2nGBPdml7kYEOXmJp2aDhbvvwVYIyt/8iES/R6N208wQh0Pk2bu+/9dvalp6wOHF4gkFGhhTVFMuTDRhQlNDU0pWTXVLZzVVMXZGRHciBTQzMjc0KgVhbGljZTCpnJjwySk6BlJzYU1ENUJuCgExGmkKBUFsbG93Eh8KDEFjdGlvbkVxdWFscxIGQWN0aW9uGgcKBW9zczoqEj8KDlJlc291cmNlRXF1YWxzEghSZXNvdXJjZRojCiFhY3M6b3NzOio6NDMyNzQ6c2FtcGxlYm94L2FsaWNlLyo=</SecurityToken>
  11.         <Expiration>2015-04-09T11:52:19Z</Expiration>
  12.     </Credentials>
  13. </AssumeRoleResponse>

JSON format

  1. {
  2.     "Credentials": {
  3.         "AccessKeyId": "STS.L4aBSCSJVMuKg5U1vFDw",
  4.         "AccessKeySecret": "wyLTSmsyPGP1ohvvw8xYgB29dlGI8KMiH2pKCNZ9",
  5.         "Expiration": "2015-04-09T11:52:19Z",
  6.         "SecurityToken": "CAESrAIIARKAAShQquMnLIlbvEcIxO6wCoqJufs8sWwieUxu45hS9AvKNEte8KRUWiJWJ6Y+YHAPgNwi7yfRecMFydL2uPOgBI7LDio0RkbYLmJfIxHM2nGBPdml7kYEOXmJp2aDhbvvwVYIyt/8iES/R6N208wQh0Pk2bu+/9dvalp6wOHF4gkFGhhTVFMuTDRhQlNDU0pWTXVLZzVVMXZGRHciBTQzMjc0KgVhbGljZTCpnJjwySk6BlJzYU1ENUJuCgExGmkKBUFsbG93Eh8KDEFjdGlvbkVxdWFscxIGQWN0aW9uGgcKBW9zczoqEj8KDlJlc291cmNlRXF1YWxzEghSZXNvdXJjZRojCiFhY3M6b3NzOio6NDMyNzQ6c2FtcGxlYm94L2FsaWNlLyo="
  7.     },
  8.     "AssumedRoleUser": {
  9.         "arn": "acs:sts::1234567890123456:assumed-role/AdminRole/alice",
  10.         "AssumedRoleUserId":"344584339364951186:alice"
  11.         },
  12.     "RequestId": "6894B13B-6D71-4EF5-88FA-F32781734A7F"
  13. }
Thank you! We've received your feedback.