Release: AWS SDK for Ruby 1.0.4

AWS Security Token Service

This release introduces support for temporary security credentials, a new capability introduced in IAM. You can use temporary security credentials to grant temporary access to non-AWS users (federated users), to IAM users who need temporary access your AWS resources, and to your mobile and browser-based applications that need to access your AWS resources securely.

This example creates temporary security credentials that expire in 1 hour and prints them out, including the credentials expiration date.

token = AWS::STS.new
session = token.new_session
session.credentials # => { :access_key_id => "...", ... }
session.expires_at  # => Time object
            

This example uses IAM user keys to create temporary security credentials that expire in 24 hours

session = token.new_session(:duration => 3600)
session.credentials # => { :access_key_id => "...", ... }
session.expires_at  # => Time object
            

This example creates federated security credentials that expire in 24 hours

policy = AWS::STS::Policy.new
policy.allow(:actions => ["s3:GetObject",
                          "s3:GetObjectVersion",
                          "s3:ListBucket",
                          "s3:ListBucketVersions"],
             :resources => "arn:aws:s3:::my-bucket/*")
session = token.new_federated_session('my-user',
                                      :policy => policy,
                                      :duration => 3600)
session.credentials # => { :access_key_id => "...", ... }
session.expires_at  # => Time object
            

For more information, see Granting Temporary Access to Your AWS Resources in Using IAM.

Temporary Security Credentials

Select services — Amazon EC2, Amazon S3, Amazon SNS, Amazon SQS — now support temporary session credentials.

This sample demonstrates the use of Amazon EC2 with basic, long lived credentials.

ec2 = AWS::EC2.new(:access_key_id => "LONG_TERM_KEY",
                   :secret_access_key => "LONG_TERM_SECRET")
            

This sample demonstrates the use of Amazon S3 with temporary session credentials.

token = AWS::STS.new
session = token.new_session
s3 = AWS::S3.new(session.credentials)
            

Added support for changing the storage class of an Amazon S3 object using the PUT with copy operation. For example:

# enable RRS
s3.objects["my_object"].reduced_redundancy = true

# disable RRS
s3.objects["my_object"].reduced_redundancy = false
	    

Added an indexed assignment operator for changing Amazon S3 object metadata using the PUT with copy operation. For example:

s3.object["my_object"].metadata["color"] = "red"
	    

Added the ability to use copy_from or copy_to to copy an object and set a canned ACL on the target object at the same time. For example:

s3.object["my_object"].copy_from("another_object", :acl => :public_read)
	    

Resolved an issue where copying an object from a URL-unsafe key caused the SDK to compute an incorrect signature.

Resolved an issue where requests with large parameter values were logged in their entirety, causing potential performance problems. Now large request parameter values are summarized in the log.