docs: add an example to use fromTokenFile

trivikr · trivikr · commit 1acd9c95cf8c · 2021-03-18T15:58:54.000Z
diff --git a/packages/credential-provider-assume-role/README.md b/packages/credential-provider-assume-role/README.md
@@ -7,11 +7,11 @@
 
 This module includes functions which get credentials by calling STS assumeRole\* APIs.
 
-### fromTokenFile
+## fromTokenFile
 
 The function `fromTokenFile` returns `CredentialProvider` that reads credentials as follows:
 
-- Reads file location of where the OIDC token is stored from either environment or config file paramters.
+- Reads file location of where the OIDC token is stored from either environment or config file parameters.
 - Reads IAM role wanting to be assumed from either environment or config file paramters.
 - Reads optional role session name to be used to distinguish sessions from either environment or config file paramters.
   If session name is not defined, it comes up with a role session name.
@@ -25,7 +25,7 @@ The function `fromTokenFile` returns `CredentialProvider` that reads credentials
 | AWS_IAM_ROLE_ARN            | role_arn                | true         | The IAM role wanting to be assumed                |
 | AWS_IAM_ROLE_SESSION_NAME   | role_session_name       | false        | The IAM session name used to distinguish sessions |
 
-#### Supported configuration
+### Supported configuration
 
 The following options are supported:
 
@@ -42,3 +42,58 @@ The following options are supported:
   fulfilled with credentials for the assumed role.
 - `roleAssumerWithWebIdentity` - A function that assumes a role with web identity
   and returns a promise fulfilled with credentials for the assumed role.
+
+### Examples
+
+A basic example of using fromTokenFile:
+
+```js
+import { STSClient, AssumeRoleWithWebIdentityCommand } from "@aws-sdk/client-sts";
+import { fromTokenFile } from "@aws-sdk/credential-provider-assume-role";
+
+const stsClient = new STSClient({});
+
+const roleAssumerWithWebIdentity = async (params) => {
+  const { Credentials } = await stsClient.send(
+    new AssumeRoleWithWebIdentityCommand(params)
+  );
+  if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
+    throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);
+  }
+  return {
+    accessKeyId: Credentials.AccessKeyId,
+    secretAccessKey: Credentials.SecretAccessKey,
+    sessionToken: Credentials.SessionToken,
+    expiration: Credentials.Expiration,
+  };
+};
+
+const client = new FooClient({
+  credentials: fromTokenFile({
+    roleAssumerWithWebIdentity
+  });
+});
+```
+
+#### Values in environment variables
+
+The values can be defined in environment variables as follows:
+
+```console
+$ node
+> Object.fromEntries(Object.entries(process.env).filter(([key, value]) => key.startsWith("AWS_")));
+{
+  AWS_WEB_IDENTITY_TOKEN_FILE: '/temp/token',
+  AWS_ROLE_ARN: 'arn:aws:iam::123456789012:role/example-role-arn'
+}
+```
+
+#### Values in configuration files
+
+The values can be defined in configuration files as follows:
+
+```
+[sample-profile]
+web_identity_token_file = /temp/token
+role_session_name = arn:aws:iam::123456789012:role/example-role-arn
+```
