Role Data
- Print
- PDF
Role Data
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Available in VPC
View information regarding the role assigned to a server instance.
A role must be assigned to the server instance through Sub Account to use the query features related to roles. For more information about assigning roles, see Manage role in the Sub Account user guide.
Role ID query and temporary access key issuance features are available in the ncloud-sdk and Object Storage CLI when no access key is set in both the environment variable and the configure file.
Note
For the list of ncloud-sdks by language and installation instructions, and for more information about using the Ncloud CLI and Object Storage CLI, see the following.
- ncloud-sdk
- Ncloud CLI
- Object Storage CLI
Request
The following describes the request format for the endpoint. The request format is as follows:
| Call path | Description |
|---|---|
| /{version}/meta-data/iam/ | View the list of the role-related metadata items provided in the applicable version |
| /{version}/meta-data/iam/info | View details of the role assigned to the server instance |
| /{version}/meta-data/iam/security-credentials | View the ID of the role assigned to the server instance
|
| /{version}/meta-data/iam/security-credentials/{roleId} | Issue a temporary access key (STS) for the role assigned to the server instance
|
Examples
See below for an example.
Metadata v1
The following is an example of Metadata v1.
# View item
[root@test-server ~]# curl http://169.254.169.254/latest/meta-data/iam/
info
security-credentials
# View role details
[root@test-server ~]# curl http://169.254.169.254/latest/meta-data/iam/info
{
"roleId" : "***-***-***-***-***ec4",
"roleName" : "test-role",
"roleType" : "Server",
"createTime" : "2024-05-04T08:24:35Z"
}
# View role ID
[root@test-server ~]# curl http://169.254.169.254/latest/meta-data/iam/security-credentials
***-***-***-***-***ec4[root@test-server ~]#
# Issue temporary access key ID
[root@test-server ~]# curl http://169.254.169.254/latest/meta-data/iam/security-credentials/***-***-***-***-***ec4
{
"Type" : "NCP-HMAC",
"AccessKeyId" : "s_***976",
"SecretAccessKey" : "***6ab",
"Expiration" : "2024-05-22T11:50:45Z",
"Token" : "",
"LastUpdated" : "2024-04-21T23:50:45Z",
"Code" : "Success"
}[root@test-server ~]#
Metadata v2
The following is an example of Metadata v2.
The second and subsequent requests in the example use the token generated by the first request, assuming it hasn't expired.
# View item
[root@test-server ~]# TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-NCP-METADATA-TOKEN-TTL-SECONDS: 21600"` \
&& curl -H "X-NCP-METADATA-TOKEN: $TOKEN" http://169.254.169.254/latest/meta-data/iam/
info
security-credentials
# View role details
[root@test-server ~]# curl -H "X-NCP-METADATA-TOKEN: $TOKEN" http://169.254.169.254/latest/meta-data/iam/info
{
"roleId" : "***-***-***-***-***ec4",
"roleName" : "test-role",
"roleType" : "Server",
"createTime" : "2024-05-04T08:24:35Z"
}
# View role ID
[root@test-server ~]# curl -H "X-NCP-METADATA-TOKEN: $TOKEN" http://169.254.169.254/latest/meta-data/iam/security-credentials
***-***-***-***-***ec4[root@test-server ~]#
# Issue temporary access key ID
[root@test-server ~]# curl -H "X-NCP-METADATA-TOKEN: $TOKEN" http://169.254.169.254/latest/meta-data/iam/security-credentials/***-***-***-***-***ec4
{
"Type" : "NCP-HMAC",
"AccessKeyId" : "s_***976",
"SecretAccessKey" : "***6ab",
"Expiration" : "2024-05-22T11:50:45Z",
"Token" : "",
"LastUpdated" : "2024-04-21T23:50:45Z",
"Code" : "Success"
}[root@test-server ~]#
Was this article helpful?