From: Pritha Srivastava <prsrivas@redhat.com>
Date: Wed, 31 Oct 2018 05:52:40 +0000 (+0530)
Subject: rgw: Fixes to STS Lite documentation.
X-Git-Tag: v14.1.0~987^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=d0acc30173597873eec66c28974df1792f0c75a9;p=ceph-ci.git

rgw: Fixes to STS Lite documentation.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
---

diff --git a/doc/radosgw/STSLite.rst b/doc/radosgw/STSLite.rst
index 3ce53a5b38e..e065d4ec969 100644
--- a/doc/radosgw/STSLite.rst
+++ b/doc/radosgw/STSLite.rst
@@ -31,8 +31,7 @@ Parameters:
     **SerialNumber** (String/ Optional): The Id number of the MFA device associated 
     with the user making the GetSessionToken call.
 
-    **TokenCode** (String/ Optional): The value provided by the MFA device, if the 
-    trust policy of the role being assumed requires MFA.
+    **TokenCode** (String/ Optional): The value provided by the MFA device, if MFA is required.
 
 
 2. AssumeRole: Returns a set of temporary credentials that can be used for 
@@ -160,6 +159,31 @@ Keystone.
                     created = bucket['CreationDate'],
     )
 
+4. The following is an example of AssumeRole API call:
+
+.. code-block:: python
+
+    import boto3
+
+    access_key = <ec2 access key>
+    secret_key = <ec2 secret key>
+
+    client = boto3.client('sts',
+    aws_access_key_id=access_key,
+    aws_secret_access_key=secret_key,
+    endpoint_url=<STS URL>,
+    region_name='',
+    )
+
+    response = client.assume_role(
+    RoleArn='arn:aws:iam:::role/application_abc/component_xyz/S3Access',
+    RoleSessionName='Bob',
+    DurationSeconds=3600
+    )
+
+
+Note: A role 'S3Access', needs to be created before calling the AssumeRole API.
+
 Limitations and Workarounds
 ===========================