fog--fog/lib/fog/aws/credential_fetcher.rb

require 'net/http'
require 'uri'
require 'fog/core/json'
module Fog
  module AWS
    module CredentialFetcher
      INSTANCE_METADATA_URI = "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
      module ServiceMethods
        def fetch_credentials(options)
          if options[:use_iam_profile]
            begin
              role_name = Net::HTTP.get_response(URI.parse(INSTANCE_METADATA_URI))
              role_name.error! unless role_name.is_a?(Net::HTTPSuccess)
              role_data = Net::HTTP.get_response(URI.parse(INSTANCE_METADATA_URI+role_name.body))
              role_data.error! unless role_data.is_a?(Net::HTTPSuccess)

              session = Fog::JSON.decode(role_data.body)
              credentials = {}
              credentials[:aws_access_key_id] = session['AccessKeyId']  
              credentials[:aws_secret_access_key] = session['SecretAccessKey']
              credentials[:aws_session_token] = session['Token']
              credentials[:aws_credentials_expire_at] = Time.xmlschema session['Expiration']
              #these indicate the metadata service is unavailable or has no profile setup
              credentials
            rescue Errno::EHOSTUNREACH, Errno::ECONNREFUSED, SocketError, Timeout::Error, Net::HTTPError, Net::HTTPServerException => e
              Fog::Logger.warning("Unable to fetch credentuals: #{e.message}")
              super
            end
          else
            super
          end
        end
      end

      module ConnectionMethods
        
        def refresh_credentials_if_expired
          refresh_credentials if credentials_expired?
        end

        private

        def credentials_expired?
          @use_iam_profile && 
            (!@aws_credentials_expire_at || 
             (@aws_credentials_expire_at && Fog::Time.now > @aws_credentials_expire_at - 15)) #new credentials become available from around 5 minutes before expiration time
        end

        def refresh_credentials
          if @use_iam_profile
            new_credentials = service.fetch_credentials :use_iam_profile => @use_iam_profile
            if new_credentials.any?
              setup_credentials new_credentials
              return true
            else
              false
            end
          else
            false
          end
        end
      end
    end
  end
end
start an instance with an IAM profile and access the credentials 2012-06-18 04:44:51 -04:00			`require 'net/http'`
			`require 'uri'`
			`require 'fog/core/json'`
			`module Fog`
			`module AWS`
			`module CredentialFetcher`
			`INSTANCE_METADATA_URI = "http://169.254.169.254/latest/meta-data/iam/security-credentials/"`
			`module ServiceMethods`
			`def fetch_credentials(options)`
			`if options[:use_iam_profile]`
			`begin`
			`role_name = Net::HTTP.get_response(URI.parse(INSTANCE_METADATA_URI))`
			`role_name.error! unless role_name.is_a?(Net::HTTPSuccess)`
			`role_data = Net::HTTP.get_response(URI.parse(INSTANCE_METADATA_URI+role_name.body))`
			`role_data.error! unless role_data.is_a?(Net::HTTPSuccess)`

			`session = Fog::JSON.decode(role_data.body)`
			`credentials = {}`
			`credentials[:aws_access_key_id] = session['AccessKeyId']`
			`credentials[:aws_secret_access_key] = session['SecretAccessKey']`
			`credentials[:aws_session_token] = session['Token']`
			`credentials[:aws_credentials_expire_at] = Time.xmlschema session['Expiration']`
			`#these indicate the metadata service is unavailable or has no profile setup`
			`credentials`
			`rescue Errno::EHOSTUNREACH, Errno::ECONNREFUSED, SocketError, Timeout::Error, Net::HTTPError, Net::HTTPServerException => e`
			`Fog::Logger.warning("Unable to fetch credentuals: #{e.message}")`
			`super`
			`end`
			`else`
			`super`
			`end`
			`end`
			`end`

			`module ConnectionMethods`

			`def refresh_credentials_if_expired`
			`refresh_credentials if credentials_expired?`
			`end`

			`private`

			`def credentials_expired?`
			`@use_iam_profile &&`
			`(!@aws_credentials_expire_at \|\|`
			`(@aws_credentials_expire_at && Fog::Time.now > @aws_credentials_expire_at - 15)) #new credentials become available from around 5 minutes before expiration time`
			`end`

			`def refresh_credentials`
			`if @use_iam_profile`
			`new_credentials = service.fetch_credentials :use_iam_profile => @use_iam_profile`
			`if new_credentials.any?`
			`setup_credentials new_credentials`
			`return true`
			`else`
			`false`
			`end`
			`else`
			`false`
			`end`
			`end`
			`end`
			`end`
			`end`
			`end`