aws-sdk-core 3.114.1 → 3.130.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e0a8a12f73d360ef7671440e8c21778fe669e12f5d6287d57b822bc5a87afaf5
-  data.tar.gz: e5cdd792aeb4dc751d3be19289e3bb1f050c9a4e89a76ae5ba0fa5426584c4fc
+  metadata.gz: dffefda7cd68861a99856de10c4774c57ffcdb1c3f22d16eacb0a2096a5e5c32
+  data.tar.gz: 60628acc0b4bb23629da2de4b5f821c91037e2e7c0b56b63dbdc4e7b771f2167
 SHA512:
-  metadata.gz: cf782ae6cafb7c11719ae61fa4f8f89feb3fad92777dd18a70d6b8897325731f08be417a3065653d0b69d640fd737633ff55510e2028354d11f9863b7f7198dd
-  data.tar.gz: f2496faf81be7c5616f91ac02fb98e3bf5105bb8c88582c97faad7e23189729ac101d2a598e764143ad701e7b91b21bf44a0d3ad26ed5899a72e5a779d9f8233
+  metadata.gz: 6b16327c66f2fb83c9dceeec13cb5d0f9cbb519b5f999c27aa3e9f0ee0824a0545bc8b5bcc48823242fadf07b03c83fc196207a1806c7f162736bd1073af37db
+  data.tar.gz: 0540f8d1095132e67d9d00841b2c6c594870e5addf3de30a228a0e091bcb83280aef8270a2fe3af31815ea3c354abeebe637fa4aa2d27917e51d201a9c397f2b

data/CHANGELOG.md

@@ -1,6 +1,222 @@
 Unreleased Changes
 ------------------
 
+3.130.1 (2022-04-12)
+------------------
+
+* Issue - Don't call `refresh!` on non-refreshable `Credentials` when retrying errors (#2685).
+
+3.130.0 (2022-03-11)
+------------------
+
+* Feature - Asynchronously refresh AWS credentials (#2641).
+
+* Issue - Add x-amz-region-set to list of headers deleted for re-sign.
+
+3.129.1 (2022-03-10)
+------------------
+
+* Issue - Make stubs thread safe by creating new responses for each operation call (#2675).
+
+3.129.0 (2022-03-08)
+------------------
+
+* Feature - Add support for cases when `InstanceProfileCredentials` (IMDS) is unable to refresh credentials.
+
+3.128.1 (2022-03-07)
+------------------
+
+* Issue - Fixed `Aws::PageableResponse` invalidating Ruby's global constant cache.
+
+3.128.0 (2022-03-04)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.127.0 (2022-02-24)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Support `HttpChecksum` trait for requests and responses.
+
+3.126.2 (2022-02-16)
+------------------
+
+* Issue - Add a before_refresh callback to AssumeRoleCredentials (#2529). 
+* Issue - Raise a `NoSuchProfileError` when config and credentials files don't exist.
+
+3.126.1 (2022-02-14)
+------------------
+
+* Issue - Set `create_time` on IMDS tokens before fetch to reduce chance of using expired tokens and retry failures due to using expired tokens.
+
+3.126.0 (2022-02-03)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Add support for recursion detection.
+
+3.125.6 (2022-02-02)
+------------------
+
+* Issue - Ensure default message for ServiceError is a string (#2643).
+
+3.125.5 (2022-01-19)
+------------------
+
+* Issue - Correctly serialize empty header lists.
+
+3.125.4 (2022-01-18)
+------------------
+
+* Issue - Add `InternalError` to `ErrorInspector` for S3 errors.
+
+
+3.125.3 (2022-01-12)
+------------------
+
+* Issue - Add `ExpiredTokenException` to `ErrorInspector` for Kinesis errors.
+
+3.125.2 (2022-01-10)
+------------------
+
+* Issue - Correctly serialize lists of strings in headers with quotes and commas.
+
+3.125.1 (2022-01-04)
+------------------
+
+* Issue - Parse a response with consecutive spaces correctly when ox is used as the XML parser.
+
+3.125.0 (2021-12-21)
+------------------
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Add `:defaults_mode` configuration - that determines how certain default configuration options are resolved in the SDK.
+
+3.124.0 (2021-11-30)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.123.0 (2021-11-23)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.122.1 (2021-11-09)
+------------------
+
+* Issue - Correctly serialize/deserialize header lists.
+
+3.122.0 (2021-11-04)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Fix parsing of ISO8601 timestamps with millisecond precision in headers.
+
+* Feature - Support modeled dualstack endpoints. It can be configured with shared configuration (`use_dualstack_endpoint`), an ENV variable (`AWS_USE_DUALSTACK_ENDPOINT`), and a constructor option (`:use_dualstack_endpoint`). Requests made to services without a dualstack endpoint will fail.
+
+* Feature - Support modeled fips endpoints. It can be configured with shared configuration (`use_fips_endpoint`), an ENV variable (`AWS_USE_FIPS_ENDPOINT`), and a constructor option (`:use_fips_endpoint`). Requests made to services without a fips endpoint will fail.
+
+3.121.6 (2021-11-02)
+------------------
+
+* Issue - Improve `SSOCredentials` error handling when profile file does not exist (#2605)
+
+3.121.5 (2021-10-29)
+------------------
+
+* Issue - bump minimum version of `aws-partitions` (#2603).
+
+3.121.4 (2021-10-28)
+------------------
+
+* Issue - This version has been yanked. (#2603).
+
+* Issue - use the `EndpointProvider` to lookup signing region and name.
+
+3.121.3 (2021-10-20)
+------------------
+
+* Issue - Use endpointPrefix when looking up the `signing_region` from the `EndpointProvider`.
+
+3.121.2 (2021-10-18)
+------------------
+
+* Issue - Fix an issue where Rest JSON services do not have a `Content-Type` header.
+
+* Issue - Remove blank `Content-Type` header from Net::HTTP handler, and prevent a default from being set.
+
+* Issue - Set `Content-Length` only for HTTP methods that take a body.
+
+3.121.1 (2021-09-24)
+------------------
+
+* Issue - Fix error in finding union member for boolean shapes with `false` values.
+
+3.121.0 (2021-09-02)
+------------------
+
+* Feature - Add support for S3 Multi-region access point configuration.
+
+3.120.0 (2021-09-01)
+------------------
+
+* Feature - AWS SDK for Ruby no longer supports Ruby runtime versions 1.9, 2.0, 2.1, and 2.2.
+
+3.119.1 (2021-08-20)
+------------------
+
+* Issue - Refactored `Aws::Json::Engine` to remove dead code and replaced usage of `JSON.load` with `JSON.parse`.
+
+3.119.0 (2021-07-30)
+------------------
+
+* Feature - Support Document Types. Document types are used to carry open content. A document type value is serialized using the same format as its surroundings and requires no additional encoding or escaping.(#2523)
+
+3.118.0 (2021-07-28)
+------------------
+
+* Feature - Add support for Tagged Unions using a "sealed" classes like approach where each union member has a corresponding subclass.
+
+3.117.0 (2021-07-12)
+------------------
+
+* Feature - Support IPv6 endpoints for `Aws::InstanceProfileCredentials`. It supports two shared configuration options (`ec2_metadata_service_endpoint` & `ec2_metadata_service_endpoint_mode`), two ENV variables (`AWS_EC2_METADATA_SERVICE_ENDPOINT` & `AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE`), and two constructor options (`:endpoint` & `:endpoint_mode`).
+
+* Feature - Support IPv6 endpoint for `Aws::EC2Metadata` client. It can be configured with `:endpoint` or `:endpoint_mode`.
+
+3.116.0 (2021-07-07)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.115.0 (2021-06-23)
+------------------
+
+* Feature - Add support for Assume Role Chaining in profiles. (#2531)
+* Issue - Fixed an issue with `Seahorse::Client::H2::Connection` for non-https endpoints. (#2542)
+
+3.114.3 (2021-06-15)
+------------------
+
+* Issue - Fixed an issue with `Aws::PageableResponse` where it was modifying original params hash, causing frozen hashes to fail.
+
+3.114.2 (2021-06-09)
+------------------
+
+* Issue - Fixed an issue with `Aws::PageableResponse` where intentionally nil tokens were not merged into the params for the next call.
+
 3.114.1 (2021-06-02)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.114.1
+3.130.1

data/lib/aws-defaults/default_configuration.rb

@@ -0,0 +1,153 @@
+# frozen_string_literal: true
+
+require_relative 'defaults_mode_config_resolver'
+
+module Aws
+
+  # A defaults mode determines how certain default configuration options are resolved in the SDK.
+  #
+  # *Note*: For any mode other than `'legacy'` the vended default values might change as best practices may
+  # evolve. As a result, it is encouraged to perform testing when upgrading the SDK if you are using a mode other than
+  # `'legacy'`.  While the `'legacy'` defaults mode is specific to Ruby,
+  # other modes are standardized across all of the AWS SDKs.
+  #
+  #  The defaults mode can be configured:
+  #
+  #  * Directly on a client via `:defaults_mode`
+  #
+  #  * On a configuration profile via the "defaults_mode" profile file property.
+  #
+  #  * Globally via the "AWS_DEFAULTS_MODE" environment variable.
+  #
+  #
+  # @code_generation START - documentation
+  # The following `:default_mode` values are supported:
+  #
+  # * `'standard'` -
+  #   The STANDARD mode provides the latest recommended default values
+  #   that should be safe to run in most scenarios
+  #
+  #   Note that the default values vended from this mode might change as
+  #   best practices may evolve. As a result, it is encouraged to perform
+  #   tests when upgrading the SDK
+  #
+  # * `'in-region'` -
+  #   The IN\_REGION mode builds on the standard mode and includes
+  #   optimization tailored for applications which call AWS services from
+  #   within the same AWS region
+  #
+  #   Note that the default values vended from this mode might change as
+  #   best practices may evolve. As a result, it is encouraged to perform
+  #   tests when upgrading the SDK
+  #
+  # * `'cross-region'` -
+  #   The CROSS\_REGION mode builds on the standard mode and includes
+  #   optimization tailored for applications which call AWS services in a
+  #   different region
+  #
+  #   Note that the default values vended from this mode might change as
+  #   best practices may evolve. As a result, it is encouraged to perform
+  #   tests when upgrading the SDK
+  #
+  # * `'mobile'` -
+  #   The MOBILE mode builds on the standard mode and includes
+  #   optimization tailored for mobile applications
+  #
+  #   Note that the default values vended from this mode might change as
+  #   best practices may evolve. As a result, it is encouraged to perform
+  #   tests when upgrading the SDK
+  #
+  # * `'auto'` -
+  #   The AUTO mode is an experimental mode that builds on the standard
+  #   mode. The SDK will attempt to discover the execution environment to
+  #   determine the appropriate settings automatically.
+  #
+  #   Note that the auto detection is heuristics-based and does not
+  #   guarantee 100% accuracy. STANDARD mode will be used if the execution
+  #   environment cannot be determined. The auto detection might query
+  #   [EC2 Instance Metadata service][1], which might introduce latency.
+  #   Therefore we recommend choosing an explicit defaults\_mode instead
+  #   if startup latency is critical to your application
+  #
+  # * `'legacy'` -
+  #   The LEGACY mode provides default settings that vary per SDK and were
+  #   used prior to establishment of defaults\_mode
+  #
+  # Based on the provided mode, the SDK will vend sensible default values
+  # tailored to the mode for the following settings:
+  #
+  # * `:retry_mode` -
+  #   A retry mode specifies how the SDK attempts retries. See [Retry
+  #   Mode][2]
+  #
+  # * `:sts_regional_endpoints` -
+  #   Specifies how the SDK determines the AWS service endpoint that it
+  #   uses to talk to the AWS Security Token Service (AWS STS). See
+  #   [Setting STS Regional endpoints][3]
+  #
+  # * `:s3_us_east_1_regional_endpoint` -
+  #   Specifies how the SDK determines the AWS service endpoint that it
+  #   uses to talk to the Amazon S3 for the us-east-1 region
+  #
+  # * `:http_open_timeout` -
+  #   The amount of time after making an initial connection attempt on a
+  #   socket, where if the client does not receive a completion of the
+  #   connect handshake, the client gives up and fails the operation
+  #
+  # * `:ssl_timeout` -
+  #   The maximum amount of time that a TLS handshake is allowed to take
+  #   from the time the CLIENT HELLO message is sent to ethe time the
+  #   client and server have fully negotiated ciphers and exchanged keys
+  #
+  #  All options above can be configured by users, and the overridden value will take precedence.
+  #
+  # [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
+  # [2]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-retry_mode.html
+  # [3]: https://docs.aws.amazon.com/sdkref/latest/guide/setting-global-sts_regional_endpoints.html
+  #
+  # @code_generation END - documentation
+  module DefaultsModeConfiguration
+    # @api private
+    # @code_generation START - configuration
+    SDK_DEFAULT_CONFIGURATION = 
+    {
+      "version" => 1,
+      "base" => {
+        "retryMode" => "standard",
+        "stsRegionalEndpoints" => "regional",
+        "s3UsEast1RegionalEndpoints" => "regional",
+        "connectTimeoutInMillis" => 1100,
+        "tlsNegotiationTimeoutInMillis" => 1100
+      },
+      "modes" => {
+        "standard" => {
+          "connectTimeoutInMillis" => {
+            "override" => 3100
+          },
+          "tlsNegotiationTimeoutInMillis" => {
+            "override" => 3100
+          }
+        },
+        "in-region" => {
+        },
+        "cross-region" => {
+          "connectTimeoutInMillis" => {
+            "override" => 3100
+          },
+          "tlsNegotiationTimeoutInMillis" => {
+            "override" => 3100
+          }
+        },
+        "mobile" => {
+          "connectTimeoutInMillis" => {
+            "override" => 30000
+          },
+          "tlsNegotiationTimeoutInMillis" => {
+            "override" => 30000
+          }
+        }
+      }
+    }
+    # @code_generation END - configuration
+  end
+end

data/lib/aws-defaults/defaults_mode_config_resolver.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+module Aws
+  #@api private
+  class DefaultsModeConfigResolver
+
+    @@application_region = nil
+    @@application_region_mutex = Mutex.new
+    @@imds_client = EC2Metadata.new(retries: 0, http_open_timeout: 0.01)
+
+    # mappings from Ruby SDK configuration names to the
+    # sdk defaults option names and (optional) scale modifiers
+    CFG_OPTIONS = {
+      retry_mode: { name: "retryMode" },
+      sts_regional_endpoints: { name: "stsRegionalEndpoints" },
+      s3_us_east_1_regional_endpoint: { name: "s3UsEast1RegionalEndpoints" },
+      http_open_timeout: { name: "connectTimeoutInMillis", scale: 0.001 },
+      http_read_timeout: { name: "timeToFirstByteTimeoutInMillis", scale: 0.001 },
+      ssl_timeout: { name: "tlsNegotiationTimeoutInMillis", scale: 0.001 }
+    }.freeze
+
+    def initialize(sdk_defaults, cfg)
+      @sdk_defaults = sdk_defaults
+      @cfg = cfg
+      @resolved_mode = nil
+      @mutex = Mutex.new
+    end
+
+    # option_name should be the symbolized ruby name to resolve
+    # returns the ruby appropriate value or nil if none are resolved
+    def resolve(option_name)
+      return unless (std_option = CFG_OPTIONS[option_name])
+      mode = resolved_mode.downcase
+
+      return nil if mode == 'legacy'
+
+      value = resolve_for_mode(std_option[:name], mode)
+      value = value * std_option[:scale] if value && std_option[:scale]
+
+      value
+    end
+
+    private
+    def resolved_mode
+      @mutex.synchronize do
+        return @resolved_mode unless @resolved_mode.nil?
+
+        @resolved_mode = @cfg.defaults_mode == 'auto' ? resolve_auto_mode : @cfg.defaults_mode
+      end
+    end
+
+    def resolve_auto_mode
+      return "mobile" if env_mobile?
+
+      region = application_current_region
+
+      if region
+        @cfg.region == region ? "in-region": "cross-region"
+      else
+        # We don't seem to be mobile, and we couldn't determine whether we're running within an AWS region. Fall back to standard.
+        'standard'
+      end
+    end
+
+    def application_current_region
+      resolved_region = @@application_region_mutex.synchronize do
+        return @@application_region unless @@application_region.nil?
+
+        region = nil
+        if ENV['AWS_EXECUTION_ENV']
+          region = ENV['AWS_REGION'] || ENV['AWS_DEFAULT_REGION']
+        end
+
+        if region.nil? && ENV['AWS_EC2_METADATA_DISABLED']&.downcase != "true"
+          begin
+            region = @@imds_client.get('/latest/meta-data/placement/region')
+          rescue
+            # unable to get region, leave it unset
+          end
+        end
+
+        # required so that we cache the unknown/nil result
+        @@application_region = region || :unknown
+      end
+      resolved_region == :unknown ? nil : resolved_region
+    end
+
+    def resolve_for_mode(name, mode)
+      base_value = @sdk_defaults['base'][name]
+      mode_value = @sdk_defaults['modes'].fetch(mode, {})[name]
+
+      if mode_value.nil?
+        return base_value
+      end
+
+      return mode_value['override'] unless mode_value['override'].nil?
+      return base_value + mode_value['add'] unless mode_value['add'].nil?
+      return base_value * mode_value['multiply'] unless mode_value['multiply'].nil?
+      return base_value
+    end
+
+    def env_mobile?
+      false
+    end
+
+  end
+end

data/lib/aws-defaults.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require_relative 'aws-defaults/default_configuration'

data/lib/aws-sdk-core/assume_role_credentials.rb

@@ -17,6 +17,11 @@ module Aws
   #
   # If you omit `:client` option, a new {STS::Client} object will be
   # constructed.
+  #
+  # The AssumeRoleCredentials also provides a `before_refresh` callback
+  # that can be used to help manage refreshing tokens.
+  # `before_refresh` is called when AWS credentials are required and need
+  # to be refreshed and it is called with the AssumeRoleCredentials object.
   class AssumeRoleCredentials
 
     include CredentialProvider
@@ -28,6 +33,16 @@ module Aws
     # @option options [Integer] :duration_seconds
     # @option options [String] :external_id
     # @option options [STS::Client] :client
+    # @option options [Callable] before_refresh Proc called before
+    #   credentials are refreshed.  Useful for updating tokens.
+    #   `before_refresh` is called when AWS credentials are
+    #   required and need to be refreshed. Tokens can be refreshed using
+    #   the following example:
+    #
+    #      before_refresh = Proc.new do |assume_role_credentials| do
+    #        assume_role_credentials.assume_role_params['token_code'] = update_token
+    #      end
+    #
     def initialize(options = {})
       client_opts = {}
       @assume_role_params = {}
@@ -39,12 +54,16 @@ module Aws
         end
       end
       @client = client_opts[:client] || STS::Client.new(client_opts)
+      @async_refresh = true
       super
     end
 
     # @return [STS::Client]
     attr_reader :client
 
+    # @return [Hash]
+    attr_reader :assume_role_params
+
     private
 
     def refresh

data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb

@@ -17,7 +17,7 @@ module Aws
   #       ...
   #     )
   #     For full list of parameters accepted
-  #     @see Aws::STS::Client#assume_role_with_web_identity 
+  #     @see Aws::STS::Client#assume_role_with_web_identity
   #
   #
   # If you omit `:client` option, a new {STS::Client} object will be
@@ -39,10 +39,16 @@ module Aws
     #   encoded UUID is generated as the session name
     #
     # @option options [STS::Client] :client
+    #
+    # @option options [Callable] before_refresh Proc called before
+    #   credentials are refreshed. `before_refresh` is called
+    #   with an instance of this object when
+    #   AWS credentials are required and need to be refreshed.
     def initialize(options = {})
       client_opts = {}
       @assume_role_web_identity_params = {}
       @token_file = options.delete(:web_identity_token_file)
+      @async_refresh = true
       options.each_pair do |key, value|
         if self.class.assume_role_web_identity_options.include?(key)
           @assume_role_web_identity_params[key] = value

data/lib/aws-sdk-core/client_stubs.rb

@@ -262,13 +262,17 @@ module Aws
     end
 
     def convert_stub(operation_name, stub)
-      case stub
+      stub = case stub
       when Proc then stub
       when Exception, Class then { error: stub }
       when String then service_error_stub(stub)
       when Hash then http_response_stub(operation_name, stub)
       else { data: stub }
       end
+      if Hash === stub
+        stub[:mutex] = Mutex.new
+      end
+      stub
     end
 
     def service_error_stub(error_code)

data/lib/aws-sdk-core/credential_provider_chain.rb

@@ -160,10 +160,11 @@ module Aws
     end
 
     def instance_profile_credentials(options)
+      profile_name = determine_profile_name(options)
       if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
         ECSCredentials.new(options)
       else
-        InstanceProfileCredentials.new(options)
+        InstanceProfileCredentials.new(options.merge(profile: profile_name))
       end
     end
 

data/lib/aws-sdk-core/ec2_metadata.rb

@@ -39,7 +39,11 @@ module Aws
     #   defaulting to 6 hours.
     # @option options [Integer] :retries (3) The number of retries for failed
     #   requests.
-    # @option options [String] :endpoint (169.254.169.254) The IMDS endpoint.
+    # @option options [String] :endpoint ('http://169.254.169.254') The IMDS
+    #   endpoint. This option has precedence over the :endpoint_mode.
+    # @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
+    #   the instance metadata service. This is either 'IPv4'
+    #   ('http://169.254.169.254') or 'IPv6' ('http://[fd00:ec2::254]').
     # @option options [Integer] :port (80) The IMDS endpoint port.
     # @option options [Integer] :http_open_timeout (1) The number of seconds to
     #   wait for the connection to open.
@@ -55,7 +59,8 @@ module Aws
       @retries = options[:retries] || 3
       @backoff = backoff(options[:backoff])
 
-      @endpoint = options[:endpoint] || '169.254.169.254'
+      endpoint_mode = options[:endpoint_mode] || 'IPv4'
+      @endpoint = resolve_endpoint(options[:endpoint], endpoint_mode)
       @port = options[:port] || 80
 
       @http_open_timeout = options[:http_open_timeout] || 1
@@ -76,7 +81,7 @@ module Aws
     #   ec2_metadata.get('/latest/meta-data/instance-id')
     #   => "i-023a25f10a73a0f79"
     #
-    # @Note This implementation always returns a String and will not parse any
+    # @note This implementation always returns a String and will not parse any
     #   responses. Parsable responses may include JSON objects or directory
     #   listings, which are strings separated by line feeds (ASCII 10).
     #
@@ -93,7 +98,7 @@ module Aws
     #   listing.split(10.chr)
     #   => ["ami-id", "ami-launch-index", ...]
     #
-    # @Note Unlike other services, IMDS does not have a service API model. This
+    # @note Unlike other services, IMDS does not have a service API model. This
     #   means that we cannot confidently generate code with methods and
     #   response structures. This implementation ensures that new IMDS features
     #   are always supported by being deployed to the instance and does not
@@ -116,10 +121,24 @@ module Aws
 
     private
 
+    def resolve_endpoint(endpoint, endpoint_mode)
+      return endpoint if endpoint
+
+      case endpoint_mode.downcase
+      when 'ipv4' then 'http://169.254.169.254'
+      when 'ipv6' then 'http://[fd00:ec2::254]'
+      else
+        raise ArgumentError,
+              ':endpoint_mode is not valid, expected IPv4 or IPv6, '\
+              "got: #{endpoint_mode}"
+      end
+    end
+
     def fetch_token
       open_connection do |conn|
+        created_time = Time.now
         token_value, token_ttl = http_put(conn, @token_ttl)
-        @token = Token.new(value: token_value, ttl: token_ttl)
+        @token = Token.new(value: token_value, ttl: token_ttl, created_time: created_time)
       end
     end
 
@@ -163,7 +182,8 @@ module Aws
     end
 
     def open_connection
-      http = Net::HTTP.new(@endpoint, @port, nil)
+      uri = URI.parse(@endpoint)
+      http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
       http.open_timeout = @http_open_timeout
       http.read_timeout = @http_read_timeout
       http.set_debug_output(@http_debug_output) if @http_debug_output
@@ -203,7 +223,7 @@ module Aws
       def initialize(options = {})
         @ttl   = options[:ttl]
         @value = options[:value]
-        @created_time = Time.now
+        @created_time = options[:created_time] || Time.now
       end
 
       # [String] Returns the token value.