aws-sdk-core 2.8.4 → 3.129.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +1287 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/ca-bundle.crt +3615 -3541
- data/lib/aws-defaults/default_configuration.rb +153 -0
- data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
- data/lib/aws-defaults.rb +3 -0
- data/lib/aws-sdk-core/arn.rb +92 -0
- data/lib/aws-sdk-core/arn_parser.rb +40 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +20 -0
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +109 -0
- data/lib/aws-sdk-core/async_client_stubs.rb +82 -0
- data/lib/aws-sdk-core/binary/decode_handler.rb +58 -0
- data/lib/aws-sdk-core/binary/encode_handler.rb +34 -0
- data/lib/aws-sdk-core/binary/event_builder.rb +124 -0
- data/lib/aws-sdk-core/binary/event_parser.rb +136 -0
- data/lib/aws-sdk-core/binary/event_stream_decoder.rb +64 -0
- data/lib/aws-sdk-core/binary/event_stream_encoder.rb +55 -0
- data/lib/aws-sdk-core/binary.rb +8 -0
- data/lib/aws-sdk-core/client_side_monitoring/publisher.rb +51 -0
- data/lib/aws-sdk-core/client_side_monitoring/request_metrics.rb +199 -0
- data/lib/aws-sdk-core/client_stubs.rb +69 -12
- data/lib/aws-sdk-core/credential_provider.rb +2 -29
- data/lib/aws-sdk-core/credential_provider_chain.rb +111 -32
- data/lib/aws-sdk-core/credentials.rb +2 -0
- data/lib/aws-sdk-core/deprecations.rb +17 -11
- data/lib/aws-sdk-core/eager_loader.rb +2 -0
- data/lib/aws-sdk-core/ec2_metadata.rb +238 -0
- data/lib/aws-sdk-core/ecs_credentials.rb +20 -11
- data/lib/aws-sdk-core/endpoint_cache.rb +193 -0
- data/lib/aws-sdk-core/errors.rb +227 -18
- data/lib/aws-sdk-core/event_emitter.rb +64 -0
- data/lib/aws-sdk-core/ini_parser.rb +3 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +237 -45
- data/lib/aws-sdk-core/json/builder.rb +6 -2
- data/lib/aws-sdk-core/json/error_handler.rb +21 -2
- data/lib/aws-sdk-core/json/handler.rb +24 -3
- data/lib/aws-sdk-core/json/json_engine.rb +12 -8
- data/lib/aws-sdk-core/json/oj_engine.rb +35 -6
- data/lib/aws-sdk-core/json/parser.rb +11 -1
- data/lib/aws-sdk-core/json.rb +15 -33
- data/lib/aws-sdk-core/log/formatter.rb +16 -4
- data/lib/aws-sdk-core/log/handler.rb +2 -0
- data/lib/aws-sdk-core/log/param_filter.rb +41 -15
- data/lib/aws-sdk-core/log/param_formatter.rb +2 -0
- data/lib/aws-sdk-core/pageable_response.rb +112 -47
- data/lib/aws-sdk-core/pager.rb +35 -25
- data/lib/aws-sdk-core/param_converter.rb +5 -3
- data/lib/aws-sdk-core/param_validator.rb +109 -26
- data/lib/aws-sdk-core/plugins/api_key.rb +56 -0
- data/lib/aws-sdk-core/plugins/apig_authorizer_token.rb +32 -0
- data/lib/aws-sdk-core/plugins/apig_credentials_configuration.rb +36 -0
- data/lib/aws-sdk-core/plugins/apig_user_agent.rb +39 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +283 -0
- data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +86 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +81 -0
- data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +168 -0
- data/lib/aws-sdk-core/plugins/endpoint_pattern.rb +65 -0
- data/lib/aws-sdk-core/plugins/event_stream_configuration.rb +32 -0
- data/lib/aws-sdk-core/plugins/global_configuration.rb +21 -10
- data/lib/aws-sdk-core/plugins/helpful_socket_errors.rb +2 -0
- data/lib/aws-sdk-core/plugins/http_checksum.rb +64 -0
- data/lib/aws-sdk-core/plugins/idempotency_token.rb +3 -2
- data/lib/aws-sdk-core/plugins/invocation_id.rb +35 -0
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +31 -0
- data/lib/aws-sdk-core/plugins/logging.rb +20 -18
- data/lib/aws-sdk-core/plugins/param_converter.rb +11 -5
- data/lib/aws-sdk-core/plugins/param_validator.rb +10 -5
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +29 -0
- data/lib/aws-sdk-core/plugins/protocols/ec2.rb +4 -1
- data/lib/aws-sdk-core/plugins/protocols/json_rpc.rb +15 -12
- data/lib/aws-sdk-core/plugins/protocols/query.rb +4 -2
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +18 -1
- data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +2 -0
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +27 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +96 -28
- data/lib/aws-sdk-core/plugins/response_paging.rb +8 -19
- data/lib/aws-sdk-core/plugins/retries/client_rate_limiter.rb +139 -0
- data/lib/aws-sdk-core/plugins/retries/clock_skew.rb +100 -0
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +146 -0
- data/lib/aws-sdk-core/plugins/retries/retry_quota.rb +59 -0
- data/lib/aws-sdk-core/plugins/retry_errors.rb +342 -82
- data/lib/aws-sdk-core/plugins/signature_v2.rb +53 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +144 -0
- data/lib/aws-sdk-core/plugins/stub_responses.rb +44 -18
- data/lib/aws-sdk-core/plugins/transfer_encoding.rb +53 -0
- data/lib/aws-sdk-core/plugins/user_agent.rb +25 -10
- data/lib/aws-sdk-core/process_credentials.rb +81 -0
- data/lib/aws-sdk-core/query/ec2_param_builder.rb +11 -3
- data/lib/aws-sdk-core/query/handler.rb +22 -16
- data/lib/aws-sdk-core/query/param.rb +2 -0
- data/lib/aws-sdk-core/query/param_builder.rb +12 -4
- data/lib/aws-sdk-core/query/param_list.rb +2 -0
- data/lib/aws-sdk-core/query.rb +7 -0
- data/lib/aws-sdk-core/refreshing_credentials.rb +16 -3
- data/lib/aws-sdk-core/resources/collection.rb +123 -0
- data/lib/aws-sdk-core/rest/handler.rb +3 -0
- data/lib/aws-sdk-core/rest/request/body.rb +21 -1
- data/lib/aws-sdk-core/rest/request/builder.rb +4 -1
- data/lib/aws-sdk-core/rest/request/endpoint.rb +13 -6
- data/lib/aws-sdk-core/rest/request/headers.rb +38 -5
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +17 -2
- data/lib/aws-sdk-core/rest/response/body.rb +16 -1
- data/lib/aws-sdk-core/rest/response/headers.rb +13 -1
- data/lib/aws-sdk-core/rest/response/parser.rb +20 -14
- data/lib/aws-sdk-core/rest/response/status_code.rb +2 -0
- data/lib/aws-sdk-core/rest.rb +12 -0
- data/lib/aws-sdk-core/shared_config.rb +205 -69
- data/lib/aws-sdk-core/shared_credentials.rb +11 -1
- data/lib/aws-sdk-core/sso_credentials.rb +136 -0
- data/lib/aws-sdk-core/structure.rb +33 -13
- data/lib/aws-sdk-core/stubbing/data_applicator.rb +3 -1
- data/lib/aws-sdk-core/stubbing/empty_stub.rb +12 -3
- data/lib/aws-sdk-core/stubbing/protocols/api_gateway.rb +10 -0
- data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +3 -1
- data/lib/aws-sdk-core/stubbing/protocols/json.rb +3 -1
- data/lib/aws-sdk-core/stubbing/protocols/query.rb +4 -2
- data/lib/aws-sdk-core/stubbing/protocols/rest.rb +120 -2
- data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +8 -2
- data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +11 -7
- data/lib/aws-sdk-core/stubbing/stub_data.rb +18 -3
- data/lib/aws-sdk-core/stubbing/xml_error.rb +2 -0
- data/lib/aws-sdk-core/type_builder.rb +2 -0
- data/lib/aws-sdk-core/util.rb +72 -0
- data/lib/aws-sdk-core/waiters/errors.rb +2 -0
- data/lib/aws-sdk-core/waiters/poller.rb +7 -9
- data/lib/aws-sdk-core/waiters/waiter.rb +5 -2
- data/lib/aws-sdk-core/waiters.rb +5 -0
- data/lib/aws-sdk-core/xml/builder.rb +15 -7
- data/lib/aws-sdk-core/xml/default_list.rb +2 -0
- data/lib/aws-sdk-core/xml/default_map.rb +2 -0
- data/lib/aws-sdk-core/xml/doc_builder.rb +15 -4
- data/lib/aws-sdk-core/xml/error_handler.rb +30 -6
- data/lib/aws-sdk-core/xml/parser/engines/libxml.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/nokogiri.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/ox.rb +7 -1
- data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +4 -1
- data/lib/aws-sdk-core/xml/parser/frame.rb +31 -6
- data/lib/aws-sdk-core/xml/parser/parsing_error.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
- data/lib/aws-sdk-core/xml/parser.rb +8 -11
- data/lib/aws-sdk-core/xml.rb +11 -0
- data/lib/aws-sdk-core.rb +112 -440
- data/lib/aws-sdk-sso/client.rb +570 -0
- data/lib/aws-sdk-sso/client_api.rb +190 -0
- data/lib/aws-sdk-sso/customizations.rb +1 -0
- data/lib/aws-sdk-sso/errors.rb +102 -0
- data/lib/aws-sdk-sso/resource.rb +26 -0
- data/lib/aws-sdk-sso/types.rb +352 -0
- data/lib/aws-sdk-sso.rb +55 -0
- data/lib/aws-sdk-sts/client.rb +2315 -0
- data/lib/aws-sdk-sts/client_api.rb +344 -0
- data/lib/aws-sdk-sts/customizations.rb +4 -0
- data/lib/aws-sdk-sts/errors.rb +166 -0
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +38 -0
- data/lib/aws-sdk-sts/presigner.rb +75 -0
- data/lib/aws-sdk-sts/resource.rb +26 -0
- data/lib/aws-sdk-sts/types.rb +1673 -0
- data/lib/aws-sdk-sts.rb +55 -0
- data/lib/seahorse/client/async_base.rb +52 -0
- data/lib/seahorse/client/async_response.rb +64 -0
- data/lib/seahorse/client/base.rb +8 -9
- data/lib/seahorse/client/block_io.rb +6 -2
- data/lib/seahorse/client/configuration.rb +16 -2
- data/lib/seahorse/client/events.rb +3 -1
- data/lib/seahorse/client/h2/connection.rb +250 -0
- data/lib/seahorse/client/h2/handler.rb +152 -0
- data/lib/seahorse/client/handler.rb +2 -0
- data/lib/seahorse/client/handler_builder.rb +2 -0
- data/lib/seahorse/client/handler_list.rb +2 -0
- data/lib/seahorse/client/handler_list_entry.rb +6 -4
- data/lib/seahorse/client/http/async_response.rb +44 -0
- data/lib/seahorse/client/http/headers.rb +2 -0
- data/lib/seahorse/client/http/request.rb +5 -3
- data/lib/seahorse/client/http/response.rb +18 -11
- data/lib/seahorse/client/logging/formatter.rb +9 -1
- data/lib/seahorse/client/logging/handler.rb +4 -0
- data/lib/seahorse/client/managed_file.rb +2 -0
- data/lib/seahorse/client/net_http/connection_pool.rb +46 -27
- data/lib/seahorse/client/net_http/handler.rb +29 -7
- data/lib/seahorse/client/net_http/patches.rb +18 -79
- data/lib/seahorse/client/networking_error.rb +30 -0
- data/lib/seahorse/client/plugin.rb +69 -6
- data/lib/seahorse/client/plugin_list.rb +2 -0
- data/lib/seahorse/client/plugins/content_length.rb +14 -3
- data/lib/seahorse/client/plugins/endpoint.rb +16 -10
- data/lib/seahorse/client/plugins/h2.rb +69 -0
- data/lib/seahorse/client/plugins/logging.rb +19 -19
- data/lib/seahorse/client/plugins/net_http.rb +58 -14
- data/lib/seahorse/client/plugins/operation_methods.rb +2 -0
- data/lib/seahorse/client/plugins/raise_response_errors.rb +6 -4
- data/lib/seahorse/client/plugins/request_callback.rb +110 -0
- data/lib/seahorse/client/plugins/response_target.rb +28 -10
- data/lib/seahorse/client/request.rb +2 -0
- data/lib/seahorse/client/request_context.rb +7 -0
- data/lib/seahorse/client/response.rb +5 -5
- data/lib/seahorse/model/api.rb +43 -0
- data/lib/seahorse/model/authorizer.rb +23 -0
- data/lib/seahorse/model/operation.rb +28 -0
- data/lib/seahorse/model/shapes.rb +71 -2
- data/lib/seahorse/util.rb +9 -22
- data/lib/seahorse/version.rb +2 -0
- data/lib/seahorse.rb +63 -60
- metadata +132 -520
- data/apis/acm/2015-12-08/api-2.json +0 -595
- data/apis/acm/2015-12-08/examples-1.json +0 -5
- data/apis/acm/2015-12-08/paginators-1.json +0 -10
- data/apis/apigateway/2015-07-09/api-2.json +0 -4523
- data/apis/apigateway/2015-07-09/examples-1.json +0 -5
- data/apis/apigateway/2015-07-09/paginators-1.json +0 -70
- data/apis/application-autoscaling/2016-02-06/api-2.json +0 -511
- data/apis/application-autoscaling/2016-02-06/examples-1.json +0 -257
- data/apis/application-autoscaling/2016-02-06/paginators-1.json +0 -22
- data/apis/appstream/2016-12-01/api-2.json +0 -820
- data/apis/appstream/2016-12-01/examples-1.json +0 -5
- data/apis/appstream/2016-12-01/waiters-2.json +0 -55
- data/apis/autoscaling/2011-01-01/api-2.json +0 -2172
- data/apis/autoscaling/2011-01-01/examples-1.json +0 -1395
- data/apis/autoscaling/2011-01-01/paginators-1.json +0 -52
- data/apis/autoscaling/2011-01-01/resources-1.json +0 -1624
- data/apis/autoscaling/2011-01-01/waiters-2.json +0 -62
- data/apis/batch/2016-08-10/api-2.json +0 -885
- data/apis/batch/2016-08-10/examples-1.json +0 -589
- data/apis/budgets/2016-10-20/api-2.json +0 -697
- data/apis/budgets/2016-10-20/examples-1.json +0 -5
- data/apis/budgets/2016-10-20/paginators-1.json +0 -4
- data/apis/clouddirectory/2016-05-10/api-2.json +0 -3033
- data/apis/clouddirectory/2016-05-10/examples-1.json +0 -5
- data/apis/clouddirectory/2016-05-10/paginators-1.json +0 -84
- data/apis/cloudformation/2010-05-15/api-2.json +0 -1428
- data/apis/cloudformation/2010-05-15/examples-1.json +0 -158
- data/apis/cloudformation/2010-05-15/paginators-1.json +0 -27
- data/apis/cloudformation/2010-05-15/resources-1.json +0 -211
- data/apis/cloudformation/2010-05-15/waiters-2.json +0 -157
- data/apis/cloudfront/2016-01-28/api-2.json +0 -2219
- data/apis/cloudfront/2016-01-28/examples-1.json +0 -5
- data/apis/cloudfront/2016-01-28/paginators-1.json +0 -32
- data/apis/cloudfront/2016-01-28/waiters-2.json +0 -47
- data/apis/cloudfront/2016-08-01/api-2.json +0 -2548
- data/apis/cloudfront/2016-08-01/examples-1.json +0 -5
- data/apis/cloudfront/2016-08-01/paginators-1.json +0 -32
- data/apis/cloudfront/2016-08-01/waiters-2.json +0 -47
- data/apis/cloudfront/2016-08-20/api-2.json +0 -2586
- data/apis/cloudfront/2016-08-20/paginators-1.json +0 -32
- data/apis/cloudfront/2016-08-20/waiters-2.json +0 -47
- data/apis/cloudfront/2016-09-07/api-2.json +0 -2596
- data/apis/cloudfront/2016-09-07/examples-1.json +0 -5
- data/apis/cloudfront/2016-09-07/paginators-1.json +0 -32
- data/apis/cloudfront/2016-09-07/waiters-2.json +0 -47
- data/apis/cloudfront/2016-09-29/api-2.json +0 -2599
- data/apis/cloudfront/2016-09-29/examples-1.json +0 -5
- data/apis/cloudfront/2016-09-29/paginators-1.json +0 -32
- data/apis/cloudfront/2016-09-29/waiters-2.json +0 -47
- data/apis/cloudfront/2016-11-25/api-2.json +0 -2665
- data/apis/cloudfront/2016-11-25/examples-1.json +0 -5
- data/apis/cloudfront/2016-11-25/paginators-1.json +0 -32
- data/apis/cloudfront/2016-11-25/waiters-2.json +0 -47
- data/apis/cloudhsm/2014-05-30/api-2.json +0 -878
- data/apis/cloudhsm/2014-05-30/examples-1.json +0 -5
- data/apis/cloudsearch/2013-01-01/api-2.json +0 -2002
- data/apis/cloudsearch/2013-01-01/paginators-1.json +0 -20
- data/apis/cloudsearchdomain/2013-01-01/api-2.json +0 -374
- data/apis/cloudsearchdomain/2013-01-01/examples-1.json +0 -5
- data/apis/cloudtrail/2013-11-01/api-2.json +0 -907
- data/apis/cloudtrail/2013-11-01/examples-1.json +0 -5
- data/apis/cloudtrail/2013-11-01/paginators-1.json +0 -13
- data/apis/codebuild/2016-10-06/api-2.json +0 -702
- data/apis/codebuild/2016-10-06/examples-1.json +0 -5
- data/apis/codebuild/2016-10-06/paginators-1.json +0 -4
- data/apis/codecommit/2015-04-13/api-2.json +0 -1112
- data/apis/codecommit/2015-04-13/examples-1.json +0 -5
- data/apis/codecommit/2015-04-13/paginators-1.json +0 -19
- data/apis/codedeploy/2014-10-06/api-2.json +0 -2300
- data/apis/codedeploy/2014-10-06/examples-1.json +0 -5
- data/apis/codedeploy/2014-10-06/paginators-1.json +0 -4
- data/apis/codedeploy/2014-10-06/waiters-2.json +0 -30
- data/apis/codepipeline/2015-07-09/api-2.json +0 -1714
- data/apis/codepipeline/2015-07-09/examples-1.json +0 -5
- data/apis/cognito-identity/2014-06-30/api-2.json +0 -943
- data/apis/cognito-identity/2014-06-30/examples-1.json +0 -5
- data/apis/cognito-identity/2014-06-30/paginators-1.json +0 -4
- data/apis/cognito-idp/2016-04-18/api-2.json +0 -3325
- data/apis/cognito-idp/2016-04-18/examples-1.json +0 -5
- data/apis/cognito-sync/2014-06-30/api-2.json +0 -1875
- data/apis/config/2014-11-12/api-2.json +0 -1417
- data/apis/config/2014-11-12/examples-1.json +0 -5
- data/apis/config/2014-11-12/paginators-1.json +0 -10
- data/apis/cur/2017-01-06/api-2.json +0 -226
- data/apis/cur/2017-01-06/examples-1.json +0 -5
- data/apis/cur/2017-01-06/paginators-1.json +0 -9
- data/apis/datapipeline/2012-10-29/api-2.json +0 -1168
- data/apis/datapipeline/2012-10-29/paginators-1.json +0 -26
- data/apis/devicefarm/2015-06-23/api-2.json +0 -2031
- data/apis/devicefarm/2015-06-23/examples-1.json +0 -1242
- data/apis/devicefarm/2015-06-23/paginators-1.json +0 -74
- data/apis/directconnect/2012-10-25/api-2.json +0 -1347
- data/apis/directconnect/2012-10-25/examples-1.json +0 -5
- data/apis/directconnect/2012-10-25/paginators-1.json +0 -22
- data/apis/discovery/2015-11-01/api-2.json +0 -867
- data/apis/discovery/2015-11-01/examples-1.json +0 -5
- data/apis/dms/2016-01-01/api-2.json +0 -1505
- data/apis/dms/2016-01-01/examples-1.json +0 -5
- data/apis/ds/2015-04-16/api-2.json +0 -1972
- data/apis/ds/2015-04-16/examples-1.json +0 -5
- data/apis/dynamodb/2011-12-05/api-2.json +0 -802
- data/apis/dynamodb/2011-12-05/examples-1.json +0 -5
- data/apis/dynamodb/2011-12-05/paginators-1.json +0 -26
- data/apis/dynamodb/2011-12-05/waiters-2.json +0 -35
- data/apis/dynamodb/2012-08-10/api-2.json +0 -1405
- data/apis/dynamodb/2012-08-10/examples-1.json +0 -628
- data/apis/dynamodb/2012-08-10/paginators-1.json +0 -26
- data/apis/dynamodb/2012-08-10/resources-1.json +0 -136
- data/apis/dynamodb/2012-08-10/waiters-2.json +0 -35
- data/apis/ec2/2015-10-01/api-2.json +0 -13760
- data/apis/ec2/2015-10-01/examples-1.json +0 -5
- data/apis/ec2/2015-10-01/paginators-1.json +0 -138
- data/apis/ec2/2015-10-01/resources-1.json +0 -2582
- data/apis/ec2/2015-10-01/waiters-2.json +0 -593
- data/apis/ec2/2016-04-01/api-2.json +0 -14191
- data/apis/ec2/2016-04-01/examples-1.json +0 -3729
- data/apis/ec2/2016-04-01/paginators-1.json +0 -138
- data/apis/ec2/2016-04-01/resources-1.json +0 -2582
- data/apis/ec2/2016-04-01/waiters-2.json +0 -593
- data/apis/ec2/2016-09-15/api-2.json +0 -14415
- data/apis/ec2/2016-09-15/examples-1.json +0 -3740
- data/apis/ec2/2016-09-15/paginators-1.json +0 -138
- data/apis/ec2/2016-09-15/resources-1.json +0 -2582
- data/apis/ec2/2016-09-15/waiters-2.json +0 -593
- data/apis/ec2/2016-11-15/api-2.json +0 -15373
- data/apis/ec2/2016-11-15/examples-1.json +0 -3740
- data/apis/ec2/2016-11-15/paginators-1.json +0 -144
- data/apis/ec2/2016-11-15/resources-1.json +0 -2582
- data/apis/ec2/2016-11-15/waiters-2.json +0 -611
- data/apis/ecr/2015-09-21/api-2.json +0 -947
- data/apis/ecr/2015-09-21/examples-1.json +0 -215
- data/apis/ecr/2015-09-21/paginators-1.json +0 -22
- data/apis/ecs/2014-11-13/api-2.json +0 -1625
- data/apis/ecs/2014-11-13/examples-1.json +0 -883
- data/apis/ecs/2014-11-13/paginators-1.json +0 -40
- data/apis/ecs/2014-11-13/waiters-2.json +0 -93
- data/apis/elasticache/2015-02-02/api-2.json +0 -2474
- data/apis/elasticache/2015-02-02/examples-1.json +0 -2968
- data/apis/elasticache/2015-02-02/paginators-1.json +0 -76
- data/apis/elasticache/2015-02-02/waiters-2.json +0 -143
- data/apis/elasticbeanstalk/2010-12-01/api-2.json +0 -2332
- data/apis/elasticbeanstalk/2010-12-01/examples-1.json +0 -1109
- data/apis/elasticbeanstalk/2010-12-01/paginators-1.json +0 -25
- data/apis/elasticfilesystem/2015-02-01/api-2.json +0 -714
- data/apis/elasticfilesystem/2015-02-01/examples-1.json +0 -222
- data/apis/elasticloadbalancing/2012-06-01/api-2.json +0 -1590
- data/apis/elasticloadbalancing/2012-06-01/examples-1.json +0 -1036
- data/apis/elasticloadbalancing/2012-06-01/paginators-1.json +0 -18
- data/apis/elasticloadbalancing/2012-06-01/waiters-2.json +0 -49
- data/apis/elasticloadbalancingv2/2015-12-01/api-2.json +0 -1823
- data/apis/elasticloadbalancingv2/2015-12-01/examples-1.json +0 -1384
- data/apis/elasticloadbalancingv2/2015-12-01/paginators-1.json +0 -19
- data/apis/elasticmapreduce/2009-03-31/api-2.json +0 -1794
- data/apis/elasticmapreduce/2009-03-31/examples-1.json +0 -5
- data/apis/elasticmapreduce/2009-03-31/paginators-1.json +0 -32
- data/apis/elasticmapreduce/2009-03-31/waiters-2.json +0 -67
- data/apis/elastictranscoder/2012-09-25/api-2.json +0 -1483
- data/apis/elastictranscoder/2012-09-25/examples-1.json +0 -5
- data/apis/elastictranscoder/2012-09-25/paginators-1.json +0 -24
- data/apis/elastictranscoder/2012-09-25/waiters-2.json +0 -30
- data/apis/email/2010-12-01/api-2.json +0 -2212
- data/apis/email/2010-12-01/examples-1.json +0 -953
- data/apis/email/2010-12-01/paginators-1.json +0 -13
- data/apis/email/2010-12-01/waiters-2.json +0 -18
- data/apis/es/2015-01-01/api-2.json +0 -862
- data/apis/es/2015-01-01/examples-1.json +0 -5
- data/apis/es/2015-01-01/paginators-1.json +0 -14
- data/apis/events/2015-10-07/api-2.json +0 -644
- data/apis/events/2015-10-07/examples-1.json +0 -5
- data/apis/firehose/2015-08-04/api-2.json +0 -866
- data/apis/firehose/2015-08-04/examples-1.json +0 -5
- data/apis/gamelift/2015-10-01/api-2.json +0 -2256
- data/apis/gamelift/2015-10-01/examples-1.json +0 -5
- data/apis/gamelift/2015-10-01/paginators-1.json +0 -4
- data/apis/glacier/2012-06-01/api-2.json +0 -1734
- data/apis/glacier/2012-06-01/examples-1.json +0 -806
- data/apis/glacier/2012-06-01/paginators-1.json +0 -28
- data/apis/glacier/2012-06-01/resources-1.json +0 -563
- data/apis/glacier/2012-06-01/waiters-2.json +0 -39
- data/apis/health/2016-08-04/api-2.json +0 -547
- data/apis/health/2016-08-04/examples-1.json +0 -5
- data/apis/health/2016-08-04/paginators-1.json +0 -31
- data/apis/iam/2010-05-08/api-2.json +0 -4730
- data/apis/iam/2010-05-08/examples-1.json +0 -1191
- data/apis/iam/2010-05-08/paginators-1.json +0 -198
- data/apis/iam/2010-05-08/resources-1.json +0 -1740
- data/apis/iam/2010-05-08/waiters-2.json +0 -39
- data/apis/importexport/2010-06-01/api-2.json +0 -667
- data/apis/importexport/2010-06-01/paginators-1.json +0 -11
- data/apis/inspector/2016-02-16/api-2.json +0 -1965
- data/apis/inspector/2016-02-16/examples-1.json +0 -1140
- data/apis/iot/2015-05-28/api-2.json +0 -4347
- data/apis/iot/2015-05-28/examples-1.json +0 -5
- data/apis/iot-data/2015-05-28/api-2.json +0 -264
- data/apis/kinesis/2013-12-02/api-2.json +0 -890
- data/apis/kinesis/2013-12-02/examples-1.json +0 -5
- data/apis/kinesis/2013-12-02/paginators-1.json +0 -18
- data/apis/kinesis/2013-12-02/waiters-2.json +0 -18
- data/apis/kinesisanalytics/2015-08-14/api-2.json +0 -1049
- data/apis/kinesisanalytics/2015-08-14/examples-1.json +0 -5
- data/apis/kms/2014-11-01/api-2.json +0 -1492
- data/apis/kms/2014-11-01/examples-1.json +0 -862
- data/apis/kms/2014-11-01/paginators-1.json +0 -32
- data/apis/lambda/2014-11-11/api-2.json +0 -668
- data/apis/lambda/2014-11-11/paginators-1.json +0 -16
- data/apis/lambda/2015-03-31/api-2.json +0 -1514
- data/apis/lambda/2015-03-31/examples-1.json +0 -614
- data/apis/lambda/2015-03-31/paginators-1.json +0 -16
- data/apis/lightsail/2016-11-28/api-2.json +0 -2137
- data/apis/lightsail/2016-11-28/examples-1.json +0 -5
- data/apis/logs/2014-03-28/api-2.json +0 -1246
- data/apis/logs/2014-03-28/examples-1.json +0 -5
- data/apis/logs/2014-03-28/paginators-1.json +0 -49
- data/apis/machinelearning/2014-12-12/api-2.json +0 -1978
- data/apis/machinelearning/2014-12-12/examples-1.json +0 -5
- data/apis/machinelearning/2014-12-12/paginators-1.json +0 -28
- data/apis/machinelearning/2014-12-12/waiters-2.json +0 -81
- data/apis/marketplacecommerceanalytics/2015-07-01/api-2.json +0 -170
- data/apis/marketplacecommerceanalytics/2015-07-01/examples-1.json +0 -5
- data/apis/meteringmarketplace/2016-01-14/api-2.json +0 -263
- data/apis/meteringmarketplace/2016-01-14/examples-1.json +0 -5
- data/apis/monitoring/2010-08-01/api-2.json +0 -811
- data/apis/monitoring/2010-08-01/examples-1.json +0 -5
- data/apis/monitoring/2010-08-01/paginators-1.json +0 -24
- data/apis/monitoring/2010-08-01/resources-1.json +0 -346
- data/apis/monitoring/2010-08-01/waiters-2.json +0 -18
- data/apis/mturk-requester/2017-01-17/api-2.json +0 -1665
- data/apis/mturk-requester/2017-01-17/examples-1.json +0 -5
- data/apis/mturk-requester/2017-01-17/paginators-1.json +0 -54
- data/apis/opsworks/2013-02-18/api-2.json +0 -2607
- data/apis/opsworks/2013-02-18/examples-1.json +0 -5
- data/apis/opsworks/2013-02-18/paginators-1.json +0 -55
- data/apis/opsworks/2013-02-18/resources-1.json +0 -173
- data/apis/opsworks/2013-02-18/waiters-2.json +0 -295
- data/apis/opsworkscm/2016-11-01/api-2.json +0 -730
- data/apis/opsworkscm/2016-11-01/examples-1.json +0 -5
- data/apis/opsworkscm/2016-11-01/paginators-1.json +0 -4
- data/apis/organizations/2016-11-28/api-2.json +0 -1989
- data/apis/organizations/2016-11-28/examples-1.json +0 -1398
- data/apis/organizations/2016-11-28/paginators-1.json +0 -4
- data/apis/pinpoint/2016-12-01/api-2.json +0 -2753
- data/apis/pinpoint/2016-12-01/examples-1.json +0 -5
- data/apis/polly/2016-06-10/api-2.json +0 -504
- data/apis/polly/2016-06-10/examples-1.json +0 -171
- data/apis/rds/2013-01-10/api-2.json +0 -2902
- data/apis/rds/2013-01-10/examples-1.json +0 -5
- data/apis/rds/2013-01-10/paginators-1.json +0 -97
- data/apis/rds/2013-02-12/api-2.json +0 -3058
- data/apis/rds/2013-02-12/examples-1.json +0 -5
- data/apis/rds/2013-02-12/paginators-1.json +0 -110
- data/apis/rds/2013-09-09/api-2.json +0 -3159
- data/apis/rds/2013-09-09/examples-1.json +0 -5
- data/apis/rds/2013-09-09/paginators-1.json +0 -110
- data/apis/rds/2013-09-09/waiters-2.json +0 -97
- data/apis/rds/2014-09-01/api-2.json +0 -3272
- data/apis/rds/2014-09-01/examples-1.json +0 -5
- data/apis/rds/2014-09-01/paginators-1.json +0 -4
- data/apis/rds/2014-10-31/api-2.json +0 -5098
- data/apis/rds/2014-10-31/examples-1.json +0 -1861
- data/apis/rds/2014-10-31/paginators-1.json +0 -110
- data/apis/rds/2014-10-31/resources-1.json +0 -3272
- data/apis/rds/2014-10-31/waiters-2.json +0 -90
- data/apis/redshift/2012-12-01/api-2.json +0 -3775
- data/apis/redshift/2012-12-01/examples-1.json +0 -5
- data/apis/redshift/2012-12-01/paginators-1.json +0 -94
- data/apis/redshift/2012-12-01/waiters-2.json +0 -97
- data/apis/rekognition/2016-06-27/api-2.json +0 -844
- data/apis/rekognition/2016-06-27/examples-1.json +0 -651
- data/apis/rekognition/2016-06-27/paginators-1.json +0 -16
- data/apis/route53/2013-04-01/api-2.json +0 -3312
- data/apis/route53/2013-04-01/examples-1.json +0 -762
- data/apis/route53/2013-04-01/paginators-1.json +0 -33
- data/apis/route53/2013-04-01/waiters-2.json +0 -18
- data/apis/route53domains/2014-05-15/api-2.json +0 -1323
- data/apis/route53domains/2014-05-15/paginators-1.json +0 -17
- data/apis/runtime.lex/2016-11-28/api-2.json +0 -243
- data/apis/runtime.lex/2016-11-28/examples-1.json +0 -5
- data/apis/runtime.lex/2016-11-28/paginators-1.json +0 -4
- data/apis/s3/2006-03-01/api-2.json +0 -5368
- data/apis/s3/2006-03-01/examples-1.json +0 -5
- data/apis/s3/2006-03-01/paginators-1.json +0 -66
- data/apis/s3/2006-03-01/resources-1.json +0 -1176
- data/apis/s3/2006-03-01/waiters-2.json +0 -73
- data/apis/sdb/2009-04-15/api-2.json +0 -955
- data/apis/sdb/2009-04-15/paginators-1.json +0 -15
- data/apis/servicecatalog/2015-12-10/api-2.json +0 -1955
- data/apis/servicecatalog/2015-12-10/examples-1.json +0 -5
- data/apis/shield/2016-06-02/api-2.json +0 -494
- data/apis/shield/2016-06-02/examples-1.json +0 -5
- data/apis/sms/2016-10-24/api-2.json +0 -612
- data/apis/sms/2016-10-24/examples-1.json +0 -5
- data/apis/sms/2016-10-24/paginators-1.json +0 -28
- data/apis/snowball/2016-06-30/api-2.json +0 -834
- data/apis/snowball/2016-06-30/examples-1.json +0 -442
- data/apis/snowball/2016-06-30/paginators-1.json +0 -16
- data/apis/sns/2010-03-31/api-2.json +0 -1145
- data/apis/sns/2010-03-31/examples-1.json +0 -5
- data/apis/sns/2010-03-31/paginators-1.json +0 -29
- data/apis/sns/2010-03-31/resources-1.json +0 -327
- data/apis/sqs/2012-11-05/api-2.json +0 -986
- data/apis/sqs/2012-11-05/examples-1.json +0 -5
- data/apis/sqs/2012-11-05/paginators-1.json +0 -7
- data/apis/sqs/2012-11-05/resources-1.json +0 -232
- data/apis/ssm/2014-11-06/api-2.json +0 -5296
- data/apis/ssm/2014-11-06/examples-1.json +0 -5
- data/apis/ssm/2014-11-06/paginators-1.json +0 -40
- data/apis/states/2016-11-23/api-2.json +0 -1021
- data/apis/states/2016-11-23/examples-1.json +0 -5
- data/apis/states/2016-11-23/paginators-1.json +0 -28
- data/apis/storagegateway/2013-06-30/api-2.json +0 -2551
- data/apis/storagegateway/2013-06-30/examples-1.json +0 -1381
- data/apis/storagegateway/2013-06-30/paginators-1.json +0 -52
- data/apis/streams.dynamodb/2012-08-10/api-2.json +0 -406
- data/apis/streams.dynamodb/2012-08-10/examples-1.json +0 -212
- data/apis/streams.dynamodb/2012-08-10/paginators-1.json +0 -4
- data/apis/sts/2011-06-15/api-2.json +0 -522
- data/apis/sts/2011-06-15/examples-1.json +0 -206
- data/apis/support/2013-04-15/api-2.json +0 -772
- data/apis/support/2013-04-15/examples-1.json +0 -5
- data/apis/support/2013-04-15/paginators-1.json +0 -25
- data/apis/swf/2012-01-25/api-2.json +0 -2839
- data/apis/swf/2012-01-25/paginators-1.json +0 -46
- data/apis/waf/2015-08-24/api-2.json +0 -1959
- data/apis/waf/2015-08-24/examples-1.json +0 -1017
- data/apis/waf/2015-08-24/paginators-1.json +0 -4
- data/apis/waf-regional/2016-11-28/api-2.json +0 -2090
- data/apis/waf-regional/2016-11-28/examples-1.json +0 -1017
- data/apis/waf-regional/2016-11-28/paginators-1.json +0 -4
- data/apis/workdocs/2016-05-01/api-2.json +0 -1781
- data/apis/workdocs/2016-05-01/examples-1.json +0 -5
- data/apis/workdocs/2016-05-01/paginators-1.json +0 -25
- data/apis/workspaces/2015-04-08/api-2.json +0 -840
- data/apis/workspaces/2015-04-08/examples-1.json +0 -5
- data/apis/workspaces/2015-04-08/paginators-1.json +0 -20
- data/apis/xray/2016-04-12/api-2.json +0 -491
- data/apis/xray/2016-04-12/examples-1.json +0 -5
- data/bin/aws.rb +0 -180
- data/endpoints.json +0 -1935
- data/lib/aws-sdk-core/acm.rb +0 -6
- data/lib/aws-sdk-core/api/builder.rb +0 -106
- data/lib/aws-sdk-core/api/customizations.rb +0 -261
- data/lib/aws-sdk-core/api/docs/builder.rb +0 -223
- data/lib/aws-sdk-core/api/docs/client_type_documenter.rb +0 -118
- data/lib/aws-sdk-core/api/docs/crosslink.rb +0 -43
- data/lib/aws-sdk-core/api/docs/docstring_provider.rb +0 -75
- data/lib/aws-sdk-core/api/docs/operation_documenter.rb +0 -151
- data/lib/aws-sdk-core/api/docs/param_formatter.rb +0 -163
- data/lib/aws-sdk-core/api/docs/request_syntax_example.rb +0 -22
- data/lib/aws-sdk-core/api/docs/response_structure_example.rb +0 -91
- data/lib/aws-sdk-core/api/docs/shared_example.rb +0 -100
- data/lib/aws-sdk-core/api/docs/utils.rb +0 -133
- data/lib/aws-sdk-core/api/shape_map.rb +0 -142
- data/lib/aws-sdk-core/apigateway.rb +0 -6
- data/lib/aws-sdk-core/applicationautoscaling.rb +0 -6
- data/lib/aws-sdk-core/applicationdiscoveryservice.rb +0 -5
- data/lib/aws-sdk-core/appstream.rb +0 -6
- data/lib/aws-sdk-core/autoscaling.rb +0 -8
- data/lib/aws-sdk-core/batch.rb +0 -5
- data/lib/aws-sdk-core/budgets.rb +0 -6
- data/lib/aws-sdk-core/checksums.rb +0 -51
- data/lib/aws-sdk-core/client.rb +0 -59
- data/lib/aws-sdk-core/client_waiters.rb +0 -120
- data/lib/aws-sdk-core/clouddirectory.rb +0 -6
- data/lib/aws-sdk-core/cloudformation.rb +0 -8
- data/lib/aws-sdk-core/cloudfront/cookie_signer.rb +0 -44
- data/lib/aws-sdk-core/cloudfront/signer.rb +0 -141
- data/lib/aws-sdk-core/cloudfront/url_signer.rb +0 -48
- data/lib/aws-sdk-core/cloudfront.rb +0 -17
- data/lib/aws-sdk-core/cloudhsm.rb +0 -5
- data/lib/aws-sdk-core/cloudsearch.rb +0 -5
- data/lib/aws-sdk-core/cloudsearchdomain.rb +0 -5
- data/lib/aws-sdk-core/cloudtrail.rb +0 -6
- data/lib/aws-sdk-core/cloudwatch.rb +0 -8
- data/lib/aws-sdk-core/cloudwatchevents.rb +0 -5
- data/lib/aws-sdk-core/cloudwatchlogs.rb +0 -6
- data/lib/aws-sdk-core/codebuild.rb +0 -6
- data/lib/aws-sdk-core/codecommit.rb +0 -6
- data/lib/aws-sdk-core/codedeploy.rb +0 -7
- data/lib/aws-sdk-core/codepipeline.rb +0 -5
- data/lib/aws-sdk-core/cognitoidentity.rb +0 -6
- data/lib/aws-sdk-core/cognitoidentityprovider.rb +0 -5
- data/lib/aws-sdk-core/cognitosync.rb +0 -4
- data/lib/aws-sdk-core/configservice.rb +0 -6
- data/lib/aws-sdk-core/costandusagereportservice.rb +0 -6
- data/lib/aws-sdk-core/databasemigrationservice.rb +0 -5
- data/lib/aws-sdk-core/datapipeline.rb +0 -5
- data/lib/aws-sdk-core/devicefarm.rb +0 -6
- data/lib/aws-sdk-core/directconnect.rb +0 -6
- data/lib/aws-sdk-core/directoryservice.rb +0 -5
- data/lib/aws-sdk-core/dynamodb/attribute_value.rb +0 -108
- data/lib/aws-sdk-core/dynamodb.rb +0 -40
- data/lib/aws-sdk-core/dynamodbstreams.rb +0 -6
- data/lib/aws-sdk-core/ec2.rb +0 -8
- data/lib/aws-sdk-core/ecr.rb +0 -6
- data/lib/aws-sdk-core/ecs.rb +0 -7
- data/lib/aws-sdk-core/efs.rb +0 -5
- data/lib/aws-sdk-core/elasticache.rb +0 -7
- data/lib/aws-sdk-core/elasticbeanstalk.rb +0 -6
- data/lib/aws-sdk-core/elasticloadbalancing.rb +0 -7
- data/lib/aws-sdk-core/elasticloadbalancingv2.rb +0 -6
- data/lib/aws-sdk-core/elasticsearchservice.rb +0 -6
- data/lib/aws-sdk-core/elastictranscoder.rb +0 -7
- data/lib/aws-sdk-core/empty_structure.rb +0 -3
- data/lib/aws-sdk-core/emr.rb +0 -7
- data/lib/aws-sdk-core/endpoint_provider.rb +0 -104
- data/lib/aws-sdk-core/firehose.rb +0 -5
- data/lib/aws-sdk-core/gamelift.rb +0 -6
- data/lib/aws-sdk-core/glacier.rb +0 -8
- data/lib/aws-sdk-core/health.rb +0 -6
- data/lib/aws-sdk-core/iam.rb +0 -8
- data/lib/aws-sdk-core/importexport.rb +0 -5
- data/lib/aws-sdk-core/inspector.rb +0 -5
- data/lib/aws-sdk-core/iot.rb +0 -5
- data/lib/aws-sdk-core/iotdataplane.rb +0 -4
- data/lib/aws-sdk-core/kinesis.rb +0 -7
- data/lib/aws-sdk-core/kinesisanalytics.rb +0 -5
- data/lib/aws-sdk-core/kms.rb +0 -6
- data/lib/aws-sdk-core/lambda.rb +0 -6
- data/lib/aws-sdk-core/lambdapreview.rb +0 -5
- data/lib/aws-sdk-core/lex.rb +0 -6
- data/lib/aws-sdk-core/lightsail.rb +0 -5
- data/lib/aws-sdk-core/machinelearning.rb +0 -7
- data/lib/aws-sdk-core/marketplacecommerceanalytics.rb +0 -5
- data/lib/aws-sdk-core/marketplacemetering.rb +0 -5
- data/lib/aws-sdk-core/mturk.rb +0 -6
- data/lib/aws-sdk-core/opsworks.rb +0 -8
- data/lib/aws-sdk-core/opsworkscm.rb +0 -6
- data/lib/aws-sdk-core/organizations.rb +0 -6
- data/lib/aws-sdk-core/partitions/partition.rb +0 -95
- data/lib/aws-sdk-core/partitions/partition_list.rb +0 -60
- data/lib/aws-sdk-core/partitions/region.rb +0 -66
- data/lib/aws-sdk-core/partitions/service.rb +0 -74
- data/lib/aws-sdk-core/partitions.rb +0 -174
- data/lib/aws-sdk-core/pinpoint.rb +0 -5
- data/lib/aws-sdk-core/plugins/api_gateway_header.rb +0 -19
- data/lib/aws-sdk-core/plugins/csd_conditional_signing.rb +0 -30
- data/lib/aws-sdk-core/plugins/csd_switch_to_post.rb +0 -36
- data/lib/aws-sdk-core/plugins/dynamodb_crc32_validation.rb +0 -52
- data/lib/aws-sdk-core/plugins/dynamodb_extended_retries.rb +0 -22
- data/lib/aws-sdk-core/plugins/dynamodb_simple_attributes.rb +0 -209
- data/lib/aws-sdk-core/plugins/ec2_copy_encrypted_snapshot.rb +0 -56
- data/lib/aws-sdk-core/plugins/ec2_region_validation.rb +0 -17
- data/lib/aws-sdk-core/plugins/glacier_account_id.rb +0 -19
- data/lib/aws-sdk-core/plugins/glacier_api_version.rb +0 -19
- data/lib/aws-sdk-core/plugins/glacier_checksums.rb +0 -87
- data/lib/aws-sdk-core/plugins/machine_learning_predict_endpoint.rb +0 -20
- data/lib/aws-sdk-core/plugins/rds_cross_region_copying.rb +0 -69
- data/lib/aws-sdk-core/plugins/request_signer.rb +0 -142
- data/lib/aws-sdk-core/plugins/route_53_id_fix.rb +0 -55
- data/lib/aws-sdk-core/plugins/s3_accelerate.rb +0 -90
- data/lib/aws-sdk-core/plugins/s3_bucket_dns.rb +0 -86
- data/lib/aws-sdk-core/plugins/s3_bucket_name_restrictions.rb +0 -21
- data/lib/aws-sdk-core/plugins/s3_dualstack.rb +0 -67
- data/lib/aws-sdk-core/plugins/s3_expect_100_continue.rb +0 -27
- data/lib/aws-sdk-core/plugins/s3_get_bucket_location_fix.rb +0 -21
- data/lib/aws-sdk-core/plugins/s3_http_200_errors.rb +0 -45
- data/lib/aws-sdk-core/plugins/s3_location_constraint.rb +0 -31
- data/lib/aws-sdk-core/plugins/s3_md5s.rb +0 -50
- data/lib/aws-sdk-core/plugins/s3_redirects.rb +0 -37
- data/lib/aws-sdk-core/plugins/s3_request_signer.rb +0 -166
- data/lib/aws-sdk-core/plugins/s3_sse_cpk.rb +0 -64
- data/lib/aws-sdk-core/plugins/s3_url_encoded_keys.rb +0 -92
- data/lib/aws-sdk-core/plugins/sqs_md5s.rb +0 -162
- data/lib/aws-sdk-core/plugins/sqs_queue_urls.rb +0 -34
- data/lib/aws-sdk-core/plugins/swf_read_timeouts.rb +0 -23
- data/lib/aws-sdk-core/polly/presigner.rb +0 -70
- data/lib/aws-sdk-core/polly.rb +0 -13
- data/lib/aws-sdk-core/rds.rb +0 -8
- data/lib/aws-sdk-core/redshift.rb +0 -7
- data/lib/aws-sdk-core/rekognition.rb +0 -6
- data/lib/aws-sdk-core/route53.rb +0 -7
- data/lib/aws-sdk-core/route53domains.rb +0 -5
- data/lib/aws-sdk-core/s3/bucket_region_cache.rb +0 -75
- data/lib/aws-sdk-core/s3/presigner.rb +0 -116
- data/lib/aws-sdk-core/s3.rb +0 -26
- data/lib/aws-sdk-core/service.rb +0 -4
- data/lib/aws-sdk-core/servicecatalog.rb +0 -5
- data/lib/aws-sdk-core/ses.rb +0 -7
- data/lib/aws-sdk-core/shield.rb +0 -5
- data/lib/aws-sdk-core/signers/base.rb +0 -31
- data/lib/aws-sdk-core/signers/s3.rb +0 -184
- data/lib/aws-sdk-core/signers/v2.rb +0 -51
- data/lib/aws-sdk-core/signers/v3.rb +0 -34
- data/lib/aws-sdk-core/signers/v4.rb +0 -234
- data/lib/aws-sdk-core/simpledb.rb +0 -5
- data/lib/aws-sdk-core/sms.rb +0 -6
- data/lib/aws-sdk-core/snowball.rb +0 -6
- data/lib/aws-sdk-core/sns.rb +0 -7
- data/lib/aws-sdk-core/sqs.rb +0 -7
- data/lib/aws-sdk-core/ssm.rb +0 -6
- data/lib/aws-sdk-core/states.rb +0 -6
- data/lib/aws-sdk-core/storagegateway.rb +0 -6
- data/lib/aws-sdk-core/sts.rb +0 -5
- data/lib/aws-sdk-core/support.rb +0 -6
- data/lib/aws-sdk-core/swf.rb +0 -5
- data/lib/aws-sdk-core/tree_hash.rb +0 -69
- data/lib/aws-sdk-core/version.rb +0 -3
- data/lib/aws-sdk-core/waf.rb +0 -6
- data/lib/aws-sdk-core/wafregional.rb +0 -6
- data/lib/aws-sdk-core/waiters/null_provider.rb +0 -12
- data/lib/aws-sdk-core/waiters/provider.rb +0 -35
- data/lib/aws-sdk-core/workdocs.rb +0 -6
- data/lib/aws-sdk-core/workspaces.rb +0 -6
- data/lib/aws-sdk-core/xray.rb +0 -5
- data/lib/seahorse/client/plugins/restful_bindings.rb +0 -127
- data/service-models.json +0 -381
@@ -0,0 +1,1673 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
module Aws::STS
|
11
|
+
module Types
|
12
|
+
|
13
|
+
# @note When making an API call, you may pass AssumeRoleRequest
|
14
|
+
# data as a hash:
|
15
|
+
#
|
16
|
+
# {
|
17
|
+
# role_arn: "arnType", # required
|
18
|
+
# role_session_name: "roleSessionNameType", # required
|
19
|
+
# policy_arns: [
|
20
|
+
# {
|
21
|
+
# arn: "arnType",
|
22
|
+
# },
|
23
|
+
# ],
|
24
|
+
# policy: "sessionPolicyDocumentType",
|
25
|
+
# duration_seconds: 1,
|
26
|
+
# tags: [
|
27
|
+
# {
|
28
|
+
# key: "tagKeyType", # required
|
29
|
+
# value: "tagValueType", # required
|
30
|
+
# },
|
31
|
+
# ],
|
32
|
+
# transitive_tag_keys: ["tagKeyType"],
|
33
|
+
# external_id: "externalIdType",
|
34
|
+
# serial_number: "serialNumberType",
|
35
|
+
# token_code: "tokenCodeType",
|
36
|
+
# source_identity: "sourceIdentityType",
|
37
|
+
# }
|
38
|
+
#
|
39
|
+
# @!attribute [rw] role_arn
|
40
|
+
# The Amazon Resource Name (ARN) of the role to assume.
|
41
|
+
# @return [String]
|
42
|
+
#
|
43
|
+
# @!attribute [rw] role_session_name
|
44
|
+
# An identifier for the assumed role session.
|
45
|
+
#
|
46
|
+
# Use the role session name to uniquely identify a session when the
|
47
|
+
# same role is assumed by different principals or for different
|
48
|
+
# reasons. In cross-account scenarios, the role session name is
|
49
|
+
# visible to, and can be logged by the account that owns the role. The
|
50
|
+
# role session name is also used in the ARN of the assumed role
|
51
|
+
# principal. This means that subsequent cross-account API requests
|
52
|
+
# that use the temporary security credentials will expose the role
|
53
|
+
# session name to the external account in their CloudTrail logs.
|
54
|
+
#
|
55
|
+
# The regex used to validate this parameter is a string of characters
|
56
|
+
# consisting of upper- and lower-case alphanumeric characters with no
|
57
|
+
# spaces. You can also include underscores or any of the following
|
58
|
+
# characters: =,.@-
|
59
|
+
# @return [String]
|
60
|
+
#
|
61
|
+
# @!attribute [rw] policy_arns
|
62
|
+
# The Amazon Resource Names (ARNs) of the IAM managed policies that
|
63
|
+
# you want to use as managed session policies. The policies must exist
|
64
|
+
# in the same account as the role.
|
65
|
+
#
|
66
|
+
# This parameter is optional. You can provide up to 10 managed policy
|
67
|
+
# ARNs. However, the plaintext that you use for both inline and
|
68
|
+
# managed session policies can't exceed 2,048 characters. For more
|
69
|
+
# information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
|
70
|
+
# Web Services Service Namespaces][1] in the Amazon Web Services
|
71
|
+
# General Reference.
|
72
|
+
#
|
73
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
74
|
+
# policies and session tags into a packed binary format that has a
|
75
|
+
# separate limit. Your request can fail for this limit even if your
|
76
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
77
|
+
# response element indicates by percentage how close the policies and
|
78
|
+
# tags for your request are to the upper size limit.
|
79
|
+
#
|
80
|
+
# </note>
|
81
|
+
#
|
82
|
+
# Passing policies to this operation returns new temporary
|
83
|
+
# credentials. The resulting session's permissions are the
|
84
|
+
# intersection of the role's identity-based policy and the session
|
85
|
+
# policies. You can use the role's temporary credentials in
|
86
|
+
# subsequent Amazon Web Services API calls to access resources in the
|
87
|
+
# account that owns the role. You cannot use session policies to grant
|
88
|
+
# more permissions than those allowed by the identity-based policy of
|
89
|
+
# the role that is being assumed. For more information, see [Session
|
90
|
+
# Policies][2] in the *IAM User Guide*.
|
91
|
+
#
|
92
|
+
#
|
93
|
+
#
|
94
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
95
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
96
|
+
# @return [Array<Types::PolicyDescriptorType>]
|
97
|
+
#
|
98
|
+
# @!attribute [rw] policy
|
99
|
+
# An IAM policy in JSON format that you want to use as an inline
|
100
|
+
# session policy.
|
101
|
+
#
|
102
|
+
# This parameter is optional. Passing policies to this operation
|
103
|
+
# returns new temporary credentials. The resulting session's
|
104
|
+
# permissions are the intersection of the role's identity-based
|
105
|
+
# policy and the session policies. You can use the role's temporary
|
106
|
+
# credentials in subsequent Amazon Web Services API calls to access
|
107
|
+
# resources in the account that owns the role. You cannot use session
|
108
|
+
# policies to grant more permissions than those allowed by the
|
109
|
+
# identity-based policy of the role that is being assumed. For more
|
110
|
+
# information, see [Session Policies][1] in the *IAM User Guide*.
|
111
|
+
#
|
112
|
+
# The plaintext that you use for both inline and managed session
|
113
|
+
# policies can't exceed 2,048 characters. The JSON policy characters
|
114
|
+
# can be any ASCII character from the space character to the end of
|
115
|
+
# the valid character list (\\u0020 through \\u00FF). It can also
|
116
|
+
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
117
|
+
# (\\u000D) characters.
|
118
|
+
#
|
119
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
120
|
+
# policies and session tags into a packed binary format that has a
|
121
|
+
# separate limit. Your request can fail for this limit even if your
|
122
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
123
|
+
# response element indicates by percentage how close the policies and
|
124
|
+
# tags for your request are to the upper size limit.
|
125
|
+
#
|
126
|
+
# </note>
|
127
|
+
#
|
128
|
+
#
|
129
|
+
#
|
130
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
131
|
+
# @return [String]
|
132
|
+
#
|
133
|
+
# @!attribute [rw] duration_seconds
|
134
|
+
# The duration, in seconds, of the role session. The value specified
|
135
|
+
# can range from 900 seconds (15 minutes) up to the maximum session
|
136
|
+
# duration set for the role. The maximum session duration setting can
|
137
|
+
# have a value from 1 hour to 12 hours. If you specify a value higher
|
138
|
+
# than this setting or the administrator setting (whichever is lower),
|
139
|
+
# the operation fails. For example, if you specify a session duration
|
140
|
+
# of 12 hours, but your administrator set the maximum session duration
|
141
|
+
# to 6 hours, your operation fails.
|
142
|
+
#
|
143
|
+
# Role chaining limits your Amazon Web Services CLI or Amazon Web
|
144
|
+
# Services API role session to a maximum of one hour. When you use the
|
145
|
+
# `AssumeRole` API operation to assume a role, you can specify the
|
146
|
+
# duration of your role session with the `DurationSeconds` parameter.
|
147
|
+
# You can specify a parameter value of up to 43200 seconds (12 hours),
|
148
|
+
# depending on the maximum session duration setting for your role.
|
149
|
+
# However, if you assume a role using role chaining and provide a
|
150
|
+
# `DurationSeconds` parameter value greater than one hour, the
|
151
|
+
# operation fails. To learn how to view the maximum value for your
|
152
|
+
# role, see [View the Maximum Session Duration Setting for a Role][1]
|
153
|
+
# in the *IAM User Guide*.
|
154
|
+
#
|
155
|
+
# By default, the value is set to `3600` seconds.
|
156
|
+
#
|
157
|
+
# <note markdown="1"> The `DurationSeconds` parameter is separate from the duration of a
|
158
|
+
# console session that you might request using the returned
|
159
|
+
# credentials. The request to the federation endpoint for a console
|
160
|
+
# sign-in token takes a `SessionDuration` parameter that specifies the
|
161
|
+
# maximum length of the console session. For more information, see
|
162
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
163
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
164
|
+
#
|
165
|
+
# </note>
|
166
|
+
#
|
167
|
+
#
|
168
|
+
#
|
169
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
170
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
171
|
+
# @return [Integer]
|
172
|
+
#
|
173
|
+
# @!attribute [rw] tags
|
174
|
+
# A list of session tags that you want to pass. Each session tag
|
175
|
+
# consists of a key name and an associated value. For more information
|
176
|
+
# about session tags, see [Tagging Amazon Web Services STS
|
177
|
+
# Sessions][1] in the *IAM User Guide*.
|
178
|
+
#
|
179
|
+
# This parameter is optional. You can pass up to 50 session tags. The
|
180
|
+
# plaintext session tag keys can’t exceed 128 characters, and the
|
181
|
+
# values can’t exceed 256 characters. For these and additional limits,
|
182
|
+
# see [IAM and STS Character Limits][2] in the *IAM User Guide*.
|
183
|
+
#
|
184
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
185
|
+
# policies and session tags into a packed binary format that has a
|
186
|
+
# separate limit. Your request can fail for this limit even if your
|
187
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
188
|
+
# response element indicates by percentage how close the policies and
|
189
|
+
# tags for your request are to the upper size limit.
|
190
|
+
#
|
191
|
+
# </note>
|
192
|
+
#
|
193
|
+
# You can pass a session tag with the same key as a tag that is
|
194
|
+
# already attached to the role. When you do, session tags override a
|
195
|
+
# role tag with the same key.
|
196
|
+
#
|
197
|
+
# Tag key–value pairs are not case sensitive, but case is preserved.
|
198
|
+
# This means that you cannot have separate `Department` and
|
199
|
+
# `department` tag keys. Assume that the role has the
|
200
|
+
# `Department`=`Marketing` tag and you pass the
|
201
|
+
# `department`=`engineering` session tag. `Department` and
|
202
|
+
# `department` are not saved as separate tags, and the session tag
|
203
|
+
# passed in the request takes precedence over the role tag.
|
204
|
+
#
|
205
|
+
# Additionally, if you used temporary credentials to perform this
|
206
|
+
# operation, the new session inherits any transitive session tags from
|
207
|
+
# the calling session. If you pass a session tag with the same key as
|
208
|
+
# an inherited tag, the operation fails. To view the inherited tags
|
209
|
+
# for a session, see the CloudTrail logs. For more information, see
|
210
|
+
# [Viewing Session Tags in CloudTrail][3] in the *IAM User Guide*.
|
211
|
+
#
|
212
|
+
#
|
213
|
+
#
|
214
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
215
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
216
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
|
217
|
+
# @return [Array<Types::Tag>]
|
218
|
+
#
|
219
|
+
# @!attribute [rw] transitive_tag_keys
|
220
|
+
# A list of keys for session tags that you want to set as transitive.
|
221
|
+
# If you set a tag key as transitive, the corresponding key and value
|
222
|
+
# passes to subsequent sessions in a role chain. For more information,
|
223
|
+
# see [Chaining Roles with Session Tags][1] in the *IAM User Guide*.
|
224
|
+
#
|
225
|
+
# This parameter is optional. When you set session tags as transitive,
|
226
|
+
# the session policy and session tags packed binary limit is not
|
227
|
+
# affected.
|
228
|
+
#
|
229
|
+
# If you choose not to specify a transitive tag key, then no tags are
|
230
|
+
# passed from this session to any subsequent sessions.
|
231
|
+
#
|
232
|
+
#
|
233
|
+
#
|
234
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
235
|
+
# @return [Array<String>]
|
236
|
+
#
|
237
|
+
# @!attribute [rw] external_id
|
238
|
+
# A unique identifier that might be required when you assume a role in
|
239
|
+
# another account. If the administrator of the account to which the
|
240
|
+
# role belongs provided you with an external ID, then provide that
|
241
|
+
# value in the `ExternalId` parameter. This value can be any string,
|
242
|
+
# such as a passphrase or account number. A cross-account role is
|
243
|
+
# usually set up to trust everyone in an account. Therefore, the
|
244
|
+
# administrator of the trusting account might send an external ID to
|
245
|
+
# the administrator of the trusted account. That way, only someone
|
246
|
+
# with the ID can assume the role, rather than everyone in the
|
247
|
+
# account. For more information about the external ID, see [How to Use
|
248
|
+
# an External ID When Granting Access to Your Amazon Web Services
|
249
|
+
# Resources to a Third Party][1] in the *IAM User Guide*.
|
250
|
+
#
|
251
|
+
# The regex used to validate this parameter is a string of characters
|
252
|
+
# consisting of upper- and lower-case alphanumeric characters with no
|
253
|
+
# spaces. You can also include underscores or any of the following
|
254
|
+
# characters: =,.@:/-
|
255
|
+
#
|
256
|
+
#
|
257
|
+
#
|
258
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
|
259
|
+
# @return [String]
|
260
|
+
#
|
261
|
+
# @!attribute [rw] serial_number
|
262
|
+
# The identification number of the MFA device that is associated with
|
263
|
+
# the user who is making the `AssumeRole` call. Specify this value if
|
264
|
+
# the trust policy of the role being assumed includes a condition that
|
265
|
+
# requires MFA authentication. The value is either the serial number
|
266
|
+
# for a hardware device (such as `GAHT12345678`) or an Amazon Resource
|
267
|
+
# Name (ARN) for a virtual device (such as
|
268
|
+
# `arn:aws:iam::123456789012:mfa/user`).
|
269
|
+
#
|
270
|
+
# The regex used to validate this parameter is a string of characters
|
271
|
+
# consisting of upper- and lower-case alphanumeric characters with no
|
272
|
+
# spaces. You can also include underscores or any of the following
|
273
|
+
# characters: =,.@-
|
274
|
+
# @return [String]
|
275
|
+
#
|
276
|
+
# @!attribute [rw] token_code
|
277
|
+
# The value provided by the MFA device, if the trust policy of the
|
278
|
+
# role being assumed requires MFA. (In other words, if the policy
|
279
|
+
# includes a condition that tests for MFA). If the role being assumed
|
280
|
+
# requires MFA and if the `TokenCode` value is missing or expired, the
|
281
|
+
# `AssumeRole` call returns an "access denied" error.
|
282
|
+
#
|
283
|
+
# The format for this parameter, as described by its regex pattern, is
|
284
|
+
# a sequence of six numeric digits.
|
285
|
+
# @return [String]
|
286
|
+
#
|
287
|
+
# @!attribute [rw] source_identity
|
288
|
+
# The source identity specified by the principal that is calling the
|
289
|
+
# `AssumeRole` operation.
|
290
|
+
#
|
291
|
+
# You can require users to specify a source identity when they assume
|
292
|
+
# a role. You do this by using the `sts:SourceIdentity` condition key
|
293
|
+
# in a role trust policy. You can use source identity information in
|
294
|
+
# CloudTrail logs to determine who took actions with a role. You can
|
295
|
+
# use the `aws:SourceIdentity` condition key to further control access
|
296
|
+
# to Amazon Web Services resources based on the value of source
|
297
|
+
# identity. For more information about using source identity, see
|
298
|
+
# [Monitor and control actions taken with assumed roles][1] in the
|
299
|
+
# *IAM User Guide*.
|
300
|
+
#
|
301
|
+
# The regex used to validate this parameter is a string of characters
|
302
|
+
# consisting of upper- and lower-case alphanumeric characters with no
|
303
|
+
# spaces. You can also include underscores or any of the following
|
304
|
+
# characters: =,.@-. You cannot use a value that begins with the text
|
305
|
+
# `aws:`. This prefix is reserved for Amazon Web Services internal
|
306
|
+
# use.
|
307
|
+
#
|
308
|
+
#
|
309
|
+
#
|
310
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
311
|
+
# @return [String]
|
312
|
+
#
|
313
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleRequest AWS API Documentation
|
314
|
+
#
|
315
|
+
class AssumeRoleRequest < Struct.new(
|
316
|
+
:role_arn,
|
317
|
+
:role_session_name,
|
318
|
+
:policy_arns,
|
319
|
+
:policy,
|
320
|
+
:duration_seconds,
|
321
|
+
:tags,
|
322
|
+
:transitive_tag_keys,
|
323
|
+
:external_id,
|
324
|
+
:serial_number,
|
325
|
+
:token_code,
|
326
|
+
:source_identity)
|
327
|
+
SENSITIVE = []
|
328
|
+
include Aws::Structure
|
329
|
+
end
|
330
|
+
|
331
|
+
# Contains the response to a successful AssumeRole request, including
|
332
|
+
# temporary Amazon Web Services credentials that can be used to make
|
333
|
+
# Amazon Web Services requests.
|
334
|
+
#
|
335
|
+
# @!attribute [rw] credentials
|
336
|
+
# The temporary security credentials, which include an access key ID,
|
337
|
+
# a secret access key, and a security (or session) token.
|
338
|
+
#
|
339
|
+
# <note markdown="1"> The size of the security token that STS API operations return is not
|
340
|
+
# fixed. We strongly recommend that you make no assumptions about the
|
341
|
+
# maximum size.
|
342
|
+
#
|
343
|
+
# </note>
|
344
|
+
# @return [Types::Credentials]
|
345
|
+
#
|
346
|
+
# @!attribute [rw] assumed_role_user
|
347
|
+
# The Amazon Resource Name (ARN) and the assumed role ID, which are
|
348
|
+
# identifiers that you can use to refer to the resulting temporary
|
349
|
+
# security credentials. For example, you can reference these
|
350
|
+
# credentials as a principal in a resource-based policy by using the
|
351
|
+
# ARN or assumed role ID. The ARN and ID include the `RoleSessionName`
|
352
|
+
# that you specified when you called `AssumeRole`.
|
353
|
+
# @return [Types::AssumedRoleUser]
|
354
|
+
#
|
355
|
+
# @!attribute [rw] packed_policy_size
|
356
|
+
# A percentage value that indicates the packed size of the session
|
357
|
+
# policies and session tags combined passed in the request. The
|
358
|
+
# request fails if the packed size is greater than 100 percent, which
|
359
|
+
# means the policies and tags exceeded the allowed space.
|
360
|
+
# @return [Integer]
|
361
|
+
#
|
362
|
+
# @!attribute [rw] source_identity
|
363
|
+
# The source identity specified by the principal that is calling the
|
364
|
+
# `AssumeRole` operation.
|
365
|
+
#
|
366
|
+
# You can require users to specify a source identity when they assume
|
367
|
+
# a role. You do this by using the `sts:SourceIdentity` condition key
|
368
|
+
# in a role trust policy. You can use source identity information in
|
369
|
+
# CloudTrail logs to determine who took actions with a role. You can
|
370
|
+
# use the `aws:SourceIdentity` condition key to further control access
|
371
|
+
# to Amazon Web Services resources based on the value of source
|
372
|
+
# identity. For more information about using source identity, see
|
373
|
+
# [Monitor and control actions taken with assumed roles][1] in the
|
374
|
+
# *IAM User Guide*.
|
375
|
+
#
|
376
|
+
# The regex used to validate this parameter is a string of characters
|
377
|
+
# consisting of upper- and lower-case alphanumeric characters with no
|
378
|
+
# spaces. You can also include underscores or any of the following
|
379
|
+
# characters: =,.@-
|
380
|
+
#
|
381
|
+
#
|
382
|
+
#
|
383
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
384
|
+
# @return [String]
|
385
|
+
#
|
386
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleResponse AWS API Documentation
|
387
|
+
#
|
388
|
+
class AssumeRoleResponse < Struct.new(
|
389
|
+
:credentials,
|
390
|
+
:assumed_role_user,
|
391
|
+
:packed_policy_size,
|
392
|
+
:source_identity)
|
393
|
+
SENSITIVE = []
|
394
|
+
include Aws::Structure
|
395
|
+
end
|
396
|
+
|
397
|
+
# @note When making an API call, you may pass AssumeRoleWithSAMLRequest
|
398
|
+
# data as a hash:
|
399
|
+
#
|
400
|
+
# {
|
401
|
+
# role_arn: "arnType", # required
|
402
|
+
# principal_arn: "arnType", # required
|
403
|
+
# saml_assertion: "SAMLAssertionType", # required
|
404
|
+
# policy_arns: [
|
405
|
+
# {
|
406
|
+
# arn: "arnType",
|
407
|
+
# },
|
408
|
+
# ],
|
409
|
+
# policy: "sessionPolicyDocumentType",
|
410
|
+
# duration_seconds: 1,
|
411
|
+
# }
|
412
|
+
#
|
413
|
+
# @!attribute [rw] role_arn
|
414
|
+
# The Amazon Resource Name (ARN) of the role that the caller is
|
415
|
+
# assuming.
|
416
|
+
# @return [String]
|
417
|
+
#
|
418
|
+
# @!attribute [rw] principal_arn
|
419
|
+
# The Amazon Resource Name (ARN) of the SAML provider in IAM that
|
420
|
+
# describes the IdP.
|
421
|
+
# @return [String]
|
422
|
+
#
|
423
|
+
# @!attribute [rw] saml_assertion
|
424
|
+
# The base64 encoded SAML authentication response provided by the IdP.
|
425
|
+
#
|
426
|
+
# For more information, see [Configuring a Relying Party and Adding
|
427
|
+
# Claims][1] in the *IAM User Guide*.
|
428
|
+
#
|
429
|
+
#
|
430
|
+
#
|
431
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html
|
432
|
+
# @return [String]
|
433
|
+
#
|
434
|
+
# @!attribute [rw] policy_arns
|
435
|
+
# The Amazon Resource Names (ARNs) of the IAM managed policies that
|
436
|
+
# you want to use as managed session policies. The policies must exist
|
437
|
+
# in the same account as the role.
|
438
|
+
#
|
439
|
+
# This parameter is optional. You can provide up to 10 managed policy
|
440
|
+
# ARNs. However, the plaintext that you use for both inline and
|
441
|
+
# managed session policies can't exceed 2,048 characters. For more
|
442
|
+
# information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
|
443
|
+
# Web Services Service Namespaces][1] in the Amazon Web Services
|
444
|
+
# General Reference.
|
445
|
+
#
|
446
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
447
|
+
# policies and session tags into a packed binary format that has a
|
448
|
+
# separate limit. Your request can fail for this limit even if your
|
449
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
450
|
+
# response element indicates by percentage how close the policies and
|
451
|
+
# tags for your request are to the upper size limit.
|
452
|
+
#
|
453
|
+
# </note>
|
454
|
+
#
|
455
|
+
# Passing policies to this operation returns new temporary
|
456
|
+
# credentials. The resulting session's permissions are the
|
457
|
+
# intersection of the role's identity-based policy and the session
|
458
|
+
# policies. You can use the role's temporary credentials in
|
459
|
+
# subsequent Amazon Web Services API calls to access resources in the
|
460
|
+
# account that owns the role. You cannot use session policies to grant
|
461
|
+
# more permissions than those allowed by the identity-based policy of
|
462
|
+
# the role that is being assumed. For more information, see [Session
|
463
|
+
# Policies][2] in the *IAM User Guide*.
|
464
|
+
#
|
465
|
+
#
|
466
|
+
#
|
467
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
468
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
469
|
+
# @return [Array<Types::PolicyDescriptorType>]
|
470
|
+
#
|
471
|
+
# @!attribute [rw] policy
|
472
|
+
# An IAM policy in JSON format that you want to use as an inline
|
473
|
+
# session policy.
|
474
|
+
#
|
475
|
+
# This parameter is optional. Passing policies to this operation
|
476
|
+
# returns new temporary credentials. The resulting session's
|
477
|
+
# permissions are the intersection of the role's identity-based
|
478
|
+
# policy and the session policies. You can use the role's temporary
|
479
|
+
# credentials in subsequent Amazon Web Services API calls to access
|
480
|
+
# resources in the account that owns the role. You cannot use session
|
481
|
+
# policies to grant more permissions than those allowed by the
|
482
|
+
# identity-based policy of the role that is being assumed. For more
|
483
|
+
# information, see [Session Policies][1] in the *IAM User Guide*.
|
484
|
+
#
|
485
|
+
# The plaintext that you use for both inline and managed session
|
486
|
+
# policies can't exceed 2,048 characters. The JSON policy characters
|
487
|
+
# can be any ASCII character from the space character to the end of
|
488
|
+
# the valid character list (\\u0020 through \\u00FF). It can also
|
489
|
+
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
490
|
+
# (\\u000D) characters.
|
491
|
+
#
|
492
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
493
|
+
# policies and session tags into a packed binary format that has a
|
494
|
+
# separate limit. Your request can fail for this limit even if your
|
495
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
496
|
+
# response element indicates by percentage how close the policies and
|
497
|
+
# tags for your request are to the upper size limit.
|
498
|
+
#
|
499
|
+
# </note>
|
500
|
+
#
|
501
|
+
#
|
502
|
+
#
|
503
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
504
|
+
# @return [String]
|
505
|
+
#
|
506
|
+
# @!attribute [rw] duration_seconds
|
507
|
+
# The duration, in seconds, of the role session. Your role session
|
508
|
+
# lasts for the duration that you specify for the `DurationSeconds`
|
509
|
+
# parameter, or until the time specified in the SAML authentication
|
510
|
+
# response's `SessionNotOnOrAfter` value, whichever is shorter. You
|
511
|
+
# can provide a `DurationSeconds` value from 900 seconds (15 minutes)
|
512
|
+
# up to the maximum session duration setting for the role. This
|
513
|
+
# setting can have a value from 1 hour to 12 hours. If you specify a
|
514
|
+
# value higher than this setting, the operation fails. For example, if
|
515
|
+
# you specify a session duration of 12 hours, but your administrator
|
516
|
+
# set the maximum session duration to 6 hours, your operation fails.
|
517
|
+
# To learn how to view the maximum value for your role, see [View the
|
518
|
+
# Maximum Session Duration Setting for a Role][1] in the *IAM User
|
519
|
+
# Guide*.
|
520
|
+
#
|
521
|
+
# By default, the value is set to `3600` seconds.
|
522
|
+
#
|
523
|
+
# <note markdown="1"> The `DurationSeconds` parameter is separate from the duration of a
|
524
|
+
# console session that you might request using the returned
|
525
|
+
# credentials. The request to the federation endpoint for a console
|
526
|
+
# sign-in token takes a `SessionDuration` parameter that specifies the
|
527
|
+
# maximum length of the console session. For more information, see
|
528
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
529
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
530
|
+
#
|
531
|
+
# </note>
|
532
|
+
#
|
533
|
+
#
|
534
|
+
#
|
535
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
536
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
537
|
+
# @return [Integer]
|
538
|
+
#
|
539
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLRequest AWS API Documentation
|
540
|
+
#
|
541
|
+
class AssumeRoleWithSAMLRequest < Struct.new(
|
542
|
+
:role_arn,
|
543
|
+
:principal_arn,
|
544
|
+
:saml_assertion,
|
545
|
+
:policy_arns,
|
546
|
+
:policy,
|
547
|
+
:duration_seconds)
|
548
|
+
SENSITIVE = []
|
549
|
+
include Aws::Structure
|
550
|
+
end
|
551
|
+
|
552
|
+
# Contains the response to a successful AssumeRoleWithSAML request,
|
553
|
+
# including temporary Amazon Web Services credentials that can be used
|
554
|
+
# to make Amazon Web Services requests.
|
555
|
+
#
|
556
|
+
# @!attribute [rw] credentials
|
557
|
+
# The temporary security credentials, which include an access key ID,
|
558
|
+
# a secret access key, and a security (or session) token.
|
559
|
+
#
|
560
|
+
# <note markdown="1"> The size of the security token that STS API operations return is not
|
561
|
+
# fixed. We strongly recommend that you make no assumptions about the
|
562
|
+
# maximum size.
|
563
|
+
#
|
564
|
+
# </note>
|
565
|
+
# @return [Types::Credentials]
|
566
|
+
#
|
567
|
+
# @!attribute [rw] assumed_role_user
|
568
|
+
# The identifiers for the temporary security credentials that the
|
569
|
+
# operation returns.
|
570
|
+
# @return [Types::AssumedRoleUser]
|
571
|
+
#
|
572
|
+
# @!attribute [rw] packed_policy_size
|
573
|
+
# A percentage value that indicates the packed size of the session
|
574
|
+
# policies and session tags combined passed in the request. The
|
575
|
+
# request fails if the packed size is greater than 100 percent, which
|
576
|
+
# means the policies and tags exceeded the allowed space.
|
577
|
+
# @return [Integer]
|
578
|
+
#
|
579
|
+
# @!attribute [rw] subject
|
580
|
+
# The value of the `NameID` element in the `Subject` element of the
|
581
|
+
# SAML assertion.
|
582
|
+
# @return [String]
|
583
|
+
#
|
584
|
+
# @!attribute [rw] subject_type
|
585
|
+
# The format of the name ID, as defined by the `Format` attribute in
|
586
|
+
# the `NameID` element of the SAML assertion. Typical examples of the
|
587
|
+
# format are `transient` or `persistent`.
|
588
|
+
#
|
589
|
+
# If the format includes the prefix
|
590
|
+
# `urn:oasis:names:tc:SAML:2.0:nameid-format`, that prefix is removed.
|
591
|
+
# For example, `urn:oasis:names:tc:SAML:2.0:nameid-format:transient`
|
592
|
+
# is returned as `transient`. If the format includes any other prefix,
|
593
|
+
# the format is returned with no modifications.
|
594
|
+
# @return [String]
|
595
|
+
#
|
596
|
+
# @!attribute [rw] issuer
|
597
|
+
# The value of the `Issuer` element of the SAML assertion.
|
598
|
+
# @return [String]
|
599
|
+
#
|
600
|
+
# @!attribute [rw] audience
|
601
|
+
# The value of the `Recipient` attribute of the
|
602
|
+
# `SubjectConfirmationData` element of the SAML assertion.
|
603
|
+
# @return [String]
|
604
|
+
#
|
605
|
+
# @!attribute [rw] name_qualifier
|
606
|
+
# A hash value based on the concatenation of the following:
|
607
|
+
#
|
608
|
+
# * The `Issuer` response value.
|
609
|
+
#
|
610
|
+
# * The Amazon Web Services account ID.
|
611
|
+
#
|
612
|
+
# * The friendly name (the last part of the ARN) of the SAML provider
|
613
|
+
# in IAM.
|
614
|
+
#
|
615
|
+
# The combination of `NameQualifier` and `Subject` can be used to
|
616
|
+
# uniquely identify a federated user.
|
617
|
+
#
|
618
|
+
# The following pseudocode shows how the hash value is calculated:
|
619
|
+
#
|
620
|
+
# `BASE64 ( SHA1 ( "https://example.com/saml" + "123456789012" +
|
621
|
+
# "/MySAMLIdP" ) )`
|
622
|
+
# @return [String]
|
623
|
+
#
|
624
|
+
# @!attribute [rw] source_identity
|
625
|
+
# The value in the `SourceIdentity` attribute in the SAML assertion.
|
626
|
+
#
|
627
|
+
# You can require users to set a source identity value when they
|
628
|
+
# assume a role. You do this by using the `sts:SourceIdentity`
|
629
|
+
# condition key in a role trust policy. That way, actions that are
|
630
|
+
# taken with the role are associated with that user. After the source
|
631
|
+
# identity is set, the value cannot be changed. It is present in the
|
632
|
+
# request for all actions that are taken by the role and persists
|
633
|
+
# across [chained role][1] sessions. You can configure your SAML
|
634
|
+
# identity provider to use an attribute associated with your users,
|
635
|
+
# like user name or email, as the source identity when calling
|
636
|
+
# `AssumeRoleWithSAML`. You do this by adding an attribute to the SAML
|
637
|
+
# assertion. For more information about using source identity, see
|
638
|
+
# [Monitor and control actions taken with assumed roles][2] in the
|
639
|
+
# *IAM User Guide*.
|
640
|
+
#
|
641
|
+
# The regex used to validate this parameter is a string of characters
|
642
|
+
# consisting of upper- and lower-case alphanumeric characters with no
|
643
|
+
# spaces. You can also include underscores or any of the following
|
644
|
+
# characters: =,.@-
|
645
|
+
#
|
646
|
+
#
|
647
|
+
#
|
648
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining
|
649
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
650
|
+
# @return [String]
|
651
|
+
#
|
652
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLResponse AWS API Documentation
|
653
|
+
#
|
654
|
+
class AssumeRoleWithSAMLResponse < Struct.new(
|
655
|
+
:credentials,
|
656
|
+
:assumed_role_user,
|
657
|
+
:packed_policy_size,
|
658
|
+
:subject,
|
659
|
+
:subject_type,
|
660
|
+
:issuer,
|
661
|
+
:audience,
|
662
|
+
:name_qualifier,
|
663
|
+
:source_identity)
|
664
|
+
SENSITIVE = []
|
665
|
+
include Aws::Structure
|
666
|
+
end
|
667
|
+
|
668
|
+
# @note When making an API call, you may pass AssumeRoleWithWebIdentityRequest
|
669
|
+
# data as a hash:
|
670
|
+
#
|
671
|
+
# {
|
672
|
+
# role_arn: "arnType", # required
|
673
|
+
# role_session_name: "roleSessionNameType", # required
|
674
|
+
# web_identity_token: "clientTokenType", # required
|
675
|
+
# provider_id: "urlType",
|
676
|
+
# policy_arns: [
|
677
|
+
# {
|
678
|
+
# arn: "arnType",
|
679
|
+
# },
|
680
|
+
# ],
|
681
|
+
# policy: "sessionPolicyDocumentType",
|
682
|
+
# duration_seconds: 1,
|
683
|
+
# }
|
684
|
+
#
|
685
|
+
# @!attribute [rw] role_arn
|
686
|
+
# The Amazon Resource Name (ARN) of the role that the caller is
|
687
|
+
# assuming.
|
688
|
+
# @return [String]
|
689
|
+
#
|
690
|
+
# @!attribute [rw] role_session_name
|
691
|
+
# An identifier for the assumed role session. Typically, you pass the
|
692
|
+
# name or identifier that is associated with the user who is using
|
693
|
+
# your application. That way, the temporary security credentials that
|
694
|
+
# your application will use are associated with that user. This
|
695
|
+
# session name is included as part of the ARN and assumed role ID in
|
696
|
+
# the `AssumedRoleUser` response element.
|
697
|
+
#
|
698
|
+
# The regex used to validate this parameter is a string of characters
|
699
|
+
# consisting of upper- and lower-case alphanumeric characters with no
|
700
|
+
# spaces. You can also include underscores or any of the following
|
701
|
+
# characters: =,.@-
|
702
|
+
# @return [String]
|
703
|
+
#
|
704
|
+
# @!attribute [rw] web_identity_token
|
705
|
+
# The OAuth 2.0 access token or OpenID Connect ID token that is
|
706
|
+
# provided by the identity provider. Your application must get this
|
707
|
+
# token by authenticating the user who is using your application with
|
708
|
+
# a web identity provider before the application makes an
|
709
|
+
# `AssumeRoleWithWebIdentity` call.
|
710
|
+
# @return [String]
|
711
|
+
#
|
712
|
+
# @!attribute [rw] provider_id
|
713
|
+
# The fully qualified host component of the domain name of the OAuth
|
714
|
+
# 2.0 identity provider. Do not specify this value for an OpenID
|
715
|
+
# Connect identity provider.
|
716
|
+
#
|
717
|
+
# Currently `www.amazon.com` and `graph.facebook.com` are the only
|
718
|
+
# supported identity providers for OAuth 2.0 access tokens. Do not
|
719
|
+
# include URL schemes and port numbers.
|
720
|
+
#
|
721
|
+
# Do not specify this value for OpenID Connect ID tokens.
|
722
|
+
# @return [String]
|
723
|
+
#
|
724
|
+
# @!attribute [rw] policy_arns
|
725
|
+
# The Amazon Resource Names (ARNs) of the IAM managed policies that
|
726
|
+
# you want to use as managed session policies. The policies must exist
|
727
|
+
# in the same account as the role.
|
728
|
+
#
|
729
|
+
# This parameter is optional. You can provide up to 10 managed policy
|
730
|
+
# ARNs. However, the plaintext that you use for both inline and
|
731
|
+
# managed session policies can't exceed 2,048 characters. For more
|
732
|
+
# information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
|
733
|
+
# Web Services Service Namespaces][1] in the Amazon Web Services
|
734
|
+
# General Reference.
|
735
|
+
#
|
736
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
737
|
+
# policies and session tags into a packed binary format that has a
|
738
|
+
# separate limit. Your request can fail for this limit even if your
|
739
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
740
|
+
# response element indicates by percentage how close the policies and
|
741
|
+
# tags for your request are to the upper size limit.
|
742
|
+
#
|
743
|
+
# </note>
|
744
|
+
#
|
745
|
+
# Passing policies to this operation returns new temporary
|
746
|
+
# credentials. The resulting session's permissions are the
|
747
|
+
# intersection of the role's identity-based policy and the session
|
748
|
+
# policies. You can use the role's temporary credentials in
|
749
|
+
# subsequent Amazon Web Services API calls to access resources in the
|
750
|
+
# account that owns the role. You cannot use session policies to grant
|
751
|
+
# more permissions than those allowed by the identity-based policy of
|
752
|
+
# the role that is being assumed. For more information, see [Session
|
753
|
+
# Policies][2] in the *IAM User Guide*.
|
754
|
+
#
|
755
|
+
#
|
756
|
+
#
|
757
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
758
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
759
|
+
# @return [Array<Types::PolicyDescriptorType>]
|
760
|
+
#
|
761
|
+
# @!attribute [rw] policy
|
762
|
+
# An IAM policy in JSON format that you want to use as an inline
|
763
|
+
# session policy.
|
764
|
+
#
|
765
|
+
# This parameter is optional. Passing policies to this operation
|
766
|
+
# returns new temporary credentials. The resulting session's
|
767
|
+
# permissions are the intersection of the role's identity-based
|
768
|
+
# policy and the session policies. You can use the role's temporary
|
769
|
+
# credentials in subsequent Amazon Web Services API calls to access
|
770
|
+
# resources in the account that owns the role. You cannot use session
|
771
|
+
# policies to grant more permissions than those allowed by the
|
772
|
+
# identity-based policy of the role that is being assumed. For more
|
773
|
+
# information, see [Session Policies][1] in the *IAM User Guide*.
|
774
|
+
#
|
775
|
+
# The plaintext that you use for both inline and managed session
|
776
|
+
# policies can't exceed 2,048 characters. The JSON policy characters
|
777
|
+
# can be any ASCII character from the space character to the end of
|
778
|
+
# the valid character list (\\u0020 through \\u00FF). It can also
|
779
|
+
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
780
|
+
# (\\u000D) characters.
|
781
|
+
#
|
782
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
783
|
+
# policies and session tags into a packed binary format that has a
|
784
|
+
# separate limit. Your request can fail for this limit even if your
|
785
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
786
|
+
# response element indicates by percentage how close the policies and
|
787
|
+
# tags for your request are to the upper size limit.
|
788
|
+
#
|
789
|
+
# </note>
|
790
|
+
#
|
791
|
+
#
|
792
|
+
#
|
793
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
794
|
+
# @return [String]
|
795
|
+
#
|
796
|
+
# @!attribute [rw] duration_seconds
|
797
|
+
# The duration, in seconds, of the role session. The value can range
|
798
|
+
# from 900 seconds (15 minutes) up to the maximum session duration
|
799
|
+
# setting for the role. This setting can have a value from 1 hour to
|
800
|
+
# 12 hours. If you specify a value higher than this setting, the
|
801
|
+
# operation fails. For example, if you specify a session duration of
|
802
|
+
# 12 hours, but your administrator set the maximum session duration to
|
803
|
+
# 6 hours, your operation fails. To learn how to view the maximum
|
804
|
+
# value for your role, see [View the Maximum Session Duration Setting
|
805
|
+
# for a Role][1] in the *IAM User Guide*.
|
806
|
+
#
|
807
|
+
# By default, the value is set to `3600` seconds.
|
808
|
+
#
|
809
|
+
# <note markdown="1"> The `DurationSeconds` parameter is separate from the duration of a
|
810
|
+
# console session that you might request using the returned
|
811
|
+
# credentials. The request to the federation endpoint for a console
|
812
|
+
# sign-in token takes a `SessionDuration` parameter that specifies the
|
813
|
+
# maximum length of the console session. For more information, see
|
814
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
815
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
816
|
+
#
|
817
|
+
# </note>
|
818
|
+
#
|
819
|
+
#
|
820
|
+
#
|
821
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
822
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
823
|
+
# @return [Integer]
|
824
|
+
#
|
825
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityRequest AWS API Documentation
|
826
|
+
#
|
827
|
+
class AssumeRoleWithWebIdentityRequest < Struct.new(
|
828
|
+
:role_arn,
|
829
|
+
:role_session_name,
|
830
|
+
:web_identity_token,
|
831
|
+
:provider_id,
|
832
|
+
:policy_arns,
|
833
|
+
:policy,
|
834
|
+
:duration_seconds)
|
835
|
+
SENSITIVE = []
|
836
|
+
include Aws::Structure
|
837
|
+
end
|
838
|
+
|
839
|
+
# Contains the response to a successful AssumeRoleWithWebIdentity
|
840
|
+
# request, including temporary Amazon Web Services credentials that can
|
841
|
+
# be used to make Amazon Web Services requests.
|
842
|
+
#
|
843
|
+
# @!attribute [rw] credentials
|
844
|
+
# The temporary security credentials, which include an access key ID,
|
845
|
+
# a secret access key, and a security token.
|
846
|
+
#
|
847
|
+
# <note markdown="1"> The size of the security token that STS API operations return is not
|
848
|
+
# fixed. We strongly recommend that you make no assumptions about the
|
849
|
+
# maximum size.
|
850
|
+
#
|
851
|
+
# </note>
|
852
|
+
# @return [Types::Credentials]
|
853
|
+
#
|
854
|
+
# @!attribute [rw] subject_from_web_identity_token
|
855
|
+
# The unique user identifier that is returned by the identity
|
856
|
+
# provider. This identifier is associated with the `WebIdentityToken`
|
857
|
+
# that was submitted with the `AssumeRoleWithWebIdentity` call. The
|
858
|
+
# identifier is typically unique to the user and the application that
|
859
|
+
# acquired the `WebIdentityToken` (pairwise identifier). For OpenID
|
860
|
+
# Connect ID tokens, this field contains the value returned by the
|
861
|
+
# identity provider as the token's `sub` (Subject) claim.
|
862
|
+
# @return [String]
|
863
|
+
#
|
864
|
+
# @!attribute [rw] assumed_role_user
|
865
|
+
# The Amazon Resource Name (ARN) and the assumed role ID, which are
|
866
|
+
# identifiers that you can use to refer to the resulting temporary
|
867
|
+
# security credentials. For example, you can reference these
|
868
|
+
# credentials as a principal in a resource-based policy by using the
|
869
|
+
# ARN or assumed role ID. The ARN and ID include the `RoleSessionName`
|
870
|
+
# that you specified when you called `AssumeRole`.
|
871
|
+
# @return [Types::AssumedRoleUser]
|
872
|
+
#
|
873
|
+
# @!attribute [rw] packed_policy_size
|
874
|
+
# A percentage value that indicates the packed size of the session
|
875
|
+
# policies and session tags combined passed in the request. The
|
876
|
+
# request fails if the packed size is greater than 100 percent, which
|
877
|
+
# means the policies and tags exceeded the allowed space.
|
878
|
+
# @return [Integer]
|
879
|
+
#
|
880
|
+
# @!attribute [rw] provider
|
881
|
+
# The issuing authority of the web identity token presented. For
|
882
|
+
# OpenID Connect ID tokens, this contains the value of the `iss`
|
883
|
+
# field. For OAuth 2.0 access tokens, this contains the value of the
|
884
|
+
# `ProviderId` parameter that was passed in the
|
885
|
+
# `AssumeRoleWithWebIdentity` request.
|
886
|
+
# @return [String]
|
887
|
+
#
|
888
|
+
# @!attribute [rw] audience
|
889
|
+
# The intended audience (also known as client ID) of the web identity
|
890
|
+
# token. This is traditionally the client identifier issued to the
|
891
|
+
# application that requested the web identity token.
|
892
|
+
# @return [String]
|
893
|
+
#
|
894
|
+
# @!attribute [rw] source_identity
|
895
|
+
# The value of the source identity that is returned in the JSON web
|
896
|
+
# token (JWT) from the identity provider.
|
897
|
+
#
|
898
|
+
# You can require users to set a source identity value when they
|
899
|
+
# assume a role. You do this by using the `sts:SourceIdentity`
|
900
|
+
# condition key in a role trust policy. That way, actions that are
|
901
|
+
# taken with the role are associated with that user. After the source
|
902
|
+
# identity is set, the value cannot be changed. It is present in the
|
903
|
+
# request for all actions that are taken by the role and persists
|
904
|
+
# across [chained role][1] sessions. You can configure your identity
|
905
|
+
# provider to use an attribute associated with your users, like user
|
906
|
+
# name or email, as the source identity when calling
|
907
|
+
# `AssumeRoleWithWebIdentity`. You do this by adding a claim to the
|
908
|
+
# JSON web token. To learn more about OIDC tokens and claims, see
|
909
|
+
# [Using Tokens with User Pools][2] in the *Amazon Cognito Developer
|
910
|
+
# Guide*. For more information about using source identity, see
|
911
|
+
# [Monitor and control actions taken with assumed roles][3] in the
|
912
|
+
# *IAM User Guide*.
|
913
|
+
#
|
914
|
+
# The regex used to validate this parameter is a string of characters
|
915
|
+
# consisting of upper- and lower-case alphanumeric characters with no
|
916
|
+
# spaces. You can also include underscores or any of the following
|
917
|
+
# characters: =,.@-
|
918
|
+
#
|
919
|
+
#
|
920
|
+
#
|
921
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining
|
922
|
+
# [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html
|
923
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
924
|
+
# @return [String]
|
925
|
+
#
|
926
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityResponse AWS API Documentation
|
927
|
+
#
|
928
|
+
class AssumeRoleWithWebIdentityResponse < Struct.new(
|
929
|
+
:credentials,
|
930
|
+
:subject_from_web_identity_token,
|
931
|
+
:assumed_role_user,
|
932
|
+
:packed_policy_size,
|
933
|
+
:provider,
|
934
|
+
:audience,
|
935
|
+
:source_identity)
|
936
|
+
SENSITIVE = []
|
937
|
+
include Aws::Structure
|
938
|
+
end
|
939
|
+
|
940
|
+
# The identifiers for the temporary security credentials that the
|
941
|
+
# operation returns.
|
942
|
+
#
|
943
|
+
# @!attribute [rw] assumed_role_id
|
944
|
+
# A unique identifier that contains the role ID and the role session
|
945
|
+
# name of the role that is being assumed. The role ID is generated by
|
946
|
+
# Amazon Web Services when the role is created.
|
947
|
+
# @return [String]
|
948
|
+
#
|
949
|
+
# @!attribute [rw] arn
|
950
|
+
# The ARN of the temporary security credentials that are returned from
|
951
|
+
# the AssumeRole action. For more information about ARNs and how to
|
952
|
+
# use them in policies, see [IAM Identifiers][1] in the *IAM User
|
953
|
+
# Guide*.
|
954
|
+
#
|
955
|
+
#
|
956
|
+
#
|
957
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
|
958
|
+
# @return [String]
|
959
|
+
#
|
960
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumedRoleUser AWS API Documentation
|
961
|
+
#
|
962
|
+
class AssumedRoleUser < Struct.new(
|
963
|
+
:assumed_role_id,
|
964
|
+
:arn)
|
965
|
+
SENSITIVE = []
|
966
|
+
include Aws::Structure
|
967
|
+
end
|
968
|
+
|
969
|
+
# Amazon Web Services credentials for API authentication.
|
970
|
+
#
|
971
|
+
# @!attribute [rw] access_key_id
|
972
|
+
# The access key ID that identifies the temporary security
|
973
|
+
# credentials.
|
974
|
+
# @return [String]
|
975
|
+
#
|
976
|
+
# @!attribute [rw] secret_access_key
|
977
|
+
# The secret access key that can be used to sign requests.
|
978
|
+
# @return [String]
|
979
|
+
#
|
980
|
+
# @!attribute [rw] session_token
|
981
|
+
# The token that users must pass to the service API to use the
|
982
|
+
# temporary credentials.
|
983
|
+
# @return [String]
|
984
|
+
#
|
985
|
+
# @!attribute [rw] expiration
|
986
|
+
# The date on which the current credentials expire.
|
987
|
+
# @return [Time]
|
988
|
+
#
|
989
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/Credentials AWS API Documentation
|
990
|
+
#
|
991
|
+
class Credentials < Struct.new(
|
992
|
+
:access_key_id,
|
993
|
+
:secret_access_key,
|
994
|
+
:session_token,
|
995
|
+
:expiration)
|
996
|
+
SENSITIVE = []
|
997
|
+
include Aws::Structure
|
998
|
+
end
|
999
|
+
|
1000
|
+
# @note When making an API call, you may pass DecodeAuthorizationMessageRequest
|
1001
|
+
# data as a hash:
|
1002
|
+
#
|
1003
|
+
# {
|
1004
|
+
# encoded_message: "encodedMessageType", # required
|
1005
|
+
# }
|
1006
|
+
#
|
1007
|
+
# @!attribute [rw] encoded_message
|
1008
|
+
# The encoded message that was returned with the response.
|
1009
|
+
# @return [String]
|
1010
|
+
#
|
1011
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageRequest AWS API Documentation
|
1012
|
+
#
|
1013
|
+
class DecodeAuthorizationMessageRequest < Struct.new(
|
1014
|
+
:encoded_message)
|
1015
|
+
SENSITIVE = []
|
1016
|
+
include Aws::Structure
|
1017
|
+
end
|
1018
|
+
|
1019
|
+
# A document that contains additional information about the
|
1020
|
+
# authorization status of a request from an encoded message that is
|
1021
|
+
# returned in response to an Amazon Web Services request.
|
1022
|
+
#
|
1023
|
+
# @!attribute [rw] decoded_message
|
1024
|
+
# The API returns a response with the decoded message.
|
1025
|
+
# @return [String]
|
1026
|
+
#
|
1027
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse AWS API Documentation
|
1028
|
+
#
|
1029
|
+
class DecodeAuthorizationMessageResponse < Struct.new(
|
1030
|
+
:decoded_message)
|
1031
|
+
SENSITIVE = []
|
1032
|
+
include Aws::Structure
|
1033
|
+
end
|
1034
|
+
|
1035
|
+
# The web identity token that was passed is expired or is not valid. Get
|
1036
|
+
# a new identity token from the identity provider and then retry the
|
1037
|
+
# request.
|
1038
|
+
#
|
1039
|
+
# @!attribute [rw] message
|
1040
|
+
# @return [String]
|
1041
|
+
#
|
1042
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/ExpiredTokenException AWS API Documentation
|
1043
|
+
#
|
1044
|
+
class ExpiredTokenException < Struct.new(
|
1045
|
+
:message)
|
1046
|
+
SENSITIVE = []
|
1047
|
+
include Aws::Structure
|
1048
|
+
end
|
1049
|
+
|
1050
|
+
# Identifiers for the federated user that is associated with the
|
1051
|
+
# credentials.
|
1052
|
+
#
|
1053
|
+
# @!attribute [rw] federated_user_id
|
1054
|
+
# The string that identifies the federated user associated with the
|
1055
|
+
# credentials, similar to the unique ID of an IAM user.
|
1056
|
+
# @return [String]
|
1057
|
+
#
|
1058
|
+
# @!attribute [rw] arn
|
1059
|
+
# The ARN that specifies the federated user that is associated with
|
1060
|
+
# the credentials. For more information about ARNs and how to use them
|
1061
|
+
# in policies, see [IAM Identifiers][1] in the *IAM User Guide*.
|
1062
|
+
#
|
1063
|
+
#
|
1064
|
+
#
|
1065
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
|
1066
|
+
# @return [String]
|
1067
|
+
#
|
1068
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/FederatedUser AWS API Documentation
|
1069
|
+
#
|
1070
|
+
class FederatedUser < Struct.new(
|
1071
|
+
:federated_user_id,
|
1072
|
+
:arn)
|
1073
|
+
SENSITIVE = []
|
1074
|
+
include Aws::Structure
|
1075
|
+
end
|
1076
|
+
|
1077
|
+
# @note When making an API call, you may pass GetAccessKeyInfoRequest
|
1078
|
+
# data as a hash:
|
1079
|
+
#
|
1080
|
+
# {
|
1081
|
+
# access_key_id: "accessKeyIdType", # required
|
1082
|
+
# }
|
1083
|
+
#
|
1084
|
+
# @!attribute [rw] access_key_id
|
1085
|
+
# The identifier of an access key.
|
1086
|
+
#
|
1087
|
+
# This parameter allows (through its regex pattern) a string of
|
1088
|
+
# characters that can consist of any upper- or lowercase letter or
|
1089
|
+
# digit.
|
1090
|
+
# @return [String]
|
1091
|
+
#
|
1092
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfoRequest AWS API Documentation
|
1093
|
+
#
|
1094
|
+
class GetAccessKeyInfoRequest < Struct.new(
|
1095
|
+
:access_key_id)
|
1096
|
+
SENSITIVE = []
|
1097
|
+
include Aws::Structure
|
1098
|
+
end
|
1099
|
+
|
1100
|
+
# @!attribute [rw] account
|
1101
|
+
# The number used to identify the Amazon Web Services account.
|
1102
|
+
# @return [String]
|
1103
|
+
#
|
1104
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfoResponse AWS API Documentation
|
1105
|
+
#
|
1106
|
+
class GetAccessKeyInfoResponse < Struct.new(
|
1107
|
+
:account)
|
1108
|
+
SENSITIVE = []
|
1109
|
+
include Aws::Structure
|
1110
|
+
end
|
1111
|
+
|
1112
|
+
# @api private
|
1113
|
+
#
|
1114
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityRequest AWS API Documentation
|
1115
|
+
#
|
1116
|
+
class GetCallerIdentityRequest < Aws::EmptyStructure; end
|
1117
|
+
|
1118
|
+
# Contains the response to a successful GetCallerIdentity request,
|
1119
|
+
# including information about the entity making the request.
|
1120
|
+
#
|
1121
|
+
# @!attribute [rw] user_id
|
1122
|
+
# The unique identifier of the calling entity. The exact value depends
|
1123
|
+
# on the type of entity that is making the call. The values returned
|
1124
|
+
# are those listed in the **aws:userid** column in the [Principal
|
1125
|
+
# table][1] found on the **Policy Variables** reference page in the
|
1126
|
+
# *IAM User Guide*.
|
1127
|
+
#
|
1128
|
+
#
|
1129
|
+
#
|
1130
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable
|
1131
|
+
# @return [String]
|
1132
|
+
#
|
1133
|
+
# @!attribute [rw] account
|
1134
|
+
# The Amazon Web Services account ID number of the account that owns
|
1135
|
+
# or contains the calling entity.
|
1136
|
+
# @return [String]
|
1137
|
+
#
|
1138
|
+
# @!attribute [rw] arn
|
1139
|
+
# The Amazon Web Services ARN associated with the calling entity.
|
1140
|
+
# @return [String]
|
1141
|
+
#
|
1142
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityResponse AWS API Documentation
|
1143
|
+
#
|
1144
|
+
class GetCallerIdentityResponse < Struct.new(
|
1145
|
+
:user_id,
|
1146
|
+
:account,
|
1147
|
+
:arn)
|
1148
|
+
SENSITIVE = []
|
1149
|
+
include Aws::Structure
|
1150
|
+
end
|
1151
|
+
|
1152
|
+
# @note When making an API call, you may pass GetFederationTokenRequest
|
1153
|
+
# data as a hash:
|
1154
|
+
#
|
1155
|
+
# {
|
1156
|
+
# name: "userNameType", # required
|
1157
|
+
# policy: "sessionPolicyDocumentType",
|
1158
|
+
# policy_arns: [
|
1159
|
+
# {
|
1160
|
+
# arn: "arnType",
|
1161
|
+
# },
|
1162
|
+
# ],
|
1163
|
+
# duration_seconds: 1,
|
1164
|
+
# tags: [
|
1165
|
+
# {
|
1166
|
+
# key: "tagKeyType", # required
|
1167
|
+
# value: "tagValueType", # required
|
1168
|
+
# },
|
1169
|
+
# ],
|
1170
|
+
# }
|
1171
|
+
#
|
1172
|
+
# @!attribute [rw] name
|
1173
|
+
# The name of the federated user. The name is used as an identifier
|
1174
|
+
# for the temporary security credentials (such as `Bob`). For example,
|
1175
|
+
# you can reference the federated user name in a resource-based
|
1176
|
+
# policy, such as in an Amazon S3 bucket policy.
|
1177
|
+
#
|
1178
|
+
# The regex used to validate this parameter is a string of characters
|
1179
|
+
# consisting of upper- and lower-case alphanumeric characters with no
|
1180
|
+
# spaces. You can also include underscores or any of the following
|
1181
|
+
# characters: =,.@-
|
1182
|
+
# @return [String]
|
1183
|
+
#
|
1184
|
+
# @!attribute [rw] policy
|
1185
|
+
# An IAM policy in JSON format that you want to use as an inline
|
1186
|
+
# session policy.
|
1187
|
+
#
|
1188
|
+
# You must pass an inline or managed [session policy][1] to this
|
1189
|
+
# operation. You can pass a single JSON policy document to use as an
|
1190
|
+
# inline session policy. You can also specify up to 10 managed
|
1191
|
+
# policies to use as managed session policies.
|
1192
|
+
#
|
1193
|
+
# This parameter is optional. However, if you do not pass any session
|
1194
|
+
# policies, then the resulting federated user session has no
|
1195
|
+
# permissions.
|
1196
|
+
#
|
1197
|
+
# When you pass session policies, the session permissions are the
|
1198
|
+
# intersection of the IAM user policies and the session policies that
|
1199
|
+
# you pass. This gives you a way to further restrict the permissions
|
1200
|
+
# for a federated user. You cannot use session policies to grant more
|
1201
|
+
# permissions than those that are defined in the permissions policy of
|
1202
|
+
# the IAM user. For more information, see [Session Policies][1] in the
|
1203
|
+
# *IAM User Guide*.
|
1204
|
+
#
|
1205
|
+
# The resulting credentials can be used to access a resource that has
|
1206
|
+
# a resource-based policy. If that policy specifically references the
|
1207
|
+
# federated user session in the `Principal` element of the policy, the
|
1208
|
+
# session has the permissions allowed by the policy. These permissions
|
1209
|
+
# are granted in addition to the permissions that are granted by the
|
1210
|
+
# session policies.
|
1211
|
+
#
|
1212
|
+
# The plaintext that you use for both inline and managed session
|
1213
|
+
# policies can't exceed 2,048 characters. The JSON policy characters
|
1214
|
+
# can be any ASCII character from the space character to the end of
|
1215
|
+
# the valid character list (\\u0020 through \\u00FF). It can also
|
1216
|
+
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
1217
|
+
# (\\u000D) characters.
|
1218
|
+
#
|
1219
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1220
|
+
# policies and session tags into a packed binary format that has a
|
1221
|
+
# separate limit. Your request can fail for this limit even if your
|
1222
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
1223
|
+
# response element indicates by percentage how close the policies and
|
1224
|
+
# tags for your request are to the upper size limit.
|
1225
|
+
#
|
1226
|
+
# </note>
|
1227
|
+
#
|
1228
|
+
#
|
1229
|
+
#
|
1230
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
1231
|
+
# @return [String]
|
1232
|
+
#
|
1233
|
+
# @!attribute [rw] policy_arns
|
1234
|
+
# The Amazon Resource Names (ARNs) of the IAM managed policies that
|
1235
|
+
# you want to use as a managed session policy. The policies must exist
|
1236
|
+
# in the same account as the IAM user that is requesting federated
|
1237
|
+
# access.
|
1238
|
+
#
|
1239
|
+
# You must pass an inline or managed [session policy][1] to this
|
1240
|
+
# operation. You can pass a single JSON policy document to use as an
|
1241
|
+
# inline session policy. You can also specify up to 10 managed
|
1242
|
+
# policies to use as managed session policies. The plaintext that you
|
1243
|
+
# use for both inline and managed session policies can't exceed 2,048
|
1244
|
+
# characters. You can provide up to 10 managed policy ARNs. For more
|
1245
|
+
# information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
|
1246
|
+
# Web Services Service Namespaces][2] in the Amazon Web Services
|
1247
|
+
# General Reference.
|
1248
|
+
#
|
1249
|
+
# This parameter is optional. However, if you do not pass any session
|
1250
|
+
# policies, then the resulting federated user session has no
|
1251
|
+
# permissions.
|
1252
|
+
#
|
1253
|
+
# When you pass session policies, the session permissions are the
|
1254
|
+
# intersection of the IAM user policies and the session policies that
|
1255
|
+
# you pass. This gives you a way to further restrict the permissions
|
1256
|
+
# for a federated user. You cannot use session policies to grant more
|
1257
|
+
# permissions than those that are defined in the permissions policy of
|
1258
|
+
# the IAM user. For more information, see [Session Policies][1] in the
|
1259
|
+
# *IAM User Guide*.
|
1260
|
+
#
|
1261
|
+
# The resulting credentials can be used to access a resource that has
|
1262
|
+
# a resource-based policy. If that policy specifically references the
|
1263
|
+
# federated user session in the `Principal` element of the policy, the
|
1264
|
+
# session has the permissions allowed by the policy. These permissions
|
1265
|
+
# are granted in addition to the permissions that are granted by the
|
1266
|
+
# session policies.
|
1267
|
+
#
|
1268
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1269
|
+
# policies and session tags into a packed binary format that has a
|
1270
|
+
# separate limit. Your request can fail for this limit even if your
|
1271
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
1272
|
+
# response element indicates by percentage how close the policies and
|
1273
|
+
# tags for your request are to the upper size limit.
|
1274
|
+
#
|
1275
|
+
# </note>
|
1276
|
+
#
|
1277
|
+
#
|
1278
|
+
#
|
1279
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
1280
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
1281
|
+
# @return [Array<Types::PolicyDescriptorType>]
|
1282
|
+
#
|
1283
|
+
# @!attribute [rw] duration_seconds
|
1284
|
+
# The duration, in seconds, that the session should last. Acceptable
|
1285
|
+
# durations for federation sessions range from 900 seconds (15
|
1286
|
+
# minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12
|
1287
|
+
# hours) as the default. Sessions obtained using Amazon Web Services
|
1288
|
+
# account root user credentials are restricted to a maximum of 3,600
|
1289
|
+
# seconds (one hour). If the specified duration is longer than one
|
1290
|
+
# hour, the session obtained by using root user credentials defaults
|
1291
|
+
# to one hour.
|
1292
|
+
# @return [Integer]
|
1293
|
+
#
|
1294
|
+
# @!attribute [rw] tags
|
1295
|
+
# A list of session tags. Each session tag consists of a key name and
|
1296
|
+
# an associated value. For more information about session tags, see
|
1297
|
+
# [Passing Session Tags in STS][1] in the *IAM User Guide*.
|
1298
|
+
#
|
1299
|
+
# This parameter is optional. You can pass up to 50 session tags. The
|
1300
|
+
# plaintext session tag keys can’t exceed 128 characters and the
|
1301
|
+
# values can’t exceed 256 characters. For these and additional limits,
|
1302
|
+
# see [IAM and STS Character Limits][2] in the *IAM User Guide*.
|
1303
|
+
#
|
1304
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1305
|
+
# policies and session tags into a packed binary format that has a
|
1306
|
+
# separate limit. Your request can fail for this limit even if your
|
1307
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
1308
|
+
# response element indicates by percentage how close the policies and
|
1309
|
+
# tags for your request are to the upper size limit.
|
1310
|
+
#
|
1311
|
+
# </note>
|
1312
|
+
#
|
1313
|
+
# You can pass a session tag with the same key as a tag that is
|
1314
|
+
# already attached to the user you are federating. When you do,
|
1315
|
+
# session tags override a user tag with the same key.
|
1316
|
+
#
|
1317
|
+
# Tag key–value pairs are not case sensitive, but case is preserved.
|
1318
|
+
# This means that you cannot have separate `Department` and
|
1319
|
+
# `department` tag keys. Assume that the role has the
|
1320
|
+
# `Department`=`Marketing` tag and you pass the
|
1321
|
+
# `department`=`engineering` session tag. `Department` and
|
1322
|
+
# `department` are not saved as separate tags, and the session tag
|
1323
|
+
# passed in the request takes precedence over the role tag.
|
1324
|
+
#
|
1325
|
+
#
|
1326
|
+
#
|
1327
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1328
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
1329
|
+
# @return [Array<Types::Tag>]
|
1330
|
+
#
|
1331
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenRequest AWS API Documentation
|
1332
|
+
#
|
1333
|
+
class GetFederationTokenRequest < Struct.new(
|
1334
|
+
:name,
|
1335
|
+
:policy,
|
1336
|
+
:policy_arns,
|
1337
|
+
:duration_seconds,
|
1338
|
+
:tags)
|
1339
|
+
SENSITIVE = []
|
1340
|
+
include Aws::Structure
|
1341
|
+
end
|
1342
|
+
|
1343
|
+
# Contains the response to a successful GetFederationToken request,
|
1344
|
+
# including temporary Amazon Web Services credentials that can be used
|
1345
|
+
# to make Amazon Web Services requests.
|
1346
|
+
#
|
1347
|
+
# @!attribute [rw] credentials
|
1348
|
+
# The temporary security credentials, which include an access key ID,
|
1349
|
+
# a secret access key, and a security (or session) token.
|
1350
|
+
#
|
1351
|
+
# <note markdown="1"> The size of the security token that STS API operations return is not
|
1352
|
+
# fixed. We strongly recommend that you make no assumptions about the
|
1353
|
+
# maximum size.
|
1354
|
+
#
|
1355
|
+
# </note>
|
1356
|
+
# @return [Types::Credentials]
|
1357
|
+
#
|
1358
|
+
# @!attribute [rw] federated_user
|
1359
|
+
# Identifiers for the federated user associated with the credentials
|
1360
|
+
# (such as `arn:aws:sts::123456789012:federated-user/Bob` or
|
1361
|
+
# `123456789012:Bob`). You can use the federated user's ARN in your
|
1362
|
+
# resource-based policies, such as an Amazon S3 bucket policy.
|
1363
|
+
# @return [Types::FederatedUser]
|
1364
|
+
#
|
1365
|
+
# @!attribute [rw] packed_policy_size
|
1366
|
+
# A percentage value that indicates the packed size of the session
|
1367
|
+
# policies and session tags combined passed in the request. The
|
1368
|
+
# request fails if the packed size is greater than 100 percent, which
|
1369
|
+
# means the policies and tags exceeded the allowed space.
|
1370
|
+
# @return [Integer]
|
1371
|
+
#
|
1372
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenResponse AWS API Documentation
|
1373
|
+
#
|
1374
|
+
class GetFederationTokenResponse < Struct.new(
|
1375
|
+
:credentials,
|
1376
|
+
:federated_user,
|
1377
|
+
:packed_policy_size)
|
1378
|
+
SENSITIVE = []
|
1379
|
+
include Aws::Structure
|
1380
|
+
end
|
1381
|
+
|
1382
|
+
# @note When making an API call, you may pass GetSessionTokenRequest
|
1383
|
+
# data as a hash:
|
1384
|
+
#
|
1385
|
+
# {
|
1386
|
+
# duration_seconds: 1,
|
1387
|
+
# serial_number: "serialNumberType",
|
1388
|
+
# token_code: "tokenCodeType",
|
1389
|
+
# }
|
1390
|
+
#
|
1391
|
+
# @!attribute [rw] duration_seconds
|
1392
|
+
# The duration, in seconds, that the credentials should remain valid.
|
1393
|
+
# Acceptable durations for IAM user sessions range from 900 seconds
|
1394
|
+
# (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12
|
1395
|
+
# hours) as the default. Sessions for Amazon Web Services account
|
1396
|
+
# owners are restricted to a maximum of 3,600 seconds (one hour). If
|
1397
|
+
# the duration is longer than one hour, the session for Amazon Web
|
1398
|
+
# Services account owners defaults to one hour.
|
1399
|
+
# @return [Integer]
|
1400
|
+
#
|
1401
|
+
# @!attribute [rw] serial_number
|
1402
|
+
# The identification number of the MFA device that is associated with
|
1403
|
+
# the IAM user who is making the `GetSessionToken` call. Specify this
|
1404
|
+
# value if the IAM user has a policy that requires MFA authentication.
|
1405
|
+
# The value is either the serial number for a hardware device (such as
|
1406
|
+
# `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual
|
1407
|
+
# device (such as `arn:aws:iam::123456789012:mfa/user`). You can find
|
1408
|
+
# the device for an IAM user by going to the Amazon Web Services
|
1409
|
+
# Management Console and viewing the user's security credentials.
|
1410
|
+
#
|
1411
|
+
# The regex used to validate this parameter is a string of characters
|
1412
|
+
# consisting of upper- and lower-case alphanumeric characters with no
|
1413
|
+
# spaces. You can also include underscores or any of the following
|
1414
|
+
# characters: =,.@:/-
|
1415
|
+
# @return [String]
|
1416
|
+
#
|
1417
|
+
# @!attribute [rw] token_code
|
1418
|
+
# The value provided by the MFA device, if MFA is required. If any
|
1419
|
+
# policy requires the IAM user to submit an MFA code, specify this
|
1420
|
+
# value. If MFA authentication is required, the user must provide a
|
1421
|
+
# code when requesting a set of temporary security credentials. A user
|
1422
|
+
# who fails to provide the code receives an "access denied" response
|
1423
|
+
# when requesting resources that require MFA authentication.
|
1424
|
+
#
|
1425
|
+
# The format for this parameter, as described by its regex pattern, is
|
1426
|
+
# a sequence of six numeric digits.
|
1427
|
+
# @return [String]
|
1428
|
+
#
|
1429
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionTokenRequest AWS API Documentation
|
1430
|
+
#
|
1431
|
+
class GetSessionTokenRequest < Struct.new(
|
1432
|
+
:duration_seconds,
|
1433
|
+
:serial_number,
|
1434
|
+
:token_code)
|
1435
|
+
SENSITIVE = []
|
1436
|
+
include Aws::Structure
|
1437
|
+
end
|
1438
|
+
|
1439
|
+
# Contains the response to a successful GetSessionToken request,
|
1440
|
+
# including temporary Amazon Web Services credentials that can be used
|
1441
|
+
# to make Amazon Web Services requests.
|
1442
|
+
#
|
1443
|
+
# @!attribute [rw] credentials
|
1444
|
+
# The temporary security credentials, which include an access key ID,
|
1445
|
+
# a secret access key, and a security (or session) token.
|
1446
|
+
#
|
1447
|
+
# <note markdown="1"> The size of the security token that STS API operations return is not
|
1448
|
+
# fixed. We strongly recommend that you make no assumptions about the
|
1449
|
+
# maximum size.
|
1450
|
+
#
|
1451
|
+
# </note>
|
1452
|
+
# @return [Types::Credentials]
|
1453
|
+
#
|
1454
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionTokenResponse AWS API Documentation
|
1455
|
+
#
|
1456
|
+
class GetSessionTokenResponse < Struct.new(
|
1457
|
+
:credentials)
|
1458
|
+
SENSITIVE = []
|
1459
|
+
include Aws::Structure
|
1460
|
+
end
|
1461
|
+
|
1462
|
+
# The request could not be fulfilled because the identity provider (IDP)
|
1463
|
+
# that was asked to verify the incoming identity token could not be
|
1464
|
+
# reached. This is often a transient error caused by network conditions.
|
1465
|
+
# Retry the request a limited number of times so that you don't exceed
|
1466
|
+
# the request rate. If the error persists, the identity provider might
|
1467
|
+
# be down or not responding.
|
1468
|
+
#
|
1469
|
+
# @!attribute [rw] message
|
1470
|
+
# @return [String]
|
1471
|
+
#
|
1472
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/IDPCommunicationErrorException AWS API Documentation
|
1473
|
+
#
|
1474
|
+
class IDPCommunicationErrorException < Struct.new(
|
1475
|
+
:message)
|
1476
|
+
SENSITIVE = []
|
1477
|
+
include Aws::Structure
|
1478
|
+
end
|
1479
|
+
|
1480
|
+
# The identity provider (IdP) reported that authentication failed. This
|
1481
|
+
# might be because the claim is invalid.
|
1482
|
+
#
|
1483
|
+
# If this error is returned for the `AssumeRoleWithWebIdentity`
|
1484
|
+
# operation, it can also mean that the claim has expired or has been
|
1485
|
+
# explicitly revoked.
|
1486
|
+
#
|
1487
|
+
# @!attribute [rw] message
|
1488
|
+
# @return [String]
|
1489
|
+
#
|
1490
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/IDPRejectedClaimException AWS API Documentation
|
1491
|
+
#
|
1492
|
+
class IDPRejectedClaimException < Struct.new(
|
1493
|
+
:message)
|
1494
|
+
SENSITIVE = []
|
1495
|
+
include Aws::Structure
|
1496
|
+
end
|
1497
|
+
|
1498
|
+
# The error returned if the message passed to
|
1499
|
+
# `DecodeAuthorizationMessage` was invalid. This can happen if the token
|
1500
|
+
# contains invalid characters, such as linebreaks.
|
1501
|
+
#
|
1502
|
+
# @!attribute [rw] message
|
1503
|
+
# @return [String]
|
1504
|
+
#
|
1505
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/InvalidAuthorizationMessageException AWS API Documentation
|
1506
|
+
#
|
1507
|
+
class InvalidAuthorizationMessageException < Struct.new(
|
1508
|
+
:message)
|
1509
|
+
SENSITIVE = []
|
1510
|
+
include Aws::Structure
|
1511
|
+
end
|
1512
|
+
|
1513
|
+
# The web identity token that was passed could not be validated by
|
1514
|
+
# Amazon Web Services. Get a new identity token from the identity
|
1515
|
+
# provider and then retry the request.
|
1516
|
+
#
|
1517
|
+
# @!attribute [rw] message
|
1518
|
+
# @return [String]
|
1519
|
+
#
|
1520
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/InvalidIdentityTokenException AWS API Documentation
|
1521
|
+
#
|
1522
|
+
class InvalidIdentityTokenException < Struct.new(
|
1523
|
+
:message)
|
1524
|
+
SENSITIVE = []
|
1525
|
+
include Aws::Structure
|
1526
|
+
end
|
1527
|
+
|
1528
|
+
# The request was rejected because the policy document was malformed.
|
1529
|
+
# The error message describes the specific error.
|
1530
|
+
#
|
1531
|
+
# @!attribute [rw] message
|
1532
|
+
# @return [String]
|
1533
|
+
#
|
1534
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/MalformedPolicyDocumentException AWS API Documentation
|
1535
|
+
#
|
1536
|
+
class MalformedPolicyDocumentException < Struct.new(
|
1537
|
+
:message)
|
1538
|
+
SENSITIVE = []
|
1539
|
+
include Aws::Structure
|
1540
|
+
end
|
1541
|
+
|
1542
|
+
# The request was rejected because the total packed size of the session
|
1543
|
+
# policies and session tags combined was too large. An Amazon Web
|
1544
|
+
# Services conversion compresses the session policy document, session
|
1545
|
+
# policy ARNs, and session tags into a packed binary format that has a
|
1546
|
+
# separate limit. The error message indicates by percentage how close
|
1547
|
+
# the policies and tags are to the upper size limit. For more
|
1548
|
+
# information, see [Passing Session Tags in STS][1] in the *IAM User
|
1549
|
+
# Guide*.
|
1550
|
+
#
|
1551
|
+
# You could receive this error even though you meet other defined
|
1552
|
+
# session policy and session tag limits. For more information, see [IAM
|
1553
|
+
# and STS Entity Character Limits][2] in the *IAM User Guide*.
|
1554
|
+
#
|
1555
|
+
#
|
1556
|
+
#
|
1557
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1558
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length
|
1559
|
+
#
|
1560
|
+
# @!attribute [rw] message
|
1561
|
+
# @return [String]
|
1562
|
+
#
|
1563
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/PackedPolicyTooLargeException AWS API Documentation
|
1564
|
+
#
|
1565
|
+
class PackedPolicyTooLargeException < Struct.new(
|
1566
|
+
:message)
|
1567
|
+
SENSITIVE = []
|
1568
|
+
include Aws::Structure
|
1569
|
+
end
|
1570
|
+
|
1571
|
+
# A reference to the IAM managed policy that is passed as a session
|
1572
|
+
# policy for a role session or a federated user session.
|
1573
|
+
#
|
1574
|
+
# @note When making an API call, you may pass PolicyDescriptorType
|
1575
|
+
# data as a hash:
|
1576
|
+
#
|
1577
|
+
# {
|
1578
|
+
# arn: "arnType",
|
1579
|
+
# }
|
1580
|
+
#
|
1581
|
+
# @!attribute [rw] arn
|
1582
|
+
# The Amazon Resource Name (ARN) of the IAM managed policy to use as a
|
1583
|
+
# session policy for the role. For more information about ARNs, see
|
1584
|
+
# [Amazon Resource Names (ARNs) and Amazon Web Services Service
|
1585
|
+
# Namespaces][1] in the *Amazon Web Services General Reference*.
|
1586
|
+
#
|
1587
|
+
#
|
1588
|
+
#
|
1589
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
1590
|
+
# @return [String]
|
1591
|
+
#
|
1592
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/PolicyDescriptorType AWS API Documentation
|
1593
|
+
#
|
1594
|
+
class PolicyDescriptorType < Struct.new(
|
1595
|
+
:arn)
|
1596
|
+
SENSITIVE = []
|
1597
|
+
include Aws::Structure
|
1598
|
+
end
|
1599
|
+
|
1600
|
+
# STS is not activated in the requested region for the account that is
|
1601
|
+
# being asked to generate credentials. The account administrator must
|
1602
|
+
# use the IAM console to activate STS in that region. For more
|
1603
|
+
# information, see [Activating and Deactivating Amazon Web Services STS
|
1604
|
+
# in an Amazon Web Services Region][1] in the *IAM User Guide*.
|
1605
|
+
#
|
1606
|
+
#
|
1607
|
+
#
|
1608
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
|
1609
|
+
#
|
1610
|
+
# @!attribute [rw] message
|
1611
|
+
# @return [String]
|
1612
|
+
#
|
1613
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/RegionDisabledException AWS API Documentation
|
1614
|
+
#
|
1615
|
+
class RegionDisabledException < Struct.new(
|
1616
|
+
:message)
|
1617
|
+
SENSITIVE = []
|
1618
|
+
include Aws::Structure
|
1619
|
+
end
|
1620
|
+
|
1621
|
+
# You can pass custom key-value pair attributes when you assume a role
|
1622
|
+
# or federate a user. These are called session tags. You can then use
|
1623
|
+
# the session tags to control access to resources. For more information,
|
1624
|
+
# see [Tagging Amazon Web Services STS Sessions][1] in the *IAM User
|
1625
|
+
# Guide*.
|
1626
|
+
#
|
1627
|
+
#
|
1628
|
+
#
|
1629
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1630
|
+
#
|
1631
|
+
# @note When making an API call, you may pass Tag
|
1632
|
+
# data as a hash:
|
1633
|
+
#
|
1634
|
+
# {
|
1635
|
+
# key: "tagKeyType", # required
|
1636
|
+
# value: "tagValueType", # required
|
1637
|
+
# }
|
1638
|
+
#
|
1639
|
+
# @!attribute [rw] key
|
1640
|
+
# The key for a session tag.
|
1641
|
+
#
|
1642
|
+
# You can pass up to 50 session tags. The plain text session tag keys
|
1643
|
+
# can’t exceed 128 characters. For these and additional limits, see
|
1644
|
+
# [IAM and STS Character Limits][1] in the *IAM User Guide*.
|
1645
|
+
#
|
1646
|
+
#
|
1647
|
+
#
|
1648
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
1649
|
+
# @return [String]
|
1650
|
+
#
|
1651
|
+
# @!attribute [rw] value
|
1652
|
+
# The value for a session tag.
|
1653
|
+
#
|
1654
|
+
# You can pass up to 50 session tags. The plain text session tag
|
1655
|
+
# values can’t exceed 256 characters. For these and additional limits,
|
1656
|
+
# see [IAM and STS Character Limits][1] in the *IAM User Guide*.
|
1657
|
+
#
|
1658
|
+
#
|
1659
|
+
#
|
1660
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
1661
|
+
# @return [String]
|
1662
|
+
#
|
1663
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/Tag AWS API Documentation
|
1664
|
+
#
|
1665
|
+
class Tag < Struct.new(
|
1666
|
+
:key,
|
1667
|
+
:value)
|
1668
|
+
SENSITIVE = []
|
1669
|
+
include Aws::Structure
|
1670
|
+
end
|
1671
|
+
|
1672
|
+
end
|
1673
|
+
end
|