aws-sdk-core 3.113.0 → 3.114.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -74,6 +74,7 @@ module Aws::STS
74
74
  roleSessionNameType = Shapes::StringShape.new(name: 'roleSessionNameType')
75
75
  serialNumberType = Shapes::StringShape.new(name: 'serialNumberType')
76
76
  sessionPolicyDocumentType = Shapes::StringShape.new(name: 'sessionPolicyDocumentType')
77
+ sourceIdentityType = Shapes::StringShape.new(name: 'sourceIdentityType')
77
78
  tagKeyListType = Shapes::ListShape.new(name: 'tagKeyListType')
78
79
  tagKeyType = Shapes::StringShape.new(name: 'tagKeyType')
79
80
  tagListType = Shapes::ListShape.new(name: 'tagListType')
@@ -95,11 +96,13 @@ module Aws::STS
95
96
  AssumeRoleRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: externalIdType, location_name: "ExternalId"))
96
97
  AssumeRoleRequest.add_member(:serial_number, Shapes::ShapeRef.new(shape: serialNumberType, location_name: "SerialNumber"))
97
98
  AssumeRoleRequest.add_member(:token_code, Shapes::ShapeRef.new(shape: tokenCodeType, location_name: "TokenCode"))
99
+ AssumeRoleRequest.add_member(:source_identity, Shapes::ShapeRef.new(shape: sourceIdentityType, location_name: "SourceIdentity"))
98
100
  AssumeRoleRequest.struct_class = Types::AssumeRoleRequest
99
101
 
100
102
  AssumeRoleResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials"))
101
103
  AssumeRoleResponse.add_member(:assumed_role_user, Shapes::ShapeRef.new(shape: AssumedRoleUser, location_name: "AssumedRoleUser"))
102
104
  AssumeRoleResponse.add_member(:packed_policy_size, Shapes::ShapeRef.new(shape: nonNegativeIntegerType, location_name: "PackedPolicySize"))
105
+ AssumeRoleResponse.add_member(:source_identity, Shapes::ShapeRef.new(shape: sourceIdentityType, location_name: "SourceIdentity"))
103
106
  AssumeRoleResponse.struct_class = Types::AssumeRoleResponse
104
107
 
105
108
  AssumeRoleWithSAMLRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "RoleArn"))
@@ -118,6 +121,7 @@ module Aws::STS
118
121
  AssumeRoleWithSAMLResponse.add_member(:issuer, Shapes::ShapeRef.new(shape: Issuer, location_name: "Issuer"))
119
122
  AssumeRoleWithSAMLResponse.add_member(:audience, Shapes::ShapeRef.new(shape: Audience, location_name: "Audience"))
120
123
  AssumeRoleWithSAMLResponse.add_member(:name_qualifier, Shapes::ShapeRef.new(shape: NameQualifier, location_name: "NameQualifier"))
124
+ AssumeRoleWithSAMLResponse.add_member(:source_identity, Shapes::ShapeRef.new(shape: sourceIdentityType, location_name: "SourceIdentity"))
121
125
  AssumeRoleWithSAMLResponse.struct_class = Types::AssumeRoleWithSAMLResponse
122
126
 
123
127
  AssumeRoleWithWebIdentityRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "RoleArn"))
@@ -135,6 +139,7 @@ module Aws::STS
135
139
  AssumeRoleWithWebIdentityResponse.add_member(:packed_policy_size, Shapes::ShapeRef.new(shape: nonNegativeIntegerType, location_name: "PackedPolicySize"))
136
140
  AssumeRoleWithWebIdentityResponse.add_member(:provider, Shapes::ShapeRef.new(shape: Issuer, location_name: "Provider"))
137
141
  AssumeRoleWithWebIdentityResponse.add_member(:audience, Shapes::ShapeRef.new(shape: Audience, location_name: "Audience"))
142
+ AssumeRoleWithWebIdentityResponse.add_member(:source_identity, Shapes::ShapeRef.new(shape: sourceIdentityType, location_name: "SourceIdentity"))
138
143
  AssumeRoleWithWebIdentityResponse.struct_class = Types::AssumeRoleWithWebIdentityResponse
139
144
 
140
145
  AssumedRoleUser.add_member(:assumed_role_id, Shapes::ShapeRef.new(shape: assumedRoleIdType, required: true, location_name: "AssumedRoleId"))
@@ -33,6 +33,7 @@ module Aws::STS
33
33
  # external_id: "externalIdType",
34
34
  # serial_number: "serialNumberType",
35
35
  # token_code: "tokenCodeType",
36
+ # source_identity: "sourceIdentityType",
36
37
  # }
37
38
  #
38
39
  # @!attribute [rw] role_arn
@@ -63,14 +64,14 @@ module Aws::STS
63
64
  # in the same account as the role.
64
65
  #
65
66
  # This parameter is optional. You can provide up to 10 managed policy
66
- # ARNs. However, the plain text that you use for both inline and
67
+ # ARNs. However, the plaintext that you use for both inline and
67
68
  # managed session policies can't exceed 2,048 characters. For more
68
69
  # information about ARNs, see [Amazon Resource Names (ARNs) and AWS
69
70
  # Service Namespaces][1] in the AWS General Reference.
70
71
  #
71
72
  # <note markdown="1"> An AWS conversion compresses the passed session policies and session
72
73
  # tags into a packed binary format that has a separate limit. Your
73
- # request can fail for this limit even if your plain text meets the
74
+ # request can fail for this limit even if your plaintext meets the
74
75
  # other requirements. The `PackedPolicySize` response element
75
76
  # indicates by percentage how close the policies and tags for your
76
77
  # request are to the upper size limit.
@@ -107,7 +108,7 @@ module Aws::STS
107
108
  # the role that is being assumed. For more information, see [Session
108
109
  # Policies][1] in the *IAM User Guide*.
109
110
  #
110
- # The plain text that you use for both inline and managed session
111
+ # The plaintext that you use for both inline and managed session
111
112
  # policies can't exceed 2,048 characters. The JSON policy characters
112
113
  # can be any ASCII character from the space character to the end of
113
114
  # the valid character list (\\u0020 through \\u00FF). It can also
@@ -116,7 +117,7 @@ module Aws::STS
116
117
  #
117
118
  # <note markdown="1"> An AWS conversion compresses the passed session policies and session
118
119
  # tags into a packed binary format that has a separate limit. Your
119
- # request can fail for this limit even if your plain text meets the
120
+ # request can fail for this limit even if your plaintext meets the
120
121
  # other requirements. The `PackedPolicySize` response element
121
122
  # indicates by percentage how close the policies and tags for your
122
123
  # request are to the upper size limit.
@@ -129,15 +130,17 @@ module Aws::STS
129
130
  # @return [String]
130
131
  #
131
132
  # @!attribute [rw] duration_seconds
132
- # The duration, in seconds, of the role session. The value can range
133
- # from 900 seconds (15 minutes) up to the maximum session duration
134
- # setting for the role. This setting can have a value from 1 hour to
135
- # 12 hours. If you specify a value higher than this setting, the
136
- # operation fails. For example, if you specify a session duration of
137
- # 12 hours, but your administrator set the maximum session duration to
138
- # 6 hours, your operation fails. To learn how to view the maximum
139
- # value for your role, see [View the Maximum Session Duration Setting
140
- # for a Role][1] in the *IAM User Guide*.
133
+ # The duration, in seconds, of the role session. The value specified
134
+ # can can range from 900 seconds (15 minutes) up to the maximum
135
+ # session duration that is set for the role. The maximum session
136
+ # duration setting can have a value from 1 hour to 12 hours. If you
137
+ # specify a value higher than this setting or the administrator
138
+ # setting (whichever is lower), the operation fails. For example, if
139
+ # you specify a session duration of 12 hours, but your administrator
140
+ # set the maximum session duration to 6 hours, your operation fails.
141
+ # To learn how to view the maximum value for your role, see [View the
142
+ # Maximum Session Duration Setting for a Role][1] in the *IAM User
143
+ # Guide*.
141
144
  #
142
145
  # By default, the value is set to `3600` seconds.
143
146
  #
@@ -164,13 +167,13 @@ module Aws::STS
164
167
  # User Guide*.
165
168
  #
166
169
  # This parameter is optional. You can pass up to 50 session tags. The
167
- # plain text session tag keys can’t exceed 128 characters, and the
170
+ # plaintext session tag keys can’t exceed 128 characters, and the
168
171
  # values can’t exceed 256 characters. For these and additional limits,
169
172
  # see [IAM and STS Character Limits][2] in the *IAM User Guide*.
170
173
  #
171
174
  # <note markdown="1"> An AWS conversion compresses the passed session policies and session
172
175
  # tags into a packed binary format that has a separate limit. Your
173
- # request can fail for this limit even if your plain text meets the
176
+ # request can fail for this limit even if your plaintext meets the
174
177
  # other requirements. The `PackedPolicySize` response element
175
178
  # indicates by percentage how close the policies and tags for your
176
179
  # request are to the upper size limit.
@@ -262,15 +265,40 @@ module Aws::STS
262
265
  #
263
266
  # @!attribute [rw] token_code
264
267
  # The value provided by the MFA device, if the trust policy of the
265
- # role being assumed requires MFA (that is, if the policy includes a
266
- # condition that tests for MFA). If the role being assumed requires
267
- # MFA and if the `TokenCode` value is missing or expired, the
268
+ # role being assumed requires MFA. (In other words, if the policy
269
+ # includes a condition that tests for MFA). If the role being assumed
270
+ # requires MFA and if the `TokenCode` value is missing or expired, the
268
271
  # `AssumeRole` call returns an "access denied" error.
269
272
  #
270
273
  # The format for this parameter, as described by its regex pattern, is
271
274
  # a sequence of six numeric digits.
272
275
  # @return [String]
273
276
  #
277
+ # @!attribute [rw] source_identity
278
+ # The source identity specified by the principal that is calling the
279
+ # `AssumeRole` operation.
280
+ #
281
+ # You can require users to specify a source identity when they assume
282
+ # a role. You do this by using the `sts:SourceIdentity` condition key
283
+ # in a role trust policy. You can use source identity information in
284
+ # AWS CloudTrail logs to determine who took actions with a role. You
285
+ # can use the `aws:SourceIdentity` condition key to further control
286
+ # access to AWS resources based on the value of source identity. For
287
+ # more information about using source identity, see [Monitor and
288
+ # control actions taken with assumed roles][1] in the *IAM User
289
+ # Guide*.
290
+ #
291
+ # The regex used to validate this parameter is a string of characters
292
+ # consisting of upper- and lower-case alphanumeric characters with no
293
+ # spaces. You can also include underscores or any of the following
294
+ # characters: =,.@-. You cannot use a value that begins with the text
295
+ # `aws:`. This prefix is reserved for AWS internal use.
296
+ #
297
+ #
298
+ #
299
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
300
+ # @return [String]
301
+ #
274
302
  # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleRequest AWS API Documentation
275
303
  #
276
304
  class AssumeRoleRequest < Struct.new(
@@ -283,7 +311,8 @@ module Aws::STS
283
311
  :transitive_tag_keys,
284
312
  :external_id,
285
313
  :serial_number,
286
- :token_code)
314
+ :token_code,
315
+ :source_identity)
287
316
  SENSITIVE = []
288
317
  include Aws::Structure
289
318
  end
@@ -318,12 +347,37 @@ module Aws::STS
318
347
  # means the policies and tags exceeded the allowed space.
319
348
  # @return [Integer]
320
349
  #
350
+ # @!attribute [rw] source_identity
351
+ # The source identity specified by the principal that is calling the
352
+ # `AssumeRole` operation.
353
+ #
354
+ # You can require users to specify a source identity when they assume
355
+ # a role. You do this by using the `sts:SourceIdentity` condition key
356
+ # in a role trust policy. You can use source identity information in
357
+ # AWS CloudTrail logs to determine who took actions with a role. You
358
+ # can use the `aws:SourceIdentity` condition key to further control
359
+ # access to AWS resources based on the value of source identity. For
360
+ # more information about using source identity, see [Monitor and
361
+ # control actions taken with assumed roles][1] in the *IAM User
362
+ # Guide*.
363
+ #
364
+ # The regex used to validate this parameter is a string of characters
365
+ # consisting of upper- and lower-case alphanumeric characters with no
366
+ # spaces. You can also include underscores or any of the following
367
+ # characters: =,.@-
368
+ #
369
+ #
370
+ #
371
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
372
+ # @return [String]
373
+ #
321
374
  # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleResponse AWS API Documentation
322
375
  #
323
376
  class AssumeRoleResponse < Struct.new(
324
377
  :credentials,
325
378
  :assumed_role_user,
326
- :packed_policy_size)
379
+ :packed_policy_size,
380
+ :source_identity)
327
381
  SENSITIVE = []
328
382
  include Aws::Structure
329
383
  end
@@ -355,8 +409,7 @@ module Aws::STS
355
409
  # @return [String]
356
410
  #
357
411
  # @!attribute [rw] saml_assertion
358
- # The base-64 encoded SAML authentication response provided by the
359
- # IdP.
412
+ # The base64 encoded SAML authentication response provided by the IdP.
360
413
  #
361
414
  # For more information, see [Configuring a Relying Party and Adding
362
415
  # Claims][1] in the *IAM User Guide*.
@@ -372,14 +425,14 @@ module Aws::STS
372
425
  # in the same account as the role.
373
426
  #
374
427
  # This parameter is optional. You can provide up to 10 managed policy
375
- # ARNs. However, the plain text that you use for both inline and
428
+ # ARNs. However, the plaintext that you use for both inline and
376
429
  # managed session policies can't exceed 2,048 characters. For more
377
430
  # information about ARNs, see [Amazon Resource Names (ARNs) and AWS
378
431
  # Service Namespaces][1] in the AWS General Reference.
379
432
  #
380
433
  # <note markdown="1"> An AWS conversion compresses the passed session policies and session
381
434
  # tags into a packed binary format that has a separate limit. Your
382
- # request can fail for this limit even if your plain text meets the
435
+ # request can fail for this limit even if your plaintext meets the
383
436
  # other requirements. The `PackedPolicySize` response element
384
437
  # indicates by percentage how close the policies and tags for your
385
438
  # request are to the upper size limit.
@@ -416,7 +469,7 @@ module Aws::STS
416
469
  # the role that is being assumed. For more information, see [Session
417
470
  # Policies][1] in the *IAM User Guide*.
418
471
  #
419
- # The plain text that you use for both inline and managed session
472
+ # The plaintext that you use for both inline and managed session
420
473
  # policies can't exceed 2,048 characters. The JSON policy characters
421
474
  # can be any ASCII character from the space character to the end of
422
475
  # the valid character list (\\u0020 through \\u00FF). It can also
@@ -425,7 +478,7 @@ module Aws::STS
425
478
  #
426
479
  # <note markdown="1"> An AWS conversion compresses the passed session policies and session
427
480
  # tags into a packed binary format that has a separate limit. Your
428
- # request can fail for this limit even if your plain text meets the
481
+ # request can fail for this limit even if your plaintext meets the
429
482
  # other requirements. The `PackedPolicySize` response element
430
483
  # indicates by percentage how close the policies and tags for your
431
484
  # request are to the upper size limit.
@@ -537,11 +590,17 @@ module Aws::STS
537
590
  # @return [String]
538
591
  #
539
592
  # @!attribute [rw] name_qualifier
540
- # A hash value based on the concatenation of the `Issuer` response
541
- # value, the AWS account ID, and the friendly name (the last part of
542
- # the ARN) of the SAML provider in IAM. The combination of
543
- # `NameQualifier` and `Subject` can be used to uniquely identify a
544
- # federated user.
593
+ # A hash value based on the concatenation of the following:
594
+ #
595
+ # * The `Issuer` response value.
596
+ #
597
+ # * The AWS account ID.
598
+ #
599
+ # * The friendly name (the last part of the ARN) of the SAML provider
600
+ # in IAM.
601
+ #
602
+ # The combination of `NameQualifier` and `Subject` can be used to
603
+ # uniquely identify a federated user.
545
604
  #
546
605
  # The following pseudocode shows how the hash value is calculated:
547
606
  #
@@ -549,6 +608,34 @@ module Aws::STS
549
608
  # "/MySAMLIdP" ) )`
550
609
  # @return [String]
551
610
  #
611
+ # @!attribute [rw] source_identity
612
+ # The value in the `SourceIdentity` attribute in the SAML assertion.
613
+ #
614
+ # You can require users to set a source identity value when they
615
+ # assume a role. You do this by using the `sts:SourceIdentity`
616
+ # condition key in a role trust policy. That way, actions that are
617
+ # taken with the role are associated with that user. After the source
618
+ # identity is set, the value cannot be changed. It is present in the
619
+ # request for all actions that are taken by the role and persists
620
+ # across [chained role][1] sessions. You can configure your SAML
621
+ # identity provider to use an attribute associated with your users,
622
+ # like user name or email, as the source identity when calling
623
+ # `AssumeRoleWithSAML`. You do this by adding an attribute to the SAML
624
+ # assertion. For more information about using source identity, see
625
+ # [Monitor and control actions taken with assumed roles][2] in the
626
+ # *IAM User Guide*.
627
+ #
628
+ # The regex used to validate this parameter is a string of characters
629
+ # consisting of upper- and lower-case alphanumeric characters with no
630
+ # spaces. You can also include underscores or any of the following
631
+ # characters: =,.@-
632
+ #
633
+ #
634
+ #
635
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining
636
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
637
+ # @return [String]
638
+ #
552
639
  # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLResponse AWS API Documentation
553
640
  #
554
641
  class AssumeRoleWithSAMLResponse < Struct.new(
@@ -559,7 +646,8 @@ module Aws::STS
559
646
  :subject_type,
560
647
  :issuer,
561
648
  :audience,
562
- :name_qualifier)
649
+ :name_qualifier,
650
+ :source_identity)
563
651
  SENSITIVE = []
564
652
  include Aws::Structure
565
653
  end
@@ -626,14 +714,14 @@ module Aws::STS
626
714
  # in the same account as the role.
627
715
  #
628
716
  # This parameter is optional. You can provide up to 10 managed policy
629
- # ARNs. However, the plain text that you use for both inline and
717
+ # ARNs. However, the plaintext that you use for both inline and
630
718
  # managed session policies can't exceed 2,048 characters. For more
631
719
  # information about ARNs, see [Amazon Resource Names (ARNs) and AWS
632
720
  # Service Namespaces][1] in the AWS General Reference.
633
721
  #
634
722
  # <note markdown="1"> An AWS conversion compresses the passed session policies and session
635
723
  # tags into a packed binary format that has a separate limit. Your
636
- # request can fail for this limit even if your plain text meets the
724
+ # request can fail for this limit even if your plaintext meets the
637
725
  # other requirements. The `PackedPolicySize` response element
638
726
  # indicates by percentage how close the policies and tags for your
639
727
  # request are to the upper size limit.
@@ -670,7 +758,7 @@ module Aws::STS
670
758
  # the role that is being assumed. For more information, see [Session
671
759
  # Policies][1] in the *IAM User Guide*.
672
760
  #
673
- # The plain text that you use for both inline and managed session
761
+ # The plaintext that you use for both inline and managed session
674
762
  # policies can't exceed 2,048 characters. The JSON policy characters
675
763
  # can be any ASCII character from the space character to the end of
676
764
  # the valid character list (\\u0020 through \\u00FF). It can also
@@ -679,7 +767,7 @@ module Aws::STS
679
767
  #
680
768
  # <note markdown="1"> An AWS conversion compresses the passed session policies and session
681
769
  # tags into a packed binary format that has a separate limit. Your
682
- # request can fail for this limit even if your plain text meets the
770
+ # request can fail for this limit even if your plaintext meets the
683
771
  # other requirements. The `PackedPolicySize` response element
684
772
  # indicates by percentage how close the policies and tags for your
685
773
  # request are to the upper size limit.
@@ -789,6 +877,38 @@ module Aws::STS
789
877
  # application that requested the web identity token.
790
878
  # @return [String]
791
879
  #
880
+ # @!attribute [rw] source_identity
881
+ # The value of the source identity that is returned in the JSON web
882
+ # token (JWT) from the identity provider.
883
+ #
884
+ # You can require users to set a source identity value when they
885
+ # assume a role. You do this by using the `sts:SourceIdentity`
886
+ # condition key in a role trust policy. That way, actions that are
887
+ # taken with the role are associated with that user. After the source
888
+ # identity is set, the value cannot be changed. It is present in the
889
+ # request for all actions that are taken by the role and persists
890
+ # across [chained role][1] sessions. You can configure your identity
891
+ # provider to use an attribute associated with your users, like user
892
+ # name or email, as the source identity when calling
893
+ # `AssumeRoleWithWebIdentity`. You do this by adding a claim to the
894
+ # JSON web token. To learn more about OIDC tokens and claims, see
895
+ # [Using Tokens with User Pools][2] in the *Amazon Cognito Developer
896
+ # Guide*. For more information about using source identity, see
897
+ # [Monitor and control actions taken with assumed roles][3] in the
898
+ # *IAM User Guide*.
899
+ #
900
+ # The regex used to validate this parameter is a string of characters
901
+ # consisting of upper- and lower-case alphanumeric characters with no
902
+ # spaces. You can also include underscores or any of the following
903
+ # characters: =,.@-
904
+ #
905
+ #
906
+ #
907
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining
908
+ # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html
909
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
910
+ # @return [String]
911
+ #
792
912
  # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityResponse AWS API Documentation
793
913
  #
794
914
  class AssumeRoleWithWebIdentityResponse < Struct.new(
@@ -797,7 +917,8 @@ module Aws::STS
797
917
  :assumed_role_user,
798
918
  :packed_policy_size,
799
919
  :provider,
800
- :audience)
920
+ :audience,
921
+ :source_identity)
801
922
  SENSITIVE = []
802
923
  include Aws::Structure
803
924
  end
@@ -1074,7 +1195,7 @@ module Aws::STS
1074
1195
  # are granted in addition to the permissions that are granted by the
1075
1196
  # session policies.
1076
1197
  #
1077
- # The plain text that you use for both inline and managed session
1198
+ # The plaintext that you use for both inline and managed session
1078
1199
  # policies can't exceed 2,048 characters. The JSON policy characters
1079
1200
  # can be any ASCII character from the space character to the end of
1080
1201
  # the valid character list (\\u0020 through \\u00FF). It can also
@@ -1083,7 +1204,7 @@ module Aws::STS
1083
1204
  #
1084
1205
  # <note markdown="1"> An AWS conversion compresses the passed session policies and session
1085
1206
  # tags into a packed binary format that has a separate limit. Your
1086
- # request can fail for this limit even if your plain text meets the
1207
+ # request can fail for this limit even if your plaintext meets the
1087
1208
  # other requirements. The `PackedPolicySize` response element
1088
1209
  # indicates by percentage how close the policies and tags for your
1089
1210
  # request are to the upper size limit.
@@ -1104,7 +1225,7 @@ module Aws::STS
1104
1225
  # You must pass an inline or managed [session policy][1] to this
1105
1226
  # operation. You can pass a single JSON policy document to use as an
1106
1227
  # inline session policy. You can also specify up to 10 managed
1107
- # policies to use as managed session policies. The plain text that you
1228
+ # policies to use as managed session policies. The plaintext that you
1108
1229
  # use for both inline and managed session policies can't exceed 2,048
1109
1230
  # characters. You can provide up to 10 managed policy ARNs. For more
1110
1231
  # information about ARNs, see [Amazon Resource Names (ARNs) and AWS
@@ -1131,7 +1252,7 @@ module Aws::STS
1131
1252
  #
1132
1253
  # <note markdown="1"> An AWS conversion compresses the passed session policies and session
1133
1254
  # tags into a packed binary format that has a separate limit. Your
1134
- # request can fail for this limit even if your plain text meets the
1255
+ # request can fail for this limit even if your plaintext meets the
1135
1256
  # other requirements. The `PackedPolicySize` response element
1136
1257
  # indicates by percentage how close the policies and tags for your
1137
1258
  # request are to the upper size limit.
@@ -1160,13 +1281,13 @@ module Aws::STS
1160
1281
  # [Passing Session Tags in STS][1] in the *IAM User Guide*.
1161
1282
  #
1162
1283
  # This parameter is optional. You can pass up to 50 session tags. The
1163
- # plain text session tag keys can’t exceed 128 characters and the
1284
+ # plaintext session tag keys can’t exceed 128 characters and the
1164
1285
  # values can’t exceed 256 characters. For these and additional limits,
1165
1286
  # see [IAM and STS Character Limits][2] in the *IAM User Guide*.
1166
1287
  #
1167
1288
  # <note markdown="1"> An AWS conversion compresses the passed session policies and session
1168
1289
  # tags into a packed binary format that has a separate limit. Your
1169
- # request can fail for this limit even if your plain text meets the
1290
+ # request can fail for this limit even if your plaintext meets the
1170
1291
  # other requirements. The `PackedPolicySize` response element
1171
1292
  # indicates by percentage how close the policies and tags for your
1172
1293
  # request are to the upper size limit.