aws-sdk-core 3.114.0 → 3.116.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +26 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/errors.rb +4 -0
- data/lib/aws-sdk-core/pageable_response.rb +7 -1
- data/lib/aws-sdk-core/pager.rb +3 -0
- data/lib/aws-sdk-core/shared_config.rb +19 -1
- data/lib/aws-sdk-core/sso_credentials.rb +1 -2
- data/lib/aws-sdk-core/stubbing/protocols/json.rb +1 -1
- data/lib/aws-sdk-core/xml/builder.rb +1 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sso/client.rb +1 -1
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +318 -296
- data/lib/aws-sdk-sts/types.rb +167 -159
- data/lib/seahorse/client/h2/connection.rb +11 -6
- metadata +3 -4
data/lib/aws-sdk-sts/types.rb
CHANGED
@@ -50,7 +50,7 @@ module Aws::STS
|
|
50
50
|
# role session name is also used in the ARN of the assumed role
|
51
51
|
# principal. This means that subsequent cross-account API requests
|
52
52
|
# that use the temporary security credentials will expose the role
|
53
|
-
# session name to the external account in their
|
53
|
+
# session name to the external account in their CloudTrail logs.
|
54
54
|
#
|
55
55
|
# The regex used to validate this parameter is a string of characters
|
56
56
|
# consisting of upper- and lower-case alphanumeric characters with no
|
@@ -66,15 +66,16 @@ module Aws::STS
|
|
66
66
|
# This parameter is optional. You can provide up to 10 managed policy
|
67
67
|
# ARNs. However, the plaintext that you use for both inline and
|
68
68
|
# managed session policies can't exceed 2,048 characters. For more
|
69
|
-
# information about ARNs, see [Amazon Resource Names (ARNs) and
|
70
|
-
# Service Namespaces][1] in the
|
69
|
+
# information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
|
70
|
+
# Web Services Service Namespaces][1] in the Amazon Web Services
|
71
|
+
# General Reference.
|
71
72
|
#
|
72
|
-
# <note markdown="1"> An
|
73
|
-
# tags into a packed binary format that has a
|
74
|
-
# request can fail for this limit even if your
|
75
|
-
# other requirements. The `PackedPolicySize`
|
76
|
-
# indicates by percentage how close the policies and
|
77
|
-
# request are to the upper size limit.
|
73
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
74
|
+
# policies and session tags into a packed binary format that has a
|
75
|
+
# separate limit. Your request can fail for this limit even if your
|
76
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
77
|
+
# response element indicates by percentage how close the policies and
|
78
|
+
# tags for your request are to the upper size limit.
|
78
79
|
#
|
79
80
|
# </note>
|
80
81
|
#
|
@@ -82,10 +83,10 @@ module Aws::STS
|
|
82
83
|
# credentials. The resulting session's permissions are the
|
83
84
|
# intersection of the role's identity-based policy and the session
|
84
85
|
# policies. You can use the role's temporary credentials in
|
85
|
-
# subsequent
|
86
|
-
# owns the role. You cannot use session policies to grant
|
87
|
-
# permissions than those allowed by the identity-based policy of
|
88
|
-
# role that is being assumed. For more information, see [Session
|
86
|
+
# subsequent Amazon Web Services API calls to access resources in the
|
87
|
+
# account that owns the role. You cannot use session policies to grant
|
88
|
+
# more permissions than those allowed by the identity-based policy of
|
89
|
+
# the role that is being assumed. For more information, see [Session
|
89
90
|
# Policies][2] in the *IAM User Guide*.
|
90
91
|
#
|
91
92
|
#
|
@@ -102,11 +103,11 @@ module Aws::STS
|
|
102
103
|
# returns new temporary credentials. The resulting session's
|
103
104
|
# permissions are the intersection of the role's identity-based
|
104
105
|
# policy and the session policies. You can use the role's temporary
|
105
|
-
# credentials in subsequent
|
106
|
-
# account that owns the role. You cannot use session
|
107
|
-
# more permissions than those allowed by the
|
108
|
-
# the role that is being assumed. For more
|
109
|
-
# Policies][1] in the *IAM User Guide*.
|
106
|
+
# credentials in subsequent Amazon Web Services API calls to access
|
107
|
+
# resources in the account that owns the role. You cannot use session
|
108
|
+
# policies to grant more permissions than those allowed by the
|
109
|
+
# identity-based policy of the role that is being assumed. For more
|
110
|
+
# information, see [Session Policies][1] in the *IAM User Guide*.
|
110
111
|
#
|
111
112
|
# The plaintext that you use for both inline and managed session
|
112
113
|
# policies can't exceed 2,048 characters. The JSON policy characters
|
@@ -115,12 +116,12 @@ module Aws::STS
|
|
115
116
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
116
117
|
# (\\u000D) characters.
|
117
118
|
#
|
118
|
-
# <note markdown="1"> An
|
119
|
-
# tags into a packed binary format that has a
|
120
|
-
# request can fail for this limit even if your
|
121
|
-
# other requirements. The `PackedPolicySize`
|
122
|
-
# indicates by percentage how close the policies and
|
123
|
-
# request are to the upper size limit.
|
119
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
120
|
+
# policies and session tags into a packed binary format that has a
|
121
|
+
# separate limit. Your request can fail for this limit even if your
|
122
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
123
|
+
# response element indicates by percentage how close the policies and
|
124
|
+
# tags for your request are to the upper size limit.
|
124
125
|
#
|
125
126
|
# </note>
|
126
127
|
#
|
@@ -149,7 +150,7 @@ module Aws::STS
|
|
149
150
|
# credentials. The request to the federation endpoint for a console
|
150
151
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
151
152
|
# maximum length of the console session. For more information, see
|
152
|
-
# [Creating a URL that Enables Federated Users to Access the
|
153
|
+
# [Creating a URL that Enables Federated Users to Access the
|
153
154
|
# Management Console][2] in the *IAM User Guide*.
|
154
155
|
#
|
155
156
|
# </note>
|
@@ -163,20 +164,20 @@ module Aws::STS
|
|
163
164
|
# @!attribute [rw] tags
|
164
165
|
# A list of session tags that you want to pass. Each session tag
|
165
166
|
# consists of a key name and an associated value. For more information
|
166
|
-
# about session tags, see [Tagging
|
167
|
-
#
|
167
|
+
# about session tags, see [Tagging STS Sessions][1] in the *IAM User
|
168
|
+
# Guide*.
|
168
169
|
#
|
169
170
|
# This parameter is optional. You can pass up to 50 session tags. The
|
170
171
|
# plaintext session tag keys can’t exceed 128 characters, and the
|
171
172
|
# values can’t exceed 256 characters. For these and additional limits,
|
172
173
|
# see [IAM and STS Character Limits][2] in the *IAM User Guide*.
|
173
174
|
#
|
174
|
-
# <note markdown="1"> An
|
175
|
-
# tags into a packed binary format that has a
|
176
|
-
# request can fail for this limit even if your
|
177
|
-
# other requirements. The `PackedPolicySize`
|
178
|
-
# indicates by percentage how close the policies and
|
179
|
-
# request are to the upper size limit.
|
175
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
176
|
+
# policies and session tags into a packed binary format that has a
|
177
|
+
# separate limit. Your request can fail for this limit even if your
|
178
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
179
|
+
# response element indicates by percentage how close the policies and
|
180
|
+
# tags for your request are to the upper size limit.
|
180
181
|
#
|
181
182
|
# </note>
|
182
183
|
#
|
@@ -196,8 +197,8 @@ module Aws::STS
|
|
196
197
|
# operation, the new session inherits any transitive session tags from
|
197
198
|
# the calling session. If you pass a session tag with the same key as
|
198
199
|
# an inherited tag, the operation fails. To view the inherited tags
|
199
|
-
# for a session, see the
|
200
|
-
#
|
200
|
+
# for a session, see the CloudTrail logs. For more information, see
|
201
|
+
# [Viewing Session Tags in CloudTrail][3] in the *IAM User Guide*.
|
201
202
|
#
|
202
203
|
#
|
203
204
|
#
|
@@ -235,8 +236,8 @@ module Aws::STS
|
|
235
236
|
# the administrator of the trusted account. That way, only someone
|
236
237
|
# with the ID can assume the role, rather than everyone in the
|
237
238
|
# account. For more information about the external ID, see [How to Use
|
238
|
-
# an External ID When Granting Access to Your
|
239
|
-
# Party][1] in the *IAM User Guide*.
|
239
|
+
# an External ID When Granting Access to Your Amazon Web Services
|
240
|
+
# Resources to a Third Party][1] in the *IAM User Guide*.
|
240
241
|
#
|
241
242
|
# The regex used to validate this parameter is a string of characters
|
242
243
|
# consisting of upper- and lower-case alphanumeric characters with no
|
@@ -281,18 +282,19 @@ module Aws::STS
|
|
281
282
|
# You can require users to specify a source identity when they assume
|
282
283
|
# a role. You do this by using the `sts:SourceIdentity` condition key
|
283
284
|
# in a role trust policy. You can use source identity information in
|
284
|
-
#
|
285
|
-
#
|
286
|
-
#
|
287
|
-
# more information about using source identity, see
|
288
|
-
# control actions taken with assumed roles][1] in the
|
289
|
-
# Guide*.
|
285
|
+
# CloudTrail logs to determine who took actions with a role. You can
|
286
|
+
# use the `aws:SourceIdentity` condition key to further control access
|
287
|
+
# to Amazon Web Services resources based on the value of source
|
288
|
+
# identity. For more information about using source identity, see
|
289
|
+
# [Monitor and control actions taken with assumed roles][1] in the
|
290
|
+
# *IAM User Guide*.
|
290
291
|
#
|
291
292
|
# The regex used to validate this parameter is a string of characters
|
292
293
|
# consisting of upper- and lower-case alphanumeric characters with no
|
293
294
|
# spaces. You can also include underscores or any of the following
|
294
295
|
# characters: =,.@-. You cannot use a value that begins with the text
|
295
|
-
# `aws:`. This prefix is reserved for
|
296
|
+
# `aws:`. This prefix is reserved for Amazon Web Services internal
|
297
|
+
# use.
|
296
298
|
#
|
297
299
|
#
|
298
300
|
#
|
@@ -318,7 +320,8 @@ module Aws::STS
|
|
318
320
|
end
|
319
321
|
|
320
322
|
# Contains the response to a successful AssumeRole request, including
|
321
|
-
# temporary
|
323
|
+
# temporary Amazon Web Services credentials that can be used to make
|
324
|
+
# Amazon Web Services requests.
|
322
325
|
#
|
323
326
|
# @!attribute [rw] credentials
|
324
327
|
# The temporary security credentials, which include an access key ID,
|
@@ -354,12 +357,12 @@ module Aws::STS
|
|
354
357
|
# You can require users to specify a source identity when they assume
|
355
358
|
# a role. You do this by using the `sts:SourceIdentity` condition key
|
356
359
|
# in a role trust policy. You can use source identity information in
|
357
|
-
#
|
358
|
-
#
|
359
|
-
#
|
360
|
-
# more information about using source identity, see
|
361
|
-
# control actions taken with assumed roles][1] in the
|
362
|
-
# Guide*.
|
360
|
+
# CloudTrail logs to determine who took actions with a role. You can
|
361
|
+
# use the `aws:SourceIdentity` condition key to further control access
|
362
|
+
# to Amazon Web Services resources based on the value of source
|
363
|
+
# identity. For more information about using source identity, see
|
364
|
+
# [Monitor and control actions taken with assumed roles][1] in the
|
365
|
+
# *IAM User Guide*.
|
363
366
|
#
|
364
367
|
# The regex used to validate this parameter is a string of characters
|
365
368
|
# consisting of upper- and lower-case alphanumeric characters with no
|
@@ -427,15 +430,16 @@ module Aws::STS
|
|
427
430
|
# This parameter is optional. You can provide up to 10 managed policy
|
428
431
|
# ARNs. However, the plaintext that you use for both inline and
|
429
432
|
# managed session policies can't exceed 2,048 characters. For more
|
430
|
-
# information about ARNs, see [Amazon Resource Names (ARNs) and
|
431
|
-
# Service Namespaces][1] in the
|
433
|
+
# information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
|
434
|
+
# Web Services Service Namespaces][1] in the Amazon Web Services
|
435
|
+
# General Reference.
|
432
436
|
#
|
433
|
-
# <note markdown="1"> An
|
434
|
-
# tags into a packed binary format that has a
|
435
|
-
# request can fail for this limit even if your
|
436
|
-
# other requirements. The `PackedPolicySize`
|
437
|
-
# indicates by percentage how close the policies and
|
438
|
-
# request are to the upper size limit.
|
437
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
438
|
+
# policies and session tags into a packed binary format that has a
|
439
|
+
# separate limit. Your request can fail for this limit even if your
|
440
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
441
|
+
# response element indicates by percentage how close the policies and
|
442
|
+
# tags for your request are to the upper size limit.
|
439
443
|
#
|
440
444
|
# </note>
|
441
445
|
#
|
@@ -443,10 +447,10 @@ module Aws::STS
|
|
443
447
|
# credentials. The resulting session's permissions are the
|
444
448
|
# intersection of the role's identity-based policy and the session
|
445
449
|
# policies. You can use the role's temporary credentials in
|
446
|
-
# subsequent
|
447
|
-
# owns the role. You cannot use session policies to grant
|
448
|
-
# permissions than those allowed by the identity-based policy of
|
449
|
-
# role that is being assumed. For more information, see [Session
|
450
|
+
# subsequent Amazon Web Services API calls to access resources in the
|
451
|
+
# account that owns the role. You cannot use session policies to grant
|
452
|
+
# more permissions than those allowed by the identity-based policy of
|
453
|
+
# the role that is being assumed. For more information, see [Session
|
450
454
|
# Policies][2] in the *IAM User Guide*.
|
451
455
|
#
|
452
456
|
#
|
@@ -463,11 +467,11 @@ module Aws::STS
|
|
463
467
|
# returns new temporary credentials. The resulting session's
|
464
468
|
# permissions are the intersection of the role's identity-based
|
465
469
|
# policy and the session policies. You can use the role's temporary
|
466
|
-
# credentials in subsequent
|
467
|
-
# account that owns the role. You cannot use session
|
468
|
-
# more permissions than those allowed by the
|
469
|
-
# the role that is being assumed. For more
|
470
|
-
# Policies][1] in the *IAM User Guide*.
|
470
|
+
# credentials in subsequent Amazon Web Services API calls to access
|
471
|
+
# resources in the account that owns the role. You cannot use session
|
472
|
+
# policies to grant more permissions than those allowed by the
|
473
|
+
# identity-based policy of the role that is being assumed. For more
|
474
|
+
# information, see [Session Policies][1] in the *IAM User Guide*.
|
471
475
|
#
|
472
476
|
# The plaintext that you use for both inline and managed session
|
473
477
|
# policies can't exceed 2,048 characters. The JSON policy characters
|
@@ -476,12 +480,12 @@ module Aws::STS
|
|
476
480
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
477
481
|
# (\\u000D) characters.
|
478
482
|
#
|
479
|
-
# <note markdown="1"> An
|
480
|
-
# tags into a packed binary format that has a
|
481
|
-
# request can fail for this limit even if your
|
482
|
-
# other requirements. The `PackedPolicySize`
|
483
|
-
# indicates by percentage how close the policies and
|
484
|
-
# request are to the upper size limit.
|
483
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
484
|
+
# policies and session tags into a packed binary format that has a
|
485
|
+
# separate limit. Your request can fail for this limit even if your
|
486
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
487
|
+
# response element indicates by percentage how close the policies and
|
488
|
+
# tags for your request are to the upper size limit.
|
485
489
|
#
|
486
490
|
# </note>
|
487
491
|
#
|
@@ -512,7 +516,7 @@ module Aws::STS
|
|
512
516
|
# credentials. The request to the federation endpoint for a console
|
513
517
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
514
518
|
# maximum length of the console session. For more information, see
|
515
|
-
# [Creating a URL that Enables Federated Users to Access the
|
519
|
+
# [Creating a URL that Enables Federated Users to Access the
|
516
520
|
# Management Console][2] in the *IAM User Guide*.
|
517
521
|
#
|
518
522
|
# </note>
|
@@ -537,8 +541,8 @@ module Aws::STS
|
|
537
541
|
end
|
538
542
|
|
539
543
|
# Contains the response to a successful AssumeRoleWithSAML request,
|
540
|
-
# including temporary
|
541
|
-
# requests.
|
544
|
+
# including temporary Amazon Web Services credentials that can be used
|
545
|
+
# to make Amazon Web Services requests.
|
542
546
|
#
|
543
547
|
# @!attribute [rw] credentials
|
544
548
|
# The temporary security credentials, which include an access key ID,
|
@@ -594,7 +598,7 @@ module Aws::STS
|
|
594
598
|
#
|
595
599
|
# * The `Issuer` response value.
|
596
600
|
#
|
597
|
-
# * The
|
601
|
+
# * The Amazon Web Services account ID.
|
598
602
|
#
|
599
603
|
# * The friendly name (the last part of the ARN) of the SAML provider
|
600
604
|
# in IAM.
|
@@ -716,15 +720,16 @@ module Aws::STS
|
|
716
720
|
# This parameter is optional. You can provide up to 10 managed policy
|
717
721
|
# ARNs. However, the plaintext that you use for both inline and
|
718
722
|
# managed session policies can't exceed 2,048 characters. For more
|
719
|
-
# information about ARNs, see [Amazon Resource Names (ARNs) and
|
720
|
-
# Service Namespaces][1] in the
|
723
|
+
# information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
|
724
|
+
# Web Services Service Namespaces][1] in the Amazon Web Services
|
725
|
+
# General Reference.
|
721
726
|
#
|
722
|
-
# <note markdown="1"> An
|
723
|
-
# tags into a packed binary format that has a
|
724
|
-
# request can fail for this limit even if your
|
725
|
-
# other requirements. The `PackedPolicySize`
|
726
|
-
# indicates by percentage how close the policies and
|
727
|
-
# request are to the upper size limit.
|
727
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
728
|
+
# policies and session tags into a packed binary format that has a
|
729
|
+
# separate limit. Your request can fail for this limit even if your
|
730
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
731
|
+
# response element indicates by percentage how close the policies and
|
732
|
+
# tags for your request are to the upper size limit.
|
728
733
|
#
|
729
734
|
# </note>
|
730
735
|
#
|
@@ -732,10 +737,10 @@ module Aws::STS
|
|
732
737
|
# credentials. The resulting session's permissions are the
|
733
738
|
# intersection of the role's identity-based policy and the session
|
734
739
|
# policies. You can use the role's temporary credentials in
|
735
|
-
# subsequent
|
736
|
-
# owns the role. You cannot use session policies to grant
|
737
|
-
# permissions than those allowed by the identity-based policy of
|
738
|
-
# role that is being assumed. For more information, see [Session
|
740
|
+
# subsequent Amazon Web Services API calls to access resources in the
|
741
|
+
# account that owns the role. You cannot use session policies to grant
|
742
|
+
# more permissions than those allowed by the identity-based policy of
|
743
|
+
# the role that is being assumed. For more information, see [Session
|
739
744
|
# Policies][2] in the *IAM User Guide*.
|
740
745
|
#
|
741
746
|
#
|
@@ -752,11 +757,11 @@ module Aws::STS
|
|
752
757
|
# returns new temporary credentials. The resulting session's
|
753
758
|
# permissions are the intersection of the role's identity-based
|
754
759
|
# policy and the session policies. You can use the role's temporary
|
755
|
-
# credentials in subsequent
|
756
|
-
# account that owns the role. You cannot use session
|
757
|
-
# more permissions than those allowed by the
|
758
|
-
# the role that is being assumed. For more
|
759
|
-
# Policies][1] in the *IAM User Guide*.
|
760
|
+
# credentials in subsequent Amazon Web Services API calls to access
|
761
|
+
# resources in the account that owns the role. You cannot use session
|
762
|
+
# policies to grant more permissions than those allowed by the
|
763
|
+
# identity-based policy of the role that is being assumed. For more
|
764
|
+
# information, see [Session Policies][1] in the *IAM User Guide*.
|
760
765
|
#
|
761
766
|
# The plaintext that you use for both inline and managed session
|
762
767
|
# policies can't exceed 2,048 characters. The JSON policy characters
|
@@ -765,12 +770,12 @@ module Aws::STS
|
|
765
770
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
766
771
|
# (\\u000D) characters.
|
767
772
|
#
|
768
|
-
# <note markdown="1"> An
|
769
|
-
# tags into a packed binary format that has a
|
770
|
-
# request can fail for this limit even if your
|
771
|
-
# other requirements. The `PackedPolicySize`
|
772
|
-
# indicates by percentage how close the policies and
|
773
|
-
# request are to the upper size limit.
|
773
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
774
|
+
# policies and session tags into a packed binary format that has a
|
775
|
+
# separate limit. Your request can fail for this limit even if your
|
776
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
777
|
+
# response element indicates by percentage how close the policies and
|
778
|
+
# tags for your request are to the upper size limit.
|
774
779
|
#
|
775
780
|
# </note>
|
776
781
|
#
|
@@ -797,7 +802,7 @@ module Aws::STS
|
|
797
802
|
# credentials. The request to the federation endpoint for a console
|
798
803
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
799
804
|
# maximum length of the console session. For more information, see
|
800
|
-
# [Creating a URL that Enables Federated Users to Access the
|
805
|
+
# [Creating a URL that Enables Federated Users to Access the
|
801
806
|
# Management Console][2] in the *IAM User Guide*.
|
802
807
|
#
|
803
808
|
# </note>
|
@@ -823,8 +828,8 @@ module Aws::STS
|
|
823
828
|
end
|
824
829
|
|
825
830
|
# Contains the response to a successful AssumeRoleWithWebIdentity
|
826
|
-
# request, including temporary
|
827
|
-
#
|
831
|
+
# request, including temporary Amazon Web Services credentials that can
|
832
|
+
# be used to make Amazon Web Services requests.
|
828
833
|
#
|
829
834
|
# @!attribute [rw] credentials
|
830
835
|
# The temporary security credentials, which include an access key ID,
|
@@ -929,7 +934,7 @@ module Aws::STS
|
|
929
934
|
# @!attribute [rw] assumed_role_id
|
930
935
|
# A unique identifier that contains the role ID and the role session
|
931
936
|
# name of the role that is being assumed. The role ID is generated by
|
932
|
-
#
|
937
|
+
# Amazon Web Services when the role is created.
|
933
938
|
# @return [String]
|
934
939
|
#
|
935
940
|
# @!attribute [rw] arn
|
@@ -952,7 +957,7 @@ module Aws::STS
|
|
952
957
|
include Aws::Structure
|
953
958
|
end
|
954
959
|
|
955
|
-
#
|
960
|
+
# Amazon Web Services credentials for API authentication.
|
956
961
|
#
|
957
962
|
# @!attribute [rw] access_key_id
|
958
963
|
# The access key ID that identifies the temporary security
|
@@ -1004,7 +1009,7 @@ module Aws::STS
|
|
1004
1009
|
|
1005
1010
|
# A document that contains additional information about the
|
1006
1011
|
# authorization status of a request from an encoded message that is
|
1007
|
-
# returned in response to an
|
1012
|
+
# returned in response to an Amazon Web Services request.
|
1008
1013
|
#
|
1009
1014
|
# @!attribute [rw] decoded_message
|
1010
1015
|
# An XML document that contains the decoded message.
|
@@ -1084,7 +1089,7 @@ module Aws::STS
|
|
1084
1089
|
end
|
1085
1090
|
|
1086
1091
|
# @!attribute [rw] account
|
1087
|
-
# The number used to identify the
|
1092
|
+
# The number used to identify the Amazon Web Services account.
|
1088
1093
|
# @return [String]
|
1089
1094
|
#
|
1090
1095
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfoResponse AWS API Documentation
|
@@ -1117,12 +1122,12 @@ module Aws::STS
|
|
1117
1122
|
# @return [String]
|
1118
1123
|
#
|
1119
1124
|
# @!attribute [rw] account
|
1120
|
-
# The
|
1121
|
-
# calling entity.
|
1125
|
+
# The Amazon Web Services account ID number of the account that owns
|
1126
|
+
# or contains the calling entity.
|
1122
1127
|
# @return [String]
|
1123
1128
|
#
|
1124
1129
|
# @!attribute [rw] arn
|
1125
|
-
# The
|
1130
|
+
# The Amazon Web Services ARN associated with the calling entity.
|
1126
1131
|
# @return [String]
|
1127
1132
|
#
|
1128
1133
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityResponse AWS API Documentation
|
@@ -1202,12 +1207,12 @@ module Aws::STS
|
|
1202
1207
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
1203
1208
|
# (\\u000D) characters.
|
1204
1209
|
#
|
1205
|
-
# <note markdown="1"> An
|
1206
|
-
# tags into a packed binary format that has a
|
1207
|
-
# request can fail for this limit even if your
|
1208
|
-
# other requirements. The `PackedPolicySize`
|
1209
|
-
# indicates by percentage how close the policies and
|
1210
|
-
# request are to the upper size limit.
|
1210
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1211
|
+
# policies and session tags into a packed binary format that has a
|
1212
|
+
# separate limit. Your request can fail for this limit even if your
|
1213
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
1214
|
+
# response element indicates by percentage how close the policies and
|
1215
|
+
# tags for your request are to the upper size limit.
|
1211
1216
|
#
|
1212
1217
|
# </note>
|
1213
1218
|
#
|
@@ -1228,8 +1233,9 @@ module Aws::STS
|
|
1228
1233
|
# policies to use as managed session policies. The plaintext that you
|
1229
1234
|
# use for both inline and managed session policies can't exceed 2,048
|
1230
1235
|
# characters. You can provide up to 10 managed policy ARNs. For more
|
1231
|
-
# information about ARNs, see [Amazon Resource Names (ARNs) and
|
1232
|
-
# Service Namespaces][2] in the
|
1236
|
+
# information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
|
1237
|
+
# Web Services Service Namespaces][2] in the Amazon Web Services
|
1238
|
+
# General Reference.
|
1233
1239
|
#
|
1234
1240
|
# This parameter is optional. However, if you do not pass any session
|
1235
1241
|
# policies, then the resulting federated user session has no
|
@@ -1250,12 +1256,12 @@ module Aws::STS
|
|
1250
1256
|
# are granted in addition to the permissions that are granted by the
|
1251
1257
|
# session policies.
|
1252
1258
|
#
|
1253
|
-
# <note markdown="1"> An
|
1254
|
-
# tags into a packed binary format that has a
|
1255
|
-
# request can fail for this limit even if your
|
1256
|
-
# other requirements. The `PackedPolicySize`
|
1257
|
-
# indicates by percentage how close the policies and
|
1258
|
-
# request are to the upper size limit.
|
1259
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1260
|
+
# policies and session tags into a packed binary format that has a
|
1261
|
+
# separate limit. Your request can fail for this limit even if your
|
1262
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
1263
|
+
# response element indicates by percentage how close the policies and
|
1264
|
+
# tags for your request are to the upper size limit.
|
1259
1265
|
#
|
1260
1266
|
# </note>
|
1261
1267
|
#
|
@@ -1269,10 +1275,11 @@ module Aws::STS
|
|
1269
1275
|
# The duration, in seconds, that the session should last. Acceptable
|
1270
1276
|
# durations for federation sessions range from 900 seconds (15
|
1271
1277
|
# minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12
|
1272
|
-
# hours) as the default. Sessions obtained using
|
1273
|
-
# credentials are restricted to a maximum of 3,600
|
1274
|
-
# If the specified duration is longer than one
|
1275
|
-
# obtained by using root user credentials defaults
|
1278
|
+
# hours) as the default. Sessions obtained using Amazon Web Services
|
1279
|
+
# account root user credentials are restricted to a maximum of 3,600
|
1280
|
+
# seconds (one hour). If the specified duration is longer than one
|
1281
|
+
# hour, the session obtained by using root user credentials defaults
|
1282
|
+
# to one hour.
|
1276
1283
|
# @return [Integer]
|
1277
1284
|
#
|
1278
1285
|
# @!attribute [rw] tags
|
@@ -1285,12 +1292,12 @@ module Aws::STS
|
|
1285
1292
|
# values can’t exceed 256 characters. For these and additional limits,
|
1286
1293
|
# see [IAM and STS Character Limits][2] in the *IAM User Guide*.
|
1287
1294
|
#
|
1288
|
-
# <note markdown="1"> An
|
1289
|
-
# tags into a packed binary format that has a
|
1290
|
-
# request can fail for this limit even if your
|
1291
|
-
# other requirements. The `PackedPolicySize`
|
1292
|
-
# indicates by percentage how close the policies and
|
1293
|
-
# request are to the upper size limit.
|
1295
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1296
|
+
# policies and session tags into a packed binary format that has a
|
1297
|
+
# separate limit. Your request can fail for this limit even if your
|
1298
|
+
# plaintext meets the other requirements. The `PackedPolicySize`
|
1299
|
+
# response element indicates by percentage how close the policies and
|
1300
|
+
# tags for your request are to the upper size limit.
|
1294
1301
|
#
|
1295
1302
|
# </note>
|
1296
1303
|
#
|
@@ -1325,8 +1332,8 @@ module Aws::STS
|
|
1325
1332
|
end
|
1326
1333
|
|
1327
1334
|
# Contains the response to a successful GetFederationToken request,
|
1328
|
-
# including temporary
|
1329
|
-
# requests.
|
1335
|
+
# including temporary Amazon Web Services credentials that can be used
|
1336
|
+
# to make Amazon Web Services requests.
|
1330
1337
|
#
|
1331
1338
|
# @!attribute [rw] credentials
|
1332
1339
|
# The temporary security credentials, which include an access key ID,
|
@@ -1376,10 +1383,10 @@ module Aws::STS
|
|
1376
1383
|
# The duration, in seconds, that the credentials should remain valid.
|
1377
1384
|
# Acceptable durations for IAM user sessions range from 900 seconds
|
1378
1385
|
# (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12
|
1379
|
-
# hours) as the default. Sessions for
|
1380
|
-
# restricted to a maximum of 3,600 seconds (one hour). If
|
1381
|
-
# is longer than one hour, the session for
|
1382
|
-
# to one hour.
|
1386
|
+
# hours) as the default. Sessions for Amazon Web Services account
|
1387
|
+
# owners are restricted to a maximum of 3,600 seconds (one hour). If
|
1388
|
+
# the duration is longer than one hour, the session for Amazon Web
|
1389
|
+
# Services account owners defaults to one hour.
|
1383
1390
|
# @return [Integer]
|
1384
1391
|
#
|
1385
1392
|
# @!attribute [rw] serial_number
|
@@ -1389,8 +1396,8 @@ module Aws::STS
|
|
1389
1396
|
# The value is either the serial number for a hardware device (such as
|
1390
1397
|
# `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual
|
1391
1398
|
# device (such as `arn:aws:iam::123456789012:mfa/user`). You can find
|
1392
|
-
# the device for an IAM user by going to the
|
1393
|
-
#
|
1399
|
+
# the device for an IAM user by going to the Management Console and
|
1400
|
+
# viewing the user's security credentials.
|
1394
1401
|
#
|
1395
1402
|
# The regex used to validate this parameter is a string of characters
|
1396
1403
|
# consisting of upper- and lower-case alphanumeric characters with no
|
@@ -1421,8 +1428,8 @@ module Aws::STS
|
|
1421
1428
|
end
|
1422
1429
|
|
1423
1430
|
# Contains the response to a successful GetSessionToken request,
|
1424
|
-
# including temporary
|
1425
|
-
# requests.
|
1431
|
+
# including temporary Amazon Web Services credentials that can be used
|
1432
|
+
# to make Amazon Web Services requests.
|
1426
1433
|
#
|
1427
1434
|
# @!attribute [rw] credentials
|
1428
1435
|
# The temporary security credentials, which include an access key ID,
|
@@ -1494,9 +1501,9 @@ module Aws::STS
|
|
1494
1501
|
include Aws::Structure
|
1495
1502
|
end
|
1496
1503
|
|
1497
|
-
# The web identity token that was passed could not be validated by
|
1498
|
-
# Get a new identity token from the identity
|
1499
|
-
# request.
|
1504
|
+
# The web identity token that was passed could not be validated by
|
1505
|
+
# Amazon Web Services. Get a new identity token from the identity
|
1506
|
+
# provider and then retry the request.
|
1500
1507
|
#
|
1501
1508
|
# @!attribute [rw] message
|
1502
1509
|
# @return [String]
|
@@ -1524,12 +1531,13 @@ module Aws::STS
|
|
1524
1531
|
end
|
1525
1532
|
|
1526
1533
|
# The request was rejected because the total packed size of the session
|
1527
|
-
# policies and session tags combined was too large. An
|
1528
|
-
# compresses the session policy document, session
|
1529
|
-
# session tags into a packed binary format that has a
|
1530
|
-
# The error message indicates by percentage how close
|
1531
|
-
# tags are to the upper size limit. For more
|
1532
|
-
# Session Tags in STS][1] in the *IAM User
|
1534
|
+
# policies and session tags combined was too large. An Amazon Web
|
1535
|
+
# Services conversion compresses the session policy document, session
|
1536
|
+
# policy ARNs, and session tags into a packed binary format that has a
|
1537
|
+
# separate limit. The error message indicates by percentage how close
|
1538
|
+
# the policies and tags are to the upper size limit. For more
|
1539
|
+
# information, see [Passing Session Tags in STS][1] in the *IAM User
|
1540
|
+
# Guide*.
|
1533
1541
|
#
|
1534
1542
|
# You could receive this error even though you meet other defined
|
1535
1543
|
# session policy and session tag limits. For more information, see [IAM
|
@@ -1564,8 +1572,8 @@ module Aws::STS
|
|
1564
1572
|
# @!attribute [rw] arn
|
1565
1573
|
# The Amazon Resource Name (ARN) of the IAM managed policy to use as a
|
1566
1574
|
# session policy for the role. For more information about ARNs, see
|
1567
|
-
# [Amazon Resource Names (ARNs) and
|
1568
|
-
# *
|
1575
|
+
# [Amazon Resource Names (ARNs) and Amazon Web Services Service
|
1576
|
+
# Namespaces][1] in the *Amazon Web Services General Reference*.
|
1569
1577
|
#
|
1570
1578
|
#
|
1571
1579
|
#
|
@@ -1583,8 +1591,8 @@ module Aws::STS
|
|
1583
1591
|
# STS is not activated in the requested region for the account that is
|
1584
1592
|
# being asked to generate credentials. The account administrator must
|
1585
1593
|
# use the IAM console to activate STS in that region. For more
|
1586
|
-
# information, see [Activating and Deactivating
|
1587
|
-
# Region][1] in the *IAM User Guide*.
|
1594
|
+
# information, see [Activating and Deactivating Amazon Web Services STS
|
1595
|
+
# in an Amazon Web Services Region][1] in the *IAM User Guide*.
|
1588
1596
|
#
|
1589
1597
|
#
|
1590
1598
|
#
|
@@ -1604,7 +1612,7 @@ module Aws::STS
|
|
1604
1612
|
# You can pass custom key-value pair attributes when you assume a role
|
1605
1613
|
# or federate a user. These are called session tags. You can then use
|
1606
1614
|
# the session tags to control access to resources. For more information,
|
1607
|
-
# see [Tagging
|
1615
|
+
# see [Tagging STS Sessions][1] in the *IAM User Guide*.
|
1608
1616
|
#
|
1609
1617
|
#
|
1610
1618
|
#
|