aws-sdk-core 3.117.0 → 3.197.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (163) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +836 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-defaults/default_configuration.rb +153 -0
  5. data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
  6. data/lib/aws-defaults.rb +3 -0
  7. data/lib/aws-sdk-core/arn.rb +13 -0
  8. data/lib/aws-sdk-core/assume_role_credentials.rb +21 -7
  9. data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +14 -10
  10. data/lib/aws-sdk-core/binary/decode_handler.rb +0 -5
  11. data/lib/aws-sdk-core/binary/encode_handler.rb +12 -1
  12. data/lib/aws-sdk-core/binary/event_builder.rb +34 -37
  13. data/lib/aws-sdk-core/client_stubs.rb +20 -13
  14. data/lib/aws-sdk-core/credential_provider.rb +4 -1
  15. data/lib/aws-sdk-core/credential_provider_chain.rb +8 -5
  16. data/lib/aws-sdk-core/ec2_metadata.rb +4 -3
  17. data/lib/aws-sdk-core/ecs_credentials.rb +187 -52
  18. data/lib/aws-sdk-core/endpoints/condition.rb +41 -0
  19. data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
  20. data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +75 -0
  21. data/lib/aws-sdk-core/endpoints/error_rule.rb +42 -0
  22. data/lib/aws-sdk-core/endpoints/function.rb +80 -0
  23. data/lib/aws-sdk-core/endpoints/matchers.rb +135 -0
  24. data/lib/aws-sdk-core/endpoints/reference.rb +31 -0
  25. data/lib/aws-sdk-core/endpoints/rule.rb +25 -0
  26. data/lib/aws-sdk-core/endpoints/rule_set.rb +52 -0
  27. data/lib/aws-sdk-core/endpoints/rules_provider.rb +37 -0
  28. data/lib/aws-sdk-core/endpoints/templater.rb +58 -0
  29. data/lib/aws-sdk-core/endpoints/tree_rule.rb +45 -0
  30. data/lib/aws-sdk-core/endpoints/url.rb +60 -0
  31. data/lib/aws-sdk-core/endpoints.rb +78 -0
  32. data/lib/aws-sdk-core/errors.rb +17 -4
  33. data/lib/aws-sdk-core/event_emitter.rb +0 -16
  34. data/lib/aws-sdk-core/ini_parser.rb +7 -0
  35. data/lib/aws-sdk-core/instance_profile_credentials.rb +127 -33
  36. data/lib/aws-sdk-core/json/builder.rb +8 -1
  37. data/lib/aws-sdk-core/json/error_handler.rb +30 -4
  38. data/lib/aws-sdk-core/json/handler.rb +8 -1
  39. data/lib/aws-sdk-core/json/json_engine.rb +10 -8
  40. data/lib/aws-sdk-core/json/oj_engine.rb +33 -6
  41. data/lib/aws-sdk-core/json/parser.rb +38 -2
  42. data/lib/aws-sdk-core/json.rb +8 -26
  43. data/lib/aws-sdk-core/log/formatter.rb +6 -0
  44. data/lib/aws-sdk-core/log/param_filter.rb +9 -1
  45. data/lib/aws-sdk-core/lru_cache.rb +75 -0
  46. data/lib/aws-sdk-core/pageable_response.rb +81 -32
  47. data/lib/aws-sdk-core/param_validator.rb +36 -2
  48. data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
  49. data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +342 -0
  50. data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +1 -0
  51. data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +14 -2
  52. data/lib/aws-sdk-core/plugins/credentials_configuration.rb +29 -1
  53. data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
  54. data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +6 -2
  55. data/lib/aws-sdk-core/plugins/http_checksum.rb +9 -1
  56. data/lib/aws-sdk-core/plugins/invocation_id.rb +1 -11
  57. data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
  58. data/lib/aws-sdk-core/plugins/logging.rb +2 -0
  59. data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +17 -0
  60. data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +4 -2
  61. data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +1 -2
  62. data/lib/aws-sdk-core/plugins/recursion_detection.rb +38 -0
  63. data/lib/aws-sdk-core/plugins/regional_endpoint.rb +144 -17
  64. data/lib/aws-sdk-core/plugins/request_compression.rb +226 -0
  65. data/lib/aws-sdk-core/plugins/response_paging.rb +1 -1
  66. data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +7 -4
  67. data/lib/aws-sdk-core/plugins/retry_errors.rb +33 -7
  68. data/lib/aws-sdk-core/plugins/sign.rb +211 -0
  69. data/lib/aws-sdk-core/plugins/signature_v2.rb +1 -0
  70. data/lib/aws-sdk-core/plugins/signature_v4.rb +28 -31
  71. data/lib/aws-sdk-core/plugins/stub_responses.rb +6 -1
  72. data/lib/aws-sdk-core/plugins/user_agent.rb +152 -14
  73. data/lib/aws-sdk-core/process_credentials.rb +50 -34
  74. data/lib/aws-sdk-core/query/ec2_param_builder.rb +5 -7
  75. data/lib/aws-sdk-core/query/param_builder.rb +2 -2
  76. data/lib/aws-sdk-core/refreshing_credentials.rb +49 -18
  77. data/lib/aws-sdk-core/refreshing_token.rb +71 -0
  78. data/lib/aws-sdk-core/rest/handler.rb +1 -1
  79. data/lib/aws-sdk-core/rest/request/body.rb +49 -4
  80. data/lib/aws-sdk-core/rest/request/content_type.rb +60 -0
  81. data/lib/aws-sdk-core/rest/request/endpoint.rb +24 -4
  82. data/lib/aws-sdk-core/rest/request/headers.rb +23 -7
  83. data/lib/aws-sdk-core/rest/request/querystring_builder.rb +62 -36
  84. data/lib/aws-sdk-core/rest/response/body.rb +15 -1
  85. data/lib/aws-sdk-core/rest/response/header_list_parser.rb +79 -0
  86. data/lib/aws-sdk-core/rest/response/headers.rb +10 -3
  87. data/lib/aws-sdk-core/rest.rb +1 -0
  88. data/lib/aws-sdk-core/shared_config.rb +112 -12
  89. data/lib/aws-sdk-core/sso_credentials.rb +92 -51
  90. data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
  91. data/lib/aws-sdk-core/static_token_provider.rb +14 -0
  92. data/lib/aws-sdk-core/structure.rb +16 -5
  93. data/lib/aws-sdk-core/stubbing/stub_data.rb +11 -0
  94. data/lib/aws-sdk-core/token.rb +31 -0
  95. data/lib/aws-sdk-core/token_provider.rb +15 -0
  96. data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
  97. data/lib/aws-sdk-core/util.rb +39 -0
  98. data/lib/aws-sdk-core/waiters/poller.rb +4 -2
  99. data/lib/aws-sdk-core/xml/builder.rb +17 -9
  100. data/lib/aws-sdk-core/xml/error_handler.rb +31 -8
  101. data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
  102. data/lib/aws-sdk-core/xml/parser/engines/ox.rb +1 -1
  103. data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +0 -8
  104. data/lib/aws-sdk-core/xml/parser/frame.rb +27 -20
  105. data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
  106. data/lib/aws-sdk-core.rb +21 -0
  107. data/lib/aws-sdk-sso/client.rb +157 -50
  108. data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
  109. data/lib/aws-sdk-sso/endpoint_provider.rb +57 -0
  110. data/lib/aws-sdk-sso/endpoints.rb +72 -0
  111. data/lib/aws-sdk-sso/plugins/endpoints.rb +78 -0
  112. data/lib/aws-sdk-sso/types.rb +8 -43
  113. data/lib/aws-sdk-sso.rb +5 -1
  114. data/lib/aws-sdk-ssooidc/client.rb +1008 -0
  115. data/lib/aws-sdk-ssooidc/client_api.rb +293 -0
  116. data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
  117. data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
  118. data/lib/aws-sdk-ssooidc/endpoint_provider.rb +57 -0
  119. data/lib/aws-sdk-ssooidc/endpoints.rb +72 -0
  120. data/lib/aws-sdk-ssooidc/errors.rb +342 -0
  121. data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +78 -0
  122. data/lib/aws-sdk-ssooidc/resource.rb +26 -0
  123. data/lib/aws-sdk-ssooidc/types.rb +823 -0
  124. data/lib/aws-sdk-ssooidc.rb +59 -0
  125. data/lib/aws-sdk-sts/client.rb +472 -398
  126. data/lib/aws-sdk-sts/client_api.rb +20 -9
  127. data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
  128. data/lib/aws-sdk-sts/endpoint_provider.rb +112 -0
  129. data/lib/aws-sdk-sts/endpoints.rb +136 -0
  130. data/lib/aws-sdk-sts/plugins/endpoints.rb +86 -0
  131. data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +5 -1
  132. data/lib/aws-sdk-sts/presigner.rb +14 -10
  133. data/lib/aws-sdk-sts/types.rb +168 -227
  134. data/lib/aws-sdk-sts.rb +5 -1
  135. data/lib/seahorse/client/async_base.rb +1 -2
  136. data/lib/seahorse/client/async_response.rb +19 -0
  137. data/lib/seahorse/client/base.rb +1 -0
  138. data/lib/seahorse/client/configuration.rb +5 -5
  139. data/lib/seahorse/client/h2/connection.rb +15 -16
  140. data/lib/seahorse/client/h2/handler.rb +5 -5
  141. data/lib/seahorse/client/net_http/connection_pool.rb +10 -9
  142. data/lib/seahorse/client/net_http/handler.rb +15 -7
  143. data/lib/seahorse/client/net_http/patches.rb +12 -86
  144. data/lib/seahorse/client/plugin.rb +9 -0
  145. data/lib/seahorse/client/plugins/content_length.rb +11 -5
  146. data/lib/seahorse/client/plugins/h2.rb +3 -3
  147. data/lib/seahorse/client/plugins/net_http.rb +73 -10
  148. data/lib/seahorse/client/plugins/request_callback.rb +40 -9
  149. data/lib/seahorse/client/response.rb +6 -0
  150. data/lib/seahorse/model/operation.rb +6 -0
  151. data/lib/seahorse/model/shapes.rb +27 -2
  152. data/lib/seahorse/util.rb +4 -0
  153. data/sig/aws-sdk-core/client_stubs.rbs +10 -0
  154. data/sig/aws-sdk-core/errors.rbs +22 -0
  155. data/sig/aws-sdk-core/resources/collection.rbs +21 -0
  156. data/sig/aws-sdk-core/structure.rbs +4 -0
  157. data/sig/aws-sdk-core/waiters/errors.rbs +20 -0
  158. data/sig/aws-sdk-core.rbs +7 -0
  159. data/sig/seahorse/client/base.rbs +25 -0
  160. data/sig/seahorse/client/handler_builder.rbs +16 -0
  161. data/sig/seahorse/client/response.rbs +61 -0
  162. metadata +82 -17
  163. data/lib/aws-sdk-sso/plugins/content_type.rb +0 -25
@@ -10,32 +10,6 @@
10
10
  module Aws::STS
11
11
  module Types
12
12
 
13
- # @note When making an API call, you may pass AssumeRoleRequest
14
- # data as a hash:
15
- #
16
- # {
17
- # role_arn: "arnType", # required
18
- # role_session_name: "roleSessionNameType", # required
19
- # policy_arns: [
20
- # {
21
- # arn: "arnType",
22
- # },
23
- # ],
24
- # policy: "sessionPolicyDocumentType",
25
- # duration_seconds: 1,
26
- # tags: [
27
- # {
28
- # key: "tagKeyType", # required
29
- # value: "tagValueType", # required
30
- # },
31
- # ],
32
- # transitive_tag_keys: ["tagKeyType"],
33
- # external_id: "externalIdType",
34
- # serial_number: "serialNumberType",
35
- # token_code: "tokenCodeType",
36
- # source_identity: "sourceIdentityType",
37
- # }
38
- #
39
13
  # @!attribute [rw] role_arn
40
14
  # The Amazon Resource Name (ARN) of the role to assume.
41
15
  # @return [String]
@@ -70,12 +44,13 @@ module Aws::STS
70
44
  # Web Services Service Namespaces][1] in the Amazon Web Services
71
45
  # General Reference.
72
46
  #
73
- # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
74
- # policies and session tags into a packed binary format that has a
75
- # separate limit. Your request can fail for this limit even if your
76
- # plaintext meets the other requirements. The `PackedPolicySize`
77
- # response element indicates by percentage how close the policies and
78
- # tags for your request are to the upper size limit.
47
+ # <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
48
+ # session policy, managed policy ARNs, and session tags into a packed
49
+ # binary format that has a separate limit. Your request can fail for
50
+ # this limit even if your plaintext meets the other requirements. The
51
+ # `PackedPolicySize` response element indicates by percentage how
52
+ # close the policies and tags for your request are to the upper size
53
+ # limit.
79
54
  #
80
55
  # </note>
81
56
  #
@@ -116,12 +91,13 @@ module Aws::STS
116
91
  # include the tab (\\u0009), linefeed (\\u000A), and carriage return
117
92
  # (\\u000D) characters.
118
93
  #
119
- # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
120
- # policies and session tags into a packed binary format that has a
121
- # separate limit. Your request can fail for this limit even if your
122
- # plaintext meets the other requirements. The `PackedPolicySize`
123
- # response element indicates by percentage how close the policies and
124
- # tags for your request are to the upper size limit.
94
+ # <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
95
+ # session policy, managed policy ARNs, and session tags into a packed
96
+ # binary format that has a separate limit. Your request can fail for
97
+ # this limit even if your plaintext meets the other requirements. The
98
+ # `PackedPolicySize` response element indicates by percentage how
99
+ # close the policies and tags for your request are to the upper size
100
+ # limit.
125
101
  #
126
102
  # </note>
127
103
  #
@@ -132,16 +108,25 @@ module Aws::STS
132
108
  #
133
109
  # @!attribute [rw] duration_seconds
134
110
  # The duration, in seconds, of the role session. The value specified
135
- # can can range from 900 seconds (15 minutes) up to the maximum
136
- # session duration that is set for the role. The maximum session
137
- # duration setting can have a value from 1 hour to 12 hours. If you
138
- # specify a value higher than this setting or the administrator
139
- # setting (whichever is lower), the operation fails. For example, if
140
- # you specify a session duration of 12 hours, but your administrator
141
- # set the maximum session duration to 6 hours, your operation fails.
142
- # To learn how to view the maximum value for your role, see [View the
143
- # Maximum Session Duration Setting for a Role][1] in the *IAM User
144
- # Guide*.
111
+ # can range from 900 seconds (15 minutes) up to the maximum session
112
+ # duration set for the role. The maximum session duration setting can
113
+ # have a value from 1 hour to 12 hours. If you specify a value higher
114
+ # than this setting or the administrator setting (whichever is lower),
115
+ # the operation fails. For example, if you specify a session duration
116
+ # of 12 hours, but your administrator set the maximum session duration
117
+ # to 6 hours, your operation fails.
118
+ #
119
+ # Role chaining limits your Amazon Web Services CLI or Amazon Web
120
+ # Services API role session to a maximum of one hour. When you use the
121
+ # `AssumeRole` API operation to assume a role, you can specify the
122
+ # duration of your role session with the `DurationSeconds` parameter.
123
+ # You can specify a parameter value of up to 43200 seconds (12 hours),
124
+ # depending on the maximum session duration setting for your role.
125
+ # However, if you assume a role using role chaining and provide a
126
+ # `DurationSeconds` parameter value greater than one hour, the
127
+ # operation fails. To learn how to view the maximum value for your
128
+ # role, see [View the Maximum Session Duration Setting for a Role][1]
129
+ # in the *IAM User Guide*.
145
130
  #
146
131
  # By default, the value is set to `3600` seconds.
147
132
  #
@@ -150,8 +135,8 @@ module Aws::STS
150
135
  # credentials. The request to the federation endpoint for a console
151
136
  # sign-in token takes a `SessionDuration` parameter that specifies the
152
137
  # maximum length of the console session. For more information, see
153
- # [Creating a URL that Enables Federated Users to Access the
154
- # Management Console][2] in the *IAM User Guide*.
138
+ # [Creating a URL that Enables Federated Users to Access the Amazon
139
+ # Web Services Management Console][2] in the *IAM User Guide*.
155
140
  #
156
141
  # </note>
157
142
  #
@@ -164,20 +149,21 @@ module Aws::STS
164
149
  # @!attribute [rw] tags
165
150
  # A list of session tags that you want to pass. Each session tag
166
151
  # consists of a key name and an associated value. For more information
167
- # about session tags, see [Tagging STS Sessions][1] in the *IAM User
168
- # Guide*.
152
+ # about session tags, see [Tagging Amazon Web Services STS
153
+ # Sessions][1] in the *IAM User Guide*.
169
154
  #
170
155
  # This parameter is optional. You can pass up to 50 session tags. The
171
156
  # plaintext session tag keys can’t exceed 128 characters, and the
172
157
  # values can’t exceed 256 characters. For these and additional limits,
173
158
  # see [IAM and STS Character Limits][2] in the *IAM User Guide*.
174
159
  #
175
- # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
176
- # policies and session tags into a packed binary format that has a
177
- # separate limit. Your request can fail for this limit even if your
178
- # plaintext meets the other requirements. The `PackedPolicySize`
179
- # response element indicates by percentage how close the policies and
180
- # tags for your request are to the upper size limit.
160
+ # <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
161
+ # session policy, managed policy ARNs, and session tags into a packed
162
+ # binary format that has a separate limit. Your request can fail for
163
+ # this limit even if your plaintext meets the other requirements. The
164
+ # `PackedPolicySize` response element indicates by percentage how
165
+ # close the policies and tags for your request are to the upper size
166
+ # limit.
181
167
  #
182
168
  # </note>
183
169
  #
@@ -204,7 +190,7 @@ module Aws::STS
204
190
  #
205
191
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
206
192
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
207
- # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs
193
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
208
194
  # @return [Array<Types::Tag>]
209
195
  #
210
196
  # @!attribute [rw] transitive_tag_keys
@@ -301,6 +287,19 @@ module Aws::STS
301
287
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
302
288
  # @return [String]
303
289
  #
290
+ # @!attribute [rw] provided_contexts
291
+ # A list of previously acquired trusted context assertions in the
292
+ # format of a JSON array. The trusted context assertion is signed and
293
+ # encrypted by Amazon Web Services STS.
294
+ #
295
+ # The following is an example of a `ProvidedContext` value that
296
+ # includes a single trusted context assertion and the ARN of the
297
+ # context provider from which the trusted context assertion was
298
+ # generated.
299
+ #
300
+ # `[\{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"\}]`
301
+ # @return [Array<Types::ProvidedContext>]
302
+ #
304
303
  # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleRequest AWS API Documentation
305
304
  #
306
305
  class AssumeRoleRequest < Struct.new(
@@ -314,7 +313,8 @@ module Aws::STS
314
313
  :external_id,
315
314
  :serial_number,
316
315
  :token_code,
317
- :source_identity)
316
+ :source_identity,
317
+ :provided_contexts)
318
318
  SENSITIVE = []
319
319
  include Aws::Structure
320
320
  end
@@ -385,22 +385,6 @@ module Aws::STS
385
385
  include Aws::Structure
386
386
  end
387
387
 
388
- # @note When making an API call, you may pass AssumeRoleWithSAMLRequest
389
- # data as a hash:
390
- #
391
- # {
392
- # role_arn: "arnType", # required
393
- # principal_arn: "arnType", # required
394
- # saml_assertion: "SAMLAssertionType", # required
395
- # policy_arns: [
396
- # {
397
- # arn: "arnType",
398
- # },
399
- # ],
400
- # policy: "sessionPolicyDocumentType",
401
- # duration_seconds: 1,
402
- # }
403
- #
404
388
  # @!attribute [rw] role_arn
405
389
  # The Amazon Resource Name (ARN) of the role that the caller is
406
390
  # assuming.
@@ -434,12 +418,13 @@ module Aws::STS
434
418
  # Web Services Service Namespaces][1] in the Amazon Web Services
435
419
  # General Reference.
436
420
  #
437
- # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
438
- # policies and session tags into a packed binary format that has a
439
- # separate limit. Your request can fail for this limit even if your
440
- # plaintext meets the other requirements. The `PackedPolicySize`
441
- # response element indicates by percentage how close the policies and
442
- # tags for your request are to the upper size limit.
421
+ # <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
422
+ # session policy, managed policy ARNs, and session tags into a packed
423
+ # binary format that has a separate limit. Your request can fail for
424
+ # this limit even if your plaintext meets the other requirements. The
425
+ # `PackedPolicySize` response element indicates by percentage how
426
+ # close the policies and tags for your request are to the upper size
427
+ # limit.
443
428
  #
444
429
  # </note>
445
430
  #
@@ -480,12 +465,13 @@ module Aws::STS
480
465
  # include the tab (\\u0009), linefeed (\\u000A), and carriage return
481
466
  # (\\u000D) characters.
482
467
  #
483
- # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
484
- # policies and session tags into a packed binary format that has a
485
- # separate limit. Your request can fail for this limit even if your
486
- # plaintext meets the other requirements. The `PackedPolicySize`
487
- # response element indicates by percentage how close the policies and
488
- # tags for your request are to the upper size limit.
468
+ # <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
469
+ # session policy, managed policy ARNs, and session tags into a packed
470
+ # binary format that has a separate limit. Your request can fail for
471
+ # this limit even if your plaintext meets the other requirements. The
472
+ # `PackedPolicySize` response element indicates by percentage how
473
+ # close the policies and tags for your request are to the upper size
474
+ # limit.
489
475
  #
490
476
  # </note>
491
477
  #
@@ -516,8 +502,8 @@ module Aws::STS
516
502
  # credentials. The request to the federation endpoint for a console
517
503
  # sign-in token takes a `SessionDuration` parameter that specifies the
518
504
  # maximum length of the console session. For more information, see
519
- # [Creating a URL that Enables Federated Users to Access the
520
- # Management Console][2] in the *IAM User Guide*.
505
+ # [Creating a URL that Enables Federated Users to Access the Amazon
506
+ # Web Services Management Console][2] in the *IAM User Guide*.
521
507
  #
522
508
  # </note>
523
509
  #
@@ -536,7 +522,7 @@ module Aws::STS
536
522
  :policy_arns,
537
523
  :policy,
538
524
  :duration_seconds)
539
- SENSITIVE = []
525
+ SENSITIVE = [:saml_assertion]
540
526
  include Aws::Structure
541
527
  end
542
528
 
@@ -604,7 +590,7 @@ module Aws::STS
604
590
  # in IAM.
605
591
  #
606
592
  # The combination of `NameQualifier` and `Subject` can be used to
607
- # uniquely identify a federated user.
593
+ # uniquely identify a user.
608
594
  #
609
595
  # The following pseudocode shows how the hash value is calculated:
610
596
  #
@@ -656,23 +642,6 @@ module Aws::STS
656
642
  include Aws::Structure
657
643
  end
658
644
 
659
- # @note When making an API call, you may pass AssumeRoleWithWebIdentityRequest
660
- # data as a hash:
661
- #
662
- # {
663
- # role_arn: "arnType", # required
664
- # role_session_name: "roleSessionNameType", # required
665
- # web_identity_token: "clientTokenType", # required
666
- # provider_id: "urlType",
667
- # policy_arns: [
668
- # {
669
- # arn: "arnType",
670
- # },
671
- # ],
672
- # policy: "sessionPolicyDocumentType",
673
- # duration_seconds: 1,
674
- # }
675
- #
676
645
  # @!attribute [rw] role_arn
677
646
  # The Amazon Resource Name (ARN) of the role that the caller is
678
647
  # assuming.
@@ -697,17 +666,18 @@ module Aws::STS
697
666
  # provided by the identity provider. Your application must get this
698
667
  # token by authenticating the user who is using your application with
699
668
  # a web identity provider before the application makes an
700
- # `AssumeRoleWithWebIdentity` call.
669
+ # `AssumeRoleWithWebIdentity` call. Only tokens with RSA algorithms
670
+ # (RS256) are supported.
701
671
  # @return [String]
702
672
  #
703
673
  # @!attribute [rw] provider_id
704
- # The fully qualified host component of the domain name of the
705
- # identity provider.
674
+ # The fully qualified host component of the domain name of the OAuth
675
+ # 2.0 identity provider. Do not specify this value for an OpenID
676
+ # Connect identity provider.
706
677
  #
707
- # Specify this value only for OAuth 2.0 access tokens. Currently
708
- # `www.amazon.com` and `graph.facebook.com` are the only supported
709
- # identity providers for OAuth 2.0 access tokens. Do not include URL
710
- # schemes and port numbers.
678
+ # Currently `www.amazon.com` and `graph.facebook.com` are the only
679
+ # supported identity providers for OAuth 2.0 access tokens. Do not
680
+ # include URL schemes and port numbers.
711
681
  #
712
682
  # Do not specify this value for OpenID Connect ID tokens.
713
683
  # @return [String]
@@ -724,12 +694,13 @@ module Aws::STS
724
694
  # Web Services Service Namespaces][1] in the Amazon Web Services
725
695
  # General Reference.
726
696
  #
727
- # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
728
- # policies and session tags into a packed binary format that has a
729
- # separate limit. Your request can fail for this limit even if your
730
- # plaintext meets the other requirements. The `PackedPolicySize`
731
- # response element indicates by percentage how close the policies and
732
- # tags for your request are to the upper size limit.
697
+ # <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
698
+ # session policy, managed policy ARNs, and session tags into a packed
699
+ # binary format that has a separate limit. Your request can fail for
700
+ # this limit even if your plaintext meets the other requirements. The
701
+ # `PackedPolicySize` response element indicates by percentage how
702
+ # close the policies and tags for your request are to the upper size
703
+ # limit.
733
704
  #
734
705
  # </note>
735
706
  #
@@ -770,12 +741,13 @@ module Aws::STS
770
741
  # include the tab (\\u0009), linefeed (\\u000A), and carriage return
771
742
  # (\\u000D) characters.
772
743
  #
773
- # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
774
- # policies and session tags into a packed binary format that has a
775
- # separate limit. Your request can fail for this limit even if your
776
- # plaintext meets the other requirements. The `PackedPolicySize`
777
- # response element indicates by percentage how close the policies and
778
- # tags for your request are to the upper size limit.
744
+ # <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
745
+ # session policy, managed policy ARNs, and session tags into a packed
746
+ # binary format that has a separate limit. Your request can fail for
747
+ # this limit even if your plaintext meets the other requirements. The
748
+ # `PackedPolicySize` response element indicates by percentage how
749
+ # close the policies and tags for your request are to the upper size
750
+ # limit.
779
751
  #
780
752
  # </note>
781
753
  #
@@ -802,8 +774,8 @@ module Aws::STS
802
774
  # credentials. The request to the federation endpoint for a console
803
775
  # sign-in token takes a `SessionDuration` parameter that specifies the
804
776
  # maximum length of the console session. For more information, see
805
- # [Creating a URL that Enables Federated Users to Access the
806
- # Management Console][2] in the *IAM User Guide*.
777
+ # [Creating a URL that Enables Federated Users to Access the Amazon
778
+ # Web Services Management Console][2] in the *IAM User Guide*.
807
779
  #
808
780
  # </note>
809
781
  #
@@ -823,7 +795,7 @@ module Aws::STS
823
795
  :policy_arns,
824
796
  :policy,
825
797
  :duration_seconds)
826
- SENSITIVE = []
798
+ SENSITIVE = [:web_identity_token]
827
799
  include Aws::Structure
828
800
  end
829
801
 
@@ -984,17 +956,10 @@ module Aws::STS
984
956
  :secret_access_key,
985
957
  :session_token,
986
958
  :expiration)
987
- SENSITIVE = []
959
+ SENSITIVE = [:secret_access_key]
988
960
  include Aws::Structure
989
961
  end
990
962
 
991
- # @note When making an API call, you may pass DecodeAuthorizationMessageRequest
992
- # data as a hash:
993
- #
994
- # {
995
- # encoded_message: "encodedMessageType", # required
996
- # }
997
- #
998
963
  # @!attribute [rw] encoded_message
999
964
  # The encoded message that was returned with the response.
1000
965
  # @return [String]
@@ -1012,7 +977,7 @@ module Aws::STS
1012
977
  # returned in response to an Amazon Web Services request.
1013
978
  #
1014
979
  # @!attribute [rw] decoded_message
1015
- # An XML document that contains the decoded message.
980
+ # The API returns a response with the decoded message.
1016
981
  # @return [String]
1017
982
  #
1018
983
  # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse AWS API Documentation
@@ -1065,13 +1030,6 @@ module Aws::STS
1065
1030
  include Aws::Structure
1066
1031
  end
1067
1032
 
1068
- # @note When making an API call, you may pass GetAccessKeyInfoRequest
1069
- # data as a hash:
1070
- #
1071
- # {
1072
- # access_key_id: "accessKeyIdType", # required
1073
- # }
1074
- #
1075
1033
  # @!attribute [rw] access_key_id
1076
1034
  # The identifier of an access key.
1077
1035
  #
@@ -1140,26 +1098,6 @@ module Aws::STS
1140
1098
  include Aws::Structure
1141
1099
  end
1142
1100
 
1143
- # @note When making an API call, you may pass GetFederationTokenRequest
1144
- # data as a hash:
1145
- #
1146
- # {
1147
- # name: "userNameType", # required
1148
- # policy: "sessionPolicyDocumentType",
1149
- # policy_arns: [
1150
- # {
1151
- # arn: "arnType",
1152
- # },
1153
- # ],
1154
- # duration_seconds: 1,
1155
- # tags: [
1156
- # {
1157
- # key: "tagKeyType", # required
1158
- # value: "tagValueType", # required
1159
- # },
1160
- # ],
1161
- # }
1162
- #
1163
1101
  # @!attribute [rw] name
1164
1102
  # The name of the federated user. The name is used as an identifier
1165
1103
  # for the temporary security credentials (such as `Bob`). For example,
@@ -1178,8 +1116,8 @@ module Aws::STS
1178
1116
  #
1179
1117
  # You must pass an inline or managed [session policy][1] to this
1180
1118
  # operation. You can pass a single JSON policy document to use as an
1181
- # inline session policy. You can also specify up to 10 managed
1182
- # policies to use as managed session policies.
1119
+ # inline session policy. You can also specify up to 10 managed policy
1120
+ # Amazon Resource Names (ARNs) to use as managed session policies.
1183
1121
  #
1184
1122
  # This parameter is optional. However, if you do not pass any session
1185
1123
  # policies, then the resulting federated user session has no
@@ -1207,12 +1145,13 @@ module Aws::STS
1207
1145
  # include the tab (\\u0009), linefeed (\\u000A), and carriage return
1208
1146
  # (\\u000D) characters.
1209
1147
  #
1210
- # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
1211
- # policies and session tags into a packed binary format that has a
1212
- # separate limit. Your request can fail for this limit even if your
1213
- # plaintext meets the other requirements. The `PackedPolicySize`
1214
- # response element indicates by percentage how close the policies and
1215
- # tags for your request are to the upper size limit.
1148
+ # <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
1149
+ # session policy, managed policy ARNs, and session tags into a packed
1150
+ # binary format that has a separate limit. Your request can fail for
1151
+ # this limit even if your plaintext meets the other requirements. The
1152
+ # `PackedPolicySize` response element indicates by percentage how
1153
+ # close the policies and tags for your request are to the upper size
1154
+ # limit.
1216
1155
  #
1217
1156
  # </note>
1218
1157
  #
@@ -1229,13 +1168,13 @@ module Aws::STS
1229
1168
  #
1230
1169
  # You must pass an inline or managed [session policy][1] to this
1231
1170
  # operation. You can pass a single JSON policy document to use as an
1232
- # inline session policy. You can also specify up to 10 managed
1233
- # policies to use as managed session policies. The plaintext that you
1234
- # use for both inline and managed session policies can't exceed 2,048
1235
- # characters. You can provide up to 10 managed policy ARNs. For more
1236
- # information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
1237
- # Web Services Service Namespaces][2] in the Amazon Web Services
1238
- # General Reference.
1171
+ # inline session policy. You can also specify up to 10 managed policy
1172
+ # Amazon Resource Names (ARNs) to use as managed session policies. The
1173
+ # plaintext that you use for both inline and managed session policies
1174
+ # can't exceed 2,048 characters. You can provide up to 10 managed
1175
+ # policy ARNs. For more information about ARNs, see [Amazon Resource
1176
+ # Names (ARNs) and Amazon Web Services Service Namespaces][2] in the
1177
+ # Amazon Web Services General Reference.
1239
1178
  #
1240
1179
  # This parameter is optional. However, if you do not pass any session
1241
1180
  # policies, then the resulting federated user session has no
@@ -1256,12 +1195,13 @@ module Aws::STS
1256
1195
  # are granted in addition to the permissions that are granted by the
1257
1196
  # session policies.
1258
1197
  #
1259
- # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
1260
- # policies and session tags into a packed binary format that has a
1261
- # separate limit. Your request can fail for this limit even if your
1262
- # plaintext meets the other requirements. The `PackedPolicySize`
1263
- # response element indicates by percentage how close the policies and
1264
- # tags for your request are to the upper size limit.
1198
+ # <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
1199
+ # session policy, managed policy ARNs, and session tags into a packed
1200
+ # binary format that has a separate limit. Your request can fail for
1201
+ # this limit even if your plaintext meets the other requirements. The
1202
+ # `PackedPolicySize` response element indicates by percentage how
1203
+ # close the policies and tags for your request are to the upper size
1204
+ # limit.
1265
1205
  #
1266
1206
  # </note>
1267
1207
  #
@@ -1275,11 +1215,10 @@ module Aws::STS
1275
1215
  # The duration, in seconds, that the session should last. Acceptable
1276
1216
  # durations for federation sessions range from 900 seconds (15
1277
1217
  # minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12
1278
- # hours) as the default. Sessions obtained using Amazon Web Services
1279
- # account root user credentials are restricted to a maximum of 3,600
1280
- # seconds (one hour). If the specified duration is longer than one
1281
- # hour, the session obtained by using root user credentials defaults
1282
- # to one hour.
1218
+ # hours) as the default. Sessions obtained using root user credentials
1219
+ # are restricted to a maximum of 3,600 seconds (one hour). If the
1220
+ # specified duration is longer than one hour, the session obtained by
1221
+ # using root user credentials defaults to one hour.
1283
1222
  # @return [Integer]
1284
1223
  #
1285
1224
  # @!attribute [rw] tags
@@ -1292,12 +1231,13 @@ module Aws::STS
1292
1231
  # values can’t exceed 256 characters. For these and additional limits,
1293
1232
  # see [IAM and STS Character Limits][2] in the *IAM User Guide*.
1294
1233
  #
1295
- # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
1296
- # policies and session tags into a packed binary format that has a
1297
- # separate limit. Your request can fail for this limit even if your
1298
- # plaintext meets the other requirements. The `PackedPolicySize`
1299
- # response element indicates by percentage how close the policies and
1300
- # tags for your request are to the upper size limit.
1234
+ # <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
1235
+ # session policy, managed policy ARNs, and session tags into a packed
1236
+ # binary format that has a separate limit. Your request can fail for
1237
+ # this limit even if your plaintext meets the other requirements. The
1238
+ # `PackedPolicySize` response element indicates by percentage how
1239
+ # close the policies and tags for your request are to the upper size
1240
+ # limit.
1301
1241
  #
1302
1242
  # </note>
1303
1243
  #
@@ -1370,15 +1310,6 @@ module Aws::STS
1370
1310
  include Aws::Structure
1371
1311
  end
1372
1312
 
1373
- # @note When making an API call, you may pass GetSessionTokenRequest
1374
- # data as a hash:
1375
- #
1376
- # {
1377
- # duration_seconds: 1,
1378
- # serial_number: "serialNumberType",
1379
- # token_code: "tokenCodeType",
1380
- # }
1381
- #
1382
1313
  # @!attribute [rw] duration_seconds
1383
1314
  # The duration, in seconds, that the credentials should remain valid.
1384
1315
  # Acceptable durations for IAM user sessions range from 900 seconds
@@ -1396,8 +1327,8 @@ module Aws::STS
1396
1327
  # The value is either the serial number for a hardware device (such as
1397
1328
  # `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual
1398
1329
  # device (such as `arn:aws:iam::123456789012:mfa/user`). You can find
1399
- # the device for an IAM user by going to the Management Console and
1400
- # viewing the user's security credentials.
1330
+ # the device for an IAM user by going to the Amazon Web Services
1331
+ # Management Console and viewing the user's security credentials.
1401
1332
  #
1402
1333
  # The regex used to validate this parameter is a string of characters
1403
1334
  # consisting of upper- and lower-case alphanumeric characters with no
@@ -1546,7 +1477,7 @@ module Aws::STS
1546
1477
  #
1547
1478
  #
1548
1479
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
1549
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
1480
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length
1550
1481
  #
1551
1482
  # @!attribute [rw] message
1552
1483
  # @return [String]
@@ -1562,13 +1493,6 @@ module Aws::STS
1562
1493
  # A reference to the IAM managed policy that is passed as a session
1563
1494
  # policy for a role session or a federated user session.
1564
1495
  #
1565
- # @note When making an API call, you may pass PolicyDescriptorType
1566
- # data as a hash:
1567
- #
1568
- # {
1569
- # arn: "arnType",
1570
- # }
1571
- #
1572
1496
  # @!attribute [rw] arn
1573
1497
  # The Amazon Resource Name (ARN) of the IAM managed policy to use as a
1574
1498
  # session policy for the role. For more information about ARNs, see
@@ -1588,6 +1512,30 @@ module Aws::STS
1588
1512
  include Aws::Structure
1589
1513
  end
1590
1514
 
1515
+ # Contains information about the provided context. This includes the
1516
+ # signed and encrypted trusted context assertion and the context
1517
+ # provider ARN from which the trusted context assertion was generated.
1518
+ #
1519
+ # @!attribute [rw] provider_arn
1520
+ # The context provider ARN from which the trusted context assertion
1521
+ # was generated.
1522
+ # @return [String]
1523
+ #
1524
+ # @!attribute [rw] context_assertion
1525
+ # The signed and encrypted trusted context assertion generated by the
1526
+ # context provider. The trusted context assertion is signed and
1527
+ # encrypted by Amazon Web Services STS.
1528
+ # @return [String]
1529
+ #
1530
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/ProvidedContext AWS API Documentation
1531
+ #
1532
+ class ProvidedContext < Struct.new(
1533
+ :provider_arn,
1534
+ :context_assertion)
1535
+ SENSITIVE = []
1536
+ include Aws::Structure
1537
+ end
1538
+
1591
1539
  # STS is not activated in the requested region for the account that is
1592
1540
  # being asked to generate credentials. The account administrator must
1593
1541
  # use the IAM console to activate STS in that region. For more
@@ -1612,20 +1560,13 @@ module Aws::STS
1612
1560
  # You can pass custom key-value pair attributes when you assume a role
1613
1561
  # or federate a user. These are called session tags. You can then use
1614
1562
  # the session tags to control access to resources. For more information,
1615
- # see [Tagging STS Sessions][1] in the *IAM User Guide*.
1563
+ # see [Tagging Amazon Web Services STS Sessions][1] in the *IAM User
1564
+ # Guide*.
1616
1565
  #
1617
1566
  #
1618
1567
  #
1619
1568
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
1620
1569
  #
1621
- # @note When making an API call, you may pass Tag
1622
- # data as a hash:
1623
- #
1624
- # {
1625
- # key: "tagKeyType", # required
1626
- # value: "tagValueType", # required
1627
- # }
1628
- #
1629
1570
  # @!attribute [rw] key
1630
1571
  # The key for a session tag.
1631
1572
  #