aws-sdk-core 3.117.0 → 3.197.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +836 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +153 -0
- data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
- data/lib/aws-defaults.rb +3 -0
- data/lib/aws-sdk-core/arn.rb +13 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +21 -7
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +14 -10
- data/lib/aws-sdk-core/binary/decode_handler.rb +0 -5
- data/lib/aws-sdk-core/binary/encode_handler.rb +12 -1
- data/lib/aws-sdk-core/binary/event_builder.rb +34 -37
- data/lib/aws-sdk-core/client_stubs.rb +20 -13
- data/lib/aws-sdk-core/credential_provider.rb +4 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +8 -5
- data/lib/aws-sdk-core/ec2_metadata.rb +4 -3
- data/lib/aws-sdk-core/ecs_credentials.rb +187 -52
- data/lib/aws-sdk-core/endpoints/condition.rb +41 -0
- data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
- data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +75 -0
- data/lib/aws-sdk-core/endpoints/error_rule.rb +42 -0
- data/lib/aws-sdk-core/endpoints/function.rb +80 -0
- data/lib/aws-sdk-core/endpoints/matchers.rb +135 -0
- data/lib/aws-sdk-core/endpoints/reference.rb +31 -0
- data/lib/aws-sdk-core/endpoints/rule.rb +25 -0
- data/lib/aws-sdk-core/endpoints/rule_set.rb +52 -0
- data/lib/aws-sdk-core/endpoints/rules_provider.rb +37 -0
- data/lib/aws-sdk-core/endpoints/templater.rb +58 -0
- data/lib/aws-sdk-core/endpoints/tree_rule.rb +45 -0
- data/lib/aws-sdk-core/endpoints/url.rb +60 -0
- data/lib/aws-sdk-core/endpoints.rb +78 -0
- data/lib/aws-sdk-core/errors.rb +17 -4
- data/lib/aws-sdk-core/event_emitter.rb +0 -16
- data/lib/aws-sdk-core/ini_parser.rb +7 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +127 -33
- data/lib/aws-sdk-core/json/builder.rb +8 -1
- data/lib/aws-sdk-core/json/error_handler.rb +30 -4
- data/lib/aws-sdk-core/json/handler.rb +8 -1
- data/lib/aws-sdk-core/json/json_engine.rb +10 -8
- data/lib/aws-sdk-core/json/oj_engine.rb +33 -6
- data/lib/aws-sdk-core/json/parser.rb +38 -2
- data/lib/aws-sdk-core/json.rb +8 -26
- data/lib/aws-sdk-core/log/formatter.rb +6 -0
- data/lib/aws-sdk-core/log/param_filter.rb +9 -1
- data/lib/aws-sdk-core/lru_cache.rb +75 -0
- data/lib/aws-sdk-core/pageable_response.rb +81 -32
- data/lib/aws-sdk-core/param_validator.rb +36 -2
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +342 -0
- data/lib/aws-sdk-core/plugins/client_metrics_plugin.rb +1 -0
- data/lib/aws-sdk-core/plugins/client_metrics_send_plugin.rb +14 -2
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +29 -1
- data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +6 -2
- data/lib/aws-sdk-core/plugins/http_checksum.rb +9 -1
- data/lib/aws-sdk-core/plugins/invocation_id.rb +1 -11
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
- data/lib/aws-sdk-core/plugins/logging.rb +2 -0
- data/lib/aws-sdk-core/plugins/protocols/api_gateway.rb +17 -0
- data/lib/aws-sdk-core/plugins/protocols/rest_json.rb +4 -2
- data/lib/aws-sdk-core/plugins/protocols/rest_xml.rb +1 -2
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +38 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +144 -17
- data/lib/aws-sdk-core/plugins/request_compression.rb +226 -0
- data/lib/aws-sdk-core/plugins/response_paging.rb +1 -1
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +7 -4
- data/lib/aws-sdk-core/plugins/retry_errors.rb +33 -7
- data/lib/aws-sdk-core/plugins/sign.rb +211 -0
- data/lib/aws-sdk-core/plugins/signature_v2.rb +1 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +28 -31
- data/lib/aws-sdk-core/plugins/stub_responses.rb +6 -1
- data/lib/aws-sdk-core/plugins/user_agent.rb +152 -14
- data/lib/aws-sdk-core/process_credentials.rb +50 -34
- data/lib/aws-sdk-core/query/ec2_param_builder.rb +5 -7
- data/lib/aws-sdk-core/query/param_builder.rb +2 -2
- data/lib/aws-sdk-core/refreshing_credentials.rb +49 -18
- data/lib/aws-sdk-core/refreshing_token.rb +71 -0
- data/lib/aws-sdk-core/rest/handler.rb +1 -1
- data/lib/aws-sdk-core/rest/request/body.rb +49 -4
- data/lib/aws-sdk-core/rest/request/content_type.rb +60 -0
- data/lib/aws-sdk-core/rest/request/endpoint.rb +24 -4
- data/lib/aws-sdk-core/rest/request/headers.rb +23 -7
- data/lib/aws-sdk-core/rest/request/querystring_builder.rb +62 -36
- data/lib/aws-sdk-core/rest/response/body.rb +15 -1
- data/lib/aws-sdk-core/rest/response/header_list_parser.rb +79 -0
- data/lib/aws-sdk-core/rest/response/headers.rb +10 -3
- data/lib/aws-sdk-core/rest.rb +1 -0
- data/lib/aws-sdk-core/shared_config.rb +112 -12
- data/lib/aws-sdk-core/sso_credentials.rb +92 -51
- data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
- data/lib/aws-sdk-core/static_token_provider.rb +14 -0
- data/lib/aws-sdk-core/structure.rb +16 -5
- data/lib/aws-sdk-core/stubbing/stub_data.rb +11 -0
- data/lib/aws-sdk-core/token.rb +31 -0
- data/lib/aws-sdk-core/token_provider.rb +15 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
- data/lib/aws-sdk-core/util.rb +39 -0
- data/lib/aws-sdk-core/waiters/poller.rb +4 -2
- data/lib/aws-sdk-core/xml/builder.rb +17 -9
- data/lib/aws-sdk-core/xml/error_handler.rb +31 -8
- data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/ox.rb +1 -1
- data/lib/aws-sdk-core/xml/parser/engines/rexml.rb +0 -8
- data/lib/aws-sdk-core/xml/parser/frame.rb +27 -20
- data/lib/aws-sdk-core/xml/parser/stack.rb +2 -0
- data/lib/aws-sdk-core.rb +21 -0
- data/lib/aws-sdk-sso/client.rb +157 -50
- data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-sso/endpoint_provider.rb +57 -0
- data/lib/aws-sdk-sso/endpoints.rb +72 -0
- data/lib/aws-sdk-sso/plugins/endpoints.rb +78 -0
- data/lib/aws-sdk-sso/types.rb +8 -43
- data/lib/aws-sdk-sso.rb +5 -1
- data/lib/aws-sdk-ssooidc/client.rb +1008 -0
- data/lib/aws-sdk-ssooidc/client_api.rb +293 -0
- data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +57 -0
- data/lib/aws-sdk-ssooidc/endpoints.rb +72 -0
- data/lib/aws-sdk-ssooidc/errors.rb +342 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +78 -0
- data/lib/aws-sdk-ssooidc/resource.rb +26 -0
- data/lib/aws-sdk-ssooidc/types.rb +823 -0
- data/lib/aws-sdk-ssooidc.rb +59 -0
- data/lib/aws-sdk-sts/client.rb +472 -398
- data/lib/aws-sdk-sts/client_api.rb +20 -9
- data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
- data/lib/aws-sdk-sts/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-sts/endpoints.rb +136 -0
- data/lib/aws-sdk-sts/plugins/endpoints.rb +86 -0
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +5 -1
- data/lib/aws-sdk-sts/presigner.rb +14 -10
- data/lib/aws-sdk-sts/types.rb +168 -227
- data/lib/aws-sdk-sts.rb +5 -1
- data/lib/seahorse/client/async_base.rb +1 -2
- data/lib/seahorse/client/async_response.rb +19 -0
- data/lib/seahorse/client/base.rb +1 -0
- data/lib/seahorse/client/configuration.rb +5 -5
- data/lib/seahorse/client/h2/connection.rb +15 -16
- data/lib/seahorse/client/h2/handler.rb +5 -5
- data/lib/seahorse/client/net_http/connection_pool.rb +10 -9
- data/lib/seahorse/client/net_http/handler.rb +15 -7
- data/lib/seahorse/client/net_http/patches.rb +12 -86
- data/lib/seahorse/client/plugin.rb +9 -0
- data/lib/seahorse/client/plugins/content_length.rb +11 -5
- data/lib/seahorse/client/plugins/h2.rb +3 -3
- data/lib/seahorse/client/plugins/net_http.rb +73 -10
- data/lib/seahorse/client/plugins/request_callback.rb +40 -9
- data/lib/seahorse/client/response.rb +6 -0
- data/lib/seahorse/model/operation.rb +6 -0
- data/lib/seahorse/model/shapes.rb +27 -2
- data/lib/seahorse/util.rb +4 -0
- data/sig/aws-sdk-core/client_stubs.rbs +10 -0
- data/sig/aws-sdk-core/errors.rbs +22 -0
- data/sig/aws-sdk-core/resources/collection.rbs +21 -0
- data/sig/aws-sdk-core/structure.rbs +4 -0
- data/sig/aws-sdk-core/waiters/errors.rbs +20 -0
- data/sig/aws-sdk-core.rbs +7 -0
- data/sig/seahorse/client/base.rbs +25 -0
- data/sig/seahorse/client/handler_builder.rbs +16 -0
- data/sig/seahorse/client/response.rbs +61 -0
- metadata +82 -17
- data/lib/aws-sdk-sso/plugins/content_type.rb +0 -25
data/lib/aws-sdk-sts/types.rb
CHANGED
@@ -10,32 +10,6 @@
|
|
10
10
|
module Aws::STS
|
11
11
|
module Types
|
12
12
|
|
13
|
-
# @note When making an API call, you may pass AssumeRoleRequest
|
14
|
-
# data as a hash:
|
15
|
-
#
|
16
|
-
# {
|
17
|
-
# role_arn: "arnType", # required
|
18
|
-
# role_session_name: "roleSessionNameType", # required
|
19
|
-
# policy_arns: [
|
20
|
-
# {
|
21
|
-
# arn: "arnType",
|
22
|
-
# },
|
23
|
-
# ],
|
24
|
-
# policy: "sessionPolicyDocumentType",
|
25
|
-
# duration_seconds: 1,
|
26
|
-
# tags: [
|
27
|
-
# {
|
28
|
-
# key: "tagKeyType", # required
|
29
|
-
# value: "tagValueType", # required
|
30
|
-
# },
|
31
|
-
# ],
|
32
|
-
# transitive_tag_keys: ["tagKeyType"],
|
33
|
-
# external_id: "externalIdType",
|
34
|
-
# serial_number: "serialNumberType",
|
35
|
-
# token_code: "tokenCodeType",
|
36
|
-
# source_identity: "sourceIdentityType",
|
37
|
-
# }
|
38
|
-
#
|
39
13
|
# @!attribute [rw] role_arn
|
40
14
|
# The Amazon Resource Name (ARN) of the role to assume.
|
41
15
|
# @return [String]
|
@@ -70,12 +44,13 @@ module Aws::STS
|
|
70
44
|
# Web Services Service Namespaces][1] in the Amazon Web Services
|
71
45
|
# General Reference.
|
72
46
|
#
|
73
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
74
|
-
#
|
75
|
-
# separate limit. Your request can fail for
|
76
|
-
# plaintext meets the other requirements. The
|
77
|
-
# response element indicates by percentage how
|
78
|
-
# tags for your request are to the upper size
|
47
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
48
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
49
|
+
# binary format that has a separate limit. Your request can fail for
|
50
|
+
# this limit even if your plaintext meets the other requirements. The
|
51
|
+
# `PackedPolicySize` response element indicates by percentage how
|
52
|
+
# close the policies and tags for your request are to the upper size
|
53
|
+
# limit.
|
79
54
|
#
|
80
55
|
# </note>
|
81
56
|
#
|
@@ -116,12 +91,13 @@ module Aws::STS
|
|
116
91
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
117
92
|
# (\\u000D) characters.
|
118
93
|
#
|
119
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
120
|
-
#
|
121
|
-
# separate limit. Your request can fail for
|
122
|
-
# plaintext meets the other requirements. The
|
123
|
-
# response element indicates by percentage how
|
124
|
-
# tags for your request are to the upper size
|
94
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
95
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
96
|
+
# binary format that has a separate limit. Your request can fail for
|
97
|
+
# this limit even if your plaintext meets the other requirements. The
|
98
|
+
# `PackedPolicySize` response element indicates by percentage how
|
99
|
+
# close the policies and tags for your request are to the upper size
|
100
|
+
# limit.
|
125
101
|
#
|
126
102
|
# </note>
|
127
103
|
#
|
@@ -132,16 +108,25 @@ module Aws::STS
|
|
132
108
|
#
|
133
109
|
# @!attribute [rw] duration_seconds
|
134
110
|
# The duration, in seconds, of the role session. The value specified
|
135
|
-
# can
|
136
|
-
#
|
137
|
-
#
|
138
|
-
#
|
139
|
-
#
|
140
|
-
#
|
141
|
-
#
|
142
|
-
#
|
143
|
-
#
|
144
|
-
#
|
111
|
+
# can range from 900 seconds (15 minutes) up to the maximum session
|
112
|
+
# duration set for the role. The maximum session duration setting can
|
113
|
+
# have a value from 1 hour to 12 hours. If you specify a value higher
|
114
|
+
# than this setting or the administrator setting (whichever is lower),
|
115
|
+
# the operation fails. For example, if you specify a session duration
|
116
|
+
# of 12 hours, but your administrator set the maximum session duration
|
117
|
+
# to 6 hours, your operation fails.
|
118
|
+
#
|
119
|
+
# Role chaining limits your Amazon Web Services CLI or Amazon Web
|
120
|
+
# Services API role session to a maximum of one hour. When you use the
|
121
|
+
# `AssumeRole` API operation to assume a role, you can specify the
|
122
|
+
# duration of your role session with the `DurationSeconds` parameter.
|
123
|
+
# You can specify a parameter value of up to 43200 seconds (12 hours),
|
124
|
+
# depending on the maximum session duration setting for your role.
|
125
|
+
# However, if you assume a role using role chaining and provide a
|
126
|
+
# `DurationSeconds` parameter value greater than one hour, the
|
127
|
+
# operation fails. To learn how to view the maximum value for your
|
128
|
+
# role, see [View the Maximum Session Duration Setting for a Role][1]
|
129
|
+
# in the *IAM User Guide*.
|
145
130
|
#
|
146
131
|
# By default, the value is set to `3600` seconds.
|
147
132
|
#
|
@@ -150,8 +135,8 @@ module Aws::STS
|
|
150
135
|
# credentials. The request to the federation endpoint for a console
|
151
136
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
152
137
|
# maximum length of the console session. For more information, see
|
153
|
-
# [Creating a URL that Enables Federated Users to Access the
|
154
|
-
# Management Console][2] in the *IAM User Guide*.
|
138
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
139
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
155
140
|
#
|
156
141
|
# </note>
|
157
142
|
#
|
@@ -164,20 +149,21 @@ module Aws::STS
|
|
164
149
|
# @!attribute [rw] tags
|
165
150
|
# A list of session tags that you want to pass. Each session tag
|
166
151
|
# consists of a key name and an associated value. For more information
|
167
|
-
# about session tags, see [Tagging
|
168
|
-
# Guide*.
|
152
|
+
# about session tags, see [Tagging Amazon Web Services STS
|
153
|
+
# Sessions][1] in the *IAM User Guide*.
|
169
154
|
#
|
170
155
|
# This parameter is optional. You can pass up to 50 session tags. The
|
171
156
|
# plaintext session tag keys can’t exceed 128 characters, and the
|
172
157
|
# values can’t exceed 256 characters. For these and additional limits,
|
173
158
|
# see [IAM and STS Character Limits][2] in the *IAM User Guide*.
|
174
159
|
#
|
175
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
176
|
-
#
|
177
|
-
# separate limit. Your request can fail for
|
178
|
-
# plaintext meets the other requirements. The
|
179
|
-
# response element indicates by percentage how
|
180
|
-
# tags for your request are to the upper size
|
160
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
161
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
162
|
+
# binary format that has a separate limit. Your request can fail for
|
163
|
+
# this limit even if your plaintext meets the other requirements. The
|
164
|
+
# `PackedPolicySize` response element indicates by percentage how
|
165
|
+
# close the policies and tags for your request are to the upper size
|
166
|
+
# limit.
|
181
167
|
#
|
182
168
|
# </note>
|
183
169
|
#
|
@@ -204,7 +190,7 @@ module Aws::STS
|
|
204
190
|
#
|
205
191
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
206
192
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
207
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
193
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
|
208
194
|
# @return [Array<Types::Tag>]
|
209
195
|
#
|
210
196
|
# @!attribute [rw] transitive_tag_keys
|
@@ -301,6 +287,19 @@ module Aws::STS
|
|
301
287
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
302
288
|
# @return [String]
|
303
289
|
#
|
290
|
+
# @!attribute [rw] provided_contexts
|
291
|
+
# A list of previously acquired trusted context assertions in the
|
292
|
+
# format of a JSON array. The trusted context assertion is signed and
|
293
|
+
# encrypted by Amazon Web Services STS.
|
294
|
+
#
|
295
|
+
# The following is an example of a `ProvidedContext` value that
|
296
|
+
# includes a single trusted context assertion and the ARN of the
|
297
|
+
# context provider from which the trusted context assertion was
|
298
|
+
# generated.
|
299
|
+
#
|
300
|
+
# `[\{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"\}]`
|
301
|
+
# @return [Array<Types::ProvidedContext>]
|
302
|
+
#
|
304
303
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleRequest AWS API Documentation
|
305
304
|
#
|
306
305
|
class AssumeRoleRequest < Struct.new(
|
@@ -314,7 +313,8 @@ module Aws::STS
|
|
314
313
|
:external_id,
|
315
314
|
:serial_number,
|
316
315
|
:token_code,
|
317
|
-
:source_identity
|
316
|
+
:source_identity,
|
317
|
+
:provided_contexts)
|
318
318
|
SENSITIVE = []
|
319
319
|
include Aws::Structure
|
320
320
|
end
|
@@ -385,22 +385,6 @@ module Aws::STS
|
|
385
385
|
include Aws::Structure
|
386
386
|
end
|
387
387
|
|
388
|
-
# @note When making an API call, you may pass AssumeRoleWithSAMLRequest
|
389
|
-
# data as a hash:
|
390
|
-
#
|
391
|
-
# {
|
392
|
-
# role_arn: "arnType", # required
|
393
|
-
# principal_arn: "arnType", # required
|
394
|
-
# saml_assertion: "SAMLAssertionType", # required
|
395
|
-
# policy_arns: [
|
396
|
-
# {
|
397
|
-
# arn: "arnType",
|
398
|
-
# },
|
399
|
-
# ],
|
400
|
-
# policy: "sessionPolicyDocumentType",
|
401
|
-
# duration_seconds: 1,
|
402
|
-
# }
|
403
|
-
#
|
404
388
|
# @!attribute [rw] role_arn
|
405
389
|
# The Amazon Resource Name (ARN) of the role that the caller is
|
406
390
|
# assuming.
|
@@ -434,12 +418,13 @@ module Aws::STS
|
|
434
418
|
# Web Services Service Namespaces][1] in the Amazon Web Services
|
435
419
|
# General Reference.
|
436
420
|
#
|
437
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
438
|
-
#
|
439
|
-
# separate limit. Your request can fail for
|
440
|
-
# plaintext meets the other requirements. The
|
441
|
-
# response element indicates by percentage how
|
442
|
-
# tags for your request are to the upper size
|
421
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
422
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
423
|
+
# binary format that has a separate limit. Your request can fail for
|
424
|
+
# this limit even if your plaintext meets the other requirements. The
|
425
|
+
# `PackedPolicySize` response element indicates by percentage how
|
426
|
+
# close the policies and tags for your request are to the upper size
|
427
|
+
# limit.
|
443
428
|
#
|
444
429
|
# </note>
|
445
430
|
#
|
@@ -480,12 +465,13 @@ module Aws::STS
|
|
480
465
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
481
466
|
# (\\u000D) characters.
|
482
467
|
#
|
483
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
484
|
-
#
|
485
|
-
# separate limit. Your request can fail for
|
486
|
-
# plaintext meets the other requirements. The
|
487
|
-
# response element indicates by percentage how
|
488
|
-
# tags for your request are to the upper size
|
468
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
469
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
470
|
+
# binary format that has a separate limit. Your request can fail for
|
471
|
+
# this limit even if your plaintext meets the other requirements. The
|
472
|
+
# `PackedPolicySize` response element indicates by percentage how
|
473
|
+
# close the policies and tags for your request are to the upper size
|
474
|
+
# limit.
|
489
475
|
#
|
490
476
|
# </note>
|
491
477
|
#
|
@@ -516,8 +502,8 @@ module Aws::STS
|
|
516
502
|
# credentials. The request to the federation endpoint for a console
|
517
503
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
518
504
|
# maximum length of the console session. For more information, see
|
519
|
-
# [Creating a URL that Enables Federated Users to Access the
|
520
|
-
# Management Console][2] in the *IAM User Guide*.
|
505
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
506
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
521
507
|
#
|
522
508
|
# </note>
|
523
509
|
#
|
@@ -536,7 +522,7 @@ module Aws::STS
|
|
536
522
|
:policy_arns,
|
537
523
|
:policy,
|
538
524
|
:duration_seconds)
|
539
|
-
SENSITIVE = []
|
525
|
+
SENSITIVE = [:saml_assertion]
|
540
526
|
include Aws::Structure
|
541
527
|
end
|
542
528
|
|
@@ -604,7 +590,7 @@ module Aws::STS
|
|
604
590
|
# in IAM.
|
605
591
|
#
|
606
592
|
# The combination of `NameQualifier` and `Subject` can be used to
|
607
|
-
# uniquely identify a
|
593
|
+
# uniquely identify a user.
|
608
594
|
#
|
609
595
|
# The following pseudocode shows how the hash value is calculated:
|
610
596
|
#
|
@@ -656,23 +642,6 @@ module Aws::STS
|
|
656
642
|
include Aws::Structure
|
657
643
|
end
|
658
644
|
|
659
|
-
# @note When making an API call, you may pass AssumeRoleWithWebIdentityRequest
|
660
|
-
# data as a hash:
|
661
|
-
#
|
662
|
-
# {
|
663
|
-
# role_arn: "arnType", # required
|
664
|
-
# role_session_name: "roleSessionNameType", # required
|
665
|
-
# web_identity_token: "clientTokenType", # required
|
666
|
-
# provider_id: "urlType",
|
667
|
-
# policy_arns: [
|
668
|
-
# {
|
669
|
-
# arn: "arnType",
|
670
|
-
# },
|
671
|
-
# ],
|
672
|
-
# policy: "sessionPolicyDocumentType",
|
673
|
-
# duration_seconds: 1,
|
674
|
-
# }
|
675
|
-
#
|
676
645
|
# @!attribute [rw] role_arn
|
677
646
|
# The Amazon Resource Name (ARN) of the role that the caller is
|
678
647
|
# assuming.
|
@@ -697,17 +666,18 @@ module Aws::STS
|
|
697
666
|
# provided by the identity provider. Your application must get this
|
698
667
|
# token by authenticating the user who is using your application with
|
699
668
|
# a web identity provider before the application makes an
|
700
|
-
# `AssumeRoleWithWebIdentity` call.
|
669
|
+
# `AssumeRoleWithWebIdentity` call. Only tokens with RSA algorithms
|
670
|
+
# (RS256) are supported.
|
701
671
|
# @return [String]
|
702
672
|
#
|
703
673
|
# @!attribute [rw] provider_id
|
704
|
-
# The fully qualified host component of the domain name of the
|
705
|
-
# identity provider.
|
674
|
+
# The fully qualified host component of the domain name of the OAuth
|
675
|
+
# 2.0 identity provider. Do not specify this value for an OpenID
|
676
|
+
# Connect identity provider.
|
706
677
|
#
|
707
|
-
#
|
708
|
-
#
|
709
|
-
#
|
710
|
-
# schemes and port numbers.
|
678
|
+
# Currently `www.amazon.com` and `graph.facebook.com` are the only
|
679
|
+
# supported identity providers for OAuth 2.0 access tokens. Do not
|
680
|
+
# include URL schemes and port numbers.
|
711
681
|
#
|
712
682
|
# Do not specify this value for OpenID Connect ID tokens.
|
713
683
|
# @return [String]
|
@@ -724,12 +694,13 @@ module Aws::STS
|
|
724
694
|
# Web Services Service Namespaces][1] in the Amazon Web Services
|
725
695
|
# General Reference.
|
726
696
|
#
|
727
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
728
|
-
#
|
729
|
-
# separate limit. Your request can fail for
|
730
|
-
# plaintext meets the other requirements. The
|
731
|
-
# response element indicates by percentage how
|
732
|
-
# tags for your request are to the upper size
|
697
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
698
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
699
|
+
# binary format that has a separate limit. Your request can fail for
|
700
|
+
# this limit even if your plaintext meets the other requirements. The
|
701
|
+
# `PackedPolicySize` response element indicates by percentage how
|
702
|
+
# close the policies and tags for your request are to the upper size
|
703
|
+
# limit.
|
733
704
|
#
|
734
705
|
# </note>
|
735
706
|
#
|
@@ -770,12 +741,13 @@ module Aws::STS
|
|
770
741
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
771
742
|
# (\\u000D) characters.
|
772
743
|
#
|
773
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
774
|
-
#
|
775
|
-
# separate limit. Your request can fail for
|
776
|
-
# plaintext meets the other requirements. The
|
777
|
-
# response element indicates by percentage how
|
778
|
-
# tags for your request are to the upper size
|
744
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
745
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
746
|
+
# binary format that has a separate limit. Your request can fail for
|
747
|
+
# this limit even if your plaintext meets the other requirements. The
|
748
|
+
# `PackedPolicySize` response element indicates by percentage how
|
749
|
+
# close the policies and tags for your request are to the upper size
|
750
|
+
# limit.
|
779
751
|
#
|
780
752
|
# </note>
|
781
753
|
#
|
@@ -802,8 +774,8 @@ module Aws::STS
|
|
802
774
|
# credentials. The request to the federation endpoint for a console
|
803
775
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
804
776
|
# maximum length of the console session. For more information, see
|
805
|
-
# [Creating a URL that Enables Federated Users to Access the
|
806
|
-
# Management Console][2] in the *IAM User Guide*.
|
777
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
778
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
807
779
|
#
|
808
780
|
# </note>
|
809
781
|
#
|
@@ -823,7 +795,7 @@ module Aws::STS
|
|
823
795
|
:policy_arns,
|
824
796
|
:policy,
|
825
797
|
:duration_seconds)
|
826
|
-
SENSITIVE = []
|
798
|
+
SENSITIVE = [:web_identity_token]
|
827
799
|
include Aws::Structure
|
828
800
|
end
|
829
801
|
|
@@ -984,17 +956,10 @@ module Aws::STS
|
|
984
956
|
:secret_access_key,
|
985
957
|
:session_token,
|
986
958
|
:expiration)
|
987
|
-
SENSITIVE = []
|
959
|
+
SENSITIVE = [:secret_access_key]
|
988
960
|
include Aws::Structure
|
989
961
|
end
|
990
962
|
|
991
|
-
# @note When making an API call, you may pass DecodeAuthorizationMessageRequest
|
992
|
-
# data as a hash:
|
993
|
-
#
|
994
|
-
# {
|
995
|
-
# encoded_message: "encodedMessageType", # required
|
996
|
-
# }
|
997
|
-
#
|
998
963
|
# @!attribute [rw] encoded_message
|
999
964
|
# The encoded message that was returned with the response.
|
1000
965
|
# @return [String]
|
@@ -1012,7 +977,7 @@ module Aws::STS
|
|
1012
977
|
# returned in response to an Amazon Web Services request.
|
1013
978
|
#
|
1014
979
|
# @!attribute [rw] decoded_message
|
1015
|
-
#
|
980
|
+
# The API returns a response with the decoded message.
|
1016
981
|
# @return [String]
|
1017
982
|
#
|
1018
983
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse AWS API Documentation
|
@@ -1065,13 +1030,6 @@ module Aws::STS
|
|
1065
1030
|
include Aws::Structure
|
1066
1031
|
end
|
1067
1032
|
|
1068
|
-
# @note When making an API call, you may pass GetAccessKeyInfoRequest
|
1069
|
-
# data as a hash:
|
1070
|
-
#
|
1071
|
-
# {
|
1072
|
-
# access_key_id: "accessKeyIdType", # required
|
1073
|
-
# }
|
1074
|
-
#
|
1075
1033
|
# @!attribute [rw] access_key_id
|
1076
1034
|
# The identifier of an access key.
|
1077
1035
|
#
|
@@ -1140,26 +1098,6 @@ module Aws::STS
|
|
1140
1098
|
include Aws::Structure
|
1141
1099
|
end
|
1142
1100
|
|
1143
|
-
# @note When making an API call, you may pass GetFederationTokenRequest
|
1144
|
-
# data as a hash:
|
1145
|
-
#
|
1146
|
-
# {
|
1147
|
-
# name: "userNameType", # required
|
1148
|
-
# policy: "sessionPolicyDocumentType",
|
1149
|
-
# policy_arns: [
|
1150
|
-
# {
|
1151
|
-
# arn: "arnType",
|
1152
|
-
# },
|
1153
|
-
# ],
|
1154
|
-
# duration_seconds: 1,
|
1155
|
-
# tags: [
|
1156
|
-
# {
|
1157
|
-
# key: "tagKeyType", # required
|
1158
|
-
# value: "tagValueType", # required
|
1159
|
-
# },
|
1160
|
-
# ],
|
1161
|
-
# }
|
1162
|
-
#
|
1163
1101
|
# @!attribute [rw] name
|
1164
1102
|
# The name of the federated user. The name is used as an identifier
|
1165
1103
|
# for the temporary security credentials (such as `Bob`). For example,
|
@@ -1178,8 +1116,8 @@ module Aws::STS
|
|
1178
1116
|
#
|
1179
1117
|
# You must pass an inline or managed [session policy][1] to this
|
1180
1118
|
# operation. You can pass a single JSON policy document to use as an
|
1181
|
-
# inline session policy. You can also specify up to 10 managed
|
1182
|
-
#
|
1119
|
+
# inline session policy. You can also specify up to 10 managed policy
|
1120
|
+
# Amazon Resource Names (ARNs) to use as managed session policies.
|
1183
1121
|
#
|
1184
1122
|
# This parameter is optional. However, if you do not pass any session
|
1185
1123
|
# policies, then the resulting federated user session has no
|
@@ -1207,12 +1145,13 @@ module Aws::STS
|
|
1207
1145
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
1208
1146
|
# (\\u000D) characters.
|
1209
1147
|
#
|
1210
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
1211
|
-
#
|
1212
|
-
# separate limit. Your request can fail for
|
1213
|
-
# plaintext meets the other requirements. The
|
1214
|
-
# response element indicates by percentage how
|
1215
|
-
# tags for your request are to the upper size
|
1148
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
1149
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
1150
|
+
# binary format that has a separate limit. Your request can fail for
|
1151
|
+
# this limit even if your plaintext meets the other requirements. The
|
1152
|
+
# `PackedPolicySize` response element indicates by percentage how
|
1153
|
+
# close the policies and tags for your request are to the upper size
|
1154
|
+
# limit.
|
1216
1155
|
#
|
1217
1156
|
# </note>
|
1218
1157
|
#
|
@@ -1229,13 +1168,13 @@ module Aws::STS
|
|
1229
1168
|
#
|
1230
1169
|
# You must pass an inline or managed [session policy][1] to this
|
1231
1170
|
# operation. You can pass a single JSON policy document to use as an
|
1232
|
-
# inline session policy. You can also specify up to 10 managed
|
1233
|
-
#
|
1234
|
-
# use for both inline and managed session policies
|
1235
|
-
# characters. You can provide up to 10 managed
|
1236
|
-
# information about ARNs, see [Amazon Resource
|
1237
|
-
# Web Services Service Namespaces][2] in the
|
1238
|
-
# General Reference.
|
1171
|
+
# inline session policy. You can also specify up to 10 managed policy
|
1172
|
+
# Amazon Resource Names (ARNs) to use as managed session policies. The
|
1173
|
+
# plaintext that you use for both inline and managed session policies
|
1174
|
+
# can't exceed 2,048 characters. You can provide up to 10 managed
|
1175
|
+
# policy ARNs. For more information about ARNs, see [Amazon Resource
|
1176
|
+
# Names (ARNs) and Amazon Web Services Service Namespaces][2] in the
|
1177
|
+
# Amazon Web Services General Reference.
|
1239
1178
|
#
|
1240
1179
|
# This parameter is optional. However, if you do not pass any session
|
1241
1180
|
# policies, then the resulting federated user session has no
|
@@ -1256,12 +1195,13 @@ module Aws::STS
|
|
1256
1195
|
# are granted in addition to the permissions that are granted by the
|
1257
1196
|
# session policies.
|
1258
1197
|
#
|
1259
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
1260
|
-
#
|
1261
|
-
# separate limit. Your request can fail for
|
1262
|
-
# plaintext meets the other requirements. The
|
1263
|
-
# response element indicates by percentage how
|
1264
|
-
# tags for your request are to the upper size
|
1198
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
1199
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
1200
|
+
# binary format that has a separate limit. Your request can fail for
|
1201
|
+
# this limit even if your plaintext meets the other requirements. The
|
1202
|
+
# `PackedPolicySize` response element indicates by percentage how
|
1203
|
+
# close the policies and tags for your request are to the upper size
|
1204
|
+
# limit.
|
1265
1205
|
#
|
1266
1206
|
# </note>
|
1267
1207
|
#
|
@@ -1275,11 +1215,10 @@ module Aws::STS
|
|
1275
1215
|
# The duration, in seconds, that the session should last. Acceptable
|
1276
1216
|
# durations for federation sessions range from 900 seconds (15
|
1277
1217
|
# minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12
|
1278
|
-
# hours) as the default. Sessions obtained using
|
1279
|
-
#
|
1280
|
-
#
|
1281
|
-
#
|
1282
|
-
# to one hour.
|
1218
|
+
# hours) as the default. Sessions obtained using root user credentials
|
1219
|
+
# are restricted to a maximum of 3,600 seconds (one hour). If the
|
1220
|
+
# specified duration is longer than one hour, the session obtained by
|
1221
|
+
# using root user credentials defaults to one hour.
|
1283
1222
|
# @return [Integer]
|
1284
1223
|
#
|
1285
1224
|
# @!attribute [rw] tags
|
@@ -1292,12 +1231,13 @@ module Aws::STS
|
|
1292
1231
|
# values can’t exceed 256 characters. For these and additional limits,
|
1293
1232
|
# see [IAM and STS Character Limits][2] in the *IAM User Guide*.
|
1294
1233
|
#
|
1295
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
1296
|
-
#
|
1297
|
-
# separate limit. Your request can fail for
|
1298
|
-
# plaintext meets the other requirements. The
|
1299
|
-
# response element indicates by percentage how
|
1300
|
-
# tags for your request are to the upper size
|
1234
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
1235
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
1236
|
+
# binary format that has a separate limit. Your request can fail for
|
1237
|
+
# this limit even if your plaintext meets the other requirements. The
|
1238
|
+
# `PackedPolicySize` response element indicates by percentage how
|
1239
|
+
# close the policies and tags for your request are to the upper size
|
1240
|
+
# limit.
|
1301
1241
|
#
|
1302
1242
|
# </note>
|
1303
1243
|
#
|
@@ -1370,15 +1310,6 @@ module Aws::STS
|
|
1370
1310
|
include Aws::Structure
|
1371
1311
|
end
|
1372
1312
|
|
1373
|
-
# @note When making an API call, you may pass GetSessionTokenRequest
|
1374
|
-
# data as a hash:
|
1375
|
-
#
|
1376
|
-
# {
|
1377
|
-
# duration_seconds: 1,
|
1378
|
-
# serial_number: "serialNumberType",
|
1379
|
-
# token_code: "tokenCodeType",
|
1380
|
-
# }
|
1381
|
-
#
|
1382
1313
|
# @!attribute [rw] duration_seconds
|
1383
1314
|
# The duration, in seconds, that the credentials should remain valid.
|
1384
1315
|
# Acceptable durations for IAM user sessions range from 900 seconds
|
@@ -1396,8 +1327,8 @@ module Aws::STS
|
|
1396
1327
|
# The value is either the serial number for a hardware device (such as
|
1397
1328
|
# `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual
|
1398
1329
|
# device (such as `arn:aws:iam::123456789012:mfa/user`). You can find
|
1399
|
-
# the device for an IAM user by going to the
|
1400
|
-
# viewing the user's security credentials.
|
1330
|
+
# the device for an IAM user by going to the Amazon Web Services
|
1331
|
+
# Management Console and viewing the user's security credentials.
|
1401
1332
|
#
|
1402
1333
|
# The regex used to validate this parameter is a string of characters
|
1403
1334
|
# consisting of upper- and lower-case alphanumeric characters with no
|
@@ -1546,7 +1477,7 @@ module Aws::STS
|
|
1546
1477
|
#
|
1547
1478
|
#
|
1548
1479
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1549
|
-
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1480
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length
|
1550
1481
|
#
|
1551
1482
|
# @!attribute [rw] message
|
1552
1483
|
# @return [String]
|
@@ -1562,13 +1493,6 @@ module Aws::STS
|
|
1562
1493
|
# A reference to the IAM managed policy that is passed as a session
|
1563
1494
|
# policy for a role session or a federated user session.
|
1564
1495
|
#
|
1565
|
-
# @note When making an API call, you may pass PolicyDescriptorType
|
1566
|
-
# data as a hash:
|
1567
|
-
#
|
1568
|
-
# {
|
1569
|
-
# arn: "arnType",
|
1570
|
-
# }
|
1571
|
-
#
|
1572
1496
|
# @!attribute [rw] arn
|
1573
1497
|
# The Amazon Resource Name (ARN) of the IAM managed policy to use as a
|
1574
1498
|
# session policy for the role. For more information about ARNs, see
|
@@ -1588,6 +1512,30 @@ module Aws::STS
|
|
1588
1512
|
include Aws::Structure
|
1589
1513
|
end
|
1590
1514
|
|
1515
|
+
# Contains information about the provided context. This includes the
|
1516
|
+
# signed and encrypted trusted context assertion and the context
|
1517
|
+
# provider ARN from which the trusted context assertion was generated.
|
1518
|
+
#
|
1519
|
+
# @!attribute [rw] provider_arn
|
1520
|
+
# The context provider ARN from which the trusted context assertion
|
1521
|
+
# was generated.
|
1522
|
+
# @return [String]
|
1523
|
+
#
|
1524
|
+
# @!attribute [rw] context_assertion
|
1525
|
+
# The signed and encrypted trusted context assertion generated by the
|
1526
|
+
# context provider. The trusted context assertion is signed and
|
1527
|
+
# encrypted by Amazon Web Services STS.
|
1528
|
+
# @return [String]
|
1529
|
+
#
|
1530
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/ProvidedContext AWS API Documentation
|
1531
|
+
#
|
1532
|
+
class ProvidedContext < Struct.new(
|
1533
|
+
:provider_arn,
|
1534
|
+
:context_assertion)
|
1535
|
+
SENSITIVE = []
|
1536
|
+
include Aws::Structure
|
1537
|
+
end
|
1538
|
+
|
1591
1539
|
# STS is not activated in the requested region for the account that is
|
1592
1540
|
# being asked to generate credentials. The account administrator must
|
1593
1541
|
# use the IAM console to activate STS in that region. For more
|
@@ -1612,20 +1560,13 @@ module Aws::STS
|
|
1612
1560
|
# You can pass custom key-value pair attributes when you assume a role
|
1613
1561
|
# or federate a user. These are called session tags. You can then use
|
1614
1562
|
# the session tags to control access to resources. For more information,
|
1615
|
-
# see [Tagging STS Sessions][1] in the *IAM User
|
1563
|
+
# see [Tagging Amazon Web Services STS Sessions][1] in the *IAM User
|
1564
|
+
# Guide*.
|
1616
1565
|
#
|
1617
1566
|
#
|
1618
1567
|
#
|
1619
1568
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1620
1569
|
#
|
1621
|
-
# @note When making an API call, you may pass Tag
|
1622
|
-
# data as a hash:
|
1623
|
-
#
|
1624
|
-
# {
|
1625
|
-
# key: "tagKeyType", # required
|
1626
|
-
# value: "tagValueType", # required
|
1627
|
-
# }
|
1628
|
-
#
|
1629
1570
|
# @!attribute [rw] key
|
1630
1571
|
# The key for a session tag.
|
1631
1572
|
#
|