aws-sdk-core 3.122.0 → 3.180.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +505 -0
- data/VERSION +1 -1
- data/lib/aws-defaults/default_configuration.rb +153 -0
- data/lib/aws-defaults/defaults_mode_config_resolver.rb +107 -0
- data/lib/aws-defaults.rb +3 -0
- data/lib/aws-sdk-core/arn.rb +13 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +21 -7
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +14 -10
- data/lib/aws-sdk-core/binary/encode_handler.rb +12 -1
- data/lib/aws-sdk-core/client_stubs.rb +5 -1
- data/lib/aws-sdk-core/credential_provider.rb +3 -0
- data/lib/aws-sdk-core/credential_provider_chain.rb +8 -5
- data/lib/aws-sdk-core/ec2_metadata.rb +3 -2
- data/lib/aws-sdk-core/ecs_credentials.rb +121 -53
- data/lib/aws-sdk-core/endpoints/condition.rb +41 -0
- data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
- data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +75 -0
- data/lib/aws-sdk-core/endpoints/error_rule.rb +42 -0
- data/lib/aws-sdk-core/endpoints/function.rb +80 -0
- data/lib/aws-sdk-core/endpoints/matchers.rb +127 -0
- data/lib/aws-sdk-core/endpoints/reference.rb +31 -0
- data/lib/aws-sdk-core/endpoints/rule.rb +25 -0
- data/lib/aws-sdk-core/endpoints/rule_set.rb +52 -0
- data/lib/aws-sdk-core/endpoints/rules_provider.rb +37 -0
- data/lib/aws-sdk-core/endpoints/templater.rb +58 -0
- data/lib/aws-sdk-core/endpoints/tree_rule.rb +45 -0
- data/lib/aws-sdk-core/endpoints/url.rb +60 -0
- data/lib/aws-sdk-core/endpoints.rb +78 -0
- data/lib/aws-sdk-core/errors.rb +14 -1
- data/lib/aws-sdk-core/ini_parser.rb +1 -1
- data/lib/aws-sdk-core/instance_profile_credentials.rb +85 -14
- data/lib/aws-sdk-core/json/error_handler.rb +20 -1
- data/lib/aws-sdk-core/log/formatter.rb +6 -0
- data/lib/aws-sdk-core/pageable_response.rb +81 -32
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
- data/lib/aws-sdk-core/plugins/checksum_algorithm.rb +340 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +27 -1
- data/lib/aws-sdk-core/plugins/defaults_mode.rb +40 -0
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +6 -2
- data/lib/aws-sdk-core/plugins/http_checksum.rb +8 -1
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +38 -0
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +111 -30
- data/lib/aws-sdk-core/plugins/request_compression.rb +217 -0
- data/lib/aws-sdk-core/plugins/response_paging.rb +1 -1
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +7 -4
- data/lib/aws-sdk-core/plugins/retry_errors.rb +21 -5
- data/lib/aws-sdk-core/plugins/sign.rb +201 -0
- data/lib/aws-sdk-core/plugins/signature_v2.rb +1 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +15 -8
- data/lib/aws-sdk-core/plugins/stub_responses.rb +5 -1
- data/lib/aws-sdk-core/plugins/user_agent.rb +117 -14
- data/lib/aws-sdk-core/process_credentials.rb +9 -11
- data/lib/aws-sdk-core/refreshing_credentials.rb +41 -16
- data/lib/aws-sdk-core/refreshing_token.rb +71 -0
- data/lib/aws-sdk-core/rest/handler.rb +1 -1
- data/lib/aws-sdk-core/rest/request/headers.rb +14 -6
- data/lib/aws-sdk-core/rest/response/headers.rb +2 -0
- data/lib/aws-sdk-core/shared_config.rb +103 -12
- data/lib/aws-sdk-core/sso_credentials.rb +91 -50
- data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
- data/lib/aws-sdk-core/static_token_provider.rb +14 -0
- data/lib/aws-sdk-core/structure.rb +6 -4
- data/lib/aws-sdk-core/stubbing/stub_data.rb +11 -0
- data/lib/aws-sdk-core/token.rb +31 -0
- data/lib/aws-sdk-core/token_provider.rb +15 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
- data/lib/aws-sdk-core/waiters/poller.rb +3 -1
- data/lib/aws-sdk-core/xml/error_handler.rb +7 -0
- data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
- data/lib/aws-sdk-core/xml/parser/engines/ox.rb +1 -1
- data/lib/aws-sdk-core.rb +17 -0
- data/lib/aws-sdk-sso/client.rb +88 -13
- data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-sso/endpoint_provider.rb +51 -0
- data/lib/aws-sdk-sso/endpoints.rb +72 -0
- data/lib/aws-sdk-sso/plugins/endpoints.rb +76 -0
- data/lib/aws-sdk-sso/types.rb +8 -43
- data/lib/aws-sdk-sso.rb +5 -1
- data/lib/aws-sdk-ssooidc/client.rb +626 -0
- data/lib/aws-sdk-ssooidc/client_api.rb +216 -0
- data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +51 -0
- data/lib/aws-sdk-ssooidc/endpoints.rb +58 -0
- data/lib/aws-sdk-ssooidc/errors.rb +290 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +74 -0
- data/lib/aws-sdk-ssooidc/resource.rb +26 -0
- data/lib/aws-sdk-ssooidc/types.rb +502 -0
- data/lib/aws-sdk-ssooidc.rb +59 -0
- data/lib/aws-sdk-sts/client.rb +394 -362
- data/lib/aws-sdk-sts/client_api.rb +10 -0
- data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
- data/lib/aws-sdk-sts/endpoint_provider.rb +112 -0
- data/lib/aws-sdk-sts/endpoints.rb +136 -0
- data/lib/aws-sdk-sts/plugins/endpoints.rb +84 -0
- data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb +5 -1
- data/lib/aws-sdk-sts/presigner.rb +13 -15
- data/lib/aws-sdk-sts/types.rb +154 -227
- data/lib/aws-sdk-sts.rb +5 -1
- data/lib/seahorse/client/async_base.rb +0 -1
- data/lib/seahorse/client/configuration.rb +1 -5
- data/lib/seahorse/client/h2/connection.rb +12 -11
- data/lib/seahorse/client/net_http/connection_pool.rb +7 -0
- data/lib/seahorse/client/plugins/net_http.rb +33 -2
- data/lib/seahorse/client/plugins/request_callback.rb +9 -9
- data/lib/seahorse/client/response.rb +6 -0
- data/lib/seahorse/model/operation.rb +6 -0
- data/lib/seahorse/util.rb +4 -0
- metadata +62 -8
data/lib/aws-sdk-sts/types.rb
CHANGED
@@ -10,32 +10,6 @@
|
|
10
10
|
module Aws::STS
|
11
11
|
module Types
|
12
12
|
|
13
|
-
# @note When making an API call, you may pass AssumeRoleRequest
|
14
|
-
# data as a hash:
|
15
|
-
#
|
16
|
-
# {
|
17
|
-
# role_arn: "arnType", # required
|
18
|
-
# role_session_name: "roleSessionNameType", # required
|
19
|
-
# policy_arns: [
|
20
|
-
# {
|
21
|
-
# arn: "arnType",
|
22
|
-
# },
|
23
|
-
# ],
|
24
|
-
# policy: "sessionPolicyDocumentType",
|
25
|
-
# duration_seconds: 1,
|
26
|
-
# tags: [
|
27
|
-
# {
|
28
|
-
# key: "tagKeyType", # required
|
29
|
-
# value: "tagValueType", # required
|
30
|
-
# },
|
31
|
-
# ],
|
32
|
-
# transitive_tag_keys: ["tagKeyType"],
|
33
|
-
# external_id: "externalIdType",
|
34
|
-
# serial_number: "serialNumberType",
|
35
|
-
# token_code: "tokenCodeType",
|
36
|
-
# source_identity: "sourceIdentityType",
|
37
|
-
# }
|
38
|
-
#
|
39
13
|
# @!attribute [rw] role_arn
|
40
14
|
# The Amazon Resource Name (ARN) of the role to assume.
|
41
15
|
# @return [String]
|
@@ -70,12 +44,13 @@ module Aws::STS
|
|
70
44
|
# Web Services Service Namespaces][1] in the Amazon Web Services
|
71
45
|
# General Reference.
|
72
46
|
#
|
73
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
74
|
-
#
|
75
|
-
# separate limit. Your request can fail for
|
76
|
-
# plaintext meets the other requirements. The
|
77
|
-
# response element indicates by percentage how
|
78
|
-
# tags for your request are to the upper size
|
47
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
48
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
49
|
+
# binary format that has a separate limit. Your request can fail for
|
50
|
+
# this limit even if your plaintext meets the other requirements. The
|
51
|
+
# `PackedPolicySize` response element indicates by percentage how
|
52
|
+
# close the policies and tags for your request are to the upper size
|
53
|
+
# limit.
|
79
54
|
#
|
80
55
|
# </note>
|
81
56
|
#
|
@@ -116,12 +91,13 @@ module Aws::STS
|
|
116
91
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
117
92
|
# (\\u000D) characters.
|
118
93
|
#
|
119
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
120
|
-
#
|
121
|
-
# separate limit. Your request can fail for
|
122
|
-
# plaintext meets the other requirements. The
|
123
|
-
# response element indicates by percentage how
|
124
|
-
# tags for your request are to the upper size
|
94
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
95
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
96
|
+
# binary format that has a separate limit. Your request can fail for
|
97
|
+
# this limit even if your plaintext meets the other requirements. The
|
98
|
+
# `PackedPolicySize` response element indicates by percentage how
|
99
|
+
# close the policies and tags for your request are to the upper size
|
100
|
+
# limit.
|
125
101
|
#
|
126
102
|
# </note>
|
127
103
|
#
|
@@ -132,16 +108,25 @@ module Aws::STS
|
|
132
108
|
#
|
133
109
|
# @!attribute [rw] duration_seconds
|
134
110
|
# The duration, in seconds, of the role session. The value specified
|
135
|
-
# can
|
136
|
-
#
|
137
|
-
#
|
138
|
-
#
|
139
|
-
#
|
140
|
-
#
|
141
|
-
#
|
142
|
-
#
|
143
|
-
#
|
144
|
-
#
|
111
|
+
# can range from 900 seconds (15 minutes) up to the maximum session
|
112
|
+
# duration set for the role. The maximum session duration setting can
|
113
|
+
# have a value from 1 hour to 12 hours. If you specify a value higher
|
114
|
+
# than this setting or the administrator setting (whichever is lower),
|
115
|
+
# the operation fails. For example, if you specify a session duration
|
116
|
+
# of 12 hours, but your administrator set the maximum session duration
|
117
|
+
# to 6 hours, your operation fails.
|
118
|
+
#
|
119
|
+
# Role chaining limits your Amazon Web Services CLI or Amazon Web
|
120
|
+
# Services API role session to a maximum of one hour. When you use the
|
121
|
+
# `AssumeRole` API operation to assume a role, you can specify the
|
122
|
+
# duration of your role session with the `DurationSeconds` parameter.
|
123
|
+
# You can specify a parameter value of up to 43200 seconds (12 hours),
|
124
|
+
# depending on the maximum session duration setting for your role.
|
125
|
+
# However, if you assume a role using role chaining and provide a
|
126
|
+
# `DurationSeconds` parameter value greater than one hour, the
|
127
|
+
# operation fails. To learn how to view the maximum value for your
|
128
|
+
# role, see [View the Maximum Session Duration Setting for a Role][1]
|
129
|
+
# in the *IAM User Guide*.
|
145
130
|
#
|
146
131
|
# By default, the value is set to `3600` seconds.
|
147
132
|
#
|
@@ -150,8 +135,8 @@ module Aws::STS
|
|
150
135
|
# credentials. The request to the federation endpoint for a console
|
151
136
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
152
137
|
# maximum length of the console session. For more information, see
|
153
|
-
# [Creating a URL that Enables Federated Users to Access the
|
154
|
-
# Management Console][2] in the *IAM User Guide*.
|
138
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
139
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
155
140
|
#
|
156
141
|
# </note>
|
157
142
|
#
|
@@ -164,20 +149,21 @@ module Aws::STS
|
|
164
149
|
# @!attribute [rw] tags
|
165
150
|
# A list of session tags that you want to pass. Each session tag
|
166
151
|
# consists of a key name and an associated value. For more information
|
167
|
-
# about session tags, see [Tagging
|
168
|
-
# Guide*.
|
152
|
+
# about session tags, see [Tagging Amazon Web Services STS
|
153
|
+
# Sessions][1] in the *IAM User Guide*.
|
169
154
|
#
|
170
155
|
# This parameter is optional. You can pass up to 50 session tags. The
|
171
156
|
# plaintext session tag keys can’t exceed 128 characters, and the
|
172
157
|
# values can’t exceed 256 characters. For these and additional limits,
|
173
158
|
# see [IAM and STS Character Limits][2] in the *IAM User Guide*.
|
174
159
|
#
|
175
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
176
|
-
#
|
177
|
-
# separate limit. Your request can fail for
|
178
|
-
# plaintext meets the other requirements. The
|
179
|
-
# response element indicates by percentage how
|
180
|
-
# tags for your request are to the upper size
|
160
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
161
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
162
|
+
# binary format that has a separate limit. Your request can fail for
|
163
|
+
# this limit even if your plaintext meets the other requirements. The
|
164
|
+
# `PackedPolicySize` response element indicates by percentage how
|
165
|
+
# close the policies and tags for your request are to the upper size
|
166
|
+
# limit.
|
181
167
|
#
|
182
168
|
# </note>
|
183
169
|
#
|
@@ -204,7 +190,7 @@ module Aws::STS
|
|
204
190
|
#
|
205
191
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
206
192
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
207
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
193
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs
|
208
194
|
# @return [Array<Types::Tag>]
|
209
195
|
#
|
210
196
|
# @!attribute [rw] transitive_tag_keys
|
@@ -301,6 +287,10 @@ module Aws::STS
|
|
301
287
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
|
302
288
|
# @return [String]
|
303
289
|
#
|
290
|
+
# @!attribute [rw] provided_contexts
|
291
|
+
# Reserved for future use.
|
292
|
+
# @return [Array<Types::ProvidedContext>]
|
293
|
+
#
|
304
294
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleRequest AWS API Documentation
|
305
295
|
#
|
306
296
|
class AssumeRoleRequest < Struct.new(
|
@@ -314,7 +304,8 @@ module Aws::STS
|
|
314
304
|
:external_id,
|
315
305
|
:serial_number,
|
316
306
|
:token_code,
|
317
|
-
:source_identity
|
307
|
+
:source_identity,
|
308
|
+
:provided_contexts)
|
318
309
|
SENSITIVE = []
|
319
310
|
include Aws::Structure
|
320
311
|
end
|
@@ -385,22 +376,6 @@ module Aws::STS
|
|
385
376
|
include Aws::Structure
|
386
377
|
end
|
387
378
|
|
388
|
-
# @note When making an API call, you may pass AssumeRoleWithSAMLRequest
|
389
|
-
# data as a hash:
|
390
|
-
#
|
391
|
-
# {
|
392
|
-
# role_arn: "arnType", # required
|
393
|
-
# principal_arn: "arnType", # required
|
394
|
-
# saml_assertion: "SAMLAssertionType", # required
|
395
|
-
# policy_arns: [
|
396
|
-
# {
|
397
|
-
# arn: "arnType",
|
398
|
-
# },
|
399
|
-
# ],
|
400
|
-
# policy: "sessionPolicyDocumentType",
|
401
|
-
# duration_seconds: 1,
|
402
|
-
# }
|
403
|
-
#
|
404
379
|
# @!attribute [rw] role_arn
|
405
380
|
# The Amazon Resource Name (ARN) of the role that the caller is
|
406
381
|
# assuming.
|
@@ -434,12 +409,13 @@ module Aws::STS
|
|
434
409
|
# Web Services Service Namespaces][1] in the Amazon Web Services
|
435
410
|
# General Reference.
|
436
411
|
#
|
437
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
438
|
-
#
|
439
|
-
# separate limit. Your request can fail for
|
440
|
-
# plaintext meets the other requirements. The
|
441
|
-
# response element indicates by percentage how
|
442
|
-
# tags for your request are to the upper size
|
412
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
413
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
414
|
+
# binary format that has a separate limit. Your request can fail for
|
415
|
+
# this limit even if your plaintext meets the other requirements. The
|
416
|
+
# `PackedPolicySize` response element indicates by percentage how
|
417
|
+
# close the policies and tags for your request are to the upper size
|
418
|
+
# limit.
|
443
419
|
#
|
444
420
|
# </note>
|
445
421
|
#
|
@@ -480,12 +456,13 @@ module Aws::STS
|
|
480
456
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
481
457
|
# (\\u000D) characters.
|
482
458
|
#
|
483
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
484
|
-
#
|
485
|
-
# separate limit. Your request can fail for
|
486
|
-
# plaintext meets the other requirements. The
|
487
|
-
# response element indicates by percentage how
|
488
|
-
# tags for your request are to the upper size
|
459
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
460
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
461
|
+
# binary format that has a separate limit. Your request can fail for
|
462
|
+
# this limit even if your plaintext meets the other requirements. The
|
463
|
+
# `PackedPolicySize` response element indicates by percentage how
|
464
|
+
# close the policies and tags for your request are to the upper size
|
465
|
+
# limit.
|
489
466
|
#
|
490
467
|
# </note>
|
491
468
|
#
|
@@ -516,8 +493,8 @@ module Aws::STS
|
|
516
493
|
# credentials. The request to the federation endpoint for a console
|
517
494
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
518
495
|
# maximum length of the console session. For more information, see
|
519
|
-
# [Creating a URL that Enables Federated Users to Access the
|
520
|
-
# Management Console][2] in the *IAM User Guide*.
|
496
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
497
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
521
498
|
#
|
522
499
|
# </note>
|
523
500
|
#
|
@@ -536,7 +513,7 @@ module Aws::STS
|
|
536
513
|
:policy_arns,
|
537
514
|
:policy,
|
538
515
|
:duration_seconds)
|
539
|
-
SENSITIVE = []
|
516
|
+
SENSITIVE = [:saml_assertion]
|
540
517
|
include Aws::Structure
|
541
518
|
end
|
542
519
|
|
@@ -604,7 +581,7 @@ module Aws::STS
|
|
604
581
|
# in IAM.
|
605
582
|
#
|
606
583
|
# The combination of `NameQualifier` and `Subject` can be used to
|
607
|
-
# uniquely identify a
|
584
|
+
# uniquely identify a user.
|
608
585
|
#
|
609
586
|
# The following pseudocode shows how the hash value is calculated:
|
610
587
|
#
|
@@ -656,23 +633,6 @@ module Aws::STS
|
|
656
633
|
include Aws::Structure
|
657
634
|
end
|
658
635
|
|
659
|
-
# @note When making an API call, you may pass AssumeRoleWithWebIdentityRequest
|
660
|
-
# data as a hash:
|
661
|
-
#
|
662
|
-
# {
|
663
|
-
# role_arn: "arnType", # required
|
664
|
-
# role_session_name: "roleSessionNameType", # required
|
665
|
-
# web_identity_token: "clientTokenType", # required
|
666
|
-
# provider_id: "urlType",
|
667
|
-
# policy_arns: [
|
668
|
-
# {
|
669
|
-
# arn: "arnType",
|
670
|
-
# },
|
671
|
-
# ],
|
672
|
-
# policy: "sessionPolicyDocumentType",
|
673
|
-
# duration_seconds: 1,
|
674
|
-
# }
|
675
|
-
#
|
676
636
|
# @!attribute [rw] role_arn
|
677
637
|
# The Amazon Resource Name (ARN) of the role that the caller is
|
678
638
|
# assuming.
|
@@ -697,17 +657,18 @@ module Aws::STS
|
|
697
657
|
# provided by the identity provider. Your application must get this
|
698
658
|
# token by authenticating the user who is using your application with
|
699
659
|
# a web identity provider before the application makes an
|
700
|
-
# `AssumeRoleWithWebIdentity` call.
|
660
|
+
# `AssumeRoleWithWebIdentity` call. Only tokens with RSA algorithms
|
661
|
+
# (RS256) are supported.
|
701
662
|
# @return [String]
|
702
663
|
#
|
703
664
|
# @!attribute [rw] provider_id
|
704
|
-
# The fully qualified host component of the domain name of the
|
705
|
-
# identity provider.
|
665
|
+
# The fully qualified host component of the domain name of the OAuth
|
666
|
+
# 2.0 identity provider. Do not specify this value for an OpenID
|
667
|
+
# Connect identity provider.
|
706
668
|
#
|
707
|
-
#
|
708
|
-
#
|
709
|
-
#
|
710
|
-
# schemes and port numbers.
|
669
|
+
# Currently `www.amazon.com` and `graph.facebook.com` are the only
|
670
|
+
# supported identity providers for OAuth 2.0 access tokens. Do not
|
671
|
+
# include URL schemes and port numbers.
|
711
672
|
#
|
712
673
|
# Do not specify this value for OpenID Connect ID tokens.
|
713
674
|
# @return [String]
|
@@ -724,12 +685,13 @@ module Aws::STS
|
|
724
685
|
# Web Services Service Namespaces][1] in the Amazon Web Services
|
725
686
|
# General Reference.
|
726
687
|
#
|
727
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
728
|
-
#
|
729
|
-
# separate limit. Your request can fail for
|
730
|
-
# plaintext meets the other requirements. The
|
731
|
-
# response element indicates by percentage how
|
732
|
-
# tags for your request are to the upper size
|
688
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
689
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
690
|
+
# binary format that has a separate limit. Your request can fail for
|
691
|
+
# this limit even if your plaintext meets the other requirements. The
|
692
|
+
# `PackedPolicySize` response element indicates by percentage how
|
693
|
+
# close the policies and tags for your request are to the upper size
|
694
|
+
# limit.
|
733
695
|
#
|
734
696
|
# </note>
|
735
697
|
#
|
@@ -770,12 +732,13 @@ module Aws::STS
|
|
770
732
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
771
733
|
# (\\u000D) characters.
|
772
734
|
#
|
773
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
774
|
-
#
|
775
|
-
# separate limit. Your request can fail for
|
776
|
-
# plaintext meets the other requirements. The
|
777
|
-
# response element indicates by percentage how
|
778
|
-
# tags for your request are to the upper size
|
735
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
736
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
737
|
+
# binary format that has a separate limit. Your request can fail for
|
738
|
+
# this limit even if your plaintext meets the other requirements. The
|
739
|
+
# `PackedPolicySize` response element indicates by percentage how
|
740
|
+
# close the policies and tags for your request are to the upper size
|
741
|
+
# limit.
|
779
742
|
#
|
780
743
|
# </note>
|
781
744
|
#
|
@@ -802,8 +765,8 @@ module Aws::STS
|
|
802
765
|
# credentials. The request to the federation endpoint for a console
|
803
766
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
804
767
|
# maximum length of the console session. For more information, see
|
805
|
-
# [Creating a URL that Enables Federated Users to Access the
|
806
|
-
# Management Console][2] in the *IAM User Guide*.
|
768
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
769
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
807
770
|
#
|
808
771
|
# </note>
|
809
772
|
#
|
@@ -823,7 +786,7 @@ module Aws::STS
|
|
823
786
|
:policy_arns,
|
824
787
|
:policy,
|
825
788
|
:duration_seconds)
|
826
|
-
SENSITIVE = []
|
789
|
+
SENSITIVE = [:web_identity_token]
|
827
790
|
include Aws::Structure
|
828
791
|
end
|
829
792
|
|
@@ -984,17 +947,10 @@ module Aws::STS
|
|
984
947
|
:secret_access_key,
|
985
948
|
:session_token,
|
986
949
|
:expiration)
|
987
|
-
SENSITIVE = []
|
950
|
+
SENSITIVE = [:secret_access_key]
|
988
951
|
include Aws::Structure
|
989
952
|
end
|
990
953
|
|
991
|
-
# @note When making an API call, you may pass DecodeAuthorizationMessageRequest
|
992
|
-
# data as a hash:
|
993
|
-
#
|
994
|
-
# {
|
995
|
-
# encoded_message: "encodedMessageType", # required
|
996
|
-
# }
|
997
|
-
#
|
998
954
|
# @!attribute [rw] encoded_message
|
999
955
|
# The encoded message that was returned with the response.
|
1000
956
|
# @return [String]
|
@@ -1012,7 +968,7 @@ module Aws::STS
|
|
1012
968
|
# returned in response to an Amazon Web Services request.
|
1013
969
|
#
|
1014
970
|
# @!attribute [rw] decoded_message
|
1015
|
-
#
|
971
|
+
# The API returns a response with the decoded message.
|
1016
972
|
# @return [String]
|
1017
973
|
#
|
1018
974
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse AWS API Documentation
|
@@ -1065,13 +1021,6 @@ module Aws::STS
|
|
1065
1021
|
include Aws::Structure
|
1066
1022
|
end
|
1067
1023
|
|
1068
|
-
# @note When making an API call, you may pass GetAccessKeyInfoRequest
|
1069
|
-
# data as a hash:
|
1070
|
-
#
|
1071
|
-
# {
|
1072
|
-
# access_key_id: "accessKeyIdType", # required
|
1073
|
-
# }
|
1074
|
-
#
|
1075
1024
|
# @!attribute [rw] access_key_id
|
1076
1025
|
# The identifier of an access key.
|
1077
1026
|
#
|
@@ -1140,26 +1089,6 @@ module Aws::STS
|
|
1140
1089
|
include Aws::Structure
|
1141
1090
|
end
|
1142
1091
|
|
1143
|
-
# @note When making an API call, you may pass GetFederationTokenRequest
|
1144
|
-
# data as a hash:
|
1145
|
-
#
|
1146
|
-
# {
|
1147
|
-
# name: "userNameType", # required
|
1148
|
-
# policy: "sessionPolicyDocumentType",
|
1149
|
-
# policy_arns: [
|
1150
|
-
# {
|
1151
|
-
# arn: "arnType",
|
1152
|
-
# },
|
1153
|
-
# ],
|
1154
|
-
# duration_seconds: 1,
|
1155
|
-
# tags: [
|
1156
|
-
# {
|
1157
|
-
# key: "tagKeyType", # required
|
1158
|
-
# value: "tagValueType", # required
|
1159
|
-
# },
|
1160
|
-
# ],
|
1161
|
-
# }
|
1162
|
-
#
|
1163
1092
|
# @!attribute [rw] name
|
1164
1093
|
# The name of the federated user. The name is used as an identifier
|
1165
1094
|
# for the temporary security credentials (such as `Bob`). For example,
|
@@ -1178,8 +1107,8 @@ module Aws::STS
|
|
1178
1107
|
#
|
1179
1108
|
# You must pass an inline or managed [session policy][1] to this
|
1180
1109
|
# operation. You can pass a single JSON policy document to use as an
|
1181
|
-
# inline session policy. You can also specify up to 10 managed
|
1182
|
-
#
|
1110
|
+
# inline session policy. You can also specify up to 10 managed policy
|
1111
|
+
# Amazon Resource Names (ARNs) to use as managed session policies.
|
1183
1112
|
#
|
1184
1113
|
# This parameter is optional. However, if you do not pass any session
|
1185
1114
|
# policies, then the resulting federated user session has no
|
@@ -1207,12 +1136,13 @@ module Aws::STS
|
|
1207
1136
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
1208
1137
|
# (\\u000D) characters.
|
1209
1138
|
#
|
1210
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
1211
|
-
#
|
1212
|
-
# separate limit. Your request can fail for
|
1213
|
-
# plaintext meets the other requirements. The
|
1214
|
-
# response element indicates by percentage how
|
1215
|
-
# tags for your request are to the upper size
|
1139
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
1140
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
1141
|
+
# binary format that has a separate limit. Your request can fail for
|
1142
|
+
# this limit even if your plaintext meets the other requirements. The
|
1143
|
+
# `PackedPolicySize` response element indicates by percentage how
|
1144
|
+
# close the policies and tags for your request are to the upper size
|
1145
|
+
# limit.
|
1216
1146
|
#
|
1217
1147
|
# </note>
|
1218
1148
|
#
|
@@ -1229,13 +1159,13 @@ module Aws::STS
|
|
1229
1159
|
#
|
1230
1160
|
# You must pass an inline or managed [session policy][1] to this
|
1231
1161
|
# operation. You can pass a single JSON policy document to use as an
|
1232
|
-
# inline session policy. You can also specify up to 10 managed
|
1233
|
-
#
|
1234
|
-
# use for both inline and managed session policies
|
1235
|
-
# characters. You can provide up to 10 managed
|
1236
|
-
# information about ARNs, see [Amazon Resource
|
1237
|
-
# Web Services Service Namespaces][2] in the
|
1238
|
-
# General Reference.
|
1162
|
+
# inline session policy. You can also specify up to 10 managed policy
|
1163
|
+
# Amazon Resource Names (ARNs) to use as managed session policies. The
|
1164
|
+
# plaintext that you use for both inline and managed session policies
|
1165
|
+
# can't exceed 2,048 characters. You can provide up to 10 managed
|
1166
|
+
# policy ARNs. For more information about ARNs, see [Amazon Resource
|
1167
|
+
# Names (ARNs) and Amazon Web Services Service Namespaces][2] in the
|
1168
|
+
# Amazon Web Services General Reference.
|
1239
1169
|
#
|
1240
1170
|
# This parameter is optional. However, if you do not pass any session
|
1241
1171
|
# policies, then the resulting federated user session has no
|
@@ -1256,12 +1186,13 @@ module Aws::STS
|
|
1256
1186
|
# are granted in addition to the permissions that are granted by the
|
1257
1187
|
# session policies.
|
1258
1188
|
#
|
1259
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
1260
|
-
#
|
1261
|
-
# separate limit. Your request can fail for
|
1262
|
-
# plaintext meets the other requirements. The
|
1263
|
-
# response element indicates by percentage how
|
1264
|
-
# tags for your request are to the upper size
|
1189
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
1190
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
1191
|
+
# binary format that has a separate limit. Your request can fail for
|
1192
|
+
# this limit even if your plaintext meets the other requirements. The
|
1193
|
+
# `PackedPolicySize` response element indicates by percentage how
|
1194
|
+
# close the policies and tags for your request are to the upper size
|
1195
|
+
# limit.
|
1265
1196
|
#
|
1266
1197
|
# </note>
|
1267
1198
|
#
|
@@ -1275,11 +1206,10 @@ module Aws::STS
|
|
1275
1206
|
# The duration, in seconds, that the session should last. Acceptable
|
1276
1207
|
# durations for federation sessions range from 900 seconds (15
|
1277
1208
|
# minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12
|
1278
|
-
# hours) as the default. Sessions obtained using
|
1279
|
-
#
|
1280
|
-
#
|
1281
|
-
#
|
1282
|
-
# to one hour.
|
1209
|
+
# hours) as the default. Sessions obtained using root user credentials
|
1210
|
+
# are restricted to a maximum of 3,600 seconds (one hour). If the
|
1211
|
+
# specified duration is longer than one hour, the session obtained by
|
1212
|
+
# using root user credentials defaults to one hour.
|
1283
1213
|
# @return [Integer]
|
1284
1214
|
#
|
1285
1215
|
# @!attribute [rw] tags
|
@@ -1292,12 +1222,13 @@ module Aws::STS
|
|
1292
1222
|
# values can’t exceed 256 characters. For these and additional limits,
|
1293
1223
|
# see [IAM and STS Character Limits][2] in the *IAM User Guide*.
|
1294
1224
|
#
|
1295
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed
|
1296
|
-
#
|
1297
|
-
# separate limit. Your request can fail for
|
1298
|
-
# plaintext meets the other requirements. The
|
1299
|
-
# response element indicates by percentage how
|
1300
|
-
# tags for your request are to the upper size
|
1225
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
|
1226
|
+
# session policy, managed policy ARNs, and session tags into a packed
|
1227
|
+
# binary format that has a separate limit. Your request can fail for
|
1228
|
+
# this limit even if your plaintext meets the other requirements. The
|
1229
|
+
# `PackedPolicySize` response element indicates by percentage how
|
1230
|
+
# close the policies and tags for your request are to the upper size
|
1231
|
+
# limit.
|
1301
1232
|
#
|
1302
1233
|
# </note>
|
1303
1234
|
#
|
@@ -1370,15 +1301,6 @@ module Aws::STS
|
|
1370
1301
|
include Aws::Structure
|
1371
1302
|
end
|
1372
1303
|
|
1373
|
-
# @note When making an API call, you may pass GetSessionTokenRequest
|
1374
|
-
# data as a hash:
|
1375
|
-
#
|
1376
|
-
# {
|
1377
|
-
# duration_seconds: 1,
|
1378
|
-
# serial_number: "serialNumberType",
|
1379
|
-
# token_code: "tokenCodeType",
|
1380
|
-
# }
|
1381
|
-
#
|
1382
1304
|
# @!attribute [rw] duration_seconds
|
1383
1305
|
# The duration, in seconds, that the credentials should remain valid.
|
1384
1306
|
# Acceptable durations for IAM user sessions range from 900 seconds
|
@@ -1396,8 +1318,8 @@ module Aws::STS
|
|
1396
1318
|
# The value is either the serial number for a hardware device (such as
|
1397
1319
|
# `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual
|
1398
1320
|
# device (such as `arn:aws:iam::123456789012:mfa/user`). You can find
|
1399
|
-
# the device for an IAM user by going to the
|
1400
|
-
# viewing the user's security credentials.
|
1321
|
+
# the device for an IAM user by going to the Amazon Web Services
|
1322
|
+
# Management Console and viewing the user's security credentials.
|
1401
1323
|
#
|
1402
1324
|
# The regex used to validate this parameter is a string of characters
|
1403
1325
|
# consisting of upper- and lower-case alphanumeric characters with no
|
@@ -1546,7 +1468,7 @@ module Aws::STS
|
|
1546
1468
|
#
|
1547
1469
|
#
|
1548
1470
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1549
|
-
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1471
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length
|
1550
1472
|
#
|
1551
1473
|
# @!attribute [rw] message
|
1552
1474
|
# @return [String]
|
@@ -1562,13 +1484,6 @@ module Aws::STS
|
|
1562
1484
|
# A reference to the IAM managed policy that is passed as a session
|
1563
1485
|
# policy for a role session or a federated user session.
|
1564
1486
|
#
|
1565
|
-
# @note When making an API call, you may pass PolicyDescriptorType
|
1566
|
-
# data as a hash:
|
1567
|
-
#
|
1568
|
-
# {
|
1569
|
-
# arn: "arnType",
|
1570
|
-
# }
|
1571
|
-
#
|
1572
1487
|
# @!attribute [rw] arn
|
1573
1488
|
# The Amazon Resource Name (ARN) of the IAM managed policy to use as a
|
1574
1489
|
# session policy for the role. For more information about ARNs, see
|
@@ -1588,6 +1503,25 @@ module Aws::STS
|
|
1588
1503
|
include Aws::Structure
|
1589
1504
|
end
|
1590
1505
|
|
1506
|
+
# Reserved for future use.
|
1507
|
+
#
|
1508
|
+
# @!attribute [rw] provider_arn
|
1509
|
+
# Reserved for future use.
|
1510
|
+
# @return [String]
|
1511
|
+
#
|
1512
|
+
# @!attribute [rw] context_assertion
|
1513
|
+
# Reserved for future use.
|
1514
|
+
# @return [String]
|
1515
|
+
#
|
1516
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/ProvidedContext AWS API Documentation
|
1517
|
+
#
|
1518
|
+
class ProvidedContext < Struct.new(
|
1519
|
+
:provider_arn,
|
1520
|
+
:context_assertion)
|
1521
|
+
SENSITIVE = []
|
1522
|
+
include Aws::Structure
|
1523
|
+
end
|
1524
|
+
|
1591
1525
|
# STS is not activated in the requested region for the account that is
|
1592
1526
|
# being asked to generate credentials. The account administrator must
|
1593
1527
|
# use the IAM console to activate STS in that region. For more
|
@@ -1612,20 +1546,13 @@ module Aws::STS
|
|
1612
1546
|
# You can pass custom key-value pair attributes when you assume a role
|
1613
1547
|
# or federate a user. These are called session tags. You can then use
|
1614
1548
|
# the session tags to control access to resources. For more information,
|
1615
|
-
# see [Tagging STS Sessions][1] in the *IAM User
|
1549
|
+
# see [Tagging Amazon Web Services STS Sessions][1] in the *IAM User
|
1550
|
+
# Guide*.
|
1616
1551
|
#
|
1617
1552
|
#
|
1618
1553
|
#
|
1619
1554
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1620
1555
|
#
|
1621
|
-
# @note When making an API call, you may pass Tag
|
1622
|
-
# data as a hash:
|
1623
|
-
#
|
1624
|
-
# {
|
1625
|
-
# key: "tagKeyType", # required
|
1626
|
-
# value: "tagValueType", # required
|
1627
|
-
# }
|
1628
|
-
#
|
1629
1556
|
# @!attribute [rw] key
|
1630
1557
|
# The key for a session tag.
|
1631
1558
|
#
|
data/lib/aws-sdk-sts.rb
CHANGED
@@ -15,9 +15,13 @@ end
|
|
15
15
|
|
16
16
|
require_relative 'aws-sdk-sts/types'
|
17
17
|
require_relative 'aws-sdk-sts/client_api'
|
18
|
+
require_relative 'aws-sdk-sts/plugins/endpoints.rb'
|
18
19
|
require_relative 'aws-sdk-sts/client'
|
19
20
|
require_relative 'aws-sdk-sts/errors'
|
20
21
|
require_relative 'aws-sdk-sts/resource'
|
22
|
+
require_relative 'aws-sdk-sts/endpoint_parameters'
|
23
|
+
require_relative 'aws-sdk-sts/endpoint_provider'
|
24
|
+
require_relative 'aws-sdk-sts/endpoints'
|
21
25
|
require_relative 'aws-sdk-sts/customizations'
|
22
26
|
|
23
27
|
# This module provides support for AWS Security Token Service. This module is available in the
|
@@ -50,6 +54,6 @@ require_relative 'aws-sdk-sts/customizations'
|
|
50
54
|
# @!group service
|
51
55
|
module Aws::STS
|
52
56
|
|
53
|
-
GEM_VERSION = '3.
|
57
|
+
GEM_VERSION = '3.180.1'
|
54
58
|
|
55
59
|
end
|