aws-sdk-core 3.122.1 → 3.123.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 537c37ff87364e7db7df2b499b7e82544a3912b817b32d4b43ae81a32c511f7b
-  data.tar.gz: 7deac3f2493760b46f54ae0f54022878641023f54566af10d56e270ea7590935
+  metadata.gz: 361f40271ca2518c380ab89eaaab1922d017b3c8a6d35b0492d92e234730b9d4
+  data.tar.gz: 1cc223ef8460881b2d94da8e1f10b4226fbab5419e91ac6c712ab701b0e62a4b
 SHA512:
-  metadata.gz: 63aa35b1adf4d9f660f35af4f174922fe417b9f1124602d493d4fcc90c256e8ffb472489c606746f8c06f72f71c9faa33a8a1746d7496e1fc76a2a8d138a5b7e
-  data.tar.gz: 113f6de79f057dd502327550b44566f52f291f1358817778dc915849c4838b29f9724f1cd4ad5f75b2df153675e058982b26a47ffbc585d008b280fb87744417
+  metadata.gz: 2696936a66a24fc8d5094d5787b0039e974d7a23ba7218d571bda19f090bc836344987121c8ab0d2fca91c7b9b84398a2715674eac9dbb1d6b8fc286ae9e494a
+  data.tar.gz: da67f89367288d43599d1f5b84bfe6a28c3d50da43d7afad5b6f8490744dacda575bd247a2f1642e2be6d6d32bda977e178ab6bf9a5d5dcb9a6ed25c348c53b9

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+3.123.0 (2021-11-23)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
 3.122.1 (2021-11-09)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.122.1
+3.123.0

data/lib/aws-sdk-sso/client.rb

@@ -530,7 +530,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.122.1'
+      context[:gem_version] = '3.123.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso.rb

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
 
-  GEM_VERSION = '3.122.1'
+  GEM_VERSION = '3.123.0'
 
 end

data/lib/aws-sdk-sts/client.rb

@@ -350,15 +350,15 @@ module Aws::STS
     # `AssumeRole` within your account or for cross-account access. For a
     # comparison of `AssumeRole` with other API operations that produce
     # temporary credentials, see [Requesting Temporary Security
-    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
-    # User Guide*.
+    # Credentials][1] and [Comparing the Amazon Web Services STS API
+    # operations][2] in the *IAM User Guide*.
     #
     # **Permissions**
     #
     # The temporary security credentials created by `AssumeRole` can be used
     # to make API calls to any Amazon Web Services service with the
-    # following exception: You cannot call the STS `GetFederationToken` or
-    # `GetSessionToken` API operations.
+    # following exception: You cannot call the Amazon Web Services STS
+    # `GetFederationToken` or `GetSessionToken` API operations.
     #
     # (Optional) You can pass inline or managed [session policies][3] to
     # this operation. You can pass a single JSON policy document to use as
@@ -375,28 +375,37 @@ module Aws::STS
     # assumed. For more information, see [Session Policies][3] in the *IAM
     # User Guide*.
     #
-    # To assume a role from a different account, your account must be
-    # trusted by the role. The trust relationship is defined in the role's
-    # trust policy when the role is created. That trust policy states which
-    # accounts are allowed to delegate that access to users in the account.
+    # When you create a role, you create two policies: A role trust policy
+    # that specifies *who* can assume the role and a permissions policy that
+    # specifies *what* can be done with the role. You specify the trusted
+    # principal who is allowed to assume the role in the role trust policy.
+    #
+    # To assume a role from a different account, your Amazon Web Services
+    # account must be trusted by the role. The trust relationship is defined
+    # in the role's trust policy when the role is created. That trust
+    # policy states which accounts are allowed to delegate that access to
+    # users in the account.
     #
     # A user who wants to access a role in a different account must also
     # have permissions that are delegated from the user account
     # administrator. The administrator must attach a policy that allows the
     # user to call `AssumeRole` for the ARN of the role in the other
-    # account. If the user is in the same account as the role, then you can
-    # do either of the following:
+    # account.
     #
-    # * Attach a policy to the user (identical to the previous user in a
-    #   different account).
+    # To allow a user to assume a role in the same account, you can do
+    # either of the following:
+    #
+    # * Attach a policy to the user that allows the user to call
+    #   `AssumeRole` (as long as the role's trust policy trusts the
+    #   account).
     #
     # * Add the user as a principal directly in the role's trust policy.
     #
-    # In this case, the trust policy acts as an IAM resource-based policy.
-    # Users in the same account as the role do not need explicit permission
-    # to assume the role. For more information about trust policies and
-    # resource-based policies, see [IAM Policies][4] in the *IAM User
-    # Guide*.
+    # You can do either because the role’s trust policy acts as an IAM
+    # resource-based policy. When a resource-based policy grants access to a
+    # principal in the same account, no additional identity-based policy is
+    # required. For more information about trust policies and resource-based
+    # policies, see [IAM Policies][4] in the *IAM User Guide*.
     #
     # **Tags**
     #
@@ -538,15 +547,25 @@ module Aws::STS
     #
     # @option params [Integer] :duration_seconds
     #   The duration, in seconds, of the role session. The value specified can
-    #   can range from 900 seconds (15 minutes) up to the maximum session
-    #   duration that is set for the role. The maximum session duration
-    #   setting can have a value from 1 hour to 12 hours. If you specify a
-    #   value higher than this setting or the administrator setting (whichever
-    #   is lower), the operation fails. For example, if you specify a session
-    #   duration of 12 hours, but your administrator set the maximum session
-    #   duration to 6 hours, your operation fails. To learn how to view the
-    #   maximum value for your role, see [View the Maximum Session Duration
-    #   Setting for a Role][1] in the *IAM User Guide*.
+    #   range from 900 seconds (15 minutes) up to the maximum session duration
+    #   set for the role. The maximum session duration setting can have a
+    #   value from 1 hour to 12 hours. If you specify a value higher than this
+    #   setting or the administrator setting (whichever is lower), the
+    #   operation fails. For example, if you specify a session duration of 12
+    #   hours, but your administrator set the maximum session duration to 6
+    #   hours, your operation fails.
+    #
+    #   Role chaining limits your Amazon Web Services CLI or Amazon Web
+    #   Services API role session to a maximum of one hour. When you use the
+    #   `AssumeRole` API operation to assume a role, you can specify the
+    #   duration of your role session with the `DurationSeconds` parameter.
+    #   You can specify a parameter value of up to 43200 seconds (12 hours),
+    #   depending on the maximum session duration setting for your role.
+    #   However, if you assume a role using role chaining and provide a
+    #   `DurationSeconds` parameter value greater than one hour, the operation
+    #   fails. To learn how to view the maximum value for your role, see [View
+    #   the Maximum Session Duration Setting for a Role][1] in the *IAM User
+    #   Guide*.
     #
     #   By default, the value is set to `3600` seconds.
     #
@@ -555,8 +574,8 @@ module Aws::STS
     #   The request to the federation endpoint for a console sign-in token
     #   takes a `SessionDuration` parameter that specifies the maximum length
     #   of the console session. For more information, see [Creating a URL that
-    #   Enables Federated Users to Access the Management Console][2] in the
-    #   *IAM User Guide*.
+    #   Enables Federated Users to Access the Amazon Web Services Management
+    #   Console][2] in the *IAM User Guide*.
     #
     #    </note>
     #
@@ -568,8 +587,8 @@ module Aws::STS
     # @option params [Array<Types::Tag>] :tags
     #   A list of session tags that you want to pass. Each session tag
     #   consists of a key name and an associated value. For more information
-    #   about session tags, see [Tagging STS Sessions][1] in the *IAM User
-    #   Guide*.
+    #   about session tags, see [Tagging Amazon Web Services STS Sessions][1]
+    #   in the *IAM User Guide*.
     #
     #   This parameter is optional. You can pass up to 50 session tags. The
     #   plaintext session tag keys can’t exceed 128 characters, and the values
@@ -798,8 +817,8 @@ module Aws::STS
     # user-specific credentials or configuration. For a comparison of
     # `AssumeRoleWithSAML` with the other API operations that produce
     # temporary credentials, see [Requesting Temporary Security
-    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
-    # User Guide*.
+    # Credentials][1] and [Comparing the Amazon Web Services STS API
+    # operations][2] in the *IAM User Guide*.
     #
     # The temporary security credentials returned by this operation consist
     # of an access key ID, a secret access key, and a security token.
@@ -1051,8 +1070,8 @@ module Aws::STS
     #   The request to the federation endpoint for a console sign-in token
     #   takes a `SessionDuration` parameter that specifies the maximum length
     #   of the console session. For more information, see [Creating a URL that
-    #   Enables Federated Users to Access the Management Console][2] in the
-    #   *IAM User Guide*.
+    #   Enables Federated Users to Access the Amazon Web Services Management
+    #   Console][2] in the *IAM User Guide*.
     #
     #    </note>
     #
@@ -1172,8 +1191,8 @@ module Aws::STS
     # a token from the web identity provider. For a comparison of
     # `AssumeRoleWithWebIdentity` with the other API operations that produce
     # temporary credentials, see [Requesting Temporary Security
-    # Credentials][5] and [Comparing the STS API operations][6] in the *IAM
-    # User Guide*.
+    # Credentials][5] and [Comparing the Amazon Web Services STS API
+    # operations][6] in the *IAM User Guide*.
     #
     # The temporary security credentials returned by this API consist of an
     # access key ID, a secret access key, and a security token. Applications
@@ -1433,8 +1452,8 @@ module Aws::STS
     #   The request to the federation endpoint for a console sign-in token
     #   takes a `SessionDuration` parameter that specifies the maximum length
     #   of the console session. For more information, see [Creating a URL that
-    #   Enables Federated Users to Access the Management Console][2] in the
-    #   *IAM User Guide*.
+    #   Enables Federated Users to Access the Amazon Web Services Management
+    #   Console][2] in the *IAM User Guide*.
     #
     #    </note>
     #
@@ -1540,17 +1559,17 @@ module Aws::STS
     #  </note>
     #
     # The message is encoded because the details of the authorization status
-    # can constitute privileged information that the user who requested the
+    # can contain privileged information that the user who requested the
     # operation should not see. To decode an authorization status message, a
-    # user must be granted permissions via an IAM policy to request the
-    # `DecodeAuthorizationMessage` (`sts:DecodeAuthorizationMessage`)
+    # user must be granted permissions through an IAM [policy][1] to request
+    # the `DecodeAuthorizationMessage` (`sts:DecodeAuthorizationMessage`)
     # action.
     #
     # The decoded message includes the following type of information:
     #
     # * Whether the request was denied due to an explicit deny or due to the
     #   absence of an explicit allow. For more information, see [Determining
-    #   Whether a Request is Allowed or Denied][1] in the *IAM User Guide*.
+    #   Whether a Request is Allowed or Denied][2] in the *IAM User Guide*.
     #
     # * The principal who made the request.
     #
@@ -1562,7 +1581,8 @@ module Aws::STS
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
+    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
     #
     # @option params [required, String] :encoded_message
     #   The encoded message that was returned with the response.
@@ -1757,8 +1777,8 @@ module Aws::STS
     # can be safely stored, usually in a server-based application. For a
     # comparison of `GetFederationToken` with the other API operations that
     # produce temporary credentials, see [Requesting Temporary Security
-    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
-    # User Guide*.
+    # Credentials][1] and [Comparing the Amazon Web Services STS API
+    # operations][2] in the *IAM User Guide*.
     #
     # <note markdown="1"> You can create a mobile-based or browser-based app that can
     # authenticate users using a web identity provider like Login with
@@ -1782,7 +1802,7 @@ module Aws::STS
     # The temporary credentials are valid for the specified duration, from
     # 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
     # hours). The default session duration is 43,200 seconds (12 hours).
-    # Temporary credentials that are obtained by using Amazon Web Services
+    # Temporary credentials obtained by using the Amazon Web Services
     # account root user credentials have a maximum duration of 3,600 seconds
     # (1 hour).
     #
@@ -1837,65 +1857,6 @@ module Aws::STS
     #
     #  </note>
     #
-    # You can also call `GetFederationToken` using the security credentials
-    # of an Amazon Web Services account root user, but we do not recommend
-    # it. Instead, we recommend that you create an IAM user for the purpose
-    # of the proxy application. Then attach a policy to the IAM user that
-    # limits federated users to only the actions and resources that they
-    # need to access. For more information, see [IAM Best Practices][5] in
-    # the *IAM User Guide*.
-    #
-    # **Session duration**
-    #
-    # The temporary credentials are valid for the specified duration, from
-    # 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
-    # hours). The default session duration is 43,200 seconds (12 hours).
-    # Temporary credentials that are obtained by using Amazon Web Services
-    # account root user credentials have a maximum duration of 3,600 seconds
-    # (1 hour).
-    #
-    # **Permissions**
-    #
-    # You can use the temporary credentials created by `GetFederationToken`
-    # in any Amazon Web Services service except the following:
-    #
-    # * You cannot call any IAM operations using the CLI or the Amazon Web
-    #   Services API.
-    #
-    # * You cannot call any STS operations except `GetCallerIdentity`.
-    #
-    # You must pass an inline or managed [session policy][6] to this
-    # operation. You can pass a single JSON policy document to use as an
-    # inline session policy. You can also specify up to 10 managed policies
-    # to use as managed session policies. The plain text that you use for
-    # both inline and managed session policies can't exceed 2,048
-    # characters.
-    #
-    # Though the session policy parameters are optional, if you do not pass
-    # a policy, then the resulting federated user session has no
-    # permissions. When you pass session policies, the session permissions
-    # are the intersection of the IAM user policies and the session policies
-    # that you pass. This gives you a way to further restrict the
-    # permissions for a federated user. You cannot use session policies to
-    # grant more permissions than those that are defined in the permissions
-    # policy of the IAM user. For more information, see [Session
-    # Policies][6] in the *IAM User Guide*. For information about using
-    # `GetFederationToken` to create temporary security credentials, see
-    # [GetFederationToken—Federation Through a Custom Identity Broker][7].
-    #
-    # You can use the credentials to access a resource that has a
-    # resource-based policy. If that policy specifically references the
-    # federated user session in the `Principal` element of the policy, the
-    # session has the permissions allowed by the policy. These permissions
-    # are granted in addition to the permissions granted by the session
-    # policies.
-    #
-    # **Tags**
-    #
-    # (Optional) You can pass tag key-value pairs to your session. These are
-    # called session tags. For more information about session tags, see
-    # [Passing Session Tags in STS][8] in the *IAM User Guide*.
-    #
     # An administrator must grant you the permissions necessary to pass
     # session tags. The administrator can also create granular permissions
     # to allow you to pass only specific session tags. For more information,
@@ -2164,8 +2125,8 @@ module Aws::STS
     # correct MFA code, then the API returns an access denied error. For a
     # comparison of `GetSessionToken` with the other API operations that
     # produce temporary credentials, see [Requesting Temporary Security
-    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
-    # User Guide*.
+    # Credentials][1] and [Comparing the Amazon Web Services STS API
+    # operations][2] in the *IAM User Guide*.
     #
     # **Session Duration**
     #
@@ -2233,8 +2194,8 @@ module Aws::STS
     #   The value is either the serial number for a hardware device (such as
     #   `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual device
     #   (such as `arn:aws:iam::123456789012:mfa/user`). You can find the
-    #   device for an IAM user by going to the Management Console and viewing
-    #   the user's security credentials.
+    #   device for an IAM user by going to the Amazon Web Services Management
+    #   Console and viewing the user's security credentials.
     #
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
@@ -2312,7 +2273,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.122.1'
+      context[:gem_version] = '3.123.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts/types.rb

@@ -132,16 +132,25 @@ module Aws::STS
     #
     # @!attribute [rw] duration_seconds
     #   The duration, in seconds, of the role session. The value specified
-    #   can can range from 900 seconds (15 minutes) up to the maximum
-    #   session duration that is set for the role. The maximum session
-    #   duration setting can have a value from 1 hour to 12 hours. If you
-    #   specify a value higher than this setting or the administrator
-    #   setting (whichever is lower), the operation fails. For example, if
-    #   you specify a session duration of 12 hours, but your administrator
-    #   set the maximum session duration to 6 hours, your operation fails.
-    #   To learn how to view the maximum value for your role, see [View the
-    #   Maximum Session Duration Setting for a Role][1] in the *IAM User
-    #   Guide*.
+    #   can range from 900 seconds (15 minutes) up to the maximum session
+    #   duration set for the role. The maximum session duration setting can
+    #   have a value from 1 hour to 12 hours. If you specify a value higher
+    #   than this setting or the administrator setting (whichever is lower),
+    #   the operation fails. For example, if you specify a session duration
+    #   of 12 hours, but your administrator set the maximum session duration
+    #   to 6 hours, your operation fails.
+    #
+    #   Role chaining limits your Amazon Web Services CLI or Amazon Web
+    #   Services API role session to a maximum of one hour. When you use the
+    #   `AssumeRole` API operation to assume a role, you can specify the
+    #   duration of your role session with the `DurationSeconds` parameter.
+    #   You can specify a parameter value of up to 43200 seconds (12 hours),
+    #   depending on the maximum session duration setting for your role.
+    #   However, if you assume a role using role chaining and provide a
+    #   `DurationSeconds` parameter value greater than one hour, the
+    #   operation fails. To learn how to view the maximum value for your
+    #   role, see [View the Maximum Session Duration Setting for a Role][1]
+    #   in the *IAM User Guide*.
     #
     #   By default, the value is set to `3600` seconds.
     #
@@ -150,8 +159,8 @@ module Aws::STS
     #   credentials. The request to the federation endpoint for a console
     #   sign-in token takes a `SessionDuration` parameter that specifies the
     #   maximum length of the console session. For more information, see
-    #   [Creating a URL that Enables Federated Users to Access the
-    #   Management Console][2] in the *IAM User Guide*.
+    #   [Creating a URL that Enables Federated Users to Access the Amazon
+    #   Web Services Management Console][2] in the *IAM User Guide*.
     #
     #    </note>
     #
@@ -164,8 +173,8 @@ module Aws::STS
     # @!attribute [rw] tags
     #   A list of session tags that you want to pass. Each session tag
     #   consists of a key name and an associated value. For more information
-    #   about session tags, see [Tagging STS Sessions][1] in the *IAM User
-    #   Guide*.
+    #   about session tags, see [Tagging Amazon Web Services STS
+    #   Sessions][1] in the *IAM User Guide*.
     #
     #   This parameter is optional. You can pass up to 50 session tags. The
     #   plaintext session tag keys can’t exceed 128 characters, and the
@@ -516,8 +525,8 @@ module Aws::STS
     #   credentials. The request to the federation endpoint for a console
     #   sign-in token takes a `SessionDuration` parameter that specifies the
     #   maximum length of the console session. For more information, see
-    #   [Creating a URL that Enables Federated Users to Access the
-    #   Management Console][2] in the *IAM User Guide*.
+    #   [Creating a URL that Enables Federated Users to Access the Amazon
+    #   Web Services Management Console][2] in the *IAM User Guide*.
     #
     #    </note>
     #
@@ -802,8 +811,8 @@ module Aws::STS
     #   credentials. The request to the federation endpoint for a console
     #   sign-in token takes a `SessionDuration` parameter that specifies the
     #   maximum length of the console session. For more information, see
-    #   [Creating a URL that Enables Federated Users to Access the
-    #   Management Console][2] in the *IAM User Guide*.
+    #   [Creating a URL that Enables Federated Users to Access the Amazon
+    #   Web Services Management Console][2] in the *IAM User Guide*.
     #
     #    </note>
     #
@@ -1012,7 +1021,7 @@ module Aws::STS
     # returned in response to an Amazon Web Services request.
     #
     # @!attribute [rw] decoded_message
-    #   An XML document that contains the decoded message.
+    #   The API returns a response with the decoded message.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse AWS API Documentation
@@ -1396,8 +1405,8 @@ module Aws::STS
     #   The value is either the serial number for a hardware device (such as
     #   `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual
     #   device (such as `arn:aws:iam::123456789012:mfa/user`). You can find
-    #   the device for an IAM user by going to the Management Console and
-    #   viewing the user's security credentials.
+    #   the device for an IAM user by going to the Amazon Web Services
+    #   Management Console and viewing the user's security credentials.
     #
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
@@ -1546,7 +1555,7 @@ module Aws::STS
     #
     #
     # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
-    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
+    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1612,7 +1621,8 @@ module Aws::STS
     # You can pass custom key-value pair attributes when you assume a role
     # or federate a user. These are called session tags. You can then use
     # the session tags to control access to resources. For more information,
-    # see [Tagging STS Sessions][1] in the *IAM User Guide*.
+    # see [Tagging Amazon Web Services STS Sessions][1] in the *IAM User
+    # Guide*.
     #
     #
     #

data/lib/aws-sdk-sts.rb

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @!group service
 module Aws::STS
 
-  GEM_VERSION = '3.122.1'
+  GEM_VERSION = '3.123.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.122.1
+  version: 3.123.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-09 00:00:00.000000000 Z
+date: 2021-11-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath