aws-sdk-core 3.122.1 → 3.123.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-sso/client.rb +1 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +71 -110
- data/lib/aws-sdk-sts/types.rb +33 -23
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 361f40271ca2518c380ab89eaaab1922d017b3c8a6d35b0492d92e234730b9d4
|
4
|
+
data.tar.gz: 1cc223ef8460881b2d94da8e1f10b4226fbab5419e91ac6c712ab701b0e62a4b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2696936a66a24fc8d5094d5787b0039e974d7a23ba7218d571bda19f090bc836344987121c8ab0d2fca91c7b9b84398a2715674eac9dbb1d6b8fc286ae9e494a
|
7
|
+
data.tar.gz: da67f89367288d43599d1f5b84bfe6a28c3d50da43d7afad5b6f8490744dacda575bd247a2f1642e2be6d6d32bda977e178ab6bf9a5d5dcb9a6ed25c348c53b9
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
3.
|
1
|
+
3.123.0
|
data/lib/aws-sdk-sso/client.rb
CHANGED
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -350,15 +350,15 @@ module Aws::STS
|
|
350
350
|
# `AssumeRole` within your account or for cross-account access. For a
|
351
351
|
# comparison of `AssumeRole` with other API operations that produce
|
352
352
|
# temporary credentials, see [Requesting Temporary Security
|
353
|
-
# Credentials][1] and [Comparing the
|
354
|
-
# User Guide*.
|
353
|
+
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
354
|
+
# operations][2] in the *IAM User Guide*.
|
355
355
|
#
|
356
356
|
# **Permissions**
|
357
357
|
#
|
358
358
|
# The temporary security credentials created by `AssumeRole` can be used
|
359
359
|
# to make API calls to any Amazon Web Services service with the
|
360
|
-
# following exception: You cannot call the
|
361
|
-
# `GetSessionToken` API operations.
|
360
|
+
# following exception: You cannot call the Amazon Web Services STS
|
361
|
+
# `GetFederationToken` or `GetSessionToken` API operations.
|
362
362
|
#
|
363
363
|
# (Optional) You can pass inline or managed [session policies][3] to
|
364
364
|
# this operation. You can pass a single JSON policy document to use as
|
@@ -375,28 +375,37 @@ module Aws::STS
|
|
375
375
|
# assumed. For more information, see [Session Policies][3] in the *IAM
|
376
376
|
# User Guide*.
|
377
377
|
#
|
378
|
-
#
|
379
|
-
#
|
380
|
-
#
|
381
|
-
#
|
378
|
+
# When you create a role, you create two policies: A role trust policy
|
379
|
+
# that specifies *who* can assume the role and a permissions policy that
|
380
|
+
# specifies *what* can be done with the role. You specify the trusted
|
381
|
+
# principal who is allowed to assume the role in the role trust policy.
|
382
|
+
#
|
383
|
+
# To assume a role from a different account, your Amazon Web Services
|
384
|
+
# account must be trusted by the role. The trust relationship is defined
|
385
|
+
# in the role's trust policy when the role is created. That trust
|
386
|
+
# policy states which accounts are allowed to delegate that access to
|
387
|
+
# users in the account.
|
382
388
|
#
|
383
389
|
# A user who wants to access a role in a different account must also
|
384
390
|
# have permissions that are delegated from the user account
|
385
391
|
# administrator. The administrator must attach a policy that allows the
|
386
392
|
# user to call `AssumeRole` for the ARN of the role in the other
|
387
|
-
# account.
|
388
|
-
# do either of the following:
|
393
|
+
# account.
|
389
394
|
#
|
390
|
-
#
|
391
|
-
#
|
395
|
+
# To allow a user to assume a role in the same account, you can do
|
396
|
+
# either of the following:
|
397
|
+
#
|
398
|
+
# * Attach a policy to the user that allows the user to call
|
399
|
+
# `AssumeRole` (as long as the role's trust policy trusts the
|
400
|
+
# account).
|
392
401
|
#
|
393
402
|
# * Add the user as a principal directly in the role's trust policy.
|
394
403
|
#
|
395
|
-
#
|
396
|
-
#
|
397
|
-
#
|
398
|
-
#
|
399
|
-
# Guide*.
|
404
|
+
# You can do either because the role’s trust policy acts as an IAM
|
405
|
+
# resource-based policy. When a resource-based policy grants access to a
|
406
|
+
# principal in the same account, no additional identity-based policy is
|
407
|
+
# required. For more information about trust policies and resource-based
|
408
|
+
# policies, see [IAM Policies][4] in the *IAM User Guide*.
|
400
409
|
#
|
401
410
|
# **Tags**
|
402
411
|
#
|
@@ -538,15 +547,25 @@ module Aws::STS
|
|
538
547
|
#
|
539
548
|
# @option params [Integer] :duration_seconds
|
540
549
|
# The duration, in seconds, of the role session. The value specified can
|
541
|
-
#
|
542
|
-
#
|
543
|
-
#
|
544
|
-
#
|
545
|
-
#
|
546
|
-
#
|
547
|
-
#
|
548
|
-
#
|
549
|
-
#
|
550
|
+
# range from 900 seconds (15 minutes) up to the maximum session duration
|
551
|
+
# set for the role. The maximum session duration setting can have a
|
552
|
+
# value from 1 hour to 12 hours. If you specify a value higher than this
|
553
|
+
# setting or the administrator setting (whichever is lower), the
|
554
|
+
# operation fails. For example, if you specify a session duration of 12
|
555
|
+
# hours, but your administrator set the maximum session duration to 6
|
556
|
+
# hours, your operation fails.
|
557
|
+
#
|
558
|
+
# Role chaining limits your Amazon Web Services CLI or Amazon Web
|
559
|
+
# Services API role session to a maximum of one hour. When you use the
|
560
|
+
# `AssumeRole` API operation to assume a role, you can specify the
|
561
|
+
# duration of your role session with the `DurationSeconds` parameter.
|
562
|
+
# You can specify a parameter value of up to 43200 seconds (12 hours),
|
563
|
+
# depending on the maximum session duration setting for your role.
|
564
|
+
# However, if you assume a role using role chaining and provide a
|
565
|
+
# `DurationSeconds` parameter value greater than one hour, the operation
|
566
|
+
# fails. To learn how to view the maximum value for your role, see [View
|
567
|
+
# the Maximum Session Duration Setting for a Role][1] in the *IAM User
|
568
|
+
# Guide*.
|
550
569
|
#
|
551
570
|
# By default, the value is set to `3600` seconds.
|
552
571
|
#
|
@@ -555,8 +574,8 @@ module Aws::STS
|
|
555
574
|
# The request to the federation endpoint for a console sign-in token
|
556
575
|
# takes a `SessionDuration` parameter that specifies the maximum length
|
557
576
|
# of the console session. For more information, see [Creating a URL that
|
558
|
-
# Enables Federated Users to Access the
|
559
|
-
# *IAM User Guide*.
|
577
|
+
# Enables Federated Users to Access the Amazon Web Services Management
|
578
|
+
# Console][2] in the *IAM User Guide*.
|
560
579
|
#
|
561
580
|
# </note>
|
562
581
|
#
|
@@ -568,8 +587,8 @@ module Aws::STS
|
|
568
587
|
# @option params [Array<Types::Tag>] :tags
|
569
588
|
# A list of session tags that you want to pass. Each session tag
|
570
589
|
# consists of a key name and an associated value. For more information
|
571
|
-
# about session tags, see [Tagging STS Sessions][1]
|
572
|
-
# Guide*.
|
590
|
+
# about session tags, see [Tagging Amazon Web Services STS Sessions][1]
|
591
|
+
# in the *IAM User Guide*.
|
573
592
|
#
|
574
593
|
# This parameter is optional. You can pass up to 50 session tags. The
|
575
594
|
# plaintext session tag keys can’t exceed 128 characters, and the values
|
@@ -798,8 +817,8 @@ module Aws::STS
|
|
798
817
|
# user-specific credentials or configuration. For a comparison of
|
799
818
|
# `AssumeRoleWithSAML` with the other API operations that produce
|
800
819
|
# temporary credentials, see [Requesting Temporary Security
|
801
|
-
# Credentials][1] and [Comparing the
|
802
|
-
# User Guide*.
|
820
|
+
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
821
|
+
# operations][2] in the *IAM User Guide*.
|
803
822
|
#
|
804
823
|
# The temporary security credentials returned by this operation consist
|
805
824
|
# of an access key ID, a secret access key, and a security token.
|
@@ -1051,8 +1070,8 @@ module Aws::STS
|
|
1051
1070
|
# The request to the federation endpoint for a console sign-in token
|
1052
1071
|
# takes a `SessionDuration` parameter that specifies the maximum length
|
1053
1072
|
# of the console session. For more information, see [Creating a URL that
|
1054
|
-
# Enables Federated Users to Access the
|
1055
|
-
# *IAM User Guide*.
|
1073
|
+
# Enables Federated Users to Access the Amazon Web Services Management
|
1074
|
+
# Console][2] in the *IAM User Guide*.
|
1056
1075
|
#
|
1057
1076
|
# </note>
|
1058
1077
|
#
|
@@ -1172,8 +1191,8 @@ module Aws::STS
|
|
1172
1191
|
# a token from the web identity provider. For a comparison of
|
1173
1192
|
# `AssumeRoleWithWebIdentity` with the other API operations that produce
|
1174
1193
|
# temporary credentials, see [Requesting Temporary Security
|
1175
|
-
# Credentials][5] and [Comparing the
|
1176
|
-
# User Guide*.
|
1194
|
+
# Credentials][5] and [Comparing the Amazon Web Services STS API
|
1195
|
+
# operations][6] in the *IAM User Guide*.
|
1177
1196
|
#
|
1178
1197
|
# The temporary security credentials returned by this API consist of an
|
1179
1198
|
# access key ID, a secret access key, and a security token. Applications
|
@@ -1433,8 +1452,8 @@ module Aws::STS
|
|
1433
1452
|
# The request to the federation endpoint for a console sign-in token
|
1434
1453
|
# takes a `SessionDuration` parameter that specifies the maximum length
|
1435
1454
|
# of the console session. For more information, see [Creating a URL that
|
1436
|
-
# Enables Federated Users to Access the
|
1437
|
-
# *IAM User Guide*.
|
1455
|
+
# Enables Federated Users to Access the Amazon Web Services Management
|
1456
|
+
# Console][2] in the *IAM User Guide*.
|
1438
1457
|
#
|
1439
1458
|
# </note>
|
1440
1459
|
#
|
@@ -1540,17 +1559,17 @@ module Aws::STS
|
|
1540
1559
|
# </note>
|
1541
1560
|
#
|
1542
1561
|
# The message is encoded because the details of the authorization status
|
1543
|
-
# can
|
1562
|
+
# can contain privileged information that the user who requested the
|
1544
1563
|
# operation should not see. To decode an authorization status message, a
|
1545
|
-
# user must be granted permissions
|
1546
|
-
# `DecodeAuthorizationMessage` (`sts:DecodeAuthorizationMessage`)
|
1564
|
+
# user must be granted permissions through an IAM [policy][1] to request
|
1565
|
+
# the `DecodeAuthorizationMessage` (`sts:DecodeAuthorizationMessage`)
|
1547
1566
|
# action.
|
1548
1567
|
#
|
1549
1568
|
# The decoded message includes the following type of information:
|
1550
1569
|
#
|
1551
1570
|
# * Whether the request was denied due to an explicit deny or due to the
|
1552
1571
|
# absence of an explicit allow. For more information, see [Determining
|
1553
|
-
# Whether a Request is Allowed or Denied][
|
1572
|
+
# Whether a Request is Allowed or Denied][2] in the *IAM User Guide*.
|
1554
1573
|
#
|
1555
1574
|
# * The principal who made the request.
|
1556
1575
|
#
|
@@ -1562,7 +1581,8 @@ module Aws::STS
|
|
1562
1581
|
#
|
1563
1582
|
#
|
1564
1583
|
#
|
1565
|
-
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1584
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
|
1585
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
|
1566
1586
|
#
|
1567
1587
|
# @option params [required, String] :encoded_message
|
1568
1588
|
# The encoded message that was returned with the response.
|
@@ -1757,8 +1777,8 @@ module Aws::STS
|
|
1757
1777
|
# can be safely stored, usually in a server-based application. For a
|
1758
1778
|
# comparison of `GetFederationToken` with the other API operations that
|
1759
1779
|
# produce temporary credentials, see [Requesting Temporary Security
|
1760
|
-
# Credentials][1] and [Comparing the
|
1761
|
-
# User Guide*.
|
1780
|
+
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
1781
|
+
# operations][2] in the *IAM User Guide*.
|
1762
1782
|
#
|
1763
1783
|
# <note markdown="1"> You can create a mobile-based or browser-based app that can
|
1764
1784
|
# authenticate users using a web identity provider like Login with
|
@@ -1782,7 +1802,7 @@ module Aws::STS
|
|
1782
1802
|
# The temporary credentials are valid for the specified duration, from
|
1783
1803
|
# 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
|
1784
1804
|
# hours). The default session duration is 43,200 seconds (12 hours).
|
1785
|
-
# Temporary credentials
|
1805
|
+
# Temporary credentials obtained by using the Amazon Web Services
|
1786
1806
|
# account root user credentials have a maximum duration of 3,600 seconds
|
1787
1807
|
# (1 hour).
|
1788
1808
|
#
|
@@ -1837,65 +1857,6 @@ module Aws::STS
|
|
1837
1857
|
#
|
1838
1858
|
# </note>
|
1839
1859
|
#
|
1840
|
-
# You can also call `GetFederationToken` using the security credentials
|
1841
|
-
# of an Amazon Web Services account root user, but we do not recommend
|
1842
|
-
# it. Instead, we recommend that you create an IAM user for the purpose
|
1843
|
-
# of the proxy application. Then attach a policy to the IAM user that
|
1844
|
-
# limits federated users to only the actions and resources that they
|
1845
|
-
# need to access. For more information, see [IAM Best Practices][5] in
|
1846
|
-
# the *IAM User Guide*.
|
1847
|
-
#
|
1848
|
-
# **Session duration**
|
1849
|
-
#
|
1850
|
-
# The temporary credentials are valid for the specified duration, from
|
1851
|
-
# 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
|
1852
|
-
# hours). The default session duration is 43,200 seconds (12 hours).
|
1853
|
-
# Temporary credentials that are obtained by using Amazon Web Services
|
1854
|
-
# account root user credentials have a maximum duration of 3,600 seconds
|
1855
|
-
# (1 hour).
|
1856
|
-
#
|
1857
|
-
# **Permissions**
|
1858
|
-
#
|
1859
|
-
# You can use the temporary credentials created by `GetFederationToken`
|
1860
|
-
# in any Amazon Web Services service except the following:
|
1861
|
-
#
|
1862
|
-
# * You cannot call any IAM operations using the CLI or the Amazon Web
|
1863
|
-
# Services API.
|
1864
|
-
#
|
1865
|
-
# * You cannot call any STS operations except `GetCallerIdentity`.
|
1866
|
-
#
|
1867
|
-
# You must pass an inline or managed [session policy][6] to this
|
1868
|
-
# operation. You can pass a single JSON policy document to use as an
|
1869
|
-
# inline session policy. You can also specify up to 10 managed policies
|
1870
|
-
# to use as managed session policies. The plain text that you use for
|
1871
|
-
# both inline and managed session policies can't exceed 2,048
|
1872
|
-
# characters.
|
1873
|
-
#
|
1874
|
-
# Though the session policy parameters are optional, if you do not pass
|
1875
|
-
# a policy, then the resulting federated user session has no
|
1876
|
-
# permissions. When you pass session policies, the session permissions
|
1877
|
-
# are the intersection of the IAM user policies and the session policies
|
1878
|
-
# that you pass. This gives you a way to further restrict the
|
1879
|
-
# permissions for a federated user. You cannot use session policies to
|
1880
|
-
# grant more permissions than those that are defined in the permissions
|
1881
|
-
# policy of the IAM user. For more information, see [Session
|
1882
|
-
# Policies][6] in the *IAM User Guide*. For information about using
|
1883
|
-
# `GetFederationToken` to create temporary security credentials, see
|
1884
|
-
# [GetFederationToken—Federation Through a Custom Identity Broker][7].
|
1885
|
-
#
|
1886
|
-
# You can use the credentials to access a resource that has a
|
1887
|
-
# resource-based policy. If that policy specifically references the
|
1888
|
-
# federated user session in the `Principal` element of the policy, the
|
1889
|
-
# session has the permissions allowed by the policy. These permissions
|
1890
|
-
# are granted in addition to the permissions granted by the session
|
1891
|
-
# policies.
|
1892
|
-
#
|
1893
|
-
# **Tags**
|
1894
|
-
#
|
1895
|
-
# (Optional) You can pass tag key-value pairs to your session. These are
|
1896
|
-
# called session tags. For more information about session tags, see
|
1897
|
-
# [Passing Session Tags in STS][8] in the *IAM User Guide*.
|
1898
|
-
#
|
1899
1860
|
# An administrator must grant you the permissions necessary to pass
|
1900
1861
|
# session tags. The administrator can also create granular permissions
|
1901
1862
|
# to allow you to pass only specific session tags. For more information,
|
@@ -2164,8 +2125,8 @@ module Aws::STS
|
|
2164
2125
|
# correct MFA code, then the API returns an access denied error. For a
|
2165
2126
|
# comparison of `GetSessionToken` with the other API operations that
|
2166
2127
|
# produce temporary credentials, see [Requesting Temporary Security
|
2167
|
-
# Credentials][1] and [Comparing the
|
2168
|
-
# User Guide*.
|
2128
|
+
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
2129
|
+
# operations][2] in the *IAM User Guide*.
|
2169
2130
|
#
|
2170
2131
|
# **Session Duration**
|
2171
2132
|
#
|
@@ -2233,8 +2194,8 @@ module Aws::STS
|
|
2233
2194
|
# The value is either the serial number for a hardware device (such as
|
2234
2195
|
# `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual device
|
2235
2196
|
# (such as `arn:aws:iam::123456789012:mfa/user`). You can find the
|
2236
|
-
# device for an IAM user by going to the
|
2237
|
-
# the user's security credentials.
|
2197
|
+
# device for an IAM user by going to the Amazon Web Services Management
|
2198
|
+
# Console and viewing the user's security credentials.
|
2238
2199
|
#
|
2239
2200
|
# The regex used to validate this parameter is a string of characters
|
2240
2201
|
# consisting of upper- and lower-case alphanumeric characters with no
|
@@ -2312,7 +2273,7 @@ module Aws::STS
|
|
2312
2273
|
params: params,
|
2313
2274
|
config: config)
|
2314
2275
|
context[:gem_name] = 'aws-sdk-core'
|
2315
|
-
context[:gem_version] = '3.
|
2276
|
+
context[:gem_version] = '3.123.0'
|
2316
2277
|
Seahorse::Client::Request.new(handlers, context)
|
2317
2278
|
end
|
2318
2279
|
|
data/lib/aws-sdk-sts/types.rb
CHANGED
@@ -132,16 +132,25 @@ module Aws::STS
|
|
132
132
|
#
|
133
133
|
# @!attribute [rw] duration_seconds
|
134
134
|
# The duration, in seconds, of the role session. The value specified
|
135
|
-
# can
|
136
|
-
#
|
137
|
-
#
|
138
|
-
#
|
139
|
-
#
|
140
|
-
#
|
141
|
-
#
|
142
|
-
#
|
143
|
-
#
|
144
|
-
#
|
135
|
+
# can range from 900 seconds (15 minutes) up to the maximum session
|
136
|
+
# duration set for the role. The maximum session duration setting can
|
137
|
+
# have a value from 1 hour to 12 hours. If you specify a value higher
|
138
|
+
# than this setting or the administrator setting (whichever is lower),
|
139
|
+
# the operation fails. For example, if you specify a session duration
|
140
|
+
# of 12 hours, but your administrator set the maximum session duration
|
141
|
+
# to 6 hours, your operation fails.
|
142
|
+
#
|
143
|
+
# Role chaining limits your Amazon Web Services CLI or Amazon Web
|
144
|
+
# Services API role session to a maximum of one hour. When you use the
|
145
|
+
# `AssumeRole` API operation to assume a role, you can specify the
|
146
|
+
# duration of your role session with the `DurationSeconds` parameter.
|
147
|
+
# You can specify a parameter value of up to 43200 seconds (12 hours),
|
148
|
+
# depending on the maximum session duration setting for your role.
|
149
|
+
# However, if you assume a role using role chaining and provide a
|
150
|
+
# `DurationSeconds` parameter value greater than one hour, the
|
151
|
+
# operation fails. To learn how to view the maximum value for your
|
152
|
+
# role, see [View the Maximum Session Duration Setting for a Role][1]
|
153
|
+
# in the *IAM User Guide*.
|
145
154
|
#
|
146
155
|
# By default, the value is set to `3600` seconds.
|
147
156
|
#
|
@@ -150,8 +159,8 @@ module Aws::STS
|
|
150
159
|
# credentials. The request to the federation endpoint for a console
|
151
160
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
152
161
|
# maximum length of the console session. For more information, see
|
153
|
-
# [Creating a URL that Enables Federated Users to Access the
|
154
|
-
# Management Console][2] in the *IAM User Guide*.
|
162
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
163
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
155
164
|
#
|
156
165
|
# </note>
|
157
166
|
#
|
@@ -164,8 +173,8 @@ module Aws::STS
|
|
164
173
|
# @!attribute [rw] tags
|
165
174
|
# A list of session tags that you want to pass. Each session tag
|
166
175
|
# consists of a key name and an associated value. For more information
|
167
|
-
# about session tags, see [Tagging
|
168
|
-
# Guide*.
|
176
|
+
# about session tags, see [Tagging Amazon Web Services STS
|
177
|
+
# Sessions][1] in the *IAM User Guide*.
|
169
178
|
#
|
170
179
|
# This parameter is optional. You can pass up to 50 session tags. The
|
171
180
|
# plaintext session tag keys can’t exceed 128 characters, and the
|
@@ -516,8 +525,8 @@ module Aws::STS
|
|
516
525
|
# credentials. The request to the federation endpoint for a console
|
517
526
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
518
527
|
# maximum length of the console session. For more information, see
|
519
|
-
# [Creating a URL that Enables Federated Users to Access the
|
520
|
-
# Management Console][2] in the *IAM User Guide*.
|
528
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
529
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
521
530
|
#
|
522
531
|
# </note>
|
523
532
|
#
|
@@ -802,8 +811,8 @@ module Aws::STS
|
|
802
811
|
# credentials. The request to the federation endpoint for a console
|
803
812
|
# sign-in token takes a `SessionDuration` parameter that specifies the
|
804
813
|
# maximum length of the console session. For more information, see
|
805
|
-
# [Creating a URL that Enables Federated Users to Access the
|
806
|
-
# Management Console][2] in the *IAM User Guide*.
|
814
|
+
# [Creating a URL that Enables Federated Users to Access the Amazon
|
815
|
+
# Web Services Management Console][2] in the *IAM User Guide*.
|
807
816
|
#
|
808
817
|
# </note>
|
809
818
|
#
|
@@ -1012,7 +1021,7 @@ module Aws::STS
|
|
1012
1021
|
# returned in response to an Amazon Web Services request.
|
1013
1022
|
#
|
1014
1023
|
# @!attribute [rw] decoded_message
|
1015
|
-
#
|
1024
|
+
# The API returns a response with the decoded message.
|
1016
1025
|
# @return [String]
|
1017
1026
|
#
|
1018
1027
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse AWS API Documentation
|
@@ -1396,8 +1405,8 @@ module Aws::STS
|
|
1396
1405
|
# The value is either the serial number for a hardware device (such as
|
1397
1406
|
# `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual
|
1398
1407
|
# device (such as `arn:aws:iam::123456789012:mfa/user`). You can find
|
1399
|
-
# the device for an IAM user by going to the
|
1400
|
-
# viewing the user's security credentials.
|
1408
|
+
# the device for an IAM user by going to the Amazon Web Services
|
1409
|
+
# Management Console and viewing the user's security credentials.
|
1401
1410
|
#
|
1402
1411
|
# The regex used to validate this parameter is a string of characters
|
1403
1412
|
# consisting of upper- and lower-case alphanumeric characters with no
|
@@ -1546,7 +1555,7 @@ module Aws::STS
|
|
1546
1555
|
#
|
1547
1556
|
#
|
1548
1557
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1549
|
-
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
1558
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length
|
1550
1559
|
#
|
1551
1560
|
# @!attribute [rw] message
|
1552
1561
|
# @return [String]
|
@@ -1612,7 +1621,8 @@ module Aws::STS
|
|
1612
1621
|
# You can pass custom key-value pair attributes when you assume a role
|
1613
1622
|
# or federate a user. These are called session tags. You can then use
|
1614
1623
|
# the session tags to control access to resources. For more information,
|
1615
|
-
# see [Tagging STS Sessions][1] in the *IAM User
|
1624
|
+
# see [Tagging Amazon Web Services STS Sessions][1] in the *IAM User
|
1625
|
+
# Guide*.
|
1616
1626
|
#
|
1617
1627
|
#
|
1618
1628
|
#
|
data/lib/aws-sdk-sts.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.123.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-11-
|
11
|
+
date: 2021-11-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: jmespath
|