aws-sdk-core 3.130.1 → 3.171.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +301 -1
- data/VERSION +1 -1
- data/lib/aws-sdk-core/arn.rb +13 -0
- data/lib/aws-sdk-core/assume_role_credentials.rb +6 -11
- data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb +8 -10
- data/lib/aws-sdk-core/binary/encode_handler.rb +12 -1
- data/lib/aws-sdk-core/credential_provider_chain.rb +8 -5
- data/lib/aws-sdk-core/ecs_credentials.rb +116 -53
- data/lib/aws-sdk-core/endpoints/condition.rb +41 -0
- data/lib/aws-sdk-core/endpoints/endpoint.rb +17 -0
- data/lib/aws-sdk-core/endpoints/endpoint_rule.rb +75 -0
- data/lib/aws-sdk-core/endpoints/error_rule.rb +42 -0
- data/lib/aws-sdk-core/endpoints/function.rb +80 -0
- data/lib/aws-sdk-core/endpoints/matchers.rb +127 -0
- data/lib/aws-sdk-core/endpoints/reference.rb +31 -0
- data/lib/aws-sdk-core/endpoints/rule.rb +25 -0
- data/lib/aws-sdk-core/endpoints/rule_set.rb +52 -0
- data/lib/aws-sdk-core/endpoints/rules_provider.rb +37 -0
- data/lib/aws-sdk-core/endpoints/templater.rb +58 -0
- data/lib/aws-sdk-core/endpoints/tree_rule.rb +45 -0
- data/lib/aws-sdk-core/endpoints/url.rb +60 -0
- data/lib/aws-sdk-core/endpoints.rb +74 -0
- data/lib/aws-sdk-core/errors.rb +13 -0
- data/lib/aws-sdk-core/instance_profile_credentials.rb +5 -0
- data/lib/aws-sdk-core/json/error_handler.rb +10 -1
- data/lib/aws-sdk-core/pageable_response.rb +7 -0
- data/lib/aws-sdk-core/plugins/bearer_authorization.rb +67 -0
- data/lib/aws-sdk-core/plugins/credentials_configuration.rb +24 -0
- data/lib/aws-sdk-core/plugins/endpoint_discovery.rb +6 -2
- data/lib/aws-sdk-core/plugins/jsonvalue_converter.rb +34 -6
- data/lib/aws-sdk-core/plugins/recursion_detection.rb +14 -3
- data/lib/aws-sdk-core/plugins/regional_endpoint.rb +5 -0
- data/lib/aws-sdk-core/plugins/retries/error_inspector.rb +2 -1
- data/lib/aws-sdk-core/plugins/sign.rb +200 -0
- data/lib/aws-sdk-core/plugins/signature_v2.rb +1 -0
- data/lib/aws-sdk-core/plugins/signature_v4.rb +13 -7
- data/lib/aws-sdk-core/process_credentials.rb +6 -9
- data/lib/aws-sdk-core/refreshing_credentials.rb +2 -0
- data/lib/aws-sdk-core/refreshing_token.rb +71 -0
- data/lib/aws-sdk-core/rest/handler.rb +1 -1
- data/lib/aws-sdk-core/rest/request/headers.rb +2 -6
- data/lib/aws-sdk-core/shared_config.rb +76 -5
- data/lib/aws-sdk-core/sso_credentials.rb +84 -49
- data/lib/aws-sdk-core/sso_token_provider.rb +135 -0
- data/lib/aws-sdk-core/static_token_provider.rb +14 -0
- data/lib/aws-sdk-core/structure.rb +6 -4
- data/lib/aws-sdk-core/token.rb +31 -0
- data/lib/aws-sdk-core/token_provider.rb +15 -0
- data/lib/aws-sdk-core/token_provider_chain.rb +51 -0
- data/lib/aws-sdk-core/xml/error_handler.rb +7 -0
- data/lib/aws-sdk-core/xml/parser/engines/oga.rb +2 -0
- data/lib/aws-sdk-core.rb +14 -0
- data/lib/aws-sdk-sso/client.rb +51 -11
- data/lib/aws-sdk-sso/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-sso/endpoint_provider.rb +51 -0
- data/lib/aws-sdk-sso/endpoints.rb +71 -0
- data/lib/aws-sdk-sso/plugins/endpoints.rb +76 -0
- data/lib/aws-sdk-sso/types.rb +8 -43
- data/lib/aws-sdk-sso.rb +5 -1
- data/lib/aws-sdk-ssooidc/client.rb +606 -0
- data/lib/aws-sdk-ssooidc/client_api.rb +216 -0
- data/lib/aws-sdk-ssooidc/customizations.rb +1 -0
- data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +66 -0
- data/lib/aws-sdk-ssooidc/endpoint_provider.rb +51 -0
- data/lib/aws-sdk-ssooidc/endpoints.rb +57 -0
- data/lib/aws-sdk-ssooidc/errors.rb +290 -0
- data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +74 -0
- data/lib/aws-sdk-ssooidc/resource.rb +26 -0
- data/lib/aws-sdk-ssooidc/types.rb +502 -0
- data/lib/aws-sdk-ssooidc.rb +59 -0
- data/lib/aws-sdk-sts/client.rb +166 -138
- data/lib/aws-sdk-sts/endpoint_parameters.rb +78 -0
- data/lib/aws-sdk-sts/endpoint_provider.rb +109 -0
- data/lib/aws-sdk-sts/endpoints.rb +135 -0
- data/lib/aws-sdk-sts/plugins/endpoints.rb +84 -0
- data/lib/aws-sdk-sts/presigner.rb +13 -15
- data/lib/aws-sdk-sts/types.rb +79 -186
- data/lib/aws-sdk-sts.rb +5 -1
- data/lib/seahorse/client/async_base.rb +0 -1
- data/lib/seahorse/client/configuration.rb +2 -2
- data/lib/seahorse/client/h2/connection.rb +12 -11
- data/lib/seahorse/client/plugins/request_callback.rb +9 -9
- data/lib/seahorse/util.rb +4 -0
- metadata +55 -8
data/lib/aws-sdk-sts/client.rb
CHANGED
@@ -30,7 +30,7 @@ require 'aws-sdk-core/plugins/http_checksum.rb'
|
|
30
30
|
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
31
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
32
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
33
|
-
require 'aws-sdk-core/plugins/
|
33
|
+
require 'aws-sdk-core/plugins/sign.rb'
|
34
34
|
require 'aws-sdk-core/plugins/protocols/query.rb'
|
35
35
|
require 'aws-sdk-sts/plugins/sts_regional_endpoints.rb'
|
36
36
|
|
@@ -80,9 +80,10 @@ module Aws::STS
|
|
80
80
|
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
81
81
|
add_plugin(Aws::Plugins::DefaultsMode)
|
82
82
|
add_plugin(Aws::Plugins::RecursionDetection)
|
83
|
-
add_plugin(Aws::Plugins::
|
83
|
+
add_plugin(Aws::Plugins::Sign)
|
84
84
|
add_plugin(Aws::Plugins::Protocols::Query)
|
85
85
|
add_plugin(Aws::STS::Plugins::STSRegionalEndpoints)
|
86
|
+
add_plugin(Aws::STS::Plugins::Endpoints)
|
86
87
|
|
87
88
|
# @overload initialize(options)
|
88
89
|
# @param [Hash] options
|
@@ -294,6 +295,19 @@ module Aws::STS
|
|
294
295
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
295
296
|
# requests are made, and retries are disabled.
|
296
297
|
#
|
298
|
+
# @option options [Aws::TokenProvider] :token_provider
|
299
|
+
# A Bearer Token Provider. This can be an instance of any one of the
|
300
|
+
# following classes:
|
301
|
+
#
|
302
|
+
# * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
|
303
|
+
# tokens.
|
304
|
+
#
|
305
|
+
# * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
|
306
|
+
# access token generated from `aws login`.
|
307
|
+
#
|
308
|
+
# When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
|
309
|
+
# will be used to search for tokens configured for your profile in shared configuration files.
|
310
|
+
#
|
297
311
|
# @option options [Boolean] :use_dualstack_endpoint
|
298
312
|
# When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
|
299
313
|
# will be used if available.
|
@@ -307,6 +321,9 @@ module Aws::STS
|
|
307
321
|
# When `true`, request parameters are validated before
|
308
322
|
# sending the request.
|
309
323
|
#
|
324
|
+
# @option options [Aws::STS::EndpointProvider] :endpoint_provider
|
325
|
+
# The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::STS::EndpointParameters`
|
326
|
+
#
|
310
327
|
# @option options [URI::HTTP,String] :http_proxy A proxy to send
|
311
328
|
# requests through. Formatted like 'http://proxy.com:123'.
|
312
329
|
#
|
@@ -359,14 +376,13 @@ module Aws::STS
|
|
359
376
|
# @!group API Operations
|
360
377
|
|
361
378
|
# Returns a set of temporary security credentials that you can use to
|
362
|
-
# access Amazon Web Services resources
|
363
|
-
#
|
364
|
-
#
|
365
|
-
#
|
366
|
-
#
|
367
|
-
#
|
368
|
-
#
|
369
|
-
# operations][2] in the *IAM User Guide*.
|
379
|
+
# access Amazon Web Services resources. These temporary credentials
|
380
|
+
# consist of an access key ID, a secret access key, and a security
|
381
|
+
# token. Typically, you use `AssumeRole` within your account or for
|
382
|
+
# cross-account access. For a comparison of `AssumeRole` with other API
|
383
|
+
# operations that produce temporary credentials, see [Requesting
|
384
|
+
# Temporary Security Credentials][1] and [Comparing the Amazon Web
|
385
|
+
# Services STS API operations][2] in the *IAM User Guide*.
|
370
386
|
#
|
371
387
|
# **Permissions**
|
372
388
|
#
|
@@ -377,18 +393,18 @@ module Aws::STS
|
|
377
393
|
#
|
378
394
|
# (Optional) You can pass inline or managed [session policies][3] to
|
379
395
|
# this operation. You can pass a single JSON policy document to use as
|
380
|
-
# an inline session policy. You can also specify up to 10 managed
|
381
|
-
#
|
382
|
-
# use for both inline and managed session policies
|
383
|
-
# characters. Passing policies to this operation
|
384
|
-
# credentials. The resulting session's
|
385
|
-
# of the role's identity-based policy
|
386
|
-
# use the role's temporary
|
387
|
-
# Services API calls to access
|
388
|
-
# role. You cannot use session
|
389
|
-
#
|
390
|
-
#
|
391
|
-
# User Guide*.
|
396
|
+
# an inline session policy. You can also specify up to 10 managed policy
|
397
|
+
# Amazon Resource Names (ARNs) to use as managed session policies. The
|
398
|
+
# plaintext that you use for both inline and managed session policies
|
399
|
+
# can't exceed 2,048 characters. Passing policies to this operation
|
400
|
+
# returns new temporary credentials. The resulting session's
|
401
|
+
# permissions are the intersection of the role's identity-based policy
|
402
|
+
# and the session policies. You can use the role's temporary
|
403
|
+
# credentials in subsequent Amazon Web Services API calls to access
|
404
|
+
# resources in the account that owns the role. You cannot use session
|
405
|
+
# policies to grant more permissions than those allowed by the
|
406
|
+
# identity-based policy of the role that is being assumed. For more
|
407
|
+
# information, see [Session Policies][3] in the *IAM User Guide*.
|
392
408
|
#
|
393
409
|
# When you create a role, you create two policies: A role trust policy
|
394
410
|
# that specifies *who* can assume the role and a permissions policy that
|
@@ -502,12 +518,12 @@ module Aws::STS
|
|
502
518
|
# about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services
|
503
519
|
# Service Namespaces][1] in the Amazon Web Services General Reference.
|
504
520
|
#
|
505
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
506
|
-
#
|
507
|
-
# separate limit. Your request can fail for this limit
|
508
|
-
# plaintext meets the other requirements. The
|
509
|
-
# response element indicates by percentage how close
|
510
|
-
# tags for your request are to the upper size limit.
|
521
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
|
522
|
+
# policy, managed policy ARNs, and session tags into a packed binary
|
523
|
+
# format that has a separate limit. Your request can fail for this limit
|
524
|
+
# even if your plaintext meets the other requirements. The
|
525
|
+
# `PackedPolicySize` response element indicates by percentage how close
|
526
|
+
# the policies and tags for your request are to the upper size limit.
|
511
527
|
#
|
512
528
|
# </note>
|
513
529
|
#
|
@@ -547,12 +563,12 @@ module Aws::STS
|
|
547
563
|
# the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)
|
548
564
|
# characters.
|
549
565
|
#
|
550
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
551
|
-
#
|
552
|
-
# separate limit. Your request can fail for this limit
|
553
|
-
# plaintext meets the other requirements. The
|
554
|
-
# response element indicates by percentage how close
|
555
|
-
# tags for your request are to the upper size limit.
|
566
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
|
567
|
+
# policy, managed policy ARNs, and session tags into a packed binary
|
568
|
+
# format that has a separate limit. Your request can fail for this limit
|
569
|
+
# even if your plaintext meets the other requirements. The
|
570
|
+
# `PackedPolicySize` response element indicates by percentage how close
|
571
|
+
# the policies and tags for your request are to the upper size limit.
|
556
572
|
#
|
557
573
|
# </note>
|
558
574
|
#
|
@@ -610,12 +626,12 @@ module Aws::STS
|
|
610
626
|
# can’t exceed 256 characters. For these and additional limits, see [IAM
|
611
627
|
# and STS Character Limits][2] in the *IAM User Guide*.
|
612
628
|
#
|
613
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
614
|
-
#
|
615
|
-
# separate limit. Your request can fail for this limit
|
616
|
-
# plaintext meets the other requirements. The
|
617
|
-
# response element indicates by percentage how close
|
618
|
-
# tags for your request are to the upper size limit.
|
629
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
|
630
|
+
# policy, managed policy ARNs, and session tags into a packed binary
|
631
|
+
# format that has a separate limit. Your request can fail for this limit
|
632
|
+
# even if your plaintext meets the other requirements. The
|
633
|
+
# `PackedPolicySize` response element indicates by percentage how close
|
634
|
+
# the policies and tags for your request are to the upper size limit.
|
619
635
|
#
|
620
636
|
# </note>
|
621
637
|
#
|
@@ -878,18 +894,18 @@ module Aws::STS
|
|
878
894
|
#
|
879
895
|
# (Optional) You can pass inline or managed [session policies][6] to
|
880
896
|
# this operation. You can pass a single JSON policy document to use as
|
881
|
-
# an inline session policy. You can also specify up to 10 managed
|
882
|
-
#
|
883
|
-
# use for both inline and managed session policies
|
884
|
-
# characters. Passing policies to this operation
|
885
|
-
# credentials. The resulting session's
|
886
|
-
# of the role's identity-based policy
|
887
|
-
# use the role's temporary
|
888
|
-
# Services API calls to access
|
889
|
-
# role. You cannot use session
|
890
|
-
#
|
891
|
-
#
|
892
|
-
# User Guide*.
|
897
|
+
# an inline session policy. You can also specify up to 10 managed policy
|
898
|
+
# Amazon Resource Names (ARNs) to use as managed session policies. The
|
899
|
+
# plaintext that you use for both inline and managed session policies
|
900
|
+
# can't exceed 2,048 characters. Passing policies to this operation
|
901
|
+
# returns new temporary credentials. The resulting session's
|
902
|
+
# permissions are the intersection of the role's identity-based policy
|
903
|
+
# and the session policies. You can use the role's temporary
|
904
|
+
# credentials in subsequent Amazon Web Services API calls to access
|
905
|
+
# resources in the account that owns the role. You cannot use session
|
906
|
+
# policies to grant more permissions than those allowed by the
|
907
|
+
# identity-based policy of the role that is being assumed. For more
|
908
|
+
# information, see [Session Policies][6] in the *IAM User Guide*.
|
893
909
|
#
|
894
910
|
# Calling `AssumeRoleWithSAML` does not require the use of Amazon Web
|
895
911
|
# Services security credentials. The identity of the caller is validated
|
@@ -915,12 +931,12 @@ module Aws::STS
|
|
915
931
|
# characters. For these and additional limits, see [IAM and STS
|
916
932
|
# Character Limits][8] in the *IAM User Guide*.
|
917
933
|
#
|
918
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
919
|
-
#
|
920
|
-
# separate limit. Your request can fail for this limit
|
921
|
-
# plaintext meets the other requirements. The
|
922
|
-
# response element indicates by percentage how close
|
923
|
-
# tags for your request are to the upper size limit.
|
934
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
|
935
|
+
# policy, managed policy ARNs, and session tags into a packed binary
|
936
|
+
# format that has a separate limit. Your request can fail for this limit
|
937
|
+
# even if your plaintext meets the other requirements. The
|
938
|
+
# `PackedPolicySize` response element indicates by percentage how close
|
939
|
+
# the policies and tags for your request are to the upper size limit.
|
924
940
|
#
|
925
941
|
# </note>
|
926
942
|
#
|
@@ -1006,12 +1022,12 @@ module Aws::STS
|
|
1006
1022
|
# about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services
|
1007
1023
|
# Service Namespaces][1] in the Amazon Web Services General Reference.
|
1008
1024
|
#
|
1009
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1010
|
-
#
|
1011
|
-
# separate limit. Your request can fail for this limit
|
1012
|
-
# plaintext meets the other requirements. The
|
1013
|
-
# response element indicates by percentage how close
|
1014
|
-
# tags for your request are to the upper size limit.
|
1025
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
|
1026
|
+
# policy, managed policy ARNs, and session tags into a packed binary
|
1027
|
+
# format that has a separate limit. Your request can fail for this limit
|
1028
|
+
# even if your plaintext meets the other requirements. The
|
1029
|
+
# `PackedPolicySize` response element indicates by percentage how close
|
1030
|
+
# the policies and tags for your request are to the upper size limit.
|
1015
1031
|
#
|
1016
1032
|
# </note>
|
1017
1033
|
#
|
@@ -1051,12 +1067,12 @@ module Aws::STS
|
|
1051
1067
|
# the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)
|
1052
1068
|
# characters.
|
1053
1069
|
#
|
1054
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1055
|
-
#
|
1056
|
-
# separate limit. Your request can fail for this limit
|
1057
|
-
# plaintext meets the other requirements. The
|
1058
|
-
# response element indicates by percentage how close
|
1059
|
-
# tags for your request are to the upper size limit.
|
1070
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
|
1071
|
+
# policy, managed policy ARNs, and session tags into a packed binary
|
1072
|
+
# format that has a separate limit. Your request can fail for this limit
|
1073
|
+
# even if your plaintext meets the other requirements. The
|
1074
|
+
# `PackedPolicySize` response element indicates by percentage how close
|
1075
|
+
# the policies and tags for your request are to the upper size limit.
|
1060
1076
|
#
|
1061
1077
|
# </note>
|
1062
1078
|
#
|
@@ -1239,18 +1255,18 @@ module Aws::STS
|
|
1239
1255
|
#
|
1240
1256
|
# (Optional) You can pass inline or managed [session policies][10] to
|
1241
1257
|
# this operation. You can pass a single JSON policy document to use as
|
1242
|
-
# an inline session policy. You can also specify up to 10 managed
|
1243
|
-
#
|
1244
|
-
# use for both inline and managed session policies
|
1245
|
-
# characters. Passing policies to this operation
|
1246
|
-
# credentials. The resulting session's
|
1247
|
-
# of the role's identity-based policy
|
1248
|
-
# use the role's temporary
|
1249
|
-
# Services API calls to access
|
1250
|
-
# role. You cannot use session
|
1251
|
-
#
|
1252
|
-
#
|
1253
|
-
# User Guide*.
|
1258
|
+
# an inline session policy. You can also specify up to 10 managed policy
|
1259
|
+
# Amazon Resource Names (ARNs) to use as managed session policies. The
|
1260
|
+
# plaintext that you use for both inline and managed session policies
|
1261
|
+
# can't exceed 2,048 characters. Passing policies to this operation
|
1262
|
+
# returns new temporary credentials. The resulting session's
|
1263
|
+
# permissions are the intersection of the role's identity-based policy
|
1264
|
+
# and the session policies. You can use the role's temporary
|
1265
|
+
# credentials in subsequent Amazon Web Services API calls to access
|
1266
|
+
# resources in the account that owns the role. You cannot use session
|
1267
|
+
# policies to grant more permissions than those allowed by the
|
1268
|
+
# identity-based policy of the role that is being assumed. For more
|
1269
|
+
# information, see [Session Policies][10] in the *IAM User Guide*.
|
1254
1270
|
#
|
1255
1271
|
# **Tags**
|
1256
1272
|
#
|
@@ -1264,12 +1280,12 @@ module Aws::STS
|
|
1264
1280
|
# characters. For these and additional limits, see [IAM and STS
|
1265
1281
|
# Character Limits][12] in the *IAM User Guide*.
|
1266
1282
|
#
|
1267
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1268
|
-
#
|
1269
|
-
# separate limit. Your request can fail for this limit
|
1270
|
-
# plaintext meets the other requirements. The
|
1271
|
-
# response element indicates by percentage how close
|
1272
|
-
# tags for your request are to the upper size limit.
|
1283
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
|
1284
|
+
# policy, managed policy ARNs, and session tags into a packed binary
|
1285
|
+
# format that has a separate limit. Your request can fail for this limit
|
1286
|
+
# even if your plaintext meets the other requirements. The
|
1287
|
+
# `PackedPolicySize` response element indicates by percentage how close
|
1288
|
+
# the policies and tags for your request are to the upper size limit.
|
1273
1289
|
#
|
1274
1290
|
# </note>
|
1275
1291
|
#
|
@@ -1393,12 +1409,12 @@ module Aws::STS
|
|
1393
1409
|
# about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services
|
1394
1410
|
# Service Namespaces][1] in the Amazon Web Services General Reference.
|
1395
1411
|
#
|
1396
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1397
|
-
#
|
1398
|
-
# separate limit. Your request can fail for this limit
|
1399
|
-
# plaintext meets the other requirements. The
|
1400
|
-
# response element indicates by percentage how close
|
1401
|
-
# tags for your request are to the upper size limit.
|
1412
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
|
1413
|
+
# policy, managed policy ARNs, and session tags into a packed binary
|
1414
|
+
# format that has a separate limit. Your request can fail for this limit
|
1415
|
+
# even if your plaintext meets the other requirements. The
|
1416
|
+
# `PackedPolicySize` response element indicates by percentage how close
|
1417
|
+
# the policies and tags for your request are to the upper size limit.
|
1402
1418
|
#
|
1403
1419
|
# </note>
|
1404
1420
|
#
|
@@ -1438,12 +1454,12 @@ module Aws::STS
|
|
1438
1454
|
# the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)
|
1439
1455
|
# characters.
|
1440
1456
|
#
|
1441
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1442
|
-
#
|
1443
|
-
# separate limit. Your request can fail for this limit
|
1444
|
-
# plaintext meets the other requirements. The
|
1445
|
-
# response element indicates by percentage how close
|
1446
|
-
# tags for your request are to the upper size limit.
|
1457
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
|
1458
|
+
# policy, managed policy ARNs, and session tags into a packed binary
|
1459
|
+
# format that has a separate limit. Your request can fail for this limit
|
1460
|
+
# even if your plaintext meets the other requirements. The
|
1461
|
+
# `PackedPolicySize` response element indicates by percentage how close
|
1462
|
+
# the policies and tags for your request are to the upper size limit.
|
1447
1463
|
#
|
1448
1464
|
# </note>
|
1449
1465
|
#
|
@@ -1826,19 +1842,22 @@ module Aws::STS
|
|
1826
1842
|
# **Permissions**
|
1827
1843
|
#
|
1828
1844
|
# You can use the temporary credentials created by `GetFederationToken`
|
1829
|
-
# in any Amazon Web Services service
|
1845
|
+
# in any Amazon Web Services service with the following exceptions:
|
1830
1846
|
#
|
1831
1847
|
# * You cannot call any IAM operations using the CLI or the Amazon Web
|
1832
|
-
# Services API.
|
1848
|
+
# Services API. This limitation does not apply to console sessions.
|
1833
1849
|
#
|
1834
1850
|
# * You cannot call any STS operations except `GetCallerIdentity`.
|
1835
1851
|
#
|
1852
|
+
# You can use temporary credentials for single sign-on (SSO) to the
|
1853
|
+
# console.
|
1854
|
+
#
|
1836
1855
|
# You must pass an inline or managed [session policy][6] to this
|
1837
1856
|
# operation. You can pass a single JSON policy document to use as an
|
1838
|
-
# inline session policy. You can also specify up to 10 managed
|
1839
|
-
# to use as managed session policies. The
|
1840
|
-
# both inline and managed session policies
|
1841
|
-
# characters.
|
1857
|
+
# inline session policy. You can also specify up to 10 managed policy
|
1858
|
+
# Amazon Resource Names (ARNs) to use as managed session policies. The
|
1859
|
+
# plaintext that you use for both inline and managed session policies
|
1860
|
+
# can't exceed 2,048 characters.
|
1842
1861
|
#
|
1843
1862
|
# Though the session policy parameters are optional, if you do not pass
|
1844
1863
|
# a policy, then the resulting federated user session has no
|
@@ -1917,8 +1936,8 @@ module Aws::STS
|
|
1917
1936
|
#
|
1918
1937
|
# You must pass an inline or managed [session policy][1] to this
|
1919
1938
|
# operation. You can pass a single JSON policy document to use as an
|
1920
|
-
# inline session policy. You can also specify up to 10 managed
|
1921
|
-
# to use as managed session policies.
|
1939
|
+
# inline session policy. You can also specify up to 10 managed policy
|
1940
|
+
# Amazon Resource Names (ARNs) to use as managed session policies.
|
1922
1941
|
#
|
1923
1942
|
# This parameter is optional. However, if you do not pass any session
|
1924
1943
|
# policies, then the resulting federated user session has no
|
@@ -1946,12 +1965,12 @@ module Aws::STS
|
|
1946
1965
|
# the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)
|
1947
1966
|
# characters.
|
1948
1967
|
#
|
1949
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1950
|
-
#
|
1951
|
-
# separate limit. Your request can fail for this limit
|
1952
|
-
# plaintext meets the other requirements. The
|
1953
|
-
# response element indicates by percentage how close
|
1954
|
-
# tags for your request are to the upper size limit.
|
1968
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
|
1969
|
+
# policy, managed policy ARNs, and session tags into a packed binary
|
1970
|
+
# format that has a separate limit. Your request can fail for this limit
|
1971
|
+
# even if your plaintext meets the other requirements. The
|
1972
|
+
# `PackedPolicySize` response element indicates by percentage how close
|
1973
|
+
# the policies and tags for your request are to the upper size limit.
|
1955
1974
|
#
|
1956
1975
|
# </note>
|
1957
1976
|
#
|
@@ -1966,13 +1985,13 @@ module Aws::STS
|
|
1966
1985
|
#
|
1967
1986
|
# You must pass an inline or managed [session policy][1] to this
|
1968
1987
|
# operation. You can pass a single JSON policy document to use as an
|
1969
|
-
# inline session policy. You can also specify up to 10 managed
|
1970
|
-
# to use as managed session policies. The
|
1971
|
-
# both inline and managed session policies
|
1972
|
-
# characters. You can provide up to 10 managed
|
1973
|
-
# information about ARNs, see [Amazon Resource
|
1974
|
-
# Web Services Service Namespaces][2] in the
|
1975
|
-
# Reference.
|
1988
|
+
# inline session policy. You can also specify up to 10 managed policy
|
1989
|
+
# Amazon Resource Names (ARNs) to use as managed session policies. The
|
1990
|
+
# plaintext that you use for both inline and managed session policies
|
1991
|
+
# can't exceed 2,048 characters. You can provide up to 10 managed
|
1992
|
+
# policy ARNs. For more information about ARNs, see [Amazon Resource
|
1993
|
+
# Names (ARNs) and Amazon Web Services Service Namespaces][2] in the
|
1994
|
+
# Amazon Web Services General Reference.
|
1976
1995
|
#
|
1977
1996
|
# This parameter is optional. However, if you do not pass any session
|
1978
1997
|
# policies, then the resulting federated user session has no
|
@@ -1993,12 +2012,12 @@ module Aws::STS
|
|
1993
2012
|
# are granted in addition to the permissions that are granted by the
|
1994
2013
|
# session policies.
|
1995
2014
|
#
|
1996
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
1997
|
-
#
|
1998
|
-
# separate limit. Your request can fail for this limit
|
1999
|
-
# plaintext meets the other requirements. The
|
2000
|
-
# response element indicates by percentage how close
|
2001
|
-
# tags for your request are to the upper size limit.
|
2015
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
|
2016
|
+
# policy, managed policy ARNs, and session tags into a packed binary
|
2017
|
+
# format that has a separate limit. Your request can fail for this limit
|
2018
|
+
# even if your plaintext meets the other requirements. The
|
2019
|
+
# `PackedPolicySize` response element indicates by percentage how close
|
2020
|
+
# the policies and tags for your request are to the upper size limit.
|
2002
2021
|
#
|
2003
2022
|
# </note>
|
2004
2023
|
#
|
@@ -2026,12 +2045,12 @@ module Aws::STS
|
|
2026
2045
|
# can’t exceed 256 characters. For these and additional limits, see [IAM
|
2027
2046
|
# and STS Character Limits][2] in the *IAM User Guide*.
|
2028
2047
|
#
|
2029
|
-
# <note markdown="1"> An Amazon Web Services conversion compresses the passed session
|
2030
|
-
#
|
2031
|
-
# separate limit. Your request can fail for this limit
|
2032
|
-
# plaintext meets the other requirements. The
|
2033
|
-
# response element indicates by percentage how close
|
2034
|
-
# tags for your request are to the upper size limit.
|
2048
|
+
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
|
2049
|
+
# policy, managed policy ARNs, and session tags into a packed binary
|
2050
|
+
# format that has a separate limit. Your request can fail for this limit
|
2051
|
+
# even if your plaintext meets the other requirements. The
|
2052
|
+
# `PackedPolicySize` response element indicates by percentage how close
|
2053
|
+
# the policies and tags for your request are to the upper size limit.
|
2035
2054
|
#
|
2036
2055
|
# </note>
|
2037
2056
|
#
|
@@ -2145,6 +2164,14 @@ module Aws::STS
|
|
2145
2164
|
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
2146
2165
|
# operations][2] in the *IAM User Guide*.
|
2147
2166
|
#
|
2167
|
+
# <note markdown="1"> No permissions are required for users to perform this operation. The
|
2168
|
+
# purpose of the `sts:GetSessionToken` operation is to authenticate the
|
2169
|
+
# user using MFA. You cannot use policies to control authentication
|
2170
|
+
# operations. For more information, see [Permissions for
|
2171
|
+
# GetSessionToken][3] in the *IAM User Guide*.
|
2172
|
+
#
|
2173
|
+
# </note>
|
2174
|
+
#
|
2148
2175
|
# **Session Duration**
|
2149
2176
|
#
|
2150
2177
|
# The `GetSessionToken` operation must be called by using the long-term
|
@@ -2170,7 +2197,7 @@ module Aws::STS
|
|
2170
2197
|
#
|
2171
2198
|
# <note markdown="1"> We recommend that you do not call `GetSessionToken` with Amazon Web
|
2172
2199
|
# Services account root user credentials. Instead, follow our [best
|
2173
|
-
# practices][
|
2200
|
+
# practices][4] by creating one or more IAM users, giving them the
|
2174
2201
|
# necessary permissions, and using IAM users for everyday interaction
|
2175
2202
|
# with Amazon Web Services.
|
2176
2203
|
#
|
@@ -2186,14 +2213,15 @@ module Aws::STS
|
|
2186
2213
|
#
|
2187
2214
|
# For more information about using `GetSessionToken` to create temporary
|
2188
2215
|
# credentials, go to [Temporary Credentials for Users in Untrusted
|
2189
|
-
# Environments][
|
2216
|
+
# Environments][5] in the *IAM User Guide*.
|
2190
2217
|
#
|
2191
2218
|
#
|
2192
2219
|
#
|
2193
2220
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
2194
2221
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
2195
|
-
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
2196
|
-
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
2222
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html
|
2223
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users
|
2224
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
|
2197
2225
|
#
|
2198
2226
|
# @option params [Integer] :duration_seconds
|
2199
2227
|
# The duration, in seconds, that the credentials should remain valid.
|
@@ -2290,7 +2318,7 @@ module Aws::STS
|
|
2290
2318
|
params: params,
|
2291
2319
|
config: config)
|
2292
2320
|
context[:gem_name] = 'aws-sdk-core'
|
2293
|
-
context[:gem_version] = '3.
|
2321
|
+
context[:gem_version] = '3.171.0'
|
2294
2322
|
Seahorse::Client::Request.new(handlers, context)
|
2295
2323
|
end
|
2296
2324
|
|
@@ -0,0 +1,78 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
module Aws::STS
|
11
|
+
# Endpoint parameters used to influence endpoints per request.
|
12
|
+
#
|
13
|
+
# @!attribute region
|
14
|
+
# The AWS region used to dispatch the request.
|
15
|
+
#
|
16
|
+
# @return [String]
|
17
|
+
#
|
18
|
+
# @!attribute use_dual_stack
|
19
|
+
# When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.
|
20
|
+
#
|
21
|
+
# @return [Boolean]
|
22
|
+
#
|
23
|
+
# @!attribute use_fips
|
24
|
+
# When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.
|
25
|
+
#
|
26
|
+
# @return [Boolean]
|
27
|
+
#
|
28
|
+
# @!attribute endpoint
|
29
|
+
# Override the endpoint used to send this request
|
30
|
+
#
|
31
|
+
# @return [String]
|
32
|
+
#
|
33
|
+
# @!attribute use_global_endpoint
|
34
|
+
# Whether the global endpoint should be used, rather then the regional endpoint for us-east-1.
|
35
|
+
#
|
36
|
+
# @return [Boolean]
|
37
|
+
#
|
38
|
+
EndpointParameters = Struct.new(
|
39
|
+
:region,
|
40
|
+
:use_dual_stack,
|
41
|
+
:use_fips,
|
42
|
+
:endpoint,
|
43
|
+
:use_global_endpoint,
|
44
|
+
) do
|
45
|
+
include Aws::Structure
|
46
|
+
|
47
|
+
# @api private
|
48
|
+
class << self
|
49
|
+
PARAM_MAP = {
|
50
|
+
'Region' => :region,
|
51
|
+
'UseDualStack' => :use_dual_stack,
|
52
|
+
'UseFIPS' => :use_fips,
|
53
|
+
'Endpoint' => :endpoint,
|
54
|
+
'UseGlobalEndpoint' => :use_global_endpoint,
|
55
|
+
}.freeze
|
56
|
+
end
|
57
|
+
|
58
|
+
def initialize(options = {})
|
59
|
+
self[:region] = options[:region]
|
60
|
+
self[:use_dual_stack] = options[:use_dual_stack]
|
61
|
+
self[:use_dual_stack] = false if self[:use_dual_stack].nil?
|
62
|
+
if self[:use_dual_stack].nil?
|
63
|
+
raise ArgumentError, "Missing required EndpointParameter: :use_dual_stack"
|
64
|
+
end
|
65
|
+
self[:use_fips] = options[:use_fips]
|
66
|
+
self[:use_fips] = false if self[:use_fips].nil?
|
67
|
+
if self[:use_fips].nil?
|
68
|
+
raise ArgumentError, "Missing required EndpointParameter: :use_fips"
|
69
|
+
end
|
70
|
+
self[:endpoint] = options[:endpoint]
|
71
|
+
self[:use_global_endpoint] = options[:use_global_endpoint]
|
72
|
+
self[:use_global_endpoint] = false if self[:use_global_endpoint].nil?
|
73
|
+
if self[:use_global_endpoint].nil?
|
74
|
+
raise ArgumentError, "Missing required EndpointParameter: :use_global_endpoint"
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|