aws-sdk-core 3.171.1 → 3.172.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 77d1ea18ecbf1fbe9719e1a0cbacbc0ed27728d99a81e1f646bc192311263830
4
- data.tar.gz: 69a01c8aad8d94d35971796fe6f4b847b700e892626f564c17a9e35ab5ed660a
3
+ metadata.gz: 746f82369d60381064a023bbb6acf6d34175a24c1efabb7a321413e4d2d9de88
4
+ data.tar.gz: 463ab018b652877c3dcd0ad4b9c5dfae3c17ad3c0d90b48b97d076a2d92cb946
5
5
  SHA512:
6
- metadata.gz: 14dab48dae835a45f4466f394e5eeced702923345a9d3a113dbac2e4ebb48faaa6b89d51c804ff9d3ecd608e7411629a9fc0e86b45a05f26de0ae64df954ccee
7
- data.tar.gz: 8394d0cf230a56969279dbec6437c9cdd2500417bb6b6a270476f49fa3f0e4dddc0c3dcb9fa6b90b7a5f921bfbe402289f20e10d7992c94663627f2d41f84848
6
+ metadata.gz: cf6fe14a282f4dfe099643be4f34cac8ea6646db4017edad82bcaa44078611f3c3a17945c83079f30be804ae022dc8f66c123cb993d22cb31e262e49a05cce8e
7
+ data.tar.gz: '088d17868e17675ad2ab7baea66aba02c07905a912b2fefb51ec306299d48da5cdba325ff022e7eedf7e0ee27c09721de1c9070da233fa6353169762900b1cf1'
data/CHANGELOG.md CHANGED
@@ -1,6 +1,13 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 3.172.0 (2023-05-08)
5
+ ------------------
6
+
7
+ * Feature - Updated Aws::STS::Client with the latest API changes.
8
+
9
+ * Feature - Add :region option to `Aws::Log::Formatter`.
10
+
4
11
  3.171.1 (2023-05-04)
5
12
  ------------------
6
13
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.171.1
1
+ 3.172.0
@@ -26,6 +26,8 @@ module Aws
26
26
  #
27
27
  # You can put any of these placeholders into you pattern.
28
28
  #
29
+ # * `:region` - The region configured for the client.
30
+ #
29
31
  # * `:client_class` - The name of the client class.
30
32
  #
31
33
  # * `:operation` - The name of the client request method.
@@ -116,6 +118,10 @@ module Aws
116
118
 
117
119
  private
118
120
 
121
+ def _region(response)
122
+ response.context.config.region
123
+ end
124
+
119
125
  def _client_class(response)
120
126
  response.context.client.class.name
121
127
  end
@@ -585,7 +585,7 @@ module Aws::SSO
585
585
  params: params,
586
586
  config: config)
587
587
  context[:gem_name] = 'aws-sdk-core'
588
- context[:gem_version] = '3.171.1'
588
+ context[:gem_version] = '3.172.0'
589
589
  Seahorse::Client::Request.new(handlers, context)
590
590
  end
591
591
 
data/lib/aws-sdk-sso.rb CHANGED
@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sso/customizations'
54
54
  # @!group service
55
55
  module Aws::SSO
56
56
 
57
- GEM_VERSION = '3.171.1'
57
+ GEM_VERSION = '3.172.0'
58
58
 
59
59
  end
@@ -581,7 +581,7 @@ module Aws::SSOOIDC
581
581
  params: params,
582
582
  config: config)
583
583
  context[:gem_name] = 'aws-sdk-core'
584
- context[:gem_version] = '3.171.1'
584
+ context[:gem_version] = '3.172.0'
585
585
  Seahorse::Client::Request.new(handlers, context)
586
586
  end
587
587
 
@@ -54,6 +54,6 @@ require_relative 'aws-sdk-ssooidc/customizations'
54
54
  # @!group service
55
55
  module Aws::SSOOIDC
56
56
 
57
- GEM_VERSION = '3.171.1'
57
+ GEM_VERSION = '3.172.0'
58
58
 
59
59
  end
@@ -406,10 +406,11 @@ module Aws::STS
406
406
  # identity-based policy of the role that is being assumed. For more
407
407
  # information, see [Session Policies][3] in the *IAM User Guide*.
408
408
  #
409
- # When you create a role, you create two policies: A role trust policy
410
- # that specifies *who* can assume the role and a permissions policy that
411
- # specifies *what* can be done with the role. You specify the trusted
412
- # principal who is allowed to assume the role in the role trust policy.
409
+ # When you create a role, you create two policies: a role trust policy
410
+ # that specifies *who* can assume the role, and a permissions policy
411
+ # that specifies *what* can be done with the role. You specify the
412
+ # trusted principal that is allowed to assume the role in the role trust
413
+ # policy.
413
414
  #
414
415
  # To assume a role from a different account, your Amazon Web Services
415
416
  # account must be trusted by the role. The trust relationship is defined
@@ -418,10 +419,9 @@ module Aws::STS
418
419
  # users in the account.
419
420
  #
420
421
  # A user who wants to access a role in a different account must also
421
- # have permissions that are delegated from the user account
422
- # administrator. The administrator must attach a policy that allows the
423
- # user to call `AssumeRole` for the ARN of the role in the other
424
- # account.
422
+ # have permissions that are delegated from the account administrator.
423
+ # The administrator must attach a policy that allows the user to call
424
+ # `AssumeRole` for the ARN of the role in the other account.
425
425
  #
426
426
  # To allow a user to assume a role in the same account, you can do
427
427
  # either of the following:
@@ -1206,10 +1206,8 @@ module Aws::STS
1206
1206
  # the user with a consistent identity throughout the lifetime of an
1207
1207
  # application.
1208
1208
  #
1209
- # To learn more about Amazon Cognito, see [Amazon Cognito Overview][4]
1210
- # in *Amazon Web Services SDK for Android Developer Guide* and [Amazon
1211
- # Cognito Overview][5] in the *Amazon Web Services SDK for iOS Developer
1212
- # Guide*.
1209
+ # To learn more about Amazon Cognito, see [Amazon Cognito identity
1210
+ # pools][1] in *Amazon Cognito Developer Guide*.
1213
1211
  #
1214
1212
  # </note>
1215
1213
  #
@@ -1223,8 +1221,8 @@ module Aws::STS
1223
1221
  # a token from the web identity provider. For a comparison of
1224
1222
  # `AssumeRoleWithWebIdentity` with the other API operations that produce
1225
1223
  # temporary credentials, see [Requesting Temporary Security
1226
- # Credentials][6] and [Comparing the Amazon Web Services STS API
1227
- # operations][7] in the *IAM User Guide*.
1224
+ # Credentials][4] and [Comparing the Amazon Web Services STS API
1225
+ # operations][5] in the *IAM User Guide*.
1228
1226
  #
1229
1227
  # The temporary security credentials returned by this API consist of an
1230
1228
  # access key ID, a secret access key, and a security token. Applications
@@ -1240,11 +1238,11 @@ module Aws::STS
1240
1238
  # to the maximum session duration setting for the role. This setting can
1241
1239
  # have a value from 1 hour to 12 hours. To learn how to view the maximum
1242
1240
  # value for your role, see [View the Maximum Session Duration Setting
1243
- # for a Role][8] in the *IAM User Guide*. The maximum session duration
1241
+ # for a Role][6] in the *IAM User Guide*. The maximum session duration
1244
1242
  # limit applies when you use the `AssumeRole*` API operations or the
1245
1243
  # `assume-role*` CLI commands. However the limit does not apply when you
1246
1244
  # use those operations to create a console URL. For more information,
1247
- # see [Using IAM Roles][9] in the *IAM User Guide*.
1245
+ # see [Using IAM Roles][7] in the *IAM User Guide*.
1248
1246
  #
1249
1247
  # **Permissions**
1250
1248
  #
@@ -1253,7 +1251,7 @@ module Aws::STS
1253
1251
  # Amazon Web Services service with the following exception: you cannot
1254
1252
  # call the STS `GetFederationToken` or `GetSessionToken` API operations.
1255
1253
  #
1256
- # (Optional) You can pass inline or managed [session policies][10] to
1254
+ # (Optional) You can pass inline or managed [session policies][8] to
1257
1255
  # this operation. You can pass a single JSON policy document to use as
1258
1256
  # an inline session policy. You can also specify up to 10 managed policy
1259
1257
  # Amazon Resource Names (ARNs) to use as managed session policies. The
@@ -1266,19 +1264,19 @@ module Aws::STS
1266
1264
  # resources in the account that owns the role. You cannot use session
1267
1265
  # policies to grant more permissions than those allowed by the
1268
1266
  # identity-based policy of the role that is being assumed. For more
1269
- # information, see [Session Policies][10] in the *IAM User Guide*.
1267
+ # information, see [Session Policies][8] in the *IAM User Guide*.
1270
1268
  #
1271
1269
  # **Tags**
1272
1270
  #
1273
1271
  # (Optional) You can configure your IdP to pass attributes into your web
1274
1272
  # identity token as session tags. Each session tag consists of a key
1275
1273
  # name and an associated value. For more information about session tags,
1276
- # see [Passing Session Tags in STS][11] in the *IAM User Guide*.
1274
+ # see [Passing Session Tags in STS][9] in the *IAM User Guide*.
1277
1275
  #
1278
1276
  # You can pass up to 50 session tags. The plaintext session tag keys
1279
1277
  # can’t exceed 128 characters and the values can’t exceed 256
1280
1278
  # characters. For these and additional limits, see [IAM and STS
1281
- # Character Limits][12] in the *IAM User Guide*.
1279
+ # Character Limits][10] in the *IAM User Guide*.
1282
1280
  #
1283
1281
  # <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
1284
1282
  # policy, managed policy ARNs, and session tags into a packed binary
@@ -1296,12 +1294,12 @@ module Aws::STS
1296
1294
  # An administrator must grant you the permissions necessary to pass
1297
1295
  # session tags. The administrator can also create granular permissions
1298
1296
  # to allow you to pass only specific session tags. For more information,
1299
- # see [Tutorial: Using Tags for Attribute-Based Access Control][13] in
1297
+ # see [Tutorial: Using Tags for Attribute-Based Access Control][11] in
1300
1298
  # the *IAM User Guide*.
1301
1299
  #
1302
1300
  # You can set the session tags as transitive. Transitive tags persist
1303
1301
  # during role chaining. For more information, see [Chaining Roles with
1304
- # Session Tags][14] in the *IAM User Guide*.
1302
+ # Session Tags][12] in the *IAM User Guide*.
1305
1303
  #
1306
1304
  # **Identities**
1307
1305
  #
@@ -1313,19 +1311,19 @@ module Aws::STS
1313
1311
  # specified in the role's trust policy.
1314
1312
  #
1315
1313
  # Calling `AssumeRoleWithWebIdentity` can result in an entry in your
1316
- # CloudTrail logs. The entry includes the [Subject][15] of the provided
1314
+ # CloudTrail logs. The entry includes the [Subject][13] of the provided
1317
1315
  # web identity token. We recommend that you avoid using any personally
1318
1316
  # identifiable information (PII) in this field. For example, you could
1319
1317
  # instead use a GUID or a pairwise identifier, as [suggested in the OIDC
1320
- # specification][16].
1318
+ # specification][14].
1321
1319
  #
1322
1320
  # For more information about how to use web identity federation and the
1323
1321
  # `AssumeRoleWithWebIdentity` API, see the following resources:
1324
1322
  #
1325
- # * [Using Web Identity Federation API Operations for Mobile Apps][17]
1326
- # and [Federation Through a Web-based Identity Provider][18].
1323
+ # * [Using Web Identity Federation API Operations for Mobile Apps][15]
1324
+ # and [Federation Through a Web-based Identity Provider][16].
1327
1325
  #
1328
- # * [ Web Identity Federation Playground][19]. Walk through the process
1326
+ # * [ Web Identity Federation Playground][17]. Walk through the process
1329
1327
  # of authenticating through Login with Amazon, Facebook, or Google,
1330
1328
  # getting temporary security credentials, and then using those
1331
1329
  # credentials to make a request to Amazon Web Services.
@@ -1336,7 +1334,7 @@ module Aws::STS
1336
1334
  # toolkits then show how to use the information from these providers
1337
1335
  # to get and use temporary security credentials.
1338
1336
  #
1339
- # * [Web Identity Federation with Mobile Applications][20]. This article
1337
+ # * [Web Identity Federation with Mobile Applications][18]. This article
1340
1338
  # discusses web identity federation and shows an example of how to use
1341
1339
  # web identity federation to get access to content in Amazon S3.
1342
1340
  #
@@ -1345,23 +1343,21 @@ module Aws::STS
1345
1343
  # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
1346
1344
  # [2]: http://aws.amazon.com/sdkforios/
1347
1345
  # [3]: http://aws.amazon.com/sdkforandroid/
1348
- # [4]: https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840
1349
- # [5]: https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664
1350
- # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
1351
- # [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
1352
- # [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
1353
- # [9]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
1354
- # [10]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
1355
- # [11]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
1356
- # [12]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
1357
- # [13]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
1358
- # [14]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
1359
- # [15]: http://openid.net/specs/openid-connect-core-1_0.html#Claims
1360
- # [16]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
1361
- # [17]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html
1362
- # [18]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
1363
- # [19]: https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/
1364
- # [20]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications
1346
+ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
1347
+ # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
1348
+ # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
1349
+ # [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
1350
+ # [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
1351
+ # [9]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
1352
+ # [10]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
1353
+ # [11]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
1354
+ # [12]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
1355
+ # [13]: http://openid.net/specs/openid-connect-core-1_0.html#Claims
1356
+ # [14]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
1357
+ # [15]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html
1358
+ # [16]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
1359
+ # [17]: https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/
1360
+ # [18]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications
1365
1361
  #
1366
1362
  # @option params [required, String] :role_arn
1367
1363
  # The Amazon Resource Name (ARN) of the role that the caller is
@@ -1720,11 +1716,11 @@ module Aws::STS
1720
1716
  # to call the operation.
1721
1717
  #
1722
1718
  # <note markdown="1"> No permissions are required to perform this operation. If an
1723
- # administrator adds a policy to your IAM user or role that explicitly
1719
+ # administrator attaches a policy to your identity that explicitly
1724
1720
  # denies access to the `sts:GetCallerIdentity` action, you can still
1725
1721
  # perform this operation. Permissions are not required because the same
1726
- # information is returned when an IAM user or role is denied access. To
1727
- # view an example response, see [I Am Not Authorized to Perform:
1722
+ # information is returned when access is denied. To view an example
1723
+ # response, see [I Am Not Authorized to Perform:
1728
1724
  # iam:DeleteVirtualMFADevice][1] in the *IAM User Guide*.
1729
1725
  #
1730
1726
  # </note>
@@ -1801,43 +1797,43 @@ module Aws::STS
1801
1797
  end
1802
1798
 
1803
1799
  # Returns a set of temporary security credentials (consisting of an
1804
- # access key ID, a secret access key, and a security token) for a
1805
- # federated user. A typical use is in a proxy application that gets
1806
- # temporary security credentials on behalf of distributed applications
1807
- # inside a corporate network. You must call the `GetFederationToken`
1808
- # operation using the long-term security credentials of an IAM user. As
1809
- # a result, this call is appropriate in contexts where those credentials
1810
- # can be safely stored, usually in a server-based application. For a
1811
- # comparison of `GetFederationToken` with the other API operations that
1812
- # produce temporary credentials, see [Requesting Temporary Security
1800
+ # access key ID, a secret access key, and a security token) for a user.
1801
+ # A typical use is in a proxy application that gets temporary security
1802
+ # credentials on behalf of distributed applications inside a corporate
1803
+ # network.
1804
+ #
1805
+ # You must call the `GetFederationToken` operation using the long-term
1806
+ # security credentials of an IAM user. As a result, this call is
1807
+ # appropriate in contexts where those credentials can be safeguarded,
1808
+ # usually in a server-based application. For a comparison of
1809
+ # `GetFederationToken` with the other API operations that produce
1810
+ # temporary credentials, see [Requesting Temporary Security
1813
1811
  # Credentials][1] and [Comparing the Amazon Web Services STS API
1814
1812
  # operations][2] in the *IAM User Guide*.
1815
1813
  #
1814
+ # Although it is possible to call `GetFederationToken` using the
1815
+ # security credentials of an Amazon Web Services account root user
1816
+ # rather than an IAM user that you create for the purpose of a proxy
1817
+ # application, we do not recommend it. For more information, see
1818
+ # [Safeguard your root user credentials and don't use them for everyday
1819
+ # tasks][3] in the *IAM User Guide*.
1820
+ #
1816
1821
  # <note markdown="1"> You can create a mobile-based or browser-based app that can
1817
1822
  # authenticate users using a web identity provider like Login with
1818
1823
  # Amazon, Facebook, Google, or an OpenID Connect-compatible identity
1819
- # provider. In this case, we recommend that you use [Amazon Cognito][3]
1824
+ # provider. In this case, we recommend that you use [Amazon Cognito][4]
1820
1825
  # or `AssumeRoleWithWebIdentity`. For more information, see [Federation
1821
- # Through a Web-based Identity Provider][4] in the *IAM User Guide*.
1826
+ # Through a Web-based Identity Provider][5] in the *IAM User Guide*.
1822
1827
  #
1823
1828
  # </note>
1824
1829
  #
1825
- # You can also call `GetFederationToken` using the security credentials
1826
- # of an Amazon Web Services account root user, but we do not recommend
1827
- # it. Instead, we recommend that you create an IAM user for the purpose
1828
- # of the proxy application. Then attach a policy to the IAM user that
1829
- # limits federated users to only the actions and resources that they
1830
- # need to access. For more information, see [IAM Best Practices][5] in
1831
- # the *IAM User Guide*.
1832
- #
1833
1830
  # **Session duration**
1834
1831
  #
1835
1832
  # The temporary credentials are valid for the specified duration, from
1836
1833
  # 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
1837
1834
  # hours). The default session duration is 43,200 seconds (12 hours).
1838
- # Temporary credentials obtained by using the Amazon Web Services
1839
- # account root user credentials have a maximum duration of 3,600 seconds
1840
- # (1 hour).
1835
+ # Temporary credentials obtained by using the root user credentials have
1836
+ # a maximum duration of 3,600 seconds (1 hour).
1841
1837
  #
1842
1838
  # **Permissions**
1843
1839
  #
@@ -1887,9 +1883,9 @@ module Aws::STS
1887
1883
  # <note markdown="1"> You can create a mobile-based or browser-based app that can
1888
1884
  # authenticate users using a web identity provider like Login with
1889
1885
  # Amazon, Facebook, Google, or an OpenID Connect-compatible identity
1890
- # provider. In this case, we recommend that you use [Amazon Cognito][3]
1886
+ # provider. In this case, we recommend that you use [Amazon Cognito][4]
1891
1887
  # or `AssumeRoleWithWebIdentity`. For more information, see [Federation
1892
- # Through a Web-based Identity Provider][4] in the *IAM User Guide*.
1888
+ # Through a Web-based Identity Provider][5] in the *IAM User Guide*.
1893
1889
  #
1894
1890
  # </note>
1895
1891
  #
@@ -1911,9 +1907,9 @@ module Aws::STS
1911
1907
  #
1912
1908
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
1913
1909
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
1914
- # [3]: http://aws.amazon.com/cognito/
1915
- # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
1916
- # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
1910
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials
1911
+ # [4]: http://aws.amazon.com/cognito/
1912
+ # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
1917
1913
  # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
1918
1914
  # [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken
1919
1915
  # [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
@@ -2030,10 +2026,10 @@ module Aws::STS
2030
2026
  # The duration, in seconds, that the session should last. Acceptable
2031
2027
  # durations for federation sessions range from 900 seconds (15 minutes)
2032
2028
  # to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the
2033
- # default. Sessions obtained using Amazon Web Services account root user
2034
- # credentials are restricted to a maximum of 3,600 seconds (one hour).
2035
- # If the specified duration is longer than one hour, the session
2036
- # obtained by using root user credentials defaults to one hour.
2029
+ # default. Sessions obtained using root user credentials are restricted
2030
+ # to a maximum of 3,600 seconds (one hour). If the specified duration is
2031
+ # longer than one hour, the session obtained by using root user
2032
+ # credentials defaults to one hour.
2037
2033
  #
2038
2034
  # @option params [Array<Types::Tag>] :tags
2039
2035
  # A list of session tags. Each session tag consists of a key name and an
@@ -2153,14 +2149,15 @@ module Aws::STS
2153
2149
  # secret access key, and a security token. Typically, you use
2154
2150
  # `GetSessionToken` if you want to use MFA to protect programmatic calls
2155
2151
  # to specific Amazon Web Services API operations like Amazon EC2
2156
- # `StopInstances`. MFA-enabled IAM users would need to call
2157
- # `GetSessionToken` and submit an MFA code that is associated with their
2158
- # MFA device. Using the temporary security credentials that are returned
2159
- # from the call, IAM users can then make programmatic calls to API
2160
- # operations that require MFA authentication. If you do not supply a
2161
- # correct MFA code, then the API returns an access denied error. For a
2162
- # comparison of `GetSessionToken` with the other API operations that
2163
- # produce temporary credentials, see [Requesting Temporary Security
2152
+ # `StopInstances`.
2153
+ #
2154
+ # MFA-enabled IAM users must call `GetSessionToken` and submit an MFA
2155
+ # code that is associated with their MFA device. Using the temporary
2156
+ # security credentials that the call returns, IAM users can then make
2157
+ # programmatic calls to API operations that require MFA authentication.
2158
+ # An incorrect MFA code causes the API to return an access denied error.
2159
+ # For a comparison of `GetSessionToken` with the other API operations
2160
+ # that produce temporary credentials, see [Requesting Temporary Security
2164
2161
  # Credentials][1] and [Comparing the Amazon Web Services STS API
2165
2162
  # operations][2] in the *IAM User Guide*.
2166
2163
  #
@@ -2175,13 +2172,13 @@ module Aws::STS
2175
2172
  # **Session Duration**
2176
2173
  #
2177
2174
  # The `GetSessionToken` operation must be called by using the long-term
2178
- # Amazon Web Services security credentials of the Amazon Web Services
2179
- # account root user or an IAM user. Credentials that are created by IAM
2180
- # users are valid for the duration that you specify. This duration can
2181
- # range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds
2182
- # (36 hours), with a default of 43,200 seconds (12 hours). Credentials
2183
- # based on account credentials can range from 900 seconds (15 minutes)
2184
- # up to 3,600 seconds (1 hour), with a default of 1 hour.
2175
+ # Amazon Web Services security credentials of an IAM user. Credentials
2176
+ # that are created by IAM users are valid for the duration that you
2177
+ # specify. This duration can range from 900 seconds (15 minutes) up to a
2178
+ # maximum of 129,600 seconds (36 hours), with a default of 43,200
2179
+ # seconds (12 hours). Credentials based on account credentials can range
2180
+ # from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a
2181
+ # default of 1 hour.
2185
2182
  #
2186
2183
  # **Permissions**
2187
2184
  #
@@ -2195,24 +2192,23 @@ module Aws::STS
2195
2192
  # * You cannot call any STS API *except* `AssumeRole` or
2196
2193
  # `GetCallerIdentity`.
2197
2194
  #
2198
- # <note markdown="1"> We recommend that you do not call `GetSessionToken` with Amazon Web
2199
- # Services account root user credentials. Instead, follow our [best
2200
- # practices][4] by creating one or more IAM users, giving them the
2201
- # necessary permissions, and using IAM users for everyday interaction
2202
- # with Amazon Web Services.
2195
+ # The credentials that `GetSessionToken` returns are based on
2196
+ # permissions associated with the IAM user whose credentials were used
2197
+ # to call the operation. The temporary credentials have the same
2198
+ # permissions as the IAM user.
2203
2199
  #
2204
- # </note>
2200
+ # <note markdown="1"> Although it is possible to call `GetSessionToken` using the security
2201
+ # credentials of an Amazon Web Services account root user rather than an
2202
+ # IAM user, we do not recommend it. If `GetSessionToken` is called using
2203
+ # root user credentials, the temporary credentials have root user
2204
+ # permissions. For more information, see [Safeguard your root user
2205
+ # credentials and don't use them for everyday tasks][4] in the *IAM
2206
+ # User Guide*
2205
2207
  #
2206
- # The credentials that are returned by `GetSessionToken` are based on
2207
- # permissions associated with the user whose credentials were used to
2208
- # call the operation. If `GetSessionToken` is called using Amazon Web
2209
- # Services account root user credentials, the temporary credentials have
2210
- # root user permissions. Similarly, if `GetSessionToken` is called using
2211
- # the credentials of an IAM user, the temporary credentials have the
2212
- # same permissions as the IAM user.
2208
+ # </note>
2213
2209
  #
2214
2210
  # For more information about using `GetSessionToken` to create temporary
2215
- # credentials, go to [Temporary Credentials for Users in Untrusted
2211
+ # credentials, see [Temporary Credentials for Users in Untrusted
2216
2212
  # Environments][5] in the *IAM User Guide*.
2217
2213
  #
2218
2214
  #
@@ -2220,7 +2216,7 @@ module Aws::STS
2220
2216
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
2221
2217
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
2222
2218
  # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html
2223
- # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users
2219
+ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials
2224
2220
  # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
2225
2221
  #
2226
2222
  # @option params [Integer] :duration_seconds
@@ -2318,7 +2314,7 @@ module Aws::STS
2318
2314
  params: params,
2319
2315
  config: config)
2320
2316
  context[:gem_name] = 'aws-sdk-core'
2321
- context[:gem_version] = '3.171.1'
2317
+ context[:gem_version] = '3.172.0'
2322
2318
  Seahorse::Client::Request.new(handlers, context)
2323
2319
  end
2324
2320
 
@@ -15,93 +15,96 @@ module Aws::STS
15
15
  use_fips = parameters.use_fips
16
16
  endpoint = parameters.endpoint
17
17
  use_global_endpoint = parameters.use_global_endpoint
18
- if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
19
- if Aws::Endpoints::Matchers.boolean_equals?(use_global_endpoint, true) && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(endpoint))
20
- if Aws::Endpoints::Matchers.string_equals?(region, "ap-northeast-1")
21
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
22
- end
23
- if Aws::Endpoints::Matchers.string_equals?(region, "ap-south-1")
24
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
25
- end
26
- if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-1")
27
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
28
- end
29
- if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-2")
30
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
31
- end
32
- if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
33
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
34
- end
35
- if Aws::Endpoints::Matchers.string_equals?(region, "ca-central-1")
36
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
37
- end
38
- if Aws::Endpoints::Matchers.string_equals?(region, "eu-central-1")
39
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
40
- end
41
- if Aws::Endpoints::Matchers.string_equals?(region, "eu-north-1")
42
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
43
- end
44
- if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-1")
45
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
46
- end
47
- if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-2")
48
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
49
- end
50
- if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-3")
51
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
52
- end
53
- if Aws::Endpoints::Matchers.string_equals?(region, "sa-east-1")
54
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
55
- end
56
- if Aws::Endpoints::Matchers.string_equals?(region, "us-east-1")
57
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
58
- end
59
- if Aws::Endpoints::Matchers.string_equals?(region, "us-east-2")
60
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
61
- end
62
- if Aws::Endpoints::Matchers.string_equals?(region, "us-west-1")
63
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
64
- end
65
- if Aws::Endpoints::Matchers.string_equals?(region, "us-west-2")
66
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
67
- end
68
- return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"#{region}", "signingName"=>"sts"}]})
18
+ if Aws::Endpoints::Matchers.boolean_equals?(use_global_endpoint, true) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(endpoint)) && Aws::Endpoints::Matchers.set?(region) && (partition_result = Aws::Endpoints::Matchers.aws_partition(region)) && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
19
+ if Aws::Endpoints::Matchers.string_equals?(region, "ap-northeast-1")
20
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
69
21
  end
70
- if Aws::Endpoints::Matchers.set?(endpoint) && (url = Aws::Endpoints::Matchers.parse_url(endpoint))
71
- if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
72
- raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
73
- end
74
- if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
75
- raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
76
- end
77
- return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
22
+ if Aws::Endpoints::Matchers.string_equals?(region, "ap-south-1")
23
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
78
24
  end
79
- if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
80
- if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
81
- return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
82
- end
83
- raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
25
+ if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-1")
26
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
27
+ end
28
+ if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-2")
29
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
30
+ end
31
+ if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
32
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
33
+ end
34
+ if Aws::Endpoints::Matchers.string_equals?(region, "ca-central-1")
35
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
84
36
  end
37
+ if Aws::Endpoints::Matchers.string_equals?(region, "eu-central-1")
38
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
39
+ end
40
+ if Aws::Endpoints::Matchers.string_equals?(region, "eu-north-1")
41
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
42
+ end
43
+ if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-1")
44
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
45
+ end
46
+ if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-2")
47
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
48
+ end
49
+ if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-3")
50
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
51
+ end
52
+ if Aws::Endpoints::Matchers.string_equals?(region, "sa-east-1")
53
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
54
+ end
55
+ if Aws::Endpoints::Matchers.string_equals?(region, "us-east-1")
56
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
57
+ end
58
+ if Aws::Endpoints::Matchers.string_equals?(region, "us-east-2")
59
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
60
+ end
61
+ if Aws::Endpoints::Matchers.string_equals?(region, "us-west-1")
62
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
63
+ end
64
+ if Aws::Endpoints::Matchers.string_equals?(region, "us-west-2")
65
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
66
+ end
67
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"#{region}"}]})
68
+ end
69
+ if Aws::Endpoints::Matchers.set?(endpoint)
85
70
  if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
86
- if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
87
- if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
88
- return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
89
- end
90
- return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
91
- end
92
- raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
71
+ raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
93
72
  end
94
73
  if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
95
- if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
96
- return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
97
- end
98
- raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
74
+ raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
99
75
  end
100
- if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
101
- return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
76
+ return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
77
+ end
78
+ if Aws::Endpoints::Matchers.set?(region)
79
+ if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
80
+ if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
81
+ if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
82
+ return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
83
+ end
84
+ raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
85
+ end
86
+ if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
87
+ if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
88
+ if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
89
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.amazonaws.com", headers: {}, properties: {})
90
+ end
91
+ return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
92
+ end
93
+ raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
94
+ end
95
+ if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
96
+ if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
97
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
98
+ end
99
+ raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
100
+ end
101
+ if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
102
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
103
+ end
104
+ return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
102
105
  end
103
- return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
104
106
  end
107
+ raise ArgumentError, "Invalid Configuration: Missing Region"
105
108
  raise ArgumentError, 'No endpoint could be resolved'
106
109
 
107
110
  end
@@ -576,7 +576,7 @@ module Aws::STS
576
576
  # in IAM.
577
577
  #
578
578
  # The combination of `NameQualifier` and `Subject` can be used to
579
- # uniquely identify a federated user.
579
+ # uniquely identify a user.
580
580
  #
581
581
  # The following pseudocode shows how the hash value is calculated:
582
582
  #
@@ -1200,11 +1200,10 @@ module Aws::STS
1200
1200
  # The duration, in seconds, that the session should last. Acceptable
1201
1201
  # durations for federation sessions range from 900 seconds (15
1202
1202
  # minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12
1203
- # hours) as the default. Sessions obtained using Amazon Web Services
1204
- # account root user credentials are restricted to a maximum of 3,600
1205
- # seconds (one hour). If the specified duration is longer than one
1206
- # hour, the session obtained by using root user credentials defaults
1207
- # to one hour.
1203
+ # hours) as the default. Sessions obtained using root user credentials
1204
+ # are restricted to a maximum of 3,600 seconds (one hour). If the
1205
+ # specified duration is longer than one hour, the session obtained by
1206
+ # using root user credentials defaults to one hour.
1208
1207
  # @return [Integer]
1209
1208
  #
1210
1209
  # @!attribute [rw] tags
data/lib/aws-sdk-sts.rb CHANGED
@@ -54,6 +54,6 @@ require_relative 'aws-sdk-sts/customizations'
54
54
  # @!group service
55
55
  module Aws::STS
56
56
 
57
- GEM_VERSION = '3.171.1'
57
+ GEM_VERSION = '3.172.0'
58
58
 
59
59
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.171.1
4
+ version: 3.172.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-05-04 00:00:00.000000000 Z
11
+ date: 2023-05-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jmespath