aws-sdk-core 3.209.1 → 3.214.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +35 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-defaults/default_configuration.rb +1 -2
  5. data/lib/aws-sdk-core/cbor.rb +3 -56
  6. data/lib/aws-sdk-core/client_stubs.rb +7 -7
  7. data/lib/aws-sdk-core/endpoints/matchers.rb +1 -8
  8. data/lib/aws-sdk-core/json/error_handler.rb +2 -1
  9. data/lib/aws-sdk-core/json/handler.rb +1 -0
  10. data/lib/aws-sdk-core/plugins/regional_endpoint.rb +44 -25
  11. data/lib/aws-sdk-core/rest/request/headers.rb +2 -2
  12. data/lib/aws-sdk-core/rpc_v2/builder.rb +1 -1
  13. data/lib/aws-sdk-core/{cbor → rpc_v2}/cbor_engine.rb +4 -5
  14. data/lib/aws-sdk-core/rpc_v2/content_type_handler.rb +3 -1
  15. data/lib/aws-sdk-core/rpc_v2/error_handler.rb +3 -2
  16. data/lib/aws-sdk-core/rpc_v2/handler.rb +2 -1
  17. data/lib/aws-sdk-core/rpc_v2/parser.rb +1 -1
  18. data/lib/aws-sdk-core/rpc_v2.rb +65 -2
  19. data/lib/aws-sdk-core/stubbing/protocols/ec2.rb +12 -11
  20. data/lib/aws-sdk-core/stubbing/protocols/json.rb +11 -10
  21. data/lib/aws-sdk-core/stubbing/protocols/query.rb +7 -6
  22. data/lib/aws-sdk-core/stubbing/protocols/rest.rb +2 -1
  23. data/lib/aws-sdk-core/stubbing/protocols/rest_json.rb +9 -8
  24. data/lib/aws-sdk-core/stubbing/protocols/rest_xml.rb +6 -5
  25. data/lib/aws-sdk-core/stubbing/protocols/rpc_v2.rb +13 -15
  26. data/lib/aws-sdk-core/stubbing.rb +2 -2
  27. data/lib/aws-sdk-sso/client.rb +1 -1
  28. data/lib/aws-sdk-sso/endpoint_parameters.rb +9 -6
  29. data/lib/aws-sdk-sso/endpoints.rb +2 -42
  30. data/lib/aws-sdk-sso/plugins/endpoints.rb +1 -14
  31. data/lib/aws-sdk-sso.rb +1 -1
  32. data/lib/aws-sdk-ssooidc/client.rb +1 -1
  33. data/lib/aws-sdk-ssooidc/endpoint_parameters.rb +9 -6
  34. data/lib/aws-sdk-ssooidc/endpoints.rb +2 -42
  35. data/lib/aws-sdk-ssooidc/plugins/endpoints.rb +1 -14
  36. data/lib/aws-sdk-ssooidc.rb +1 -1
  37. data/lib/aws-sdk-sts/client.rb +208 -51
  38. data/lib/aws-sdk-sts/client_api.rb +23 -0
  39. data/lib/aws-sdk-sts/endpoint_parameters.rb +10 -9
  40. data/lib/aws-sdk-sts/endpoints.rb +2 -94
  41. data/lib/aws-sdk-sts/plugins/endpoints.rb +1 -22
  42. data/lib/aws-sdk-sts/types.rb +170 -27
  43. data/lib/aws-sdk-sts.rb +1 -1
  44. metadata +5 -5
@@ -12,101 +12,9 @@ module Aws::STS
12
12
  # @api private
13
13
  module Endpoints
14
14
 
15
- class AssumeRole
16
- def self.build(context)
17
- Aws::STS::EndpointParameters.new(
18
- region: context.config.region,
19
- use_dual_stack: context.config.use_dualstack_endpoint,
20
- use_fips: context.config.use_fips_endpoint,
21
- endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
22
- use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
23
- )
24
- end
25
- end
26
-
27
- class AssumeRoleWithSAML
28
- def self.build(context)
29
- Aws::STS::EndpointParameters.new(
30
- region: context.config.region,
31
- use_dual_stack: context.config.use_dualstack_endpoint,
32
- use_fips: context.config.use_fips_endpoint,
33
- endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
34
- use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
35
- )
36
- end
37
- end
38
-
39
- class AssumeRoleWithWebIdentity
40
- def self.build(context)
41
- Aws::STS::EndpointParameters.new(
42
- region: context.config.region,
43
- use_dual_stack: context.config.use_dualstack_endpoint,
44
- use_fips: context.config.use_fips_endpoint,
45
- endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
46
- use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
47
- )
48
- end
49
- end
50
-
51
- class DecodeAuthorizationMessage
52
- def self.build(context)
53
- Aws::STS::EndpointParameters.new(
54
- region: context.config.region,
55
- use_dual_stack: context.config.use_dualstack_endpoint,
56
- use_fips: context.config.use_fips_endpoint,
57
- endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
58
- use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
59
- )
60
- end
61
- end
62
15
 
63
- class GetAccessKeyInfo
64
- def self.build(context)
65
- Aws::STS::EndpointParameters.new(
66
- region: context.config.region,
67
- use_dual_stack: context.config.use_dualstack_endpoint,
68
- use_fips: context.config.use_fips_endpoint,
69
- endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
70
- use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
71
- )
72
- end
16
+ def self.parameters_for_operation(context)
17
+ Aws::STS::EndpointParameters.create(context.config)
73
18
  end
74
-
75
- class GetCallerIdentity
76
- def self.build(context)
77
- Aws::STS::EndpointParameters.new(
78
- region: context.config.region,
79
- use_dual_stack: context.config.use_dualstack_endpoint,
80
- use_fips: context.config.use_fips_endpoint,
81
- endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
82
- use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
83
- )
84
- end
85
- end
86
-
87
- class GetFederationToken
88
- def self.build(context)
89
- Aws::STS::EndpointParameters.new(
90
- region: context.config.region,
91
- use_dual_stack: context.config.use_dualstack_endpoint,
92
- use_fips: context.config.use_fips_endpoint,
93
- endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
94
- use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
95
- )
96
- end
97
- end
98
-
99
- class GetSessionToken
100
- def self.build(context)
101
- Aws::STS::EndpointParameters.new(
102
- region: context.config.region,
103
- use_dual_stack: context.config.use_dualstack_endpoint,
104
- use_fips: context.config.use_fips_endpoint,
105
- endpoint: context.config.regional_endpoint ? nil : context.config.endpoint.to_s,
106
- use_global_endpoint: context.config.sts_regional_endpoints == 'legacy',
107
- )
108
- end
109
- end
110
-
111
19
  end
112
20
  end
@@ -27,7 +27,7 @@ The endpoint provider used to resolve endpoints. Any object that responds to
27
27
  class Handler < Seahorse::Client::Handler
28
28
  def call(context)
29
29
  unless context[:discovered_endpoint]
30
- params = parameters_for_operation(context)
30
+ params = Aws::STS::Endpoints.parameters_for_operation(context)
31
31
  endpoint = context.config.endpoint_provider.resolve_endpoint(params)
32
32
 
33
33
  context.http_request.endpoint = endpoint.url
@@ -67,27 +67,6 @@ The endpoint provider used to resolve endpoints. Any object that responds to
67
67
  context.http_request.headers[key] = value
68
68
  end
69
69
  end
70
-
71
- def parameters_for_operation(context)
72
- case context.operation_name
73
- when :assume_role
74
- Aws::STS::Endpoints::AssumeRole.build(context)
75
- when :assume_role_with_saml
76
- Aws::STS::Endpoints::AssumeRoleWithSAML.build(context)
77
- when :assume_role_with_web_identity
78
- Aws::STS::Endpoints::AssumeRoleWithWebIdentity.build(context)
79
- when :decode_authorization_message
80
- Aws::STS::Endpoints::DecodeAuthorizationMessage.build(context)
81
- when :get_access_key_info
82
- Aws::STS::Endpoints::GetAccessKeyInfo.build(context)
83
- when :get_caller_identity
84
- Aws::STS::Endpoints::GetCallerIdentity.build(context)
85
- when :get_federation_token
86
- Aws::STS::Endpoints::GetFederationToken.build(context)
87
- when :get_session_token
88
- Aws::STS::Endpoints::GetSessionToken.build(context)
89
- end
90
- end
91
70
  end
92
71
 
93
72
  def add_handlers(handlers, _config)
@@ -26,10 +26,21 @@ module Aws::STS
26
26
  # that use the temporary security credentials will expose the role
27
27
  # session name to the external account in their CloudTrail logs.
28
28
  #
29
+ # For security purposes, administrators can view this field in
30
+ # [CloudTrail logs][1] to help identify who performed an action in
31
+ # Amazon Web Services. Your administrator might require that you
32
+ # specify your user name as the session name when you assume the role.
33
+ # For more information, see [ `sts:RoleSessionName` ][2].
34
+ #
29
35
  # The regex used to validate this parameter is a string of characters
30
36
  # consisting of upper- and lower-case alphanumeric characters with no
31
37
  # spaces. You can also include underscores or any of the following
32
38
  # characters: =,.@-
39
+ #
40
+ #
41
+ #
42
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#cloudtrail-integration_signin-tempcreds
43
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname
33
44
  # @return [String]
34
45
  #
35
46
  # @!attribute [rw] policy_arns
@@ -101,6 +112,9 @@ module Aws::STS
101
112
  #
102
113
  # </note>
103
114
  #
115
+ # For more information about role session permissions, see [Session
116
+ # policies][1].
117
+ #
104
118
  #
105
119
  #
106
120
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
@@ -125,8 +139,7 @@ module Aws::STS
125
139
  # However, if you assume a role using role chaining and provide a
126
140
  # `DurationSeconds` parameter value greater than one hour, the
127
141
  # operation fails. To learn how to view the maximum value for your
128
- # role, see [View the Maximum Session Duration Setting for a Role][1]
129
- # in the *IAM User Guide*.
142
+ # role, see [Update the maximum session duration for a role][1].
130
143
  #
131
144
  # By default, the value is set to `3600` seconds.
132
145
  #
@@ -142,7 +155,7 @@ module Aws::STS
142
155
  #
143
156
  #
144
157
  #
145
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
158
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration
146
159
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
147
160
  # @return [Integer]
148
161
  #
@@ -199,9 +212,8 @@ module Aws::STS
199
212
  # passes to subsequent sessions in a role chain. For more information,
200
213
  # see [Chaining Roles with Session Tags][1] in the *IAM User Guide*.
201
214
  #
202
- # This parameter is optional. When you set session tags as transitive,
203
- # the session policy and session tags packed binary limit is not
204
- # affected.
215
+ # This parameter is optional. The transitive status of a session tag
216
+ # does not impact its packed binary size.
205
217
  #
206
218
  # If you choose not to specify a transitive tag key, then no tags are
207
219
  # passed from this session to any subsequent sessions.
@@ -263,17 +275,18 @@ module Aws::STS
263
275
  #
264
276
  # @!attribute [rw] source_identity
265
277
  # The source identity specified by the principal that is calling the
266
- # `AssumeRole` operation.
278
+ # `AssumeRole` operation. The source identity value persists across
279
+ # [chained role][1] sessions.
267
280
  #
268
281
  # You can require users to specify a source identity when they assume
269
- # a role. You do this by using the `sts:SourceIdentity` condition key
270
- # in a role trust policy. You can use source identity information in
271
- # CloudTrail logs to determine who took actions with a role. You can
272
- # use the `aws:SourceIdentity` condition key to further control access
273
- # to Amazon Web Services resources based on the value of source
274
- # identity. For more information about using source identity, see
275
- # [Monitor and control actions taken with assumed roles][1] in the
276
- # *IAM User Guide*.
282
+ # a role. You do this by using the [ `sts:SourceIdentity` ][2]
283
+ # condition key in a role trust policy. You can use source identity
284
+ # information in CloudTrail logs to determine who took actions with a
285
+ # role. You can use the `aws:SourceIdentity` condition key to further
286
+ # control access to Amazon Web Services resources based on the value
287
+ # of source identity. For more information about using source
288
+ # identity, see [Monitor and control actions taken with assumed
289
+ # roles][3] in the *IAM User Guide*.
277
290
  #
278
291
  # The regex used to validate this parameter is a string of characters
279
292
  # consisting of upper- and lower-case alphanumeric characters with no
@@ -284,7 +297,9 @@ module Aws::STS
284
297
  #
285
298
  #
286
299
  #
287
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
300
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-role-chaining
301
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceidentity
302
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
288
303
  # @return [String]
289
304
  #
290
305
  # @!attribute [rw] provided_contexts
@@ -297,7 +312,7 @@ module Aws::STS
297
312
  # context provider from which the trusted context assertion was
298
313
  # generated.
299
314
  #
300
- # `[\{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"\}]`
315
+ # `[{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]`
301
316
  # @return [Array<Types::ProvidedContext>]
302
317
  #
303
318
  # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleRequest AWS API Documentation
@@ -465,6 +480,9 @@ module Aws::STS
465
480
  # include the tab (\\u0009), linefeed (\\u000A), and carriage return
466
481
  # (\\u000D) characters.
467
482
  #
483
+ # For more information about role session permissions, see [Session
484
+ # policies][1].
485
+ #
468
486
  # <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
469
487
  # session policy, managed policy ARNs, and session tags into a packed
470
488
  # binary format that has a separate limit. Your request can fail for
@@ -600,6 +618,8 @@ module Aws::STS
600
618
  #
601
619
  # @!attribute [rw] source_identity
602
620
  # The value in the `SourceIdentity` attribute in the SAML assertion.
621
+ # The source identity value persists across [chained role][1]
622
+ # sessions.
603
623
  #
604
624
  # You can require users to set a source identity value when they
605
625
  # assume a role. You do this by using the `sts:SourceIdentity`
@@ -607,12 +627,12 @@ module Aws::STS
607
627
  # taken with the role are associated with that user. After the source
608
628
  # identity is set, the value cannot be changed. It is present in the
609
629
  # request for all actions that are taken by the role and persists
610
- # across [chained role][1] sessions. You can configure your SAML
630
+ # across [chained role][2] sessions. You can configure your SAML
611
631
  # identity provider to use an attribute associated with your users,
612
632
  # like user name or email, as the source identity when calling
613
633
  # `AssumeRoleWithSAML`. You do this by adding an attribute to the SAML
614
634
  # assertion. For more information about using source identity, see
615
- # [Monitor and control actions taken with assumed roles][2] in the
635
+ # [Monitor and control actions taken with assumed roles][3] in the
616
636
  # *IAM User Guide*.
617
637
  #
618
638
  # The regex used to validate this parameter is a string of characters
@@ -622,8 +642,9 @@ module Aws::STS
622
642
  #
623
643
  #
624
644
  #
625
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining
626
- # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
645
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-role-chaining
646
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#id_roles_terms-and-concepts
647
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
627
648
  # @return [String]
628
649
  #
629
650
  # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLResponse AWS API Documentation
@@ -645,6 +666,24 @@ module Aws::STS
645
666
  # @!attribute [rw] role_arn
646
667
  # The Amazon Resource Name (ARN) of the role that the caller is
647
668
  # assuming.
669
+ #
670
+ # <note markdown="1"> Additional considerations apply to Amazon Cognito identity pools
671
+ # that assume [cross-account IAM roles][1]. The trust policies of
672
+ # these roles must accept the `cognito-identity.amazonaws.com` service
673
+ # principal and must contain the `cognito-identity.amazonaws.com:aud`
674
+ # condition key to restrict role assumption to users from your
675
+ # intended identity pools. A policy that trusts Amazon Cognito
676
+ # identity pools without this condition creates a risk that a user
677
+ # from an unintended identity pool can assume the role. For more
678
+ # information, see [ Trust policies for IAM roles in Basic (Classic)
679
+ # authentication ][2] in the *Amazon Cognito Developer Guide*.
680
+ #
681
+ # </note>
682
+ #
683
+ #
684
+ #
685
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html
686
+ # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html#trust-policies
648
687
  # @return [String]
649
688
  #
650
689
  # @!attribute [rw] role_session_name
@@ -655,10 +694,21 @@ module Aws::STS
655
694
  # session name is included as part of the ARN and assumed role ID in
656
695
  # the `AssumedRoleUser` response element.
657
696
  #
697
+ # For security purposes, administrators can view this field in
698
+ # [CloudTrail logs][1] to help identify who performed an action in
699
+ # Amazon Web Services. Your administrator might require that you
700
+ # specify your user name as the session name when you assume the role.
701
+ # For more information, see [ `sts:RoleSessionName` ][2].
702
+ #
658
703
  # The regex used to validate this parameter is a string of characters
659
704
  # consisting of upper- and lower-case alphanumeric characters with no
660
705
  # spaces. You can also include underscores or any of the following
661
706
  # characters: =,.@-
707
+ #
708
+ #
709
+ #
710
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#cloudtrail-integration_signin-tempcreds
711
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname
662
712
  # @return [String]
663
713
  #
664
714
  # @!attribute [rw] web_identity_token
@@ -666,8 +716,9 @@ module Aws::STS
666
716
  # provided by the identity provider. Your application must get this
667
717
  # token by authenticating the user who is using your application with
668
718
  # a web identity provider before the application makes an
669
- # `AssumeRoleWithWebIdentity` call. Only tokens with RSA algorithms
670
- # (RS256) are supported.
719
+ # `AssumeRoleWithWebIdentity` call. Timestamps in the token must be
720
+ # formatted as either an integer or a long integer. Only tokens with
721
+ # RSA algorithms (RS256) are supported.
671
722
  # @return [String]
672
723
  #
673
724
  # @!attribute [rw] provider_id
@@ -741,6 +792,9 @@ module Aws::STS
741
792
  # include the tab (\\u0009), linefeed (\\u000A), and carriage return
742
793
  # (\\u000D) characters.
743
794
  #
795
+ # For more information about role session permissions, see [Session
796
+ # policies][1].
797
+ #
744
798
  # <note markdown="1"> An Amazon Web Services conversion compresses the passed inline
745
799
  # session policy, managed policy ARNs, and session tags into a packed
746
800
  # binary format that has a separate limit. Your request can fail for
@@ -881,7 +935,7 @@ module Aws::STS
881
935
  #
882
936
  #
883
937
  #
884
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining
938
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#id_roles_terms-and-concepts
885
939
  # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html
886
940
  # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
887
941
  # @return [String]
@@ -900,6 +954,94 @@ module Aws::STS
900
954
  include Aws::Structure
901
955
  end
902
956
 
957
+ # @!attribute [rw] target_principal
958
+ # The member account principal ARN or account ID.
959
+ # @return [String]
960
+ #
961
+ # @!attribute [rw] task_policy_arn
962
+ # The identity based policy that scopes the session to the privileged
963
+ # tasks that can be performed. You can use one of following Amazon Web
964
+ # Services managed policies to scope root session actions. You can add
965
+ # additional customer managed policies to further limit the
966
+ # permissions for the root session.
967
+ #
968
+ # * [IAMAuditRootUserCredentials][1]
969
+ #
970
+ # * [IAMCreateRootUserPassword][2]
971
+ #
972
+ # * [IAMDeleteRootUserCredentials][3]
973
+ #
974
+ # * [S3UnlockBucketPolicy][4]
975
+ #
976
+ # * [SQSUnlockQueuePolicy][5]
977
+ #
978
+ #
979
+ #
980
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials
981
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword
982
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials
983
+ # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy
984
+ # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy
985
+ # @return [Types::PolicyDescriptorType]
986
+ #
987
+ # @!attribute [rw] duration_seconds
988
+ # The duration, in seconds, of the privileged session. The value can
989
+ # range from 0 seconds up to the maximum session duration of 900
990
+ # seconds (15 minutes). If you specify a value higher than this
991
+ # setting, the operation fails.
992
+ #
993
+ # By default, the value is set to `900` seconds.
994
+ # @return [Integer]
995
+ #
996
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRootRequest AWS API Documentation
997
+ #
998
+ class AssumeRootRequest < Struct.new(
999
+ :target_principal,
1000
+ :task_policy_arn,
1001
+ :duration_seconds)
1002
+ SENSITIVE = []
1003
+ include Aws::Structure
1004
+ end
1005
+
1006
+ # @!attribute [rw] credentials
1007
+ # The temporary security credentials, which include an access key ID,
1008
+ # a secret access key, and a security token.
1009
+ #
1010
+ # <note markdown="1"> The size of the security token that STS API operations return is not
1011
+ # fixed. We strongly recommend that you make no assumptions about the
1012
+ # maximum size.
1013
+ #
1014
+ # </note>
1015
+ # @return [Types::Credentials]
1016
+ #
1017
+ # @!attribute [rw] source_identity
1018
+ # The source identity specified by the principal that is calling the
1019
+ # `AssumeRoot` operation.
1020
+ #
1021
+ # You can use the `aws:SourceIdentity` condition key to control access
1022
+ # based on the value of source identity. For more information about
1023
+ # using source identity, see [Monitor and control actions taken with
1024
+ # assumed roles][1] in the *IAM User Guide*.
1025
+ #
1026
+ # The regex used to validate this parameter is a string of characters
1027
+ # consisting of upper- and lower-case alphanumeric characters with no
1028
+ # spaces. You can also include underscores or any of the following
1029
+ # characters: =,.@-
1030
+ #
1031
+ #
1032
+ #
1033
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
1034
+ # @return [String]
1035
+ #
1036
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRootResponse AWS API Documentation
1037
+ #
1038
+ class AssumeRootResponse < Struct.new(
1039
+ :credentials,
1040
+ :source_identity)
1041
+ SENSITIVE = []
1042
+ include Aws::Structure
1043
+ end
1044
+
903
1045
  # The identifiers for the temporary security credentials that the
904
1046
  # operation returns.
905
1047
  #
@@ -1419,7 +1561,8 @@ module Aws::STS
1419
1561
 
1420
1562
  # The error returned if the message passed to
1421
1563
  # `DecodeAuthorizationMessage` was invalid. This can happen if the token
1422
- # contains invalid characters, such as linebreaks.
1564
+ # contains invalid characters, such as line breaks, or if the message
1565
+ # has expired.
1423
1566
  #
1424
1567
  # @!attribute [rw] message
1425
1568
  # @return [String]
@@ -1539,8 +1682,8 @@ module Aws::STS
1539
1682
  # STS is not activated in the requested region for the account that is
1540
1683
  # being asked to generate credentials. The account administrator must
1541
1684
  # use the IAM console to activate STS in that region. For more
1542
- # information, see [Activating and Deactivating Amazon Web Services STS
1543
- # in an Amazon Web Services Region][1] in the *IAM User Guide*.
1685
+ # information, see [Activating and Deactivating STS in an Amazon Web
1686
+ # Services Region][1] in the *IAM User Guide*.
1544
1687
  #
1545
1688
  #
1546
1689
  #
data/lib/aws-sdk-sts.rb CHANGED
@@ -56,7 +56,7 @@ module Aws::STS
56
56
  autoload :EndpointProvider, 'aws-sdk-sts/endpoint_provider'
57
57
  autoload :Endpoints, 'aws-sdk-sts/endpoints'
58
58
 
59
- GEM_VERSION = '3.209.1'
59
+ GEM_VERSION = '3.214.0'
60
60
 
61
61
  end
62
62
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.209.1
4
+ version: 3.214.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-09-25 00:00:00.000000000 Z
11
+ date: 2024-11-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jmespath
@@ -39,7 +39,7 @@ dependencies:
39
39
  version: '1'
40
40
  - - ">="
41
41
  - !ruby/object:Gem::Version
42
- version: 1.651.0
42
+ version: 1.992.0
43
43
  type: :runtime
44
44
  prerelease: false
45
45
  version_requirements: !ruby/object:Gem::Requirement
@@ -49,7 +49,7 @@ dependencies:
49
49
  version: '1'
50
50
  - - ">="
51
51
  - !ruby/object:Gem::Version
52
- version: 1.651.0
52
+ version: 1.992.0
53
53
  - !ruby/object:Gem::Dependency
54
54
  name: aws-sigv4
55
55
  requirement: !ruby/object:Gem::Requirement
@@ -112,7 +112,6 @@ files:
112
112
  - lib/aws-sdk-core/binary/event_stream_decoder.rb
113
113
  - lib/aws-sdk-core/binary/event_stream_encoder.rb
114
114
  - lib/aws-sdk-core/cbor.rb
115
- - lib/aws-sdk-core/cbor/cbor_engine.rb
116
115
  - lib/aws-sdk-core/cbor/decoder.rb
117
116
  - lib/aws-sdk-core/cbor/encoder.rb
118
117
  - lib/aws-sdk-core/client_side_monitoring.rb
@@ -236,6 +235,7 @@ files:
236
235
  - lib/aws-sdk-core/rest/response/status_code.rb
237
236
  - lib/aws-sdk-core/rpc_v2.rb
238
237
  - lib/aws-sdk-core/rpc_v2/builder.rb
238
+ - lib/aws-sdk-core/rpc_v2/cbor_engine.rb
239
239
  - lib/aws-sdk-core/rpc_v2/content_type_handler.rb
240
240
  - lib/aws-sdk-core/rpc_v2/error_handler.rb
241
241
  - lib/aws-sdk-core/rpc_v2/handler.rb