aws-sdk-core 3.49.0 → 3.50.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +324 -365
- data/lib/aws-sdk-sts/types.rb +118 -118
- metadata +2 -2
data/lib/aws-sdk-sts/types.rb
CHANGED
@@ -34,8 +34,8 @@ module Aws::STS
|
|
34
34
|
# visible to, and can be logged by the account that owns the role. The
|
35
35
|
# role session name is also used in the ARN of the assumed role
|
36
36
|
# principal. This means that subsequent cross-account API requests
|
37
|
-
#
|
38
|
-
# session name to the external account in their CloudTrail logs.
|
37
|
+
# that use the temporary security credentials will expose the role
|
38
|
+
# session name to the external account in their AWS CloudTrail logs.
|
39
39
|
#
|
40
40
|
# The regex used to validate this parameter is a string of characters
|
41
41
|
# consisting of upper- and lower-case alphanumeric characters with no
|
@@ -46,17 +46,15 @@ module Aws::STS
|
|
46
46
|
# @!attribute [rw] policy
|
47
47
|
# An IAM policy in JSON format.
|
48
48
|
#
|
49
|
-
# This parameter is optional. If you pass a policy
|
50
|
-
#
|
51
|
-
#
|
52
|
-
#
|
53
|
-
#
|
54
|
-
# permissions
|
55
|
-
#
|
56
|
-
#
|
57
|
-
#
|
58
|
-
# AssumeRoleWithSAML, and AssumeRoleWithWebIdentity][1] in the *IAM
|
59
|
-
# User Guide*.
|
49
|
+
# This parameter is optional. If you pass a policy to this operation,
|
50
|
+
# the resulting temporary credentials have the permissions of the
|
51
|
+
# assumed role *and* the policy that you pass. This gives you a way to
|
52
|
+
# further restrict the permissions for the resulting temporary
|
53
|
+
# security credentials. You cannot use the passed policy to grant
|
54
|
+
# permissions that are in excess of those allowed by the permissions
|
55
|
+
# policy of the role that is being assumed. For more information, see
|
56
|
+
# [ Permissions for AssumeRole, AssumeRoleWithSAML, and
|
57
|
+
# AssumeRoleWithWebIdentity ][1] in the *IAM User Guide*.
|
60
58
|
#
|
61
59
|
# The format for this parameter, as described by its regex pattern, is
|
62
60
|
# a string of characters up to 2048 characters in length. The
|
@@ -65,17 +63,17 @@ module Aws::STS
|
|
65
63
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
66
64
|
# (\\u000D) characters.
|
67
65
|
#
|
68
|
-
# <note markdown="1"> The policy
|
66
|
+
# <note markdown="1"> The policy plaintext must be 2048 bytes or shorter. However, an
|
69
67
|
# internal conversion compresses it into a packed binary format with a
|
70
|
-
# separate limit. The PackedPolicySize response element indicates by
|
71
|
-
# percentage how close to the upper size limit the policy is,
|
72
|
-
# 100
|
68
|
+
# separate limit. The `PackedPolicySize` response element indicates by
|
69
|
+
# percentage how close to the upper size limit the policy is, where
|
70
|
+
# 100 percent is the maximum allowed size.
|
73
71
|
#
|
74
72
|
# </note>
|
75
73
|
#
|
76
74
|
#
|
77
75
|
#
|
78
|
-
# [1]:
|
76
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html
|
79
77
|
# @return [String]
|
80
78
|
#
|
81
79
|
# @!attribute [rw] duration_seconds
|
@@ -89,7 +87,7 @@ module Aws::STS
|
|
89
87
|
# value for your role, see [View the Maximum Session Duration Setting
|
90
88
|
# for a Role][1] in the *IAM User Guide*.
|
91
89
|
#
|
92
|
-
# By default, the value is set to 3600 seconds.
|
90
|
+
# By default, the value is set to `3600` seconds.
|
93
91
|
#
|
94
92
|
# <note markdown="1"> The `DurationSeconds` parameter is separate from the duration of a
|
95
93
|
# console session that you might request using the returned
|
@@ -103,30 +101,32 @@ module Aws::STS
|
|
103
101
|
#
|
104
102
|
#
|
105
103
|
#
|
106
|
-
# [1]:
|
107
|
-
# [2]:
|
104
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
105
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
108
106
|
# @return [Integer]
|
109
107
|
#
|
110
108
|
# @!attribute [rw] external_id
|
111
|
-
# A unique identifier that
|
112
|
-
#
|
113
|
-
#
|
114
|
-
#
|
115
|
-
#
|
116
|
-
#
|
117
|
-
#
|
118
|
-
#
|
119
|
-
#
|
120
|
-
#
|
121
|
-
#
|
122
|
-
#
|
109
|
+
# A unique identifier that might be required when you assume a role in
|
110
|
+
# another account. If the administrator of the account to which the
|
111
|
+
# role belongs provided you with an external ID, then provide that
|
112
|
+
# value in the `ExternalId` parameter. This value can be any string,
|
113
|
+
# such as a passphrase or account number. Because a cross-account role
|
114
|
+
# is usually set up to trust everyone in an account, the administrator
|
115
|
+
# of the trusting account might send an external ID to the
|
116
|
+
# administrator of the trusted account. That way, only someone with
|
117
|
+
# the ID can assume the role, rather than everyone in the account. For
|
118
|
+
# more information about the external ID, see [How to Use an External
|
119
|
+
# ID When Granting Access to Your AWS Resources to a Third Party][1]
|
120
|
+
# in the *IAM User Guide*.
|
121
|
+
#
|
122
|
+
# The regex used to validate this parameter is a string of characters
|
123
123
|
# consisting of upper- and lower-case alphanumeric characters with no
|
124
124
|
# spaces. You can also include underscores or any of the following
|
125
125
|
# characters: =,.@:/-
|
126
126
|
#
|
127
127
|
#
|
128
128
|
#
|
129
|
-
# [1]:
|
129
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
|
130
130
|
# @return [String]
|
131
131
|
#
|
132
132
|
# @!attribute [rw] serial_number
|
@@ -175,11 +175,13 @@ module Aws::STS
|
|
175
175
|
# The temporary security credentials, which include an access key ID,
|
176
176
|
# a secret access key, and a security (or session) token.
|
177
177
|
#
|
178
|
-
#
|
178
|
+
# <note markdown="1"> The size of the security token that STS API operations return is not
|
179
179
|
# fixed. We strongly recommend that you make no assumptions about the
|
180
180
|
# maximum size. As of this writing, the typical size is less than 4096
|
181
181
|
# bytes, but that can vary. Also, future updates to AWS might require
|
182
182
|
# larger sizes.
|
183
|
+
#
|
184
|
+
# </note>
|
183
185
|
# @return [Types::Credentials]
|
184
186
|
#
|
185
187
|
# @!attribute [rw] assumed_role_user
|
@@ -232,26 +234,25 @@ module Aws::STS
|
|
232
234
|
# IdP.
|
233
235
|
#
|
234
236
|
# For more information, see [Configuring a Relying Party and Adding
|
235
|
-
# Claims][1] in the *
|
237
|
+
# Claims][1] in the *IAM User Guide*.
|
236
238
|
#
|
237
239
|
#
|
238
240
|
#
|
239
|
-
# [1]:
|
241
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html
|
240
242
|
# @return [String]
|
241
243
|
#
|
242
244
|
# @!attribute [rw] policy
|
243
245
|
# An IAM policy in JSON format.
|
244
246
|
#
|
245
|
-
# The policy parameter is optional. If you pass a policy
|
246
|
-
#
|
247
|
-
#
|
248
|
-
#
|
249
|
-
#
|
250
|
-
#
|
251
|
-
#
|
252
|
-
#
|
253
|
-
#
|
254
|
-
# and AssumeRoleWithWebIdentity][1] in the *IAM User Guide*.
|
247
|
+
# The policy parameter is optional. If you pass a policy to this
|
248
|
+
# operation, the resulting temporary credentials have the permissions
|
249
|
+
# of the assumed role *and* the policy that you pass. This gives you a
|
250
|
+
# way to further restrict the permissions for the resulting temporary
|
251
|
+
# security credentials. You cannot use the passed policy to grant
|
252
|
+
# permissions that are in excess of those allowed by the permissions
|
253
|
+
# policy of the role that is being assumed. For more information, see
|
254
|
+
# [ Permissions for AssumeRole, AssumeRoleWithSAML, and
|
255
|
+
# AssumeRoleWithWebIdentity ][1] in the *IAM User Guide*.
|
255
256
|
#
|
256
257
|
# The format for this parameter, as described by its regex pattern, is
|
257
258
|
# a string of characters up to 2048 characters in length. The
|
@@ -260,17 +261,17 @@ module Aws::STS
|
|
260
261
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
261
262
|
# (\\u000D) characters.
|
262
263
|
#
|
263
|
-
# <note markdown="1"> The policy
|
264
|
+
# <note markdown="1"> The policy plaintext must be 2048 bytes or shorter. However, an
|
264
265
|
# internal conversion compresses it into a packed binary format with a
|
265
|
-
# separate limit. The PackedPolicySize response element indicates by
|
266
|
-
# percentage how close to the upper size limit the policy is,
|
267
|
-
# 100
|
266
|
+
# separate limit. The `PackedPolicySize` response element indicates by
|
267
|
+
# percentage how close to the upper size limit the policy is, where
|
268
|
+
# 100 percent is the maximum allowed size.
|
268
269
|
#
|
269
270
|
# </note>
|
270
271
|
#
|
271
272
|
#
|
272
273
|
#
|
273
|
-
# [1]:
|
274
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html
|
274
275
|
# @return [String]
|
275
276
|
#
|
276
277
|
# @!attribute [rw] duration_seconds
|
@@ -288,7 +289,7 @@ module Aws::STS
|
|
288
289
|
# Maximum Session Duration Setting for a Role][1] in the *IAM User
|
289
290
|
# Guide*.
|
290
291
|
#
|
291
|
-
# By default, the value is set to 3600 seconds.
|
292
|
+
# By default, the value is set to `3600` seconds.
|
292
293
|
#
|
293
294
|
# <note markdown="1"> The `DurationSeconds` parameter is separate from the duration of a
|
294
295
|
# console session that you might request using the returned
|
@@ -302,8 +303,8 @@ module Aws::STS
|
|
302
303
|
#
|
303
304
|
#
|
304
305
|
#
|
305
|
-
# [1]:
|
306
|
-
# [2]:
|
306
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
307
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
307
308
|
# @return [Integer]
|
308
309
|
#
|
309
310
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLRequest AWS API Documentation
|
@@ -325,11 +326,13 @@ module Aws::STS
|
|
325
326
|
# The temporary security credentials, which include an access key ID,
|
326
327
|
# a secret access key, and a security (or session) token.
|
327
328
|
#
|
328
|
-
#
|
329
|
+
# <note markdown="1"> The size of the security token that STS API operations return is not
|
329
330
|
# fixed. We strongly recommend that you make no assumptions about the
|
330
331
|
# maximum size. As of this writing, the typical size is less than 4096
|
331
332
|
# bytes, but that can vary. Also, future updates to AWS might require
|
332
333
|
# larger sizes.
|
334
|
+
#
|
335
|
+
# </note>
|
333
336
|
# @return [Types::Credentials]
|
334
337
|
#
|
335
338
|
# @!attribute [rw] assumed_role_user
|
@@ -450,16 +453,15 @@ module Aws::STS
|
|
450
453
|
# @!attribute [rw] policy
|
451
454
|
# An IAM policy in JSON format.
|
452
455
|
#
|
453
|
-
# The policy parameter is optional. If you pass a policy
|
454
|
-
#
|
455
|
-
#
|
456
|
-
#
|
457
|
-
#
|
458
|
-
#
|
459
|
-
#
|
460
|
-
#
|
461
|
-
#
|
462
|
-
# in the *IAM User Guide*.
|
456
|
+
# The policy parameter is optional. If you pass a policy to this
|
457
|
+
# operation, the resulting temporary credentials have the permissions
|
458
|
+
# of the assumed role *and* the policy that you pass. This gives you a
|
459
|
+
# way to further restrict the permissions for the resulting temporary
|
460
|
+
# security credentials. You cannot use the passed policy to grant
|
461
|
+
# permissions that are in excess of those allowed by the permissions
|
462
|
+
# policy of the role that is being assumed. For more information, see
|
463
|
+
# [ Permissions for AssumeRole, AssumeRoleWithSAML, and
|
464
|
+
# AssumeRoleWithWebIdentity ][1] in the *IAM User Guide*.
|
463
465
|
#
|
464
466
|
# The format for this parameter, as described by its regex pattern, is
|
465
467
|
# a string of characters up to 2048 characters in length. The
|
@@ -468,17 +470,17 @@ module Aws::STS
|
|
468
470
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
469
471
|
# (\\u000D) characters.
|
470
472
|
#
|
471
|
-
# <note markdown="1"> The policy
|
473
|
+
# <note markdown="1"> The policy plaintext must be 2048 bytes or shorter. However, an
|
472
474
|
# internal conversion compresses it into a packed binary format with a
|
473
|
-
# separate limit. The PackedPolicySize response element indicates by
|
474
|
-
# percentage how close to the upper size limit the policy is,
|
475
|
-
# 100
|
475
|
+
# separate limit. The `PackedPolicySize` response element indicates by
|
476
|
+
# percentage how close to the upper size limit the policy is, where
|
477
|
+
# 100 percent is the maximum allowed size.
|
476
478
|
#
|
477
479
|
# </note>
|
478
480
|
#
|
479
481
|
#
|
480
482
|
#
|
481
|
-
# [1]:
|
483
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html
|
482
484
|
# @return [String]
|
483
485
|
#
|
484
486
|
# @!attribute [rw] duration_seconds
|
@@ -492,7 +494,7 @@ module Aws::STS
|
|
492
494
|
# value for your role, see [View the Maximum Session Duration Setting
|
493
495
|
# for a Role][1] in the *IAM User Guide*.
|
494
496
|
#
|
495
|
-
# By default, the value is set to 3600 seconds.
|
497
|
+
# By default, the value is set to `3600` seconds.
|
496
498
|
#
|
497
499
|
# <note markdown="1"> The `DurationSeconds` parameter is separate from the duration of a
|
498
500
|
# console session that you might request using the returned
|
@@ -506,8 +508,8 @@ module Aws::STS
|
|
506
508
|
#
|
507
509
|
#
|
508
510
|
#
|
509
|
-
# [1]:
|
510
|
-
# [2]:
|
511
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
512
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
511
513
|
# @return [Integer]
|
512
514
|
#
|
513
515
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityRequest AWS API Documentation
|
@@ -530,11 +532,13 @@ module Aws::STS
|
|
530
532
|
# The temporary security credentials, which include an access key ID,
|
531
533
|
# a secret access key, and a security token.
|
532
534
|
#
|
533
|
-
#
|
535
|
+
# <note markdown="1"> The size of the security token that STS API operations return is not
|
534
536
|
# fixed. We strongly recommend that you make no assumptions about the
|
535
537
|
# maximum size. As of this writing, the typical size is less than 4096
|
536
538
|
# bytes, but that can vary. Also, future updates to AWS might require
|
537
539
|
# larger sizes.
|
540
|
+
#
|
541
|
+
# </note>
|
538
542
|
# @return [Types::Credentials]
|
539
543
|
#
|
540
544
|
# @!attribute [rw] subject_from_web_identity_token
|
@@ -564,8 +568,8 @@ module Aws::STS
|
|
564
568
|
#
|
565
569
|
# @!attribute [rw] provider
|
566
570
|
# The issuing authority of the web identity token presented. For
|
567
|
-
# OpenID Connect ID
|
568
|
-
# For OAuth 2.0 access tokens, this contains the value of the
|
571
|
+
# OpenID Connect ID tokens, this contains the value of the `iss`
|
572
|
+
# field. For OAuth 2.0 access tokens, this contains the value of the
|
569
573
|
# `ProviderId` parameter that was passed in the
|
570
574
|
# `AssumeRoleWithWebIdentity` request.
|
571
575
|
# @return [String]
|
@@ -604,7 +608,7 @@ module Aws::STS
|
|
604
608
|
#
|
605
609
|
#
|
606
610
|
#
|
607
|
-
# [1]:
|
611
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
|
608
612
|
# @return [String]
|
609
613
|
#
|
610
614
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumedRoleUser AWS API Documentation
|
@@ -693,7 +697,7 @@ module Aws::STS
|
|
693
697
|
#
|
694
698
|
#
|
695
699
|
#
|
696
|
-
# [1]:
|
700
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
|
697
701
|
# @return [String]
|
698
702
|
#
|
699
703
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/FederatedUser AWS API Documentation
|
@@ -715,14 +719,14 @@ module Aws::STS
|
|
715
719
|
#
|
716
720
|
# @!attribute [rw] user_id
|
717
721
|
# The unique identifier of the calling entity. The exact value depends
|
718
|
-
# on the type of entity making the call. The values returned
|
719
|
-
# listed in the **aws:userid** column in the [Principal
|
720
|
-
# found on the **Policy Variables** reference page in the
|
721
|
-
# Guide*.
|
722
|
+
# on the type of entity that is making the call. The values returned
|
723
|
+
# are those listed in the **aws:userid** column in the [Principal
|
724
|
+
# table][1] found on the **Policy Variables** reference page in the
|
725
|
+
# *IAM User Guide*.
|
722
726
|
#
|
723
727
|
#
|
724
728
|
#
|
725
|
-
# [1]:
|
729
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable
|
726
730
|
# @return [String]
|
727
731
|
#
|
728
732
|
# @!attribute [rw] account
|
@@ -765,22 +769,15 @@ module Aws::STS
|
|
765
769
|
# @return [String]
|
766
770
|
#
|
767
771
|
# @!attribute [rw] policy
|
768
|
-
# An IAM policy in JSON format
|
769
|
-
# `GetFederationToken
|
770
|
-
#
|
771
|
-
#
|
772
|
-
#
|
773
|
-
#
|
774
|
-
# IAM user
|
775
|
-
#
|
776
|
-
#
|
777
|
-
# passed policy and the IAM user policy.
|
778
|
-
#
|
779
|
-
# If you do not pass a policy, the resulting temporary security
|
780
|
-
# credentials have no effective permissions. The only exception is
|
781
|
-
# when the temporary security credentials are used to access a
|
782
|
-
# resource that has a resource-based policy that specifically allows
|
783
|
-
# the federated user to access the resource.
|
772
|
+
# An IAM policy in JSON format. You must pass an IAM permissions
|
773
|
+
# policy to `GetFederationToken`. When you pass a policy to this
|
774
|
+
# operation, the resulting temporary credentials are defined by the
|
775
|
+
# intersection of your IAM user policies and the policy that you pass.
|
776
|
+
# The passed policy defines the permissions of the *federated user*.
|
777
|
+
# AWS allows the federated user's request only when both the attached
|
778
|
+
# policy and the IAM user policy explicitly allow the federated user
|
779
|
+
# to perform the requested action. The passed policy cannot grant more
|
780
|
+
# permissions than those that are defined in the IAM user policy.
|
784
781
|
#
|
785
782
|
# The format for this parameter, as described by its regex pattern, is
|
786
783
|
# a string of characters up to 2048 characters in length. The
|
@@ -789,11 +786,11 @@ module Aws::STS
|
|
789
786
|
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
790
787
|
# (\\u000D) characters.
|
791
788
|
#
|
792
|
-
# <note markdown="1"> The policy
|
789
|
+
# <note markdown="1"> The policy plaintext must be 2048 bytes or shorter. However, an
|
793
790
|
# internal conversion compresses it into a packed binary format with a
|
794
|
-
# separate limit. The PackedPolicySize response element indicates by
|
795
|
-
# percentage how close to the upper size limit the policy is,
|
796
|
-
# 100
|
791
|
+
# separate limit. The `PackedPolicySize` response element indicates by
|
792
|
+
# percentage how close to the upper size limit the policy is, where
|
793
|
+
# 100 percent is the maximum allowed size.
|
797
794
|
#
|
798
795
|
# </note>
|
799
796
|
#
|
@@ -802,18 +799,17 @@ module Aws::STS
|
|
802
799
|
#
|
803
800
|
#
|
804
801
|
#
|
805
|
-
# [1]:
|
802
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getfederationtoken.html
|
806
803
|
# @return [String]
|
807
804
|
#
|
808
805
|
# @!attribute [rw] duration_seconds
|
809
806
|
# The duration, in seconds, that the session should last. Acceptable
|
810
807
|
# durations for federation sessions range from 900 seconds (15
|
811
|
-
# minutes) to
|
812
|
-
# as the default. Sessions obtained using AWS account
|
813
|
-
# credentials are restricted to a maximum of
|
808
|
+
# minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12
|
809
|
+
# hours) as the default. Sessions obtained using AWS account root user
|
810
|
+
# credentials are restricted to a maximum of 3,600 seconds (one hour).
|
814
811
|
# If the specified duration is longer than one hour, the session
|
815
|
-
# obtained by using
|
816
|
-
# hour.
|
812
|
+
# obtained by using root user credentials defaults to one hour.
|
817
813
|
# @return [Integer]
|
818
814
|
#
|
819
815
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenRequest AWS API Documentation
|
@@ -833,11 +829,13 @@ module Aws::STS
|
|
833
829
|
# The temporary security credentials, which include an access key ID,
|
834
830
|
# a secret access key, and a security (or session) token.
|
835
831
|
#
|
836
|
-
#
|
832
|
+
# <note markdown="1"> The size of the security token that STS API operations return is not
|
837
833
|
# fixed. We strongly recommend that you make no assumptions about the
|
838
834
|
# maximum size. As of this writing, the typical size is less than 4096
|
839
835
|
# bytes, but that can vary. Also, future updates to AWS might require
|
840
836
|
# larger sizes.
|
837
|
+
#
|
838
|
+
# </note>
|
841
839
|
# @return [Types::Credentials]
|
842
840
|
#
|
843
841
|
# @!attribute [rw] federated_user
|
@@ -874,9 +872,9 @@ module Aws::STS
|
|
874
872
|
# @!attribute [rw] duration_seconds
|
875
873
|
# The duration, in seconds, that the credentials should remain valid.
|
876
874
|
# Acceptable durations for IAM user sessions range from 900 seconds
|
877
|
-
# (15 minutes) to
|
875
|
+
# (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12
|
878
876
|
# hours) as the default. Sessions for AWS account owners are
|
879
|
-
# restricted to a maximum of
|
877
|
+
# restricted to a maximum of 3,600 seconds (one hour). If the duration
|
880
878
|
# is longer than one hour, the session for AWS account owners defaults
|
881
879
|
# to one hour.
|
882
880
|
# @return [Integer]
|
@@ -891,7 +889,7 @@ module Aws::STS
|
|
891
889
|
# the device for an IAM user by going to the AWS Management Console
|
892
890
|
# and viewing the user's security credentials.
|
893
891
|
#
|
894
|
-
# The regex used to
|
892
|
+
# The regex used to validate this parameter is a string of characters
|
895
893
|
# consisting of upper- and lower-case alphanumeric characters with no
|
896
894
|
# spaces. You can also include underscores or any of the following
|
897
895
|
# characters: =,.@:/-
|
@@ -900,9 +898,9 @@ module Aws::STS
|
|
900
898
|
# @!attribute [rw] token_code
|
901
899
|
# The value provided by the MFA device, if MFA is required. If any
|
902
900
|
# policy requires the IAM user to submit an MFA code, specify this
|
903
|
-
# value. If MFA authentication is required,
|
904
|
-
#
|
905
|
-
#
|
901
|
+
# value. If MFA authentication is required, the user must provide a
|
902
|
+
# code when requesting a set of temporary security credentials. A user
|
903
|
+
# who fails to provide the code receives an "access denied" response
|
906
904
|
# when requesting resources that require MFA authentication.
|
907
905
|
#
|
908
906
|
# The format for this parameter, as described by its regex pattern, is
|
@@ -926,11 +924,13 @@ module Aws::STS
|
|
926
924
|
# The temporary security credentials, which include an access key ID,
|
927
925
|
# a secret access key, and a security (or session) token.
|
928
926
|
#
|
929
|
-
#
|
927
|
+
# <note markdown="1"> The size of the security token that STS API operations return is not
|
930
928
|
# fixed. We strongly recommend that you make no assumptions about the
|
931
929
|
# maximum size. As of this writing, the typical size is less than 4096
|
932
930
|
# bytes, but that can vary. Also, future updates to AWS might require
|
933
931
|
# larger sizes.
|
932
|
+
#
|
933
|
+
# </note>
|
934
934
|
# @return [Types::Credentials]
|
935
935
|
#
|
936
936
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionTokenResponse AWS API Documentation
|