aws-sdk-core 3.54.2 → 3.75.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -99,12 +99,10 @@ module Aws
99
99
  def credentials(opts = {})
100
100
  p = opts[:profile] || @profile_name
101
101
  validate_profile_exists(p) if credentials_present?
102
- if credentials = credentials_from_shared(p, opts)
102
+ if (credentials = credentials_from_shared(p, opts))
103
103
  credentials
104
- elsif credentials = credentials_from_config(p, opts)
104
+ elsif (credentials = credentials_from_config(p, opts))
105
105
  credentials
106
- else
107
- nil
108
106
  end
109
107
  end
110
108
 
@@ -121,6 +119,25 @@ module Aws
121
119
  credentials
122
120
  end
123
121
 
122
+ def assume_role_web_identity_credentials_from_config(profile)
123
+ p = profile || @profile_name
124
+ if @config_enabled && @parsed_config
125
+ entry = @parsed_config.fetch(p, {})
126
+ if entry['web_identity_token_file'] &&
127
+ entry['role_arn']
128
+ AssumeRoleWebIdentityCredentials.new(
129
+ role_arn: entry['role_arn'],
130
+ web_identity_token_file: entry['web_identity_token_file'],
131
+ role_session_name: entry['role_session_name']
132
+ )
133
+ else
134
+ nil
135
+ end
136
+ else
137
+ nil
138
+ end
139
+ end
140
+
124
141
  def region(opts = {})
125
142
  p = opts[:profile] || @profile_name
126
143
  if @config_enabled
@@ -136,6 +153,21 @@ module Aws
136
153
  end
137
154
  end
138
155
 
156
+ def sts_regional_endpoints(opts = {})
157
+ p = opts[:profile] || @profile_name
158
+ if @config_enabled
159
+ if @parsed_credentials
160
+ mode = @parsed_credentials.fetch(p, {})["sts_regional_endpoints"]
161
+ end
162
+ if @parsed_config
163
+ mode ||= @parsed_config.fetch(p, {})["sts_regional_endpoints"]
164
+ end
165
+ mode
166
+ else
167
+ nil
168
+ end
169
+ end
170
+
139
171
  def endpoint_discovery(opts = {})
140
172
  p = opts[:profile] || @profile_name
141
173
  if @config_enabled && @parsed_config
@@ -193,7 +225,23 @@ module Aws
193
225
  end
194
226
  end
195
227
 
228
+ def csm_host(opts = {})
229
+ p = opts[:profile] || @profile_name
230
+ if @config_enabled
231
+ if @parsed_credentials
232
+ value = @parsed_credentials.fetch(p, {})["csm_host"]
233
+ end
234
+ if @parsed_config
235
+ value ||= @parsed_config.fetch(p, {})["csm_host"]
236
+ end
237
+ value
238
+ else
239
+ nil
240
+ end
241
+ end
242
+
196
243
  private
244
+
197
245
  def credentials_present?
198
246
  (@parsed_credentials && !@parsed_credentials.empty?) ||
199
247
  (@parsed_config && !@parsed_config.empty?)
@@ -211,11 +259,12 @@ module Aws
211
259
  "provide only source_profile or credential_source, not both."
212
260
  )
213
261
  elsif opts[:source_profile]
214
- opts[:credentials] = credentials(profile: opts[:source_profile])
262
+ opts[:credentials] = resolve_source_profile(opts[:source_profile])
215
263
  if opts[:credentials]
216
264
  opts[:role_session_name] ||= prof_cfg["role_session_name"]
217
265
  opts[:role_session_name] ||= "default_session"
218
266
  opts[:role_arn] ||= prof_cfg["role_arn"]
267
+ opts[:duration_seconds] ||= prof_cfg["duration_seconds"]
219
268
  opts[:external_id] ||= prof_cfg["external_id"]
220
269
  opts[:serial_number] ||= prof_cfg["mfa_serial"]
221
270
  opts[:profile] = opts.delete(:source_profile)
@@ -235,6 +284,7 @@ module Aws
235
284
  opts[:role_session_name] ||= prof_cfg["role_session_name"]
236
285
  opts[:role_session_name] ||= "default_session"
237
286
  opts[:role_arn] ||= prof_cfg["role_arn"]
287
+ opts[:duration_seconds] ||= prof_cfg["duration_seconds"]
238
288
  opts[:external_id] ||= prof_cfg["external_id"]
239
289
  opts[:serial_number] ||= prof_cfg["mfa_serial"]
240
290
  opts.delete(:source_profile) # Cleanup
@@ -257,6 +307,20 @@ module Aws
257
307
  end
258
308
  end
259
309
 
310
+ def resolve_source_profile(profile)
311
+ if (creds = credentials(profile: profile))
312
+ creds # static credentials
313
+ elsif (provider = assume_role_web_identity_credentials_from_config(profile))
314
+ if provider.credentials.set?
315
+ provider.credentials
316
+ end
317
+ elsif (provider = assume_role_process_credentials_from_config(profile))
318
+ if provider.credentials.set?
319
+ provider.credentials
320
+ end
321
+ end
322
+ end
323
+
260
324
  def credentials_from_source(credential_source, config)
261
325
  case credential_source
262
326
  when "Ec2InstanceMetadata"
@@ -274,6 +338,11 @@ module Aws
274
338
  end
275
339
  end
276
340
 
341
+ def assume_role_process_credentials_from_config(profile)
342
+ credential_process = credentials_process(profile)
343
+ ProcessCredentials.new(credential_process) if credential_process
344
+ end
345
+
277
346
  def credentials_from_shared(profile, opts)
278
347
  if @parsed_credentials && prof_config = @parsed_credentials[profile]
279
348
  credentials_from_profile(prof_config)
data/lib/aws-sdk-core.rb CHANGED
@@ -9,6 +9,7 @@ require_relative 'aws-sdk-core/deprecations'
9
9
  require_relative 'aws-sdk-core/credential_provider'
10
10
  require_relative 'aws-sdk-core/refreshing_credentials'
11
11
  require_relative 'aws-sdk-core/assume_role_credentials'
12
+ require_relative 'aws-sdk-core/assume_role_web_identity_credentials'
12
13
  require_relative 'aws-sdk-core/credentials'
13
14
  require_relative 'aws-sdk-core/credential_provider_chain'
14
15
  require_relative 'aws-sdk-core/ecs_credentials'
@@ -26,6 +26,7 @@ require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
26
26
  require 'aws-sdk-core/plugins/transfer_encoding.rb'
27
27
  require 'aws-sdk-core/plugins/signature_v4.rb'
28
28
  require 'aws-sdk-core/plugins/protocols/query.rb'
29
+ require 'aws-sdk-sts/plugins/sts_regional_endpoints.rb'
29
30
 
30
31
  Aws::Plugins::GlobalConfiguration.add_identifier(:sts)
31
32
 
@@ -59,6 +60,7 @@ module Aws::STS
59
60
  add_plugin(Aws::Plugins::TransferEncoding)
60
61
  add_plugin(Aws::Plugins::SignatureV4)
61
62
  add_plugin(Aws::Plugins::Protocols::Query)
63
+ add_plugin(Aws::STS::Plugins::STSRegionalEndpoints)
62
64
 
63
65
  # @overload initialize(options)
64
66
  # @param [Hash] options
@@ -116,6 +118,10 @@ module Aws::STS
116
118
  # Allows you to provide an identifier for this client which will be attached to
117
119
  # all generated client side metrics. Defaults to an empty string.
118
120
  #
121
+ # @option options [String] :client_side_monitoring_host ("127.0.0.1")
122
+ # Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client
123
+ # side monitoring agent is running on, where client metrics will be published via UDP.
124
+ #
119
125
  # @option options [Integer] :client_side_monitoring_port (31000)
120
126
  # Required for publishing client metrics. The port that the client side monitoring
121
127
  # agent is running on, where client metrics will be published via UDP.
@@ -188,6 +194,11 @@ module Aws::STS
188
194
  #
189
195
  # @option options [String] :session_token
190
196
  #
197
+ # @option options [String] :sts_regional_endpoints ("legacy")
198
+ # Passing in 'regional' to enable regional endpoint for STS for all supported
199
+ # regions (except 'aws-global'), defaults to 'legacy' mode, using global endpoint
200
+ # for legacy regions.
201
+ #
191
202
  # @option options [Boolean] :stub_responses (false)
192
203
  # Causes the client to return stubbed responses. By default
193
204
  # fake responses are generated and returned. You can specify
@@ -391,8 +402,7 @@ module Aws::STS
391
402
  # ARNs. However, the plain text that you use for both inline and managed
392
403
  # session policies shouldn't exceed 2048 characters. For more
393
404
  # information about ARNs, see [Amazon Resource Names (ARNs) and AWS
394
- # Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html) in
395
- # the AWS General Reference.
405
+ # Service Namespaces][1] in the AWS General Reference.
396
406
  #
397
407
  # <note markdown="1"> The characters in this parameter count towards the 2048 character
398
408
  # session policy guideline. However, an AWS conversion compresses the
@@ -410,11 +420,12 @@ module Aws::STS
410
420
  # access resources in the account that owns the role. You cannot use
411
421
  # session policies to grant more permissions than those allowed by the
412
422
  # identity-based policy of the role that is being assumed. For more
413
- # information, see [Session Policies][1] in the *IAM User Guide*.
423
+ # information, see [Session Policies][2] in the *IAM User Guide*.
414
424
  #
415
425
  #
416
426
  #
417
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
427
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
428
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
418
429
  #
419
430
  # @option params [String] :policy
420
431
  # An IAM policy in JSON format that you want to use as an inline session
@@ -711,8 +722,7 @@ module Aws::STS
711
722
  # ARNs. However, the plain text that you use for both inline and managed
712
723
  # session policies shouldn't exceed 2048 characters. For more
713
724
  # information about ARNs, see [Amazon Resource Names (ARNs) and AWS
714
- # Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html) in
715
- # the AWS General Reference.
725
+ # Service Namespaces][1] in the AWS General Reference.
716
726
  #
717
727
  # <note markdown="1"> The characters in this parameter count towards the 2048 character
718
728
  # session policy guideline. However, an AWS conversion compresses the
@@ -730,11 +740,12 @@ module Aws::STS
730
740
  # access resources in the account that owns the role. You cannot use
731
741
  # session policies to grant more permissions than those allowed by the
732
742
  # identity-based policy of the role that is being assumed. For more
733
- # information, see [Session Policies][1] in the *IAM User Guide*.
743
+ # information, see [Session Policies][2] in the *IAM User Guide*.
734
744
  #
735
745
  #
736
746
  #
737
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
747
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
748
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
738
749
  #
739
750
  # @option params [String] :policy
740
751
  # An IAM policy in JSON format that you want to use as an inline session
@@ -1015,8 +1026,7 @@ module Aws::STS
1015
1026
  # ARNs. However, the plain text that you use for both inline and managed
1016
1027
  # session policies shouldn't exceed 2048 characters. For more
1017
1028
  # information about ARNs, see [Amazon Resource Names (ARNs) and AWS
1018
- # Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html) in
1019
- # the AWS General Reference.
1029
+ # Service Namespaces][1] in the AWS General Reference.
1020
1030
  #
1021
1031
  # <note markdown="1"> The characters in this parameter count towards the 2048 character
1022
1032
  # session policy guideline. However, an AWS conversion compresses the
@@ -1034,11 +1044,12 @@ module Aws::STS
1034
1044
  # access resources in the account that owns the role. You cannot use
1035
1045
  # session policies to grant more permissions than those allowed by the
1036
1046
  # identity-based policy of the role that is being assumed. For more
1037
- # information, see [Session Policies][1] in the *IAM User Guide*.
1047
+ # information, see [Session Policies][2] in the *IAM User Guide*.
1038
1048
  #
1039
1049
  #
1040
1050
  #
1041
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
1051
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
1052
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
1042
1053
  #
1043
1054
  # @option params [String] :policy
1044
1055
  # An IAM policy in JSON format that you want to use as an inline session
@@ -1259,8 +1270,82 @@ module Aws::STS
1259
1270
  req.send_request(options)
1260
1271
  end
1261
1272
 
1262
- # Returns details about the IAM identity whose credentials are used to
1263
- # call the API.
1273
+ # Returns the account identifier for the specified access key ID.
1274
+ #
1275
+ # Access keys consist of two parts: an access key ID (for example,
1276
+ # `AKIAIOSFODNN7EXAMPLE`) and a secret access key (for example,
1277
+ # `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`). For more information
1278
+ # about access keys, see [Managing Access Keys for IAM Users][1] in the
1279
+ # *IAM User Guide*.
1280
+ #
1281
+ # When you pass an access key ID to this operation, it returns the ID of
1282
+ # the AWS account to which the keys belong. Access key IDs beginning
1283
+ # with `AKIA` are long-term credentials for an IAM user or the AWS
1284
+ # account root user. Access key IDs beginning with `ASIA` are temporary
1285
+ # credentials that are created using STS operations. If the account in
1286
+ # the response belongs to you, you can sign in as the root user and
1287
+ # review your root user access keys. Then, you can pull a [credentials
1288
+ # report][2] to learn which IAM user owns the keys. To learn who
1289
+ # requested the temporary credentials for an `ASIA` access key, view the
1290
+ # STS events in your [CloudTrail logs][3].
1291
+ #
1292
+ # This operation does not indicate the state of the access key. The key
1293
+ # might be active, inactive, or deleted. Active keys might not have
1294
+ # permissions to perform an operation. Providing a deleted access key
1295
+ # might return an error that the key doesn't exist.
1296
+ #
1297
+ #
1298
+ #
1299
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html
1300
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html
1301
+ # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
1302
+ #
1303
+ # @option params [required, String] :access_key_id
1304
+ # The identifier of an access key.
1305
+ #
1306
+ # This parameter allows (through its regex pattern) a string of
1307
+ # characters that can consist of any upper- or lowercased letter or
1308
+ # digit.
1309
+ #
1310
+ # @return [Types::GetAccessKeyInfoResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1311
+ #
1312
+ # * {Types::GetAccessKeyInfoResponse#account #account} => String
1313
+ #
1314
+ # @example Request syntax with placeholder values
1315
+ #
1316
+ # resp = client.get_access_key_info({
1317
+ # access_key_id: "accessKeyIdType", # required
1318
+ # })
1319
+ #
1320
+ # @example Response structure
1321
+ #
1322
+ # resp.account #=> String
1323
+ #
1324
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo AWS API Documentation
1325
+ #
1326
+ # @overload get_access_key_info(params = {})
1327
+ # @param [Hash] params ({})
1328
+ def get_access_key_info(params = {}, options = {})
1329
+ req = build_request(:get_access_key_info, params)
1330
+ req.send_request(options)
1331
+ end
1332
+
1333
+ # Returns details about the IAM user or role whose credentials are used
1334
+ # to call the operation.
1335
+ #
1336
+ # <note markdown="1"> No permissions are required to perform this operation. If an
1337
+ # administrator adds a policy to your IAM user or role that explicitly
1338
+ # denies access to the `sts:GetCallerIdentity` action, you can still
1339
+ # perform this operation. Permissions are not required because the same
1340
+ # information is returned when an IAM user or role is denied access. To
1341
+ # view an example response, see [I Am Not Authorized to Perform:
1342
+ # iam:DeleteVirtualMFADevice][1].
1343
+ #
1344
+ # </note>
1345
+ #
1346
+ #
1347
+ #
1348
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa
1264
1349
  #
1265
1350
  # @return [Types::GetCallerIdentityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1266
1351
  #
@@ -1474,8 +1559,7 @@ module Aws::STS
1474
1559
  # both inline and managed session policies shouldn't exceed 2048
1475
1560
  # characters. You can provide up to 10 managed policy ARNs. For more
1476
1561
  # information about ARNs, see [Amazon Resource Names (ARNs) and AWS
1477
- # Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html) in
1478
- # the AWS General Reference.
1562
+ # Service Namespaces][2] in the AWS General Reference.
1479
1563
  #
1480
1564
  # This parameter is optional. However, if you do not pass any session
1481
1565
  # policies, then the resulting federated user session has no
@@ -1504,6 +1588,7 @@ module Aws::STS
1504
1588
  #
1505
1589
  #
1506
1590
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
1591
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
1507
1592
  #
1508
1593
  # @option params [Integer] :duration_seconds
1509
1594
  # The duration, in seconds, that the session should last. Acceptable
@@ -1730,7 +1815,7 @@ module Aws::STS
1730
1815
  params: params,
1731
1816
  config: config)
1732
1817
  context[:gem_name] = 'aws-sdk-core'
1733
- context[:gem_version] = '3.54.2'
1818
+ context[:gem_version] = '3.75.0'
1734
1819
  Seahorse::Client::Request.new(handlers, context)
1735
1820
  end
1736
1821
 
@@ -24,6 +24,8 @@ module Aws::STS
24
24
  DecodeAuthorizationMessageResponse = Shapes::StructureShape.new(name: 'DecodeAuthorizationMessageResponse')
25
25
  ExpiredTokenException = Shapes::StructureShape.new(name: 'ExpiredTokenException')
26
26
  FederatedUser = Shapes::StructureShape.new(name: 'FederatedUser')
27
+ GetAccessKeyInfoRequest = Shapes::StructureShape.new(name: 'GetAccessKeyInfoRequest')
28
+ GetAccessKeyInfoResponse = Shapes::StructureShape.new(name: 'GetAccessKeyInfoResponse')
27
29
  GetCallerIdentityRequest = Shapes::StructureShape.new(name: 'GetCallerIdentityRequest')
28
30
  GetCallerIdentityResponse = Shapes::StructureShape.new(name: 'GetCallerIdentityResponse')
29
31
  GetFederationTokenRequest = Shapes::StructureShape.new(name: 'GetFederationTokenRequest')
@@ -149,6 +151,12 @@ module Aws::STS
149
151
  FederatedUser.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "Arn"))
150
152
  FederatedUser.struct_class = Types::FederatedUser
151
153
 
154
+ GetAccessKeyInfoRequest.add_member(:access_key_id, Shapes::ShapeRef.new(shape: accessKeyIdType, required: true, location_name: "AccessKeyId"))
155
+ GetAccessKeyInfoRequest.struct_class = Types::GetAccessKeyInfoRequest
156
+
157
+ GetAccessKeyInfoResponse.add_member(:account, Shapes::ShapeRef.new(shape: accountType, location_name: "Account"))
158
+ GetAccessKeyInfoResponse.struct_class = Types::GetAccessKeyInfoResponse
159
+
152
160
  GetCallerIdentityRequest.struct_class = Types::GetCallerIdentityRequest
153
161
 
154
162
  GetCallerIdentityResponse.add_member(:user_id, Shapes::ShapeRef.new(shape: userIdType, location_name: "UserId"))
@@ -271,6 +279,14 @@ module Aws::STS
271
279
  o.errors << Shapes::ShapeRef.new(shape: InvalidAuthorizationMessageException)
272
280
  end)
273
281
 
282
+ api.add_operation(:get_access_key_info, Seahorse::Model::Operation.new.tap do |o|
283
+ o.name = "GetAccessKeyInfo"
284
+ o.http_method = "POST"
285
+ o.http_request_uri = "/"
286
+ o.input = Shapes::ShapeRef.new(shape: GetAccessKeyInfoRequest)
287
+ o.output = Shapes::ShapeRef.new(shape: GetAccessKeyInfoResponse)
288
+ end)
289
+
274
290
  api.add_operation(:get_caller_identity, Seahorse::Model::Operation.new.tap do |o|
275
291
  o.name = "GetCallerIdentity"
276
292
  o.http_method = "POST"
@@ -0,0 +1,32 @@
1
+ module Aws
2
+ module STS
3
+ module Plugins
4
+
5
+ class STSRegionalEndpoints < Seahorse::Client::Plugin
6
+
7
+ option(:sts_regional_endpoints,
8
+ default: 'legacy',
9
+ doc_type: String,
10
+ docstring: <<-DOCS) do |cfg|
11
+ Passing in 'regional' to enable regional endpoint for STS for all supported
12
+ regions (except 'aws-global'), defaults to 'legacy' mode, using global endpoint
13
+ for legacy regions.
14
+ DOCS
15
+ resolve_sts_regional_endpoints(cfg)
16
+ end
17
+
18
+ private
19
+
20
+ def self.resolve_sts_regional_endpoints(cfg)
21
+ env_mode = ENV['AWS_STS_REGIONAL_ENDPOINTS']
22
+ env_mode = nil if env_mode == ''
23
+ cfg_mode = Aws.shared_config.sts_regional_endpoints(
24
+ profile: cfg.profile)
25
+ env_mode || cfg_mode || 'legacy'
26
+ end
27
+
28
+ end
29
+
30
+ end
31
+ end
32
+ end
@@ -57,8 +57,7 @@ module Aws::STS
57
57
  # ARNs. However, the plain text that you use for both inline and
58
58
  # managed session policies shouldn't exceed 2048 characters. For more
59
59
  # information about ARNs, see [Amazon Resource Names (ARNs) and AWS
60
- # Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html)
61
- # in the AWS General Reference.
60
+ # Service Namespaces][1] in the AWS General Reference.
62
61
  #
63
62
  # <note markdown="1"> The characters in this parameter count towards the 2048 character
64
63
  # session policy guideline. However, an AWS conversion compresses the
@@ -77,11 +76,12 @@ module Aws::STS
77
76
  # owns the role. You cannot use session policies to grant more
78
77
  # permissions than those allowed by the identity-based policy of the
79
78
  # role that is being assumed. For more information, see [Session
80
- # Policies][1] in the *IAM User Guide*.
79
+ # Policies][2] in the *IAM User Guide*.
81
80
  #
82
81
  #
83
82
  #
84
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
83
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
84
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
85
85
  # @return [Array<Types::PolicyDescriptorType>]
86
86
  #
87
87
  # @!attribute [rw] policy
@@ -297,8 +297,7 @@ module Aws::STS
297
297
  # ARNs. However, the plain text that you use for both inline and
298
298
  # managed session policies shouldn't exceed 2048 characters. For more
299
299
  # information about ARNs, see [Amazon Resource Names (ARNs) and AWS
300
- # Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html)
301
- # in the AWS General Reference.
300
+ # Service Namespaces][1] in the AWS General Reference.
302
301
  #
303
302
  # <note markdown="1"> The characters in this parameter count towards the 2048 character
304
303
  # session policy guideline. However, an AWS conversion compresses the
@@ -317,11 +316,12 @@ module Aws::STS
317
316
  # owns the role. You cannot use session policies to grant more
318
317
  # permissions than those allowed by the identity-based policy of the
319
318
  # role that is being assumed. For more information, see [Session
320
- # Policies][1] in the *IAM User Guide*.
319
+ # Policies][2] in the *IAM User Guide*.
321
320
  #
322
321
  #
323
322
  #
324
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
323
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
324
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
325
325
  # @return [Array<Types::PolicyDescriptorType>]
326
326
  #
327
327
  # @!attribute [rw] policy
@@ -548,8 +548,7 @@ module Aws::STS
548
548
  # ARNs. However, the plain text that you use for both inline and
549
549
  # managed session policies shouldn't exceed 2048 characters. For more
550
550
  # information about ARNs, see [Amazon Resource Names (ARNs) and AWS
551
- # Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html)
552
- # in the AWS General Reference.
551
+ # Service Namespaces][1] in the AWS General Reference.
553
552
  #
554
553
  # <note markdown="1"> The characters in this parameter count towards the 2048 character
555
554
  # session policy guideline. However, an AWS conversion compresses the
@@ -568,11 +567,12 @@ module Aws::STS
568
567
  # owns the role. You cannot use session policies to grant more
569
568
  # permissions than those allowed by the identity-based policy of the
570
569
  # role that is being assumed. For more information, see [Session
571
- # Policies][1] in the *IAM User Guide*.
570
+ # Policies][2] in the *IAM User Guide*.
572
571
  #
573
572
  #
574
573
  #
575
- # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
574
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
575
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
576
576
  # @return [Array<Types::PolicyDescriptorType>]
577
577
  #
578
578
  # @!attribute [rw] policy
@@ -848,6 +848,39 @@ module Aws::STS
848
848
  include Aws::Structure
849
849
  end
850
850
 
851
+ # @note When making an API call, you may pass GetAccessKeyInfoRequest
852
+ # data as a hash:
853
+ #
854
+ # {
855
+ # access_key_id: "accessKeyIdType", # required
856
+ # }
857
+ #
858
+ # @!attribute [rw] access_key_id
859
+ # The identifier of an access key.
860
+ #
861
+ # This parameter allows (through its regex pattern) a string of
862
+ # characters that can consist of any upper- or lowercased letter or
863
+ # digit.
864
+ # @return [String]
865
+ #
866
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfoRequest AWS API Documentation
867
+ #
868
+ class GetAccessKeyInfoRequest < Struct.new(
869
+ :access_key_id)
870
+ include Aws::Structure
871
+ end
872
+
873
+ # @!attribute [rw] account
874
+ # The number used to identify the AWS account.
875
+ # @return [String]
876
+ #
877
+ # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfoResponse AWS API Documentation
878
+ #
879
+ class GetAccessKeyInfoResponse < Struct.new(
880
+ :account)
881
+ include Aws::Structure
882
+ end
883
+
851
884
  # @api private
852
885
  #
853
886
  # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityRequest AWS API Documentation
@@ -971,9 +1004,7 @@ module Aws::STS
971
1004
  # use for both inline and managed session policies shouldn't exceed
972
1005
  # 2048 characters. You can provide up to 10 managed policy ARNs. For
973
1006
  # more information about ARNs, see [Amazon Resource Names (ARNs) and
974
- # AWS Service
975
- # Namespaces](general/latest/gr/aws-arns-and-namespaces.html) in the
976
- # AWS General Reference.
1007
+ # AWS Service Namespaces][2] in the AWS General Reference.
977
1008
  #
978
1009
  # This parameter is optional. However, if you do not pass any session
979
1010
  # policies, then the resulting federated user session has no
@@ -1002,6 +1033,7 @@ module Aws::STS
1002
1033
  #
1003
1034
  #
1004
1035
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
1036
+ # [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
1005
1037
  # @return [Array<Types::PolicyDescriptorType>]
1006
1038
  #
1007
1039
  # @!attribute [rw] duration_seconds
@@ -1173,7 +1205,7 @@ module Aws::STS
1173
1205
  include Aws::Structure
1174
1206
  end
1175
1207
 
1176
- # The error returned if the message passed to
1208
+ # This error is returned if the message passed to
1177
1209
  # `DecodeAuthorizationMessage` was invalid. This can happen if the token
1178
1210
  # contains invalid characters, such as linebreaks.
1179
1211
  #
@@ -1241,9 +1273,12 @@ module Aws::STS
1241
1273
  # @!attribute [rw] arn
1242
1274
  # The Amazon Resource Name (ARN) of the IAM managed policy to use as a
1243
1275
  # session policy for the role. For more information about ARNs, see
1244
- # [Amazon Resource Names (ARNs) and AWS Service
1245
- # Namespaces](general/latest/gr/aws-arns-and-namespaces.html) in the
1276
+ # [Amazon Resource Names (ARNs) and AWS Service Namespaces][1] in the
1246
1277
  # *AWS General Reference*.
1278
+ #
1279
+ #
1280
+ #
1281
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
1247
1282
  # @return [String]
1248
1283
  #
1249
1284
  # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/PolicyDescriptorType AWS API Documentation
data/lib/aws-sdk-sts.rb CHANGED
@@ -40,6 +40,6 @@ require_relative 'aws-sdk-sts/customizations'
40
40
  # @service
41
41
  module Aws::STS
42
42
 
43
- GEM_VERSION = '3.54.2'
43
+ GEM_VERSION = '3.75.0'
44
44
 
45
45
  end
@@ -194,13 +194,15 @@ module Seahorse
194
194
  private
195
195
 
196
196
  def define_operation_methods
197
+ operations_module = Module.new
197
198
  @api.operation_names.each do |method_name|
198
- define_method(method_name) do |*args, &block|
199
+ operations_module.send(:define_method, method_name) do |*args, &block|
199
200
  params = args[0] || {}
200
201
  options = args[1] || {}
201
202
  build_request(method_name, params).send_request(options, &block)
202
203
  end
203
204
  end
205
+ include(operations_module)
204
206
  end
205
207
 
206
208
  def build_plugins
@@ -77,8 +77,8 @@ module Seahorse
77
77
  if options.key?(name)
78
78
  options[name]
79
79
  else
80
- msg = "invalid :priority `%s', must be between 0 and 99"
81
- raise ArgumentError, msg % priority.inspect
80
+ msg = "missing option: `%s'"
81
+ raise ArgumentError, msg % name.inspect
82
82
  end
83
83
  end
84
84
 
@@ -119,7 +119,7 @@ module Seahorse
119
119
  attr_accessor :default_block
120
120
  attr_accessor :required
121
121
  attr_accessor :doc_type
122
- attr_accessor :doc_default
122
+ attr_writer :doc_default
123
123
  attr_accessor :docstring
124
124
 
125
125
  def doc_default