aws-sdk-core 3.80.0 → 3.81.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +443 -157
- data/lib/aws-sdk-sts/client_api.rb +16 -0
- data/lib/aws-sdk-sts/types.rb +305 -113
- metadata +2 -2
@@ -45,6 +45,7 @@ module Aws::STS
|
|
45
45
|
SAMLAssertionType = Shapes::StringShape.new(name: 'SAMLAssertionType')
|
46
46
|
Subject = Shapes::StringShape.new(name: 'Subject')
|
47
47
|
SubjectType = Shapes::StringShape.new(name: 'SubjectType')
|
48
|
+
Tag = Shapes::StructureShape.new(name: 'Tag')
|
48
49
|
accessKeyIdType = Shapes::StringShape.new(name: 'accessKeyIdType')
|
49
50
|
accessKeySecretType = Shapes::StringShape.new(name: 'accessKeySecretType')
|
50
51
|
accountType = Shapes::StringShape.new(name: 'accountType')
|
@@ -71,6 +72,10 @@ module Aws::STS
|
|
71
72
|
roleSessionNameType = Shapes::StringShape.new(name: 'roleSessionNameType')
|
72
73
|
serialNumberType = Shapes::StringShape.new(name: 'serialNumberType')
|
73
74
|
sessionPolicyDocumentType = Shapes::StringShape.new(name: 'sessionPolicyDocumentType')
|
75
|
+
tagKeyListType = Shapes::ListShape.new(name: 'tagKeyListType')
|
76
|
+
tagKeyType = Shapes::StringShape.new(name: 'tagKeyType')
|
77
|
+
tagListType = Shapes::ListShape.new(name: 'tagListType')
|
78
|
+
tagValueType = Shapes::StringShape.new(name: 'tagValueType')
|
74
79
|
tokenCodeType = Shapes::StringShape.new(name: 'tokenCodeType')
|
75
80
|
tokenType = Shapes::StringShape.new(name: 'tokenType')
|
76
81
|
urlType = Shapes::StringShape.new(name: 'urlType')
|
@@ -83,6 +88,8 @@ module Aws::STS
|
|
83
88
|
AssumeRoleRequest.add_member(:policy_arns, Shapes::ShapeRef.new(shape: policyDescriptorListType, location_name: "PolicyArns"))
|
84
89
|
AssumeRoleRequest.add_member(:policy, Shapes::ShapeRef.new(shape: sessionPolicyDocumentType, location_name: "Policy"))
|
85
90
|
AssumeRoleRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: roleDurationSecondsType, location_name: "DurationSeconds"))
|
91
|
+
AssumeRoleRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
|
92
|
+
AssumeRoleRequest.add_member(:transitive_tag_keys, Shapes::ShapeRef.new(shape: tagKeyListType, location_name: "TransitiveTagKeys"))
|
86
93
|
AssumeRoleRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: externalIdType, location_name: "ExternalId"))
|
87
94
|
AssumeRoleRequest.add_member(:serial_number, Shapes::ShapeRef.new(shape: serialNumberType, location_name: "SerialNumber"))
|
88
95
|
AssumeRoleRequest.add_member(:token_code, Shapes::ShapeRef.new(shape: tokenCodeType, location_name: "TokenCode"))
|
@@ -168,6 +175,7 @@ module Aws::STS
|
|
168
175
|
GetFederationTokenRequest.add_member(:policy, Shapes::ShapeRef.new(shape: sessionPolicyDocumentType, location_name: "Policy"))
|
169
176
|
GetFederationTokenRequest.add_member(:policy_arns, Shapes::ShapeRef.new(shape: policyDescriptorListType, location_name: "PolicyArns"))
|
170
177
|
GetFederationTokenRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: durationSecondsType, location_name: "DurationSeconds"))
|
178
|
+
GetFederationTokenRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
|
171
179
|
GetFederationTokenRequest.struct_class = Types::GetFederationTokenRequest
|
172
180
|
|
173
181
|
GetFederationTokenResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials"))
|
@@ -207,8 +215,16 @@ module Aws::STS
|
|
207
215
|
RegionDisabledException.add_member(:message, Shapes::ShapeRef.new(shape: regionDisabledMessage, location_name: "message"))
|
208
216
|
RegionDisabledException.struct_class = Types::RegionDisabledException
|
209
217
|
|
218
|
+
Tag.add_member(:key, Shapes::ShapeRef.new(shape: tagKeyType, required: true, location_name: "Key"))
|
219
|
+
Tag.add_member(:value, Shapes::ShapeRef.new(shape: tagValueType, required: true, location_name: "Value"))
|
220
|
+
Tag.struct_class = Types::Tag
|
221
|
+
|
210
222
|
policyDescriptorListType.member = Shapes::ShapeRef.new(shape: PolicyDescriptorType)
|
211
223
|
|
224
|
+
tagKeyListType.member = Shapes::ShapeRef.new(shape: tagKeyType)
|
225
|
+
|
226
|
+
tagListType.member = Shapes::ShapeRef.new(shape: Tag)
|
227
|
+
|
212
228
|
|
213
229
|
# @api private
|
214
230
|
API = Seahorse::Model::Api.new.tap do |api|
|
data/lib/aws-sdk-sts/types.rb
CHANGED
@@ -21,6 +21,13 @@ module Aws::STS
|
|
21
21
|
# ],
|
22
22
|
# policy: "sessionPolicyDocumentType",
|
23
23
|
# duration_seconds: 1,
|
24
|
+
# tags: [
|
25
|
+
# {
|
26
|
+
# key: "tagKeyType", # required
|
27
|
+
# value: "tagValueType", # required
|
28
|
+
# },
|
29
|
+
# ],
|
30
|
+
# transitive_tag_keys: ["tagKeyType"],
|
24
31
|
# external_id: "externalIdType",
|
25
32
|
# serial_number: "serialNumberType",
|
26
33
|
# token_code: "tokenCodeType",
|
@@ -55,16 +62,16 @@ module Aws::STS
|
|
55
62
|
#
|
56
63
|
# This parameter is optional. You can provide up to 10 managed policy
|
57
64
|
# ARNs. However, the plain text that you use for both inline and
|
58
|
-
# managed session policies
|
65
|
+
# managed session policies can't exceed 2,048 characters. For more
|
59
66
|
# information about ARNs, see [Amazon Resource Names (ARNs) and AWS
|
60
67
|
# Service Namespaces][1] in the AWS General Reference.
|
61
68
|
#
|
62
|
-
# <note markdown="1">
|
63
|
-
#
|
64
|
-
#
|
65
|
-
#
|
66
|
-
#
|
67
|
-
# size limit.
|
69
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
70
|
+
# tags into a packed binary format that has a separate limit. Your
|
71
|
+
# request can fail for this limit even if your plain text meets the
|
72
|
+
# other requirements. The `PackedPolicySize` response element
|
73
|
+
# indicates by percentage how close the policies and tags for your
|
74
|
+
# request are to the upper size limit.
|
68
75
|
#
|
69
76
|
# </note>
|
70
77
|
#
|
@@ -99,18 +106,18 @@ module Aws::STS
|
|
99
106
|
# Policies][1] in the *IAM User Guide*.
|
100
107
|
#
|
101
108
|
# The plain text that you use for both inline and managed session
|
102
|
-
# policies
|
103
|
-
#
|
104
|
-
# the
|
105
|
-
#
|
106
|
-
#
|
107
|
-
#
|
108
|
-
# <note markdown="1">
|
109
|
-
#
|
110
|
-
#
|
111
|
-
#
|
112
|
-
#
|
113
|
-
# size limit.
|
109
|
+
# policies can't exceed 2,048 characters. The JSON policy characters
|
110
|
+
# can be any ASCII character from the space character to the end of
|
111
|
+
# the valid character list (\\u0020 through \\u00FF). It can also
|
112
|
+
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
113
|
+
# (\\u000D) characters.
|
114
|
+
#
|
115
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
116
|
+
# tags into a packed binary format that has a separate limit. Your
|
117
|
+
# request can fail for this limit even if your plain text meets the
|
118
|
+
# other requirements. The `PackedPolicySize` response element
|
119
|
+
# indicates by percentage how close the policies and tags for your
|
120
|
+
# request are to the upper size limit.
|
114
121
|
#
|
115
122
|
# </note>
|
116
123
|
#
|
@@ -148,6 +155,70 @@ module Aws::STS
|
|
148
155
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
149
156
|
# @return [Integer]
|
150
157
|
#
|
158
|
+
# @!attribute [rw] tags
|
159
|
+
# A list of session tags that you want to pass. Each session tag
|
160
|
+
# consists of a key name and an associated value. For more information
|
161
|
+
# about session tags, see [Tagging AWS STS Sessions][1] in the *IAM
|
162
|
+
# User Guide*.
|
163
|
+
#
|
164
|
+
# This parameter is optional. You can pass up to 50 session tags. The
|
165
|
+
# plain text session tag keys can’t exceed 128 characters, and the
|
166
|
+
# values can’t exceed 256 characters. For these and additional limits,
|
167
|
+
# see [IAM and STS Character Limits][2] in the *IAM User Guide*.
|
168
|
+
#
|
169
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
170
|
+
# tags into a packed binary format that has a separate limit. Your
|
171
|
+
# request can fail for this limit even if your plain text meets the
|
172
|
+
# other requirements. The `PackedPolicySize` response element
|
173
|
+
# indicates by percentage how close the policies and tags for your
|
174
|
+
# request are to the upper size limit.
|
175
|
+
#
|
176
|
+
# </note>
|
177
|
+
#
|
178
|
+
# You can pass a session tag with the same key as a tag that is
|
179
|
+
# already attached to the role. When you do, session tags override a
|
180
|
+
# role tag with the same key.
|
181
|
+
#
|
182
|
+
# Tag key–value pairs are not case sensitive, but case is preserved.
|
183
|
+
# This means that you cannot have separate `Department` and
|
184
|
+
# `department` tag keys. Assume that the role has the
|
185
|
+
# `Department`=`Marketing` tag and you pass the
|
186
|
+
# `department`=`engineering` session tag. `Department` and
|
187
|
+
# `department` are not saved as separate tags, and the session tag
|
188
|
+
# passed in the request takes precedence over the role tag.
|
189
|
+
#
|
190
|
+
# Additionally, if you used temporary credentials to perform this
|
191
|
+
# operation, the new session inherits any transitive session tags from
|
192
|
+
# the calling session. If you pass a session tag with the same key as
|
193
|
+
# an inherited tag, the operation fails. To view the inherited tags
|
194
|
+
# for a session, see the AWS CloudTrail logs. For more information,
|
195
|
+
# see [Viewing Session Tags in CloudTrail][3] in the *IAM User Guide*.
|
196
|
+
#
|
197
|
+
#
|
198
|
+
#
|
199
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
200
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
201
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs
|
202
|
+
# @return [Array<Types::Tag>]
|
203
|
+
#
|
204
|
+
# @!attribute [rw] transitive_tag_keys
|
205
|
+
# A list of keys for session tags that you want to set as transitive.
|
206
|
+
# If you set a tag key as transitive, the corresponding key and value
|
207
|
+
# passes to subsequent sessions in a role chain. For more information,
|
208
|
+
# see [Chaining Roles with Session Tags][1] in the *IAM User Guide*.
|
209
|
+
#
|
210
|
+
# This parameter is optional. When you set session tags as transitive,
|
211
|
+
# the session policy and session tags packed binary limit is not
|
212
|
+
# affected.
|
213
|
+
#
|
214
|
+
# If you choose not to specify a transitive tag key, then no tags are
|
215
|
+
# passed from this session to any subsequent sessions.
|
216
|
+
#
|
217
|
+
#
|
218
|
+
#
|
219
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
220
|
+
# @return [Array<String>]
|
221
|
+
#
|
151
222
|
# @!attribute [rw] external_id
|
152
223
|
# A unique identifier that might be required when you assume a role in
|
153
224
|
# another account. If the administrator of the account to which the
|
@@ -206,6 +277,8 @@ module Aws::STS
|
|
206
277
|
:policy_arns,
|
207
278
|
:policy,
|
208
279
|
:duration_seconds,
|
280
|
+
:tags,
|
281
|
+
:transitive_tag_keys,
|
209
282
|
:external_id,
|
210
283
|
:serial_number,
|
211
284
|
:token_code)
|
@@ -236,9 +309,10 @@ module Aws::STS
|
|
236
309
|
# @return [Types::AssumedRoleUser]
|
237
310
|
#
|
238
311
|
# @!attribute [rw] packed_policy_size
|
239
|
-
# A percentage value that indicates the size of the
|
240
|
-
#
|
241
|
-
#
|
312
|
+
# A percentage value that indicates the packed size of the session
|
313
|
+
# policies and session tags combined passed in the request. The
|
314
|
+
# request fails if the packed size is greater than 100 percent, which
|
315
|
+
# means the policies and tags exceeded the allowed space.
|
242
316
|
# @return [Integer]
|
243
317
|
#
|
244
318
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleResponse AWS API Documentation
|
@@ -295,16 +369,16 @@ module Aws::STS
|
|
295
369
|
#
|
296
370
|
# This parameter is optional. You can provide up to 10 managed policy
|
297
371
|
# ARNs. However, the plain text that you use for both inline and
|
298
|
-
# managed session policies
|
372
|
+
# managed session policies can't exceed 2,048 characters. For more
|
299
373
|
# information about ARNs, see [Amazon Resource Names (ARNs) and AWS
|
300
374
|
# Service Namespaces][1] in the AWS General Reference.
|
301
375
|
#
|
302
|
-
# <note markdown="1">
|
303
|
-
#
|
304
|
-
#
|
305
|
-
#
|
306
|
-
#
|
307
|
-
# size limit.
|
376
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
377
|
+
# tags into a packed binary format that has a separate limit. Your
|
378
|
+
# request can fail for this limit even if your plain text meets the
|
379
|
+
# other requirements. The `PackedPolicySize` response element
|
380
|
+
# indicates by percentage how close the policies and tags for your
|
381
|
+
# request are to the upper size limit.
|
308
382
|
#
|
309
383
|
# </note>
|
310
384
|
#
|
@@ -339,18 +413,18 @@ module Aws::STS
|
|
339
413
|
# Policies][1] in the *IAM User Guide*.
|
340
414
|
#
|
341
415
|
# The plain text that you use for both inline and managed session
|
342
|
-
# policies
|
343
|
-
#
|
344
|
-
# the
|
345
|
-
#
|
346
|
-
#
|
347
|
-
#
|
348
|
-
# <note markdown="1">
|
349
|
-
#
|
350
|
-
#
|
351
|
-
#
|
352
|
-
#
|
353
|
-
# size limit.
|
416
|
+
# policies can't exceed 2,048 characters. The JSON policy characters
|
417
|
+
# can be any ASCII character from the space character to the end of
|
418
|
+
# the valid character list (\\u0020 through \\u00FF). It can also
|
419
|
+
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
420
|
+
# (\\u000D) characters.
|
421
|
+
#
|
422
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
423
|
+
# tags into a packed binary format that has a separate limit. Your
|
424
|
+
# request can fail for this limit even if your plain text meets the
|
425
|
+
# other requirements. The `PackedPolicySize` response element
|
426
|
+
# indicates by percentage how close the policies and tags for your
|
427
|
+
# request are to the upper size limit.
|
354
428
|
#
|
355
429
|
# </note>
|
356
430
|
#
|
@@ -425,9 +499,10 @@ module Aws::STS
|
|
425
499
|
# @return [Types::AssumedRoleUser]
|
426
500
|
#
|
427
501
|
# @!attribute [rw] packed_policy_size
|
428
|
-
# A percentage value that indicates the size of the
|
429
|
-
#
|
430
|
-
#
|
502
|
+
# A percentage value that indicates the packed size of the session
|
503
|
+
# policies and session tags combined passed in the request. The
|
504
|
+
# request fails if the packed size is greater than 100 percent, which
|
505
|
+
# means the policies and tags exceeded the allowed space.
|
431
506
|
# @return [Integer]
|
432
507
|
#
|
433
508
|
# @!attribute [rw] subject
|
@@ -546,16 +621,16 @@ module Aws::STS
|
|
546
621
|
#
|
547
622
|
# This parameter is optional. You can provide up to 10 managed policy
|
548
623
|
# ARNs. However, the plain text that you use for both inline and
|
549
|
-
# managed session policies
|
624
|
+
# managed session policies can't exceed 2,048 characters. For more
|
550
625
|
# information about ARNs, see [Amazon Resource Names (ARNs) and AWS
|
551
626
|
# Service Namespaces][1] in the AWS General Reference.
|
552
627
|
#
|
553
|
-
# <note markdown="1">
|
554
|
-
#
|
555
|
-
#
|
556
|
-
#
|
557
|
-
#
|
558
|
-
# size limit.
|
628
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
629
|
+
# tags into a packed binary format that has a separate limit. Your
|
630
|
+
# request can fail for this limit even if your plain text meets the
|
631
|
+
# other requirements. The `PackedPolicySize` response element
|
632
|
+
# indicates by percentage how close the policies and tags for your
|
633
|
+
# request are to the upper size limit.
|
559
634
|
#
|
560
635
|
# </note>
|
561
636
|
#
|
@@ -590,18 +665,18 @@ module Aws::STS
|
|
590
665
|
# Policies][1] in the *IAM User Guide*.
|
591
666
|
#
|
592
667
|
# The plain text that you use for both inline and managed session
|
593
|
-
# policies
|
594
|
-
#
|
595
|
-
# the
|
596
|
-
#
|
597
|
-
#
|
598
|
-
#
|
599
|
-
# <note markdown="1">
|
600
|
-
#
|
601
|
-
#
|
602
|
-
#
|
603
|
-
#
|
604
|
-
# size limit.
|
668
|
+
# policies can't exceed 2,048 characters. The JSON policy characters
|
669
|
+
# can be any ASCII character from the space character to the end of
|
670
|
+
# the valid character list (\\u0020 through \\u00FF). It can also
|
671
|
+
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
672
|
+
# (\\u000D) characters.
|
673
|
+
#
|
674
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
675
|
+
# tags into a packed binary format that has a separate limit. Your
|
676
|
+
# request can fail for this limit even if your plain text meets the
|
677
|
+
# other requirements. The `PackedPolicySize` response element
|
678
|
+
# indicates by percentage how close the policies and tags for your
|
679
|
+
# request are to the upper size limit.
|
605
680
|
#
|
606
681
|
# </note>
|
607
682
|
#
|
@@ -687,9 +762,10 @@ module Aws::STS
|
|
687
762
|
# @return [Types::AssumedRoleUser]
|
688
763
|
#
|
689
764
|
# @!attribute [rw] packed_policy_size
|
690
|
-
# A percentage value that indicates the size of the
|
691
|
-
#
|
692
|
-
#
|
765
|
+
# A percentage value that indicates the packed size of the session
|
766
|
+
# policies and session tags combined passed in the request. The
|
767
|
+
# request fails if the packed size is greater than 100 percent, which
|
768
|
+
# means the policies and tags exceeded the allowed space.
|
693
769
|
# @return [Integer]
|
694
770
|
#
|
695
771
|
# @!attribute [rw] provider
|
@@ -730,7 +806,8 @@ module Aws::STS
|
|
730
806
|
# @!attribute [rw] arn
|
731
807
|
# The ARN of the temporary security credentials that are returned from
|
732
808
|
# the AssumeRole action. For more information about ARNs and how to
|
733
|
-
# use them in policies, see [IAM Identifiers][1] in *
|
809
|
+
# use them in policies, see [IAM Identifiers][1] in the *IAM User
|
810
|
+
# Guide*.
|
734
811
|
#
|
735
812
|
#
|
736
813
|
#
|
@@ -833,7 +910,7 @@ module Aws::STS
|
|
833
910
|
# @!attribute [rw] arn
|
834
911
|
# The ARN that specifies the federated user that is associated with
|
835
912
|
# the credentials. For more information about ARNs and how to use them
|
836
|
-
# in policies, see [IAM Identifiers][1] in *
|
913
|
+
# in policies, see [IAM Identifiers][1] in the *IAM User Guide*.
|
837
914
|
#
|
838
915
|
#
|
839
916
|
#
|
@@ -859,7 +936,7 @@ module Aws::STS
|
|
859
936
|
# The identifier of an access key.
|
860
937
|
#
|
861
938
|
# This parameter allows (through its regex pattern) a string of
|
862
|
-
# characters that can consist of any upper- or
|
939
|
+
# characters that can consist of any upper- or lowercase letter or
|
863
940
|
# digit.
|
864
941
|
# @return [String]
|
865
942
|
#
|
@@ -932,6 +1009,12 @@ module Aws::STS
|
|
932
1009
|
# },
|
933
1010
|
# ],
|
934
1011
|
# duration_seconds: 1,
|
1012
|
+
# tags: [
|
1013
|
+
# {
|
1014
|
+
# key: "tagKeyType", # required
|
1015
|
+
# value: "tagValueType", # required
|
1016
|
+
# },
|
1017
|
+
# ],
|
935
1018
|
# }
|
936
1019
|
#
|
937
1020
|
# @!attribute [rw] name
|
@@ -957,10 +1040,7 @@ module Aws::STS
|
|
957
1040
|
#
|
958
1041
|
# This parameter is optional. However, if you do not pass any session
|
959
1042
|
# policies, then the resulting federated user session has no
|
960
|
-
# permissions.
|
961
|
-
# access a resource that has a resource-based policy that specifically
|
962
|
-
# references the federated user session in the `Principal` element of
|
963
|
-
# the policy.
|
1043
|
+
# permissions.
|
964
1044
|
#
|
965
1045
|
# When you pass session policies, the session permissions are the
|
966
1046
|
# intersection of the IAM user policies and the session policies that
|
@@ -970,19 +1050,26 @@ module Aws::STS
|
|
970
1050
|
# the IAM user. For more information, see [Session Policies][1] in the
|
971
1051
|
# *IAM User Guide*.
|
972
1052
|
#
|
1053
|
+
# The resulting credentials can be used to access a resource that has
|
1054
|
+
# a resource-based policy. If that policy specifically references the
|
1055
|
+
# federated user session in the `Principal` element of the policy, the
|
1056
|
+
# session has the permissions allowed by the policy. These permissions
|
1057
|
+
# are granted in addition to the permissions that are granted by the
|
1058
|
+
# session policies.
|
1059
|
+
#
|
973
1060
|
# The plain text that you use for both inline and managed session
|
974
|
-
# policies
|
975
|
-
#
|
976
|
-
# the
|
977
|
-
#
|
978
|
-
#
|
979
|
-
#
|
980
|
-
# <note markdown="1">
|
981
|
-
#
|
982
|
-
#
|
983
|
-
#
|
984
|
-
#
|
985
|
-
# size limit.
|
1061
|
+
# policies can't exceed 2,048 characters. The JSON policy characters
|
1062
|
+
# can be any ASCII character from the space character to the end of
|
1063
|
+
# the valid character list (\\u0020 through \\u00FF). It can also
|
1064
|
+
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
1065
|
+
# (\\u000D) characters.
|
1066
|
+
#
|
1067
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
1068
|
+
# tags into a packed binary format that has a separate limit. Your
|
1069
|
+
# request can fail for this limit even if your plain text meets the
|
1070
|
+
# other requirements. The `PackedPolicySize` response element
|
1071
|
+
# indicates by percentage how close the policies and tags for your
|
1072
|
+
# request are to the upper size limit.
|
986
1073
|
#
|
987
1074
|
# </note>
|
988
1075
|
#
|
@@ -1001,17 +1088,14 @@ module Aws::STS
|
|
1001
1088
|
# operation. You can pass a single JSON policy document to use as an
|
1002
1089
|
# inline session policy. You can also specify up to 10 managed
|
1003
1090
|
# policies to use as managed session policies. The plain text that you
|
1004
|
-
# use for both inline and managed session policies
|
1005
|
-
#
|
1006
|
-
#
|
1007
|
-
#
|
1091
|
+
# use for both inline and managed session policies can't exceed 2,048
|
1092
|
+
# characters. You can provide up to 10 managed policy ARNs. For more
|
1093
|
+
# information about ARNs, see [Amazon Resource Names (ARNs) and AWS
|
1094
|
+
# Service Namespaces][2] in the AWS General Reference.
|
1008
1095
|
#
|
1009
1096
|
# This parameter is optional. However, if you do not pass any session
|
1010
1097
|
# policies, then the resulting federated user session has no
|
1011
|
-
# permissions.
|
1012
|
-
# access a resource that has a resource-based policy that specifically
|
1013
|
-
# references the federated user session in the `Principal` element of
|
1014
|
-
# the policy.
|
1098
|
+
# permissions.
|
1015
1099
|
#
|
1016
1100
|
# When you pass session policies, the session permissions are the
|
1017
1101
|
# intersection of the IAM user policies and the session policies that
|
@@ -1021,12 +1105,19 @@ module Aws::STS
|
|
1021
1105
|
# the IAM user. For more information, see [Session Policies][1] in the
|
1022
1106
|
# *IAM User Guide*.
|
1023
1107
|
#
|
1024
|
-
#
|
1025
|
-
#
|
1026
|
-
#
|
1027
|
-
#
|
1028
|
-
#
|
1029
|
-
#
|
1108
|
+
# The resulting credentials can be used to access a resource that has
|
1109
|
+
# a resource-based policy. If that policy specifically references the
|
1110
|
+
# federated user session in the `Principal` element of the policy, the
|
1111
|
+
# session has the permissions allowed by the policy. These permissions
|
1112
|
+
# are granted in addition to the permissions that are granted by the
|
1113
|
+
# session policies.
|
1114
|
+
#
|
1115
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
1116
|
+
# tags into a packed binary format that has a separate limit. Your
|
1117
|
+
# request can fail for this limit even if your plain text meets the
|
1118
|
+
# other requirements. The `PackedPolicySize` response element
|
1119
|
+
# indicates by percentage how close the policies and tags for your
|
1120
|
+
# request are to the upper size limit.
|
1030
1121
|
#
|
1031
1122
|
# </note>
|
1032
1123
|
#
|
@@ -1046,13 +1137,51 @@ module Aws::STS
|
|
1046
1137
|
# obtained by using root user credentials defaults to one hour.
|
1047
1138
|
# @return [Integer]
|
1048
1139
|
#
|
1140
|
+
# @!attribute [rw] tags
|
1141
|
+
# A list of session tags. Each session tag consists of a key name and
|
1142
|
+
# an associated value. For more information about session tags, see
|
1143
|
+
# [Passing Session Tags in STS][1] in the *IAM User Guide*.
|
1144
|
+
#
|
1145
|
+
# This parameter is optional. You can pass up to 50 session tags. The
|
1146
|
+
# plain text session tag keys can’t exceed 128 characters and the
|
1147
|
+
# values can’t exceed 256 characters. For these and additional limits,
|
1148
|
+
# see [IAM and STS Character Limits][2] in the *IAM User Guide*.
|
1149
|
+
#
|
1150
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
1151
|
+
# tags into a packed binary format that has a separate limit. Your
|
1152
|
+
# request can fail for this limit even if your plain text meets the
|
1153
|
+
# other requirements. The `PackedPolicySize` response element
|
1154
|
+
# indicates by percentage how close the policies and tags for your
|
1155
|
+
# request are to the upper size limit.
|
1156
|
+
#
|
1157
|
+
# </note>
|
1158
|
+
#
|
1159
|
+
# You can pass a session tag with the same key as a tag that is
|
1160
|
+
# already attached to the user you are federating. When you do,
|
1161
|
+
# session tags override a user tag with the same key.
|
1162
|
+
#
|
1163
|
+
# Tag key–value pairs are not case sensitive, but case is preserved.
|
1164
|
+
# This means that you cannot have separate `Department` and
|
1165
|
+
# `department` tag keys. Assume that the role has the
|
1166
|
+
# `Department`=`Marketing` tag and you pass the
|
1167
|
+
# `department`=`engineering` session tag. `Department` and
|
1168
|
+
# `department` are not saved as separate tags, and the session tag
|
1169
|
+
# passed in the request takes precedence over the role tag.
|
1170
|
+
#
|
1171
|
+
#
|
1172
|
+
#
|
1173
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1174
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
1175
|
+
# @return [Array<Types::Tag>]
|
1176
|
+
#
|
1049
1177
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenRequest AWS API Documentation
|
1050
1178
|
#
|
1051
1179
|
class GetFederationTokenRequest < Struct.new(
|
1052
1180
|
:name,
|
1053
1181
|
:policy,
|
1054
1182
|
:policy_arns,
|
1055
|
-
:duration_seconds
|
1183
|
+
:duration_seconds,
|
1184
|
+
:tags)
|
1056
1185
|
include Aws::Structure
|
1057
1186
|
end
|
1058
1187
|
|
@@ -1079,9 +1208,10 @@ module Aws::STS
|
|
1079
1208
|
# @return [Types::FederatedUser]
|
1080
1209
|
#
|
1081
1210
|
# @!attribute [rw] packed_policy_size
|
1082
|
-
# A percentage value
|
1083
|
-
#
|
1084
|
-
# than 100 percent
|
1211
|
+
# A percentage value that indicates the packed size of the session
|
1212
|
+
# policies and session tags combined passed in the request. The
|
1213
|
+
# request fails if the packed size is greater than 100 percent, which
|
1214
|
+
# means the policies and tags exceeded the allowed space.
|
1085
1215
|
# @return [Integer]
|
1086
1216
|
#
|
1087
1217
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenResponse AWS API Documentation
|
@@ -1171,12 +1301,12 @@ module Aws::STS
|
|
1171
1301
|
include Aws::Structure
|
1172
1302
|
end
|
1173
1303
|
|
1174
|
-
# The request could not be fulfilled because the
|
1175
|
-
#
|
1176
|
-
#
|
1177
|
-
#
|
1178
|
-
#
|
1179
|
-
#
|
1304
|
+
# The request could not be fulfilled because the identity provider (IDP)
|
1305
|
+
# that was asked to verify the incoming identity token could not be
|
1306
|
+
# reached. This is often a transient error caused by network conditions.
|
1307
|
+
# Retry the request a limited number of times so that you don't exceed
|
1308
|
+
# the request rate. If the error persists, the identity provider might
|
1309
|
+
# be down or not responding.
|
1180
1310
|
#
|
1181
1311
|
# @!attribute [rw] message
|
1182
1312
|
# @return [String]
|
@@ -1205,7 +1335,7 @@ module Aws::STS
|
|
1205
1335
|
include Aws::Structure
|
1206
1336
|
end
|
1207
1337
|
|
1208
|
-
#
|
1338
|
+
# The error returned if the message passed to
|
1209
1339
|
# `DecodeAuthorizationMessage` was invalid. This can happen if the token
|
1210
1340
|
# contains invalid characters, such as linebreaks.
|
1211
1341
|
#
|
@@ -1246,9 +1376,22 @@ module Aws::STS
|
|
1246
1376
|
include Aws::Structure
|
1247
1377
|
end
|
1248
1378
|
|
1249
|
-
# The request was rejected because the
|
1250
|
-
#
|
1251
|
-
#
|
1379
|
+
# The request was rejected because the total packed size of the session
|
1380
|
+
# policies and session tags combined was too large. An AWS conversion
|
1381
|
+
# compresses the session policy document, session policy ARNs, and
|
1382
|
+
# session tags into a packed binary format that has a separate limit.
|
1383
|
+
# The error message indicates by percentage how close the policies and
|
1384
|
+
# tags are to the upper size limit. For more information, see [Passing
|
1385
|
+
# Session Tags in STS][1] in the *IAM User Guide*.
|
1386
|
+
#
|
1387
|
+
# You could receive this error even though you meet other defined
|
1388
|
+
# session policy and session tag limits. For more information, see [IAM
|
1389
|
+
# and STS Entity Character Limits][2] in the *IAM User Guide*.
|
1390
|
+
#
|
1391
|
+
#
|
1392
|
+
#
|
1393
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1394
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
|
1252
1395
|
#
|
1253
1396
|
# @!attribute [rw] message
|
1254
1397
|
# @return [String]
|
@@ -1308,5 +1451,54 @@ module Aws::STS
|
|
1308
1451
|
include Aws::Structure
|
1309
1452
|
end
|
1310
1453
|
|
1454
|
+
# You can pass custom key-value pair attributes when you assume a role
|
1455
|
+
# or federate a user. These are called session tags. You can then use
|
1456
|
+
# the session tags to control access to resources. For more information,
|
1457
|
+
# see [Tagging AWS STS Sessions][1] in the *IAM User Guide*.
|
1458
|
+
#
|
1459
|
+
#
|
1460
|
+
#
|
1461
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1462
|
+
#
|
1463
|
+
# @note When making an API call, you may pass Tag
|
1464
|
+
# data as a hash:
|
1465
|
+
#
|
1466
|
+
# {
|
1467
|
+
# key: "tagKeyType", # required
|
1468
|
+
# value: "tagValueType", # required
|
1469
|
+
# }
|
1470
|
+
#
|
1471
|
+
# @!attribute [rw] key
|
1472
|
+
# The key for a session tag.
|
1473
|
+
#
|
1474
|
+
# You can pass up to 50 session tags. The plain text session tag keys
|
1475
|
+
# can’t exceed 128 characters. For these and additional limits, see
|
1476
|
+
# [IAM and STS Character Limits][1] in the *IAM User Guide*.
|
1477
|
+
#
|
1478
|
+
#
|
1479
|
+
#
|
1480
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
1481
|
+
# @return [String]
|
1482
|
+
#
|
1483
|
+
# @!attribute [rw] value
|
1484
|
+
# The value for a session tag.
|
1485
|
+
#
|
1486
|
+
# You can pass up to 50 session tags. The plain text session tag
|
1487
|
+
# values can’t exceed 256 characters. For these and additional limits,
|
1488
|
+
# see [IAM and STS Character Limits][1] in the *IAM User Guide*.
|
1489
|
+
#
|
1490
|
+
#
|
1491
|
+
#
|
1492
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
1493
|
+
# @return [String]
|
1494
|
+
#
|
1495
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/Tag AWS API Documentation
|
1496
|
+
#
|
1497
|
+
class Tag < Struct.new(
|
1498
|
+
:key,
|
1499
|
+
:value)
|
1500
|
+
include Aws::Structure
|
1501
|
+
end
|
1502
|
+
|
1311
1503
|
end
|
1312
1504
|
end
|