aws-sdk-core 3.80.0 → 3.81.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/aws-sdk-sts.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +443 -157
- data/lib/aws-sdk-sts/client_api.rb +16 -0
- data/lib/aws-sdk-sts/types.rb +305 -113
- metadata +2 -2
@@ -45,6 +45,7 @@ module Aws::STS
|
|
45
45
|
SAMLAssertionType = Shapes::StringShape.new(name: 'SAMLAssertionType')
|
46
46
|
Subject = Shapes::StringShape.new(name: 'Subject')
|
47
47
|
SubjectType = Shapes::StringShape.new(name: 'SubjectType')
|
48
|
+
Tag = Shapes::StructureShape.new(name: 'Tag')
|
48
49
|
accessKeyIdType = Shapes::StringShape.new(name: 'accessKeyIdType')
|
49
50
|
accessKeySecretType = Shapes::StringShape.new(name: 'accessKeySecretType')
|
50
51
|
accountType = Shapes::StringShape.new(name: 'accountType')
|
@@ -71,6 +72,10 @@ module Aws::STS
|
|
71
72
|
roleSessionNameType = Shapes::StringShape.new(name: 'roleSessionNameType')
|
72
73
|
serialNumberType = Shapes::StringShape.new(name: 'serialNumberType')
|
73
74
|
sessionPolicyDocumentType = Shapes::StringShape.new(name: 'sessionPolicyDocumentType')
|
75
|
+
tagKeyListType = Shapes::ListShape.new(name: 'tagKeyListType')
|
76
|
+
tagKeyType = Shapes::StringShape.new(name: 'tagKeyType')
|
77
|
+
tagListType = Shapes::ListShape.new(name: 'tagListType')
|
78
|
+
tagValueType = Shapes::StringShape.new(name: 'tagValueType')
|
74
79
|
tokenCodeType = Shapes::StringShape.new(name: 'tokenCodeType')
|
75
80
|
tokenType = Shapes::StringShape.new(name: 'tokenType')
|
76
81
|
urlType = Shapes::StringShape.new(name: 'urlType')
|
@@ -83,6 +88,8 @@ module Aws::STS
|
|
83
88
|
AssumeRoleRequest.add_member(:policy_arns, Shapes::ShapeRef.new(shape: policyDescriptorListType, location_name: "PolicyArns"))
|
84
89
|
AssumeRoleRequest.add_member(:policy, Shapes::ShapeRef.new(shape: sessionPolicyDocumentType, location_name: "Policy"))
|
85
90
|
AssumeRoleRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: roleDurationSecondsType, location_name: "DurationSeconds"))
|
91
|
+
AssumeRoleRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
|
92
|
+
AssumeRoleRequest.add_member(:transitive_tag_keys, Shapes::ShapeRef.new(shape: tagKeyListType, location_name: "TransitiveTagKeys"))
|
86
93
|
AssumeRoleRequest.add_member(:external_id, Shapes::ShapeRef.new(shape: externalIdType, location_name: "ExternalId"))
|
87
94
|
AssumeRoleRequest.add_member(:serial_number, Shapes::ShapeRef.new(shape: serialNumberType, location_name: "SerialNumber"))
|
88
95
|
AssumeRoleRequest.add_member(:token_code, Shapes::ShapeRef.new(shape: tokenCodeType, location_name: "TokenCode"))
|
@@ -168,6 +175,7 @@ module Aws::STS
|
|
168
175
|
GetFederationTokenRequest.add_member(:policy, Shapes::ShapeRef.new(shape: sessionPolicyDocumentType, location_name: "Policy"))
|
169
176
|
GetFederationTokenRequest.add_member(:policy_arns, Shapes::ShapeRef.new(shape: policyDescriptorListType, location_name: "PolicyArns"))
|
170
177
|
GetFederationTokenRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: durationSecondsType, location_name: "DurationSeconds"))
|
178
|
+
GetFederationTokenRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
|
171
179
|
GetFederationTokenRequest.struct_class = Types::GetFederationTokenRequest
|
172
180
|
|
173
181
|
GetFederationTokenResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials"))
|
@@ -207,8 +215,16 @@ module Aws::STS
|
|
207
215
|
RegionDisabledException.add_member(:message, Shapes::ShapeRef.new(shape: regionDisabledMessage, location_name: "message"))
|
208
216
|
RegionDisabledException.struct_class = Types::RegionDisabledException
|
209
217
|
|
218
|
+
Tag.add_member(:key, Shapes::ShapeRef.new(shape: tagKeyType, required: true, location_name: "Key"))
|
219
|
+
Tag.add_member(:value, Shapes::ShapeRef.new(shape: tagValueType, required: true, location_name: "Value"))
|
220
|
+
Tag.struct_class = Types::Tag
|
221
|
+
|
210
222
|
policyDescriptorListType.member = Shapes::ShapeRef.new(shape: PolicyDescriptorType)
|
211
223
|
|
224
|
+
tagKeyListType.member = Shapes::ShapeRef.new(shape: tagKeyType)
|
225
|
+
|
226
|
+
tagListType.member = Shapes::ShapeRef.new(shape: Tag)
|
227
|
+
|
212
228
|
|
213
229
|
# @api private
|
214
230
|
API = Seahorse::Model::Api.new.tap do |api|
|
data/lib/aws-sdk-sts/types.rb
CHANGED
@@ -21,6 +21,13 @@ module Aws::STS
|
|
21
21
|
# ],
|
22
22
|
# policy: "sessionPolicyDocumentType",
|
23
23
|
# duration_seconds: 1,
|
24
|
+
# tags: [
|
25
|
+
# {
|
26
|
+
# key: "tagKeyType", # required
|
27
|
+
# value: "tagValueType", # required
|
28
|
+
# },
|
29
|
+
# ],
|
30
|
+
# transitive_tag_keys: ["tagKeyType"],
|
24
31
|
# external_id: "externalIdType",
|
25
32
|
# serial_number: "serialNumberType",
|
26
33
|
# token_code: "tokenCodeType",
|
@@ -55,16 +62,16 @@ module Aws::STS
|
|
55
62
|
#
|
56
63
|
# This parameter is optional. You can provide up to 10 managed policy
|
57
64
|
# ARNs. However, the plain text that you use for both inline and
|
58
|
-
# managed session policies
|
65
|
+
# managed session policies can't exceed 2,048 characters. For more
|
59
66
|
# information about ARNs, see [Amazon Resource Names (ARNs) and AWS
|
60
67
|
# Service Namespaces][1] in the AWS General Reference.
|
61
68
|
#
|
62
|
-
# <note markdown="1">
|
63
|
-
#
|
64
|
-
#
|
65
|
-
#
|
66
|
-
#
|
67
|
-
# size limit.
|
69
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
70
|
+
# tags into a packed binary format that has a separate limit. Your
|
71
|
+
# request can fail for this limit even if your plain text meets the
|
72
|
+
# other requirements. The `PackedPolicySize` response element
|
73
|
+
# indicates by percentage how close the policies and tags for your
|
74
|
+
# request are to the upper size limit.
|
68
75
|
#
|
69
76
|
# </note>
|
70
77
|
#
|
@@ -99,18 +106,18 @@ module Aws::STS
|
|
99
106
|
# Policies][1] in the *IAM User Guide*.
|
100
107
|
#
|
101
108
|
# The plain text that you use for both inline and managed session
|
102
|
-
# policies
|
103
|
-
#
|
104
|
-
# the
|
105
|
-
#
|
106
|
-
#
|
107
|
-
#
|
108
|
-
# <note markdown="1">
|
109
|
-
#
|
110
|
-
#
|
111
|
-
#
|
112
|
-
#
|
113
|
-
# size limit.
|
109
|
+
# policies can't exceed 2,048 characters. The JSON policy characters
|
110
|
+
# can be any ASCII character from the space character to the end of
|
111
|
+
# the valid character list (\\u0020 through \\u00FF). It can also
|
112
|
+
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
113
|
+
# (\\u000D) characters.
|
114
|
+
#
|
115
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
116
|
+
# tags into a packed binary format that has a separate limit. Your
|
117
|
+
# request can fail for this limit even if your plain text meets the
|
118
|
+
# other requirements. The `PackedPolicySize` response element
|
119
|
+
# indicates by percentage how close the policies and tags for your
|
120
|
+
# request are to the upper size limit.
|
114
121
|
#
|
115
122
|
# </note>
|
116
123
|
#
|
@@ -148,6 +155,70 @@ module Aws::STS
|
|
148
155
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
|
149
156
|
# @return [Integer]
|
150
157
|
#
|
158
|
+
# @!attribute [rw] tags
|
159
|
+
# A list of session tags that you want to pass. Each session tag
|
160
|
+
# consists of a key name and an associated value. For more information
|
161
|
+
# about session tags, see [Tagging AWS STS Sessions][1] in the *IAM
|
162
|
+
# User Guide*.
|
163
|
+
#
|
164
|
+
# This parameter is optional. You can pass up to 50 session tags. The
|
165
|
+
# plain text session tag keys can’t exceed 128 characters, and the
|
166
|
+
# values can’t exceed 256 characters. For these and additional limits,
|
167
|
+
# see [IAM and STS Character Limits][2] in the *IAM User Guide*.
|
168
|
+
#
|
169
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
170
|
+
# tags into a packed binary format that has a separate limit. Your
|
171
|
+
# request can fail for this limit even if your plain text meets the
|
172
|
+
# other requirements. The `PackedPolicySize` response element
|
173
|
+
# indicates by percentage how close the policies and tags for your
|
174
|
+
# request are to the upper size limit.
|
175
|
+
#
|
176
|
+
# </note>
|
177
|
+
#
|
178
|
+
# You can pass a session tag with the same key as a tag that is
|
179
|
+
# already attached to the role. When you do, session tags override a
|
180
|
+
# role tag with the same key.
|
181
|
+
#
|
182
|
+
# Tag key–value pairs are not case sensitive, but case is preserved.
|
183
|
+
# This means that you cannot have separate `Department` and
|
184
|
+
# `department` tag keys. Assume that the role has the
|
185
|
+
# `Department`=`Marketing` tag and you pass the
|
186
|
+
# `department`=`engineering` session tag. `Department` and
|
187
|
+
# `department` are not saved as separate tags, and the session tag
|
188
|
+
# passed in the request takes precedence over the role tag.
|
189
|
+
#
|
190
|
+
# Additionally, if you used temporary credentials to perform this
|
191
|
+
# operation, the new session inherits any transitive session tags from
|
192
|
+
# the calling session. If you pass a session tag with the same key as
|
193
|
+
# an inherited tag, the operation fails. To view the inherited tags
|
194
|
+
# for a session, see the AWS CloudTrail logs. For more information,
|
195
|
+
# see [Viewing Session Tags in CloudTrail][3] in the *IAM User Guide*.
|
196
|
+
#
|
197
|
+
#
|
198
|
+
#
|
199
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
200
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
201
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs
|
202
|
+
# @return [Array<Types::Tag>]
|
203
|
+
#
|
204
|
+
# @!attribute [rw] transitive_tag_keys
|
205
|
+
# A list of keys for session tags that you want to set as transitive.
|
206
|
+
# If you set a tag key as transitive, the corresponding key and value
|
207
|
+
# passes to subsequent sessions in a role chain. For more information,
|
208
|
+
# see [Chaining Roles with Session Tags][1] in the *IAM User Guide*.
|
209
|
+
#
|
210
|
+
# This parameter is optional. When you set session tags as transitive,
|
211
|
+
# the session policy and session tags packed binary limit is not
|
212
|
+
# affected.
|
213
|
+
#
|
214
|
+
# If you choose not to specify a transitive tag key, then no tags are
|
215
|
+
# passed from this session to any subsequent sessions.
|
216
|
+
#
|
217
|
+
#
|
218
|
+
#
|
219
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
220
|
+
# @return [Array<String>]
|
221
|
+
#
|
151
222
|
# @!attribute [rw] external_id
|
152
223
|
# A unique identifier that might be required when you assume a role in
|
153
224
|
# another account. If the administrator of the account to which the
|
@@ -206,6 +277,8 @@ module Aws::STS
|
|
206
277
|
:policy_arns,
|
207
278
|
:policy,
|
208
279
|
:duration_seconds,
|
280
|
+
:tags,
|
281
|
+
:transitive_tag_keys,
|
209
282
|
:external_id,
|
210
283
|
:serial_number,
|
211
284
|
:token_code)
|
@@ -236,9 +309,10 @@ module Aws::STS
|
|
236
309
|
# @return [Types::AssumedRoleUser]
|
237
310
|
#
|
238
311
|
# @!attribute [rw] packed_policy_size
|
239
|
-
# A percentage value that indicates the size of the
|
240
|
-
#
|
241
|
-
#
|
312
|
+
# A percentage value that indicates the packed size of the session
|
313
|
+
# policies and session tags combined passed in the request. The
|
314
|
+
# request fails if the packed size is greater than 100 percent, which
|
315
|
+
# means the policies and tags exceeded the allowed space.
|
242
316
|
# @return [Integer]
|
243
317
|
#
|
244
318
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleResponse AWS API Documentation
|
@@ -295,16 +369,16 @@ module Aws::STS
|
|
295
369
|
#
|
296
370
|
# This parameter is optional. You can provide up to 10 managed policy
|
297
371
|
# ARNs. However, the plain text that you use for both inline and
|
298
|
-
# managed session policies
|
372
|
+
# managed session policies can't exceed 2,048 characters. For more
|
299
373
|
# information about ARNs, see [Amazon Resource Names (ARNs) and AWS
|
300
374
|
# Service Namespaces][1] in the AWS General Reference.
|
301
375
|
#
|
302
|
-
# <note markdown="1">
|
303
|
-
#
|
304
|
-
#
|
305
|
-
#
|
306
|
-
#
|
307
|
-
# size limit.
|
376
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
377
|
+
# tags into a packed binary format that has a separate limit. Your
|
378
|
+
# request can fail for this limit even if your plain text meets the
|
379
|
+
# other requirements. The `PackedPolicySize` response element
|
380
|
+
# indicates by percentage how close the policies and tags for your
|
381
|
+
# request are to the upper size limit.
|
308
382
|
#
|
309
383
|
# </note>
|
310
384
|
#
|
@@ -339,18 +413,18 @@ module Aws::STS
|
|
339
413
|
# Policies][1] in the *IAM User Guide*.
|
340
414
|
#
|
341
415
|
# The plain text that you use for both inline and managed session
|
342
|
-
# policies
|
343
|
-
#
|
344
|
-
# the
|
345
|
-
#
|
346
|
-
#
|
347
|
-
#
|
348
|
-
# <note markdown="1">
|
349
|
-
#
|
350
|
-
#
|
351
|
-
#
|
352
|
-
#
|
353
|
-
# size limit.
|
416
|
+
# policies can't exceed 2,048 characters. The JSON policy characters
|
417
|
+
# can be any ASCII character from the space character to the end of
|
418
|
+
# the valid character list (\\u0020 through \\u00FF). It can also
|
419
|
+
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
420
|
+
# (\\u000D) characters.
|
421
|
+
#
|
422
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
423
|
+
# tags into a packed binary format that has a separate limit. Your
|
424
|
+
# request can fail for this limit even if your plain text meets the
|
425
|
+
# other requirements. The `PackedPolicySize` response element
|
426
|
+
# indicates by percentage how close the policies and tags for your
|
427
|
+
# request are to the upper size limit.
|
354
428
|
#
|
355
429
|
# </note>
|
356
430
|
#
|
@@ -425,9 +499,10 @@ module Aws::STS
|
|
425
499
|
# @return [Types::AssumedRoleUser]
|
426
500
|
#
|
427
501
|
# @!attribute [rw] packed_policy_size
|
428
|
-
# A percentage value that indicates the size of the
|
429
|
-
#
|
430
|
-
#
|
502
|
+
# A percentage value that indicates the packed size of the session
|
503
|
+
# policies and session tags combined passed in the request. The
|
504
|
+
# request fails if the packed size is greater than 100 percent, which
|
505
|
+
# means the policies and tags exceeded the allowed space.
|
431
506
|
# @return [Integer]
|
432
507
|
#
|
433
508
|
# @!attribute [rw] subject
|
@@ -546,16 +621,16 @@ module Aws::STS
|
|
546
621
|
#
|
547
622
|
# This parameter is optional. You can provide up to 10 managed policy
|
548
623
|
# ARNs. However, the plain text that you use for both inline and
|
549
|
-
# managed session policies
|
624
|
+
# managed session policies can't exceed 2,048 characters. For more
|
550
625
|
# information about ARNs, see [Amazon Resource Names (ARNs) and AWS
|
551
626
|
# Service Namespaces][1] in the AWS General Reference.
|
552
627
|
#
|
553
|
-
# <note markdown="1">
|
554
|
-
#
|
555
|
-
#
|
556
|
-
#
|
557
|
-
#
|
558
|
-
# size limit.
|
628
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
629
|
+
# tags into a packed binary format that has a separate limit. Your
|
630
|
+
# request can fail for this limit even if your plain text meets the
|
631
|
+
# other requirements. The `PackedPolicySize` response element
|
632
|
+
# indicates by percentage how close the policies and tags for your
|
633
|
+
# request are to the upper size limit.
|
559
634
|
#
|
560
635
|
# </note>
|
561
636
|
#
|
@@ -590,18 +665,18 @@ module Aws::STS
|
|
590
665
|
# Policies][1] in the *IAM User Guide*.
|
591
666
|
#
|
592
667
|
# The plain text that you use for both inline and managed session
|
593
|
-
# policies
|
594
|
-
#
|
595
|
-
# the
|
596
|
-
#
|
597
|
-
#
|
598
|
-
#
|
599
|
-
# <note markdown="1">
|
600
|
-
#
|
601
|
-
#
|
602
|
-
#
|
603
|
-
#
|
604
|
-
# size limit.
|
668
|
+
# policies can't exceed 2,048 characters. The JSON policy characters
|
669
|
+
# can be any ASCII character from the space character to the end of
|
670
|
+
# the valid character list (\\u0020 through \\u00FF). It can also
|
671
|
+
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
672
|
+
# (\\u000D) characters.
|
673
|
+
#
|
674
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
675
|
+
# tags into a packed binary format that has a separate limit. Your
|
676
|
+
# request can fail for this limit even if your plain text meets the
|
677
|
+
# other requirements. The `PackedPolicySize` response element
|
678
|
+
# indicates by percentage how close the policies and tags for your
|
679
|
+
# request are to the upper size limit.
|
605
680
|
#
|
606
681
|
# </note>
|
607
682
|
#
|
@@ -687,9 +762,10 @@ module Aws::STS
|
|
687
762
|
# @return [Types::AssumedRoleUser]
|
688
763
|
#
|
689
764
|
# @!attribute [rw] packed_policy_size
|
690
|
-
# A percentage value that indicates the size of the
|
691
|
-
#
|
692
|
-
#
|
765
|
+
# A percentage value that indicates the packed size of the session
|
766
|
+
# policies and session tags combined passed in the request. The
|
767
|
+
# request fails if the packed size is greater than 100 percent, which
|
768
|
+
# means the policies and tags exceeded the allowed space.
|
693
769
|
# @return [Integer]
|
694
770
|
#
|
695
771
|
# @!attribute [rw] provider
|
@@ -730,7 +806,8 @@ module Aws::STS
|
|
730
806
|
# @!attribute [rw] arn
|
731
807
|
# The ARN of the temporary security credentials that are returned from
|
732
808
|
# the AssumeRole action. For more information about ARNs and how to
|
733
|
-
# use them in policies, see [IAM Identifiers][1] in *
|
809
|
+
# use them in policies, see [IAM Identifiers][1] in the *IAM User
|
810
|
+
# Guide*.
|
734
811
|
#
|
735
812
|
#
|
736
813
|
#
|
@@ -833,7 +910,7 @@ module Aws::STS
|
|
833
910
|
# @!attribute [rw] arn
|
834
911
|
# The ARN that specifies the federated user that is associated with
|
835
912
|
# the credentials. For more information about ARNs and how to use them
|
836
|
-
# in policies, see [IAM Identifiers][1] in *
|
913
|
+
# in policies, see [IAM Identifiers][1] in the *IAM User Guide*.
|
837
914
|
#
|
838
915
|
#
|
839
916
|
#
|
@@ -859,7 +936,7 @@ module Aws::STS
|
|
859
936
|
# The identifier of an access key.
|
860
937
|
#
|
861
938
|
# This parameter allows (through its regex pattern) a string of
|
862
|
-
# characters that can consist of any upper- or
|
939
|
+
# characters that can consist of any upper- or lowercase letter or
|
863
940
|
# digit.
|
864
941
|
# @return [String]
|
865
942
|
#
|
@@ -932,6 +1009,12 @@ module Aws::STS
|
|
932
1009
|
# },
|
933
1010
|
# ],
|
934
1011
|
# duration_seconds: 1,
|
1012
|
+
# tags: [
|
1013
|
+
# {
|
1014
|
+
# key: "tagKeyType", # required
|
1015
|
+
# value: "tagValueType", # required
|
1016
|
+
# },
|
1017
|
+
# ],
|
935
1018
|
# }
|
936
1019
|
#
|
937
1020
|
# @!attribute [rw] name
|
@@ -957,10 +1040,7 @@ module Aws::STS
|
|
957
1040
|
#
|
958
1041
|
# This parameter is optional. However, if you do not pass any session
|
959
1042
|
# policies, then the resulting federated user session has no
|
960
|
-
# permissions.
|
961
|
-
# access a resource that has a resource-based policy that specifically
|
962
|
-
# references the federated user session in the `Principal` element of
|
963
|
-
# the policy.
|
1043
|
+
# permissions.
|
964
1044
|
#
|
965
1045
|
# When you pass session policies, the session permissions are the
|
966
1046
|
# intersection of the IAM user policies and the session policies that
|
@@ -970,19 +1050,26 @@ module Aws::STS
|
|
970
1050
|
# the IAM user. For more information, see [Session Policies][1] in the
|
971
1051
|
# *IAM User Guide*.
|
972
1052
|
#
|
1053
|
+
# The resulting credentials can be used to access a resource that has
|
1054
|
+
# a resource-based policy. If that policy specifically references the
|
1055
|
+
# federated user session in the `Principal` element of the policy, the
|
1056
|
+
# session has the permissions allowed by the policy. These permissions
|
1057
|
+
# are granted in addition to the permissions that are granted by the
|
1058
|
+
# session policies.
|
1059
|
+
#
|
973
1060
|
# The plain text that you use for both inline and managed session
|
974
|
-
# policies
|
975
|
-
#
|
976
|
-
# the
|
977
|
-
#
|
978
|
-
#
|
979
|
-
#
|
980
|
-
# <note markdown="1">
|
981
|
-
#
|
982
|
-
#
|
983
|
-
#
|
984
|
-
#
|
985
|
-
# size limit.
|
1061
|
+
# policies can't exceed 2,048 characters. The JSON policy characters
|
1062
|
+
# can be any ASCII character from the space character to the end of
|
1063
|
+
# the valid character list (\\u0020 through \\u00FF). It can also
|
1064
|
+
# include the tab (\\u0009), linefeed (\\u000A), and carriage return
|
1065
|
+
# (\\u000D) characters.
|
1066
|
+
#
|
1067
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
1068
|
+
# tags into a packed binary format that has a separate limit. Your
|
1069
|
+
# request can fail for this limit even if your plain text meets the
|
1070
|
+
# other requirements. The `PackedPolicySize` response element
|
1071
|
+
# indicates by percentage how close the policies and tags for your
|
1072
|
+
# request are to the upper size limit.
|
986
1073
|
#
|
987
1074
|
# </note>
|
988
1075
|
#
|
@@ -1001,17 +1088,14 @@ module Aws::STS
|
|
1001
1088
|
# operation. You can pass a single JSON policy document to use as an
|
1002
1089
|
# inline session policy. You can also specify up to 10 managed
|
1003
1090
|
# policies to use as managed session policies. The plain text that you
|
1004
|
-
# use for both inline and managed session policies
|
1005
|
-
#
|
1006
|
-
#
|
1007
|
-
#
|
1091
|
+
# use for both inline and managed session policies can't exceed 2,048
|
1092
|
+
# characters. You can provide up to 10 managed policy ARNs. For more
|
1093
|
+
# information about ARNs, see [Amazon Resource Names (ARNs) and AWS
|
1094
|
+
# Service Namespaces][2] in the AWS General Reference.
|
1008
1095
|
#
|
1009
1096
|
# This parameter is optional. However, if you do not pass any session
|
1010
1097
|
# policies, then the resulting federated user session has no
|
1011
|
-
# permissions.
|
1012
|
-
# access a resource that has a resource-based policy that specifically
|
1013
|
-
# references the federated user session in the `Principal` element of
|
1014
|
-
# the policy.
|
1098
|
+
# permissions.
|
1015
1099
|
#
|
1016
1100
|
# When you pass session policies, the session permissions are the
|
1017
1101
|
# intersection of the IAM user policies and the session policies that
|
@@ -1021,12 +1105,19 @@ module Aws::STS
|
|
1021
1105
|
# the IAM user. For more information, see [Session Policies][1] in the
|
1022
1106
|
# *IAM User Guide*.
|
1023
1107
|
#
|
1024
|
-
#
|
1025
|
-
#
|
1026
|
-
#
|
1027
|
-
#
|
1028
|
-
#
|
1029
|
-
#
|
1108
|
+
# The resulting credentials can be used to access a resource that has
|
1109
|
+
# a resource-based policy. If that policy specifically references the
|
1110
|
+
# federated user session in the `Principal` element of the policy, the
|
1111
|
+
# session has the permissions allowed by the policy. These permissions
|
1112
|
+
# are granted in addition to the permissions that are granted by the
|
1113
|
+
# session policies.
|
1114
|
+
#
|
1115
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
1116
|
+
# tags into a packed binary format that has a separate limit. Your
|
1117
|
+
# request can fail for this limit even if your plain text meets the
|
1118
|
+
# other requirements. The `PackedPolicySize` response element
|
1119
|
+
# indicates by percentage how close the policies and tags for your
|
1120
|
+
# request are to the upper size limit.
|
1030
1121
|
#
|
1031
1122
|
# </note>
|
1032
1123
|
#
|
@@ -1046,13 +1137,51 @@ module Aws::STS
|
|
1046
1137
|
# obtained by using root user credentials defaults to one hour.
|
1047
1138
|
# @return [Integer]
|
1048
1139
|
#
|
1140
|
+
# @!attribute [rw] tags
|
1141
|
+
# A list of session tags. Each session tag consists of a key name and
|
1142
|
+
# an associated value. For more information about session tags, see
|
1143
|
+
# [Passing Session Tags in STS][1] in the *IAM User Guide*.
|
1144
|
+
#
|
1145
|
+
# This parameter is optional. You can pass up to 50 session tags. The
|
1146
|
+
# plain text session tag keys can’t exceed 128 characters and the
|
1147
|
+
# values can’t exceed 256 characters. For these and additional limits,
|
1148
|
+
# see [IAM and STS Character Limits][2] in the *IAM User Guide*.
|
1149
|
+
#
|
1150
|
+
# <note markdown="1"> An AWS conversion compresses the passed session policies and session
|
1151
|
+
# tags into a packed binary format that has a separate limit. Your
|
1152
|
+
# request can fail for this limit even if your plain text meets the
|
1153
|
+
# other requirements. The `PackedPolicySize` response element
|
1154
|
+
# indicates by percentage how close the policies and tags for your
|
1155
|
+
# request are to the upper size limit.
|
1156
|
+
#
|
1157
|
+
# </note>
|
1158
|
+
#
|
1159
|
+
# You can pass a session tag with the same key as a tag that is
|
1160
|
+
# already attached to the user you are federating. When you do,
|
1161
|
+
# session tags override a user tag with the same key.
|
1162
|
+
#
|
1163
|
+
# Tag key–value pairs are not case sensitive, but case is preserved.
|
1164
|
+
# This means that you cannot have separate `Department` and
|
1165
|
+
# `department` tag keys. Assume that the role has the
|
1166
|
+
# `Department`=`Marketing` tag and you pass the
|
1167
|
+
# `department`=`engineering` session tag. `Department` and
|
1168
|
+
# `department` are not saved as separate tags, and the session tag
|
1169
|
+
# passed in the request takes precedence over the role tag.
|
1170
|
+
#
|
1171
|
+
#
|
1172
|
+
#
|
1173
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1174
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
1175
|
+
# @return [Array<Types::Tag>]
|
1176
|
+
#
|
1049
1177
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenRequest AWS API Documentation
|
1050
1178
|
#
|
1051
1179
|
class GetFederationTokenRequest < Struct.new(
|
1052
1180
|
:name,
|
1053
1181
|
:policy,
|
1054
1182
|
:policy_arns,
|
1055
|
-
:duration_seconds
|
1183
|
+
:duration_seconds,
|
1184
|
+
:tags)
|
1056
1185
|
include Aws::Structure
|
1057
1186
|
end
|
1058
1187
|
|
@@ -1079,9 +1208,10 @@ module Aws::STS
|
|
1079
1208
|
# @return [Types::FederatedUser]
|
1080
1209
|
#
|
1081
1210
|
# @!attribute [rw] packed_policy_size
|
1082
|
-
# A percentage value
|
1083
|
-
#
|
1084
|
-
# than 100 percent
|
1211
|
+
# A percentage value that indicates the packed size of the session
|
1212
|
+
# policies and session tags combined passed in the request. The
|
1213
|
+
# request fails if the packed size is greater than 100 percent, which
|
1214
|
+
# means the policies and tags exceeded the allowed space.
|
1085
1215
|
# @return [Integer]
|
1086
1216
|
#
|
1087
1217
|
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenResponse AWS API Documentation
|
@@ -1171,12 +1301,12 @@ module Aws::STS
|
|
1171
1301
|
include Aws::Structure
|
1172
1302
|
end
|
1173
1303
|
|
1174
|
-
# The request could not be fulfilled because the
|
1175
|
-
#
|
1176
|
-
#
|
1177
|
-
#
|
1178
|
-
#
|
1179
|
-
#
|
1304
|
+
# The request could not be fulfilled because the identity provider (IDP)
|
1305
|
+
# that was asked to verify the incoming identity token could not be
|
1306
|
+
# reached. This is often a transient error caused by network conditions.
|
1307
|
+
# Retry the request a limited number of times so that you don't exceed
|
1308
|
+
# the request rate. If the error persists, the identity provider might
|
1309
|
+
# be down or not responding.
|
1180
1310
|
#
|
1181
1311
|
# @!attribute [rw] message
|
1182
1312
|
# @return [String]
|
@@ -1205,7 +1335,7 @@ module Aws::STS
|
|
1205
1335
|
include Aws::Structure
|
1206
1336
|
end
|
1207
1337
|
|
1208
|
-
#
|
1338
|
+
# The error returned if the message passed to
|
1209
1339
|
# `DecodeAuthorizationMessage` was invalid. This can happen if the token
|
1210
1340
|
# contains invalid characters, such as linebreaks.
|
1211
1341
|
#
|
@@ -1246,9 +1376,22 @@ module Aws::STS
|
|
1246
1376
|
include Aws::Structure
|
1247
1377
|
end
|
1248
1378
|
|
1249
|
-
# The request was rejected because the
|
1250
|
-
#
|
1251
|
-
#
|
1379
|
+
# The request was rejected because the total packed size of the session
|
1380
|
+
# policies and session tags combined was too large. An AWS conversion
|
1381
|
+
# compresses the session policy document, session policy ARNs, and
|
1382
|
+
# session tags into a packed binary format that has a separate limit.
|
1383
|
+
# The error message indicates by percentage how close the policies and
|
1384
|
+
# tags are to the upper size limit. For more information, see [Passing
|
1385
|
+
# Session Tags in STS][1] in the *IAM User Guide*.
|
1386
|
+
#
|
1387
|
+
# You could receive this error even though you meet other defined
|
1388
|
+
# session policy and session tag limits. For more information, see [IAM
|
1389
|
+
# and STS Entity Character Limits][2] in the *IAM User Guide*.
|
1390
|
+
#
|
1391
|
+
#
|
1392
|
+
#
|
1393
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1394
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
|
1252
1395
|
#
|
1253
1396
|
# @!attribute [rw] message
|
1254
1397
|
# @return [String]
|
@@ -1308,5 +1451,54 @@ module Aws::STS
|
|
1308
1451
|
include Aws::Structure
|
1309
1452
|
end
|
1310
1453
|
|
1454
|
+
# You can pass custom key-value pair attributes when you assume a role
|
1455
|
+
# or federate a user. These are called session tags. You can then use
|
1456
|
+
# the session tags to control access to resources. For more information,
|
1457
|
+
# see [Tagging AWS STS Sessions][1] in the *IAM User Guide*.
|
1458
|
+
#
|
1459
|
+
#
|
1460
|
+
#
|
1461
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
1462
|
+
#
|
1463
|
+
# @note When making an API call, you may pass Tag
|
1464
|
+
# data as a hash:
|
1465
|
+
#
|
1466
|
+
# {
|
1467
|
+
# key: "tagKeyType", # required
|
1468
|
+
# value: "tagValueType", # required
|
1469
|
+
# }
|
1470
|
+
#
|
1471
|
+
# @!attribute [rw] key
|
1472
|
+
# The key for a session tag.
|
1473
|
+
#
|
1474
|
+
# You can pass up to 50 session tags. The plain text session tag keys
|
1475
|
+
# can’t exceed 128 characters. For these and additional limits, see
|
1476
|
+
# [IAM and STS Character Limits][1] in the *IAM User Guide*.
|
1477
|
+
#
|
1478
|
+
#
|
1479
|
+
#
|
1480
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
1481
|
+
# @return [String]
|
1482
|
+
#
|
1483
|
+
# @!attribute [rw] value
|
1484
|
+
# The value for a session tag.
|
1485
|
+
#
|
1486
|
+
# You can pass up to 50 session tags. The plain text session tag
|
1487
|
+
# values can’t exceed 256 characters. For these and additional limits,
|
1488
|
+
# see [IAM and STS Character Limits][1] in the *IAM User Guide*.
|
1489
|
+
#
|
1490
|
+
#
|
1491
|
+
#
|
1492
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
1493
|
+
# @return [String]
|
1494
|
+
#
|
1495
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/Tag AWS API Documentation
|
1496
|
+
#
|
1497
|
+
class Tag < Struct.new(
|
1498
|
+
:key,
|
1499
|
+
:value)
|
1500
|
+
include Aws::Structure
|
1501
|
+
end
|
1502
|
+
|
1311
1503
|
end
|
1312
1504
|
end
|