aws-sdk-core 3.171.1 → 3.172.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-core/log/formatter.rb +6 -0
- data/lib/aws-sdk-sso/client.rb +1 -1
- data/lib/aws-sdk-sso.rb +1 -1
- data/lib/aws-sdk-ssooidc/client.rb +1 -1
- data/lib/aws-sdk-ssooidc.rb +1 -1
- data/lib/aws-sdk-sts/client.rb +106 -110
- data/lib/aws-sdk-sts/endpoint_provider.rb +81 -78
- data/lib/aws-sdk-sts/types.rb +5 -6
- data/lib/aws-sdk-sts.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 746f82369d60381064a023bbb6acf6d34175a24c1efabb7a321413e4d2d9de88
|
|
4
|
+
data.tar.gz: 463ab018b652877c3dcd0ad4b9c5dfae3c17ad3c0d90b48b97d076a2d92cb946
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cf6fe14a282f4dfe099643be4f34cac8ea6646db4017edad82bcaa44078611f3c3a17945c83079f30be804ae022dc8f66c123cb993d22cb31e262e49a05cce8e
|
|
7
|
+
data.tar.gz: '088d17868e17675ad2ab7baea66aba02c07905a912b2fefb51ec306299d48da5cdba325ff022e7eedf7e0ee27c09721de1c9070da233fa6353169762900b1cf1'
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
3.172.0 (2023-05-08)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Updated Aws::STS::Client with the latest API changes.
|
|
8
|
+
|
|
9
|
+
* Feature - Add :region option to `Aws::Log::Formatter`.
|
|
10
|
+
|
|
4
11
|
3.171.1 (2023-05-04)
|
|
5
12
|
------------------
|
|
6
13
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.
|
|
1
|
+
3.172.0
|
|
@@ -26,6 +26,8 @@ module Aws
|
|
|
26
26
|
#
|
|
27
27
|
# You can put any of these placeholders into you pattern.
|
|
28
28
|
#
|
|
29
|
+
# * `:region` - The region configured for the client.
|
|
30
|
+
#
|
|
29
31
|
# * `:client_class` - The name of the client class.
|
|
30
32
|
#
|
|
31
33
|
# * `:operation` - The name of the client request method.
|
|
@@ -116,6 +118,10 @@ module Aws
|
|
|
116
118
|
|
|
117
119
|
private
|
|
118
120
|
|
|
121
|
+
def _region(response)
|
|
122
|
+
response.context.config.region
|
|
123
|
+
end
|
|
124
|
+
|
|
119
125
|
def _client_class(response)
|
|
120
126
|
response.context.client.class.name
|
|
121
127
|
end
|
data/lib/aws-sdk-sso/client.rb
CHANGED
data/lib/aws-sdk-sso.rb
CHANGED
data/lib/aws-sdk-ssooidc.rb
CHANGED
data/lib/aws-sdk-sts/client.rb
CHANGED
|
@@ -406,10 +406,11 @@ module Aws::STS
|
|
|
406
406
|
# identity-based policy of the role that is being assumed. For more
|
|
407
407
|
# information, see [Session Policies][3] in the *IAM User Guide*.
|
|
408
408
|
#
|
|
409
|
-
# When you create a role, you create two policies:
|
|
410
|
-
# that specifies *who* can assume the role and a permissions policy
|
|
411
|
-
# specifies *what* can be done with the role. You specify the
|
|
412
|
-
# principal
|
|
409
|
+
# When you create a role, you create two policies: a role trust policy
|
|
410
|
+
# that specifies *who* can assume the role, and a permissions policy
|
|
411
|
+
# that specifies *what* can be done with the role. You specify the
|
|
412
|
+
# trusted principal that is allowed to assume the role in the role trust
|
|
413
|
+
# policy.
|
|
413
414
|
#
|
|
414
415
|
# To assume a role from a different account, your Amazon Web Services
|
|
415
416
|
# account must be trusted by the role. The trust relationship is defined
|
|
@@ -418,10 +419,9 @@ module Aws::STS
|
|
|
418
419
|
# users in the account.
|
|
419
420
|
#
|
|
420
421
|
# A user who wants to access a role in a different account must also
|
|
421
|
-
# have permissions that are delegated from the
|
|
422
|
-
#
|
|
423
|
-
#
|
|
424
|
-
# account.
|
|
422
|
+
# have permissions that are delegated from the account administrator.
|
|
423
|
+
# The administrator must attach a policy that allows the user to call
|
|
424
|
+
# `AssumeRole` for the ARN of the role in the other account.
|
|
425
425
|
#
|
|
426
426
|
# To allow a user to assume a role in the same account, you can do
|
|
427
427
|
# either of the following:
|
|
@@ -1206,10 +1206,8 @@ module Aws::STS
|
|
|
1206
1206
|
# the user with a consistent identity throughout the lifetime of an
|
|
1207
1207
|
# application.
|
|
1208
1208
|
#
|
|
1209
|
-
# To learn more about Amazon Cognito, see [Amazon Cognito
|
|
1210
|
-
# in *Amazon
|
|
1211
|
-
# Cognito Overview][5] in the *Amazon Web Services SDK for iOS Developer
|
|
1212
|
-
# Guide*.
|
|
1209
|
+
# To learn more about Amazon Cognito, see [Amazon Cognito identity
|
|
1210
|
+
# pools][1] in *Amazon Cognito Developer Guide*.
|
|
1213
1211
|
#
|
|
1214
1212
|
# </note>
|
|
1215
1213
|
#
|
|
@@ -1223,8 +1221,8 @@ module Aws::STS
|
|
|
1223
1221
|
# a token from the web identity provider. For a comparison of
|
|
1224
1222
|
# `AssumeRoleWithWebIdentity` with the other API operations that produce
|
|
1225
1223
|
# temporary credentials, see [Requesting Temporary Security
|
|
1226
|
-
# Credentials][
|
|
1227
|
-
# operations][
|
|
1224
|
+
# Credentials][4] and [Comparing the Amazon Web Services STS API
|
|
1225
|
+
# operations][5] in the *IAM User Guide*.
|
|
1228
1226
|
#
|
|
1229
1227
|
# The temporary security credentials returned by this API consist of an
|
|
1230
1228
|
# access key ID, a secret access key, and a security token. Applications
|
|
@@ -1240,11 +1238,11 @@ module Aws::STS
|
|
|
1240
1238
|
# to the maximum session duration setting for the role. This setting can
|
|
1241
1239
|
# have a value from 1 hour to 12 hours. To learn how to view the maximum
|
|
1242
1240
|
# value for your role, see [View the Maximum Session Duration Setting
|
|
1243
|
-
# for a Role][
|
|
1241
|
+
# for a Role][6] in the *IAM User Guide*. The maximum session duration
|
|
1244
1242
|
# limit applies when you use the `AssumeRole*` API operations or the
|
|
1245
1243
|
# `assume-role*` CLI commands. However the limit does not apply when you
|
|
1246
1244
|
# use those operations to create a console URL. For more information,
|
|
1247
|
-
# see [Using IAM Roles][
|
|
1245
|
+
# see [Using IAM Roles][7] in the *IAM User Guide*.
|
|
1248
1246
|
#
|
|
1249
1247
|
# **Permissions**
|
|
1250
1248
|
#
|
|
@@ -1253,7 +1251,7 @@ module Aws::STS
|
|
|
1253
1251
|
# Amazon Web Services service with the following exception: you cannot
|
|
1254
1252
|
# call the STS `GetFederationToken` or `GetSessionToken` API operations.
|
|
1255
1253
|
#
|
|
1256
|
-
# (Optional) You can pass inline or managed [session policies][
|
|
1254
|
+
# (Optional) You can pass inline or managed [session policies][8] to
|
|
1257
1255
|
# this operation. You can pass a single JSON policy document to use as
|
|
1258
1256
|
# an inline session policy. You can also specify up to 10 managed policy
|
|
1259
1257
|
# Amazon Resource Names (ARNs) to use as managed session policies. The
|
|
@@ -1266,19 +1264,19 @@ module Aws::STS
|
|
|
1266
1264
|
# resources in the account that owns the role. You cannot use session
|
|
1267
1265
|
# policies to grant more permissions than those allowed by the
|
|
1268
1266
|
# identity-based policy of the role that is being assumed. For more
|
|
1269
|
-
# information, see [Session Policies][
|
|
1267
|
+
# information, see [Session Policies][8] in the *IAM User Guide*.
|
|
1270
1268
|
#
|
|
1271
1269
|
# **Tags**
|
|
1272
1270
|
#
|
|
1273
1271
|
# (Optional) You can configure your IdP to pass attributes into your web
|
|
1274
1272
|
# identity token as session tags. Each session tag consists of a key
|
|
1275
1273
|
# name and an associated value. For more information about session tags,
|
|
1276
|
-
# see [Passing Session Tags in STS][
|
|
1274
|
+
# see [Passing Session Tags in STS][9] in the *IAM User Guide*.
|
|
1277
1275
|
#
|
|
1278
1276
|
# You can pass up to 50 session tags. The plaintext session tag keys
|
|
1279
1277
|
# can’t exceed 128 characters and the values can’t exceed 256
|
|
1280
1278
|
# characters. For these and additional limits, see [IAM and STS
|
|
1281
|
-
# Character Limits][
|
|
1279
|
+
# Character Limits][10] in the *IAM User Guide*.
|
|
1282
1280
|
#
|
|
1283
1281
|
# <note markdown="1"> An Amazon Web Services conversion compresses the passed inline session
|
|
1284
1282
|
# policy, managed policy ARNs, and session tags into a packed binary
|
|
@@ -1296,12 +1294,12 @@ module Aws::STS
|
|
|
1296
1294
|
# An administrator must grant you the permissions necessary to pass
|
|
1297
1295
|
# session tags. The administrator can also create granular permissions
|
|
1298
1296
|
# to allow you to pass only specific session tags. For more information,
|
|
1299
|
-
# see [Tutorial: Using Tags for Attribute-Based Access Control][
|
|
1297
|
+
# see [Tutorial: Using Tags for Attribute-Based Access Control][11] in
|
|
1300
1298
|
# the *IAM User Guide*.
|
|
1301
1299
|
#
|
|
1302
1300
|
# You can set the session tags as transitive. Transitive tags persist
|
|
1303
1301
|
# during role chaining. For more information, see [Chaining Roles with
|
|
1304
|
-
# Session Tags][
|
|
1302
|
+
# Session Tags][12] in the *IAM User Guide*.
|
|
1305
1303
|
#
|
|
1306
1304
|
# **Identities**
|
|
1307
1305
|
#
|
|
@@ -1313,19 +1311,19 @@ module Aws::STS
|
|
|
1313
1311
|
# specified in the role's trust policy.
|
|
1314
1312
|
#
|
|
1315
1313
|
# Calling `AssumeRoleWithWebIdentity` can result in an entry in your
|
|
1316
|
-
# CloudTrail logs. The entry includes the [Subject][
|
|
1314
|
+
# CloudTrail logs. The entry includes the [Subject][13] of the provided
|
|
1317
1315
|
# web identity token. We recommend that you avoid using any personally
|
|
1318
1316
|
# identifiable information (PII) in this field. For example, you could
|
|
1319
1317
|
# instead use a GUID or a pairwise identifier, as [suggested in the OIDC
|
|
1320
|
-
# specification][
|
|
1318
|
+
# specification][14].
|
|
1321
1319
|
#
|
|
1322
1320
|
# For more information about how to use web identity federation and the
|
|
1323
1321
|
# `AssumeRoleWithWebIdentity` API, see the following resources:
|
|
1324
1322
|
#
|
|
1325
|
-
# * [Using Web Identity Federation API Operations for Mobile Apps][
|
|
1326
|
-
# and [Federation Through a Web-based Identity Provider][
|
|
1323
|
+
# * [Using Web Identity Federation API Operations for Mobile Apps][15]
|
|
1324
|
+
# and [Federation Through a Web-based Identity Provider][16].
|
|
1327
1325
|
#
|
|
1328
|
-
# * [ Web Identity Federation Playground][
|
|
1326
|
+
# * [ Web Identity Federation Playground][17]. Walk through the process
|
|
1329
1327
|
# of authenticating through Login with Amazon, Facebook, or Google,
|
|
1330
1328
|
# getting temporary security credentials, and then using those
|
|
1331
1329
|
# credentials to make a request to Amazon Web Services.
|
|
@@ -1336,7 +1334,7 @@ module Aws::STS
|
|
|
1336
1334
|
# toolkits then show how to use the information from these providers
|
|
1337
1335
|
# to get and use temporary security credentials.
|
|
1338
1336
|
#
|
|
1339
|
-
# * [Web Identity Federation with Mobile Applications][
|
|
1337
|
+
# * [Web Identity Federation with Mobile Applications][18]. This article
|
|
1340
1338
|
# discusses web identity federation and shows an example of how to use
|
|
1341
1339
|
# web identity federation to get access to content in Amazon S3.
|
|
1342
1340
|
#
|
|
@@ -1345,23 +1343,21 @@ module Aws::STS
|
|
|
1345
1343
|
# [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html
|
|
1346
1344
|
# [2]: http://aws.amazon.com/sdkforios/
|
|
1347
1345
|
# [3]: http://aws.amazon.com/sdkforandroid/
|
|
1348
|
-
# [4]: https://docs.aws.amazon.com/
|
|
1349
|
-
# [5]: https://docs.aws.amazon.com/
|
|
1350
|
-
# [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
1351
|
-
# [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
1352
|
-
# [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
1353
|
-
# [9]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
1354
|
-
# [10]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
1355
|
-
# [11]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
1356
|
-
# [12]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
1357
|
-
# [13]:
|
|
1358
|
-
# [14]:
|
|
1359
|
-
# [15]:
|
|
1360
|
-
# [16]:
|
|
1361
|
-
# [17]: https://
|
|
1362
|
-
# [18]:
|
|
1363
|
-
# [19]: https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/
|
|
1364
|
-
# [20]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications
|
|
1346
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
|
1347
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
|
1348
|
+
# [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
|
|
1349
|
+
# [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
|
|
1350
|
+
# [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
|
1351
|
+
# [9]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
|
1352
|
+
# [10]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length
|
|
1353
|
+
# [11]: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html
|
|
1354
|
+
# [12]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining
|
|
1355
|
+
# [13]: http://openid.net/specs/openid-connect-core-1_0.html#Claims
|
|
1356
|
+
# [14]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
|
|
1357
|
+
# [15]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html
|
|
1358
|
+
# [16]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
|
|
1359
|
+
# [17]: https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/
|
|
1360
|
+
# [18]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications
|
|
1365
1361
|
#
|
|
1366
1362
|
# @option params [required, String] :role_arn
|
|
1367
1363
|
# The Amazon Resource Name (ARN) of the role that the caller is
|
|
@@ -1720,11 +1716,11 @@ module Aws::STS
|
|
|
1720
1716
|
# to call the operation.
|
|
1721
1717
|
#
|
|
1722
1718
|
# <note markdown="1"> No permissions are required to perform this operation. If an
|
|
1723
|
-
# administrator
|
|
1719
|
+
# administrator attaches a policy to your identity that explicitly
|
|
1724
1720
|
# denies access to the `sts:GetCallerIdentity` action, you can still
|
|
1725
1721
|
# perform this operation. Permissions are not required because the same
|
|
1726
|
-
# information is returned when
|
|
1727
|
-
#
|
|
1722
|
+
# information is returned when access is denied. To view an example
|
|
1723
|
+
# response, see [I Am Not Authorized to Perform:
|
|
1728
1724
|
# iam:DeleteVirtualMFADevice][1] in the *IAM User Guide*.
|
|
1729
1725
|
#
|
|
1730
1726
|
# </note>
|
|
@@ -1801,43 +1797,43 @@ module Aws::STS
|
|
|
1801
1797
|
end
|
|
1802
1798
|
|
|
1803
1799
|
# Returns a set of temporary security credentials (consisting of an
|
|
1804
|
-
# access key ID, a secret access key, and a security token) for a
|
|
1805
|
-
#
|
|
1806
|
-
#
|
|
1807
|
-
#
|
|
1808
|
-
#
|
|
1809
|
-
#
|
|
1810
|
-
#
|
|
1811
|
-
#
|
|
1812
|
-
#
|
|
1800
|
+
# access key ID, a secret access key, and a security token) for a user.
|
|
1801
|
+
# A typical use is in a proxy application that gets temporary security
|
|
1802
|
+
# credentials on behalf of distributed applications inside a corporate
|
|
1803
|
+
# network.
|
|
1804
|
+
#
|
|
1805
|
+
# You must call the `GetFederationToken` operation using the long-term
|
|
1806
|
+
# security credentials of an IAM user. As a result, this call is
|
|
1807
|
+
# appropriate in contexts where those credentials can be safeguarded,
|
|
1808
|
+
# usually in a server-based application. For a comparison of
|
|
1809
|
+
# `GetFederationToken` with the other API operations that produce
|
|
1810
|
+
# temporary credentials, see [Requesting Temporary Security
|
|
1813
1811
|
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
|
1814
1812
|
# operations][2] in the *IAM User Guide*.
|
|
1815
1813
|
#
|
|
1814
|
+
# Although it is possible to call `GetFederationToken` using the
|
|
1815
|
+
# security credentials of an Amazon Web Services account root user
|
|
1816
|
+
# rather than an IAM user that you create for the purpose of a proxy
|
|
1817
|
+
# application, we do not recommend it. For more information, see
|
|
1818
|
+
# [Safeguard your root user credentials and don't use them for everyday
|
|
1819
|
+
# tasks][3] in the *IAM User Guide*.
|
|
1820
|
+
#
|
|
1816
1821
|
# <note markdown="1"> You can create a mobile-based or browser-based app that can
|
|
1817
1822
|
# authenticate users using a web identity provider like Login with
|
|
1818
1823
|
# Amazon, Facebook, Google, or an OpenID Connect-compatible identity
|
|
1819
|
-
# provider. In this case, we recommend that you use [Amazon Cognito][
|
|
1824
|
+
# provider. In this case, we recommend that you use [Amazon Cognito][4]
|
|
1820
1825
|
# or `AssumeRoleWithWebIdentity`. For more information, see [Federation
|
|
1821
|
-
# Through a Web-based Identity Provider][
|
|
1826
|
+
# Through a Web-based Identity Provider][5] in the *IAM User Guide*.
|
|
1822
1827
|
#
|
|
1823
1828
|
# </note>
|
|
1824
1829
|
#
|
|
1825
|
-
# You can also call `GetFederationToken` using the security credentials
|
|
1826
|
-
# of an Amazon Web Services account root user, but we do not recommend
|
|
1827
|
-
# it. Instead, we recommend that you create an IAM user for the purpose
|
|
1828
|
-
# of the proxy application. Then attach a policy to the IAM user that
|
|
1829
|
-
# limits federated users to only the actions and resources that they
|
|
1830
|
-
# need to access. For more information, see [IAM Best Practices][5] in
|
|
1831
|
-
# the *IAM User Guide*.
|
|
1832
|
-
#
|
|
1833
1830
|
# **Session duration**
|
|
1834
1831
|
#
|
|
1835
1832
|
# The temporary credentials are valid for the specified duration, from
|
|
1836
1833
|
# 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
|
|
1837
1834
|
# hours). The default session duration is 43,200 seconds (12 hours).
|
|
1838
|
-
# Temporary credentials obtained by using the
|
|
1839
|
-
#
|
|
1840
|
-
# (1 hour).
|
|
1835
|
+
# Temporary credentials obtained by using the root user credentials have
|
|
1836
|
+
# a maximum duration of 3,600 seconds (1 hour).
|
|
1841
1837
|
#
|
|
1842
1838
|
# **Permissions**
|
|
1843
1839
|
#
|
|
@@ -1887,9 +1883,9 @@ module Aws::STS
|
|
|
1887
1883
|
# <note markdown="1"> You can create a mobile-based or browser-based app that can
|
|
1888
1884
|
# authenticate users using a web identity provider like Login with
|
|
1889
1885
|
# Amazon, Facebook, Google, or an OpenID Connect-compatible identity
|
|
1890
|
-
# provider. In this case, we recommend that you use [Amazon Cognito][
|
|
1886
|
+
# provider. In this case, we recommend that you use [Amazon Cognito][4]
|
|
1891
1887
|
# or `AssumeRoleWithWebIdentity`. For more information, see [Federation
|
|
1892
|
-
# Through a Web-based Identity Provider][
|
|
1888
|
+
# Through a Web-based Identity Provider][5] in the *IAM User Guide*.
|
|
1893
1889
|
#
|
|
1894
1890
|
# </note>
|
|
1895
1891
|
#
|
|
@@ -1911,9 +1907,9 @@ module Aws::STS
|
|
|
1911
1907
|
#
|
|
1912
1908
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
|
1913
1909
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
|
1914
|
-
# [3]:
|
|
1915
|
-
# [4]:
|
|
1916
|
-
# [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/
|
|
1910
|
+
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials
|
|
1911
|
+
# [4]: http://aws.amazon.com/cognito/
|
|
1912
|
+
# [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
|
|
1917
1913
|
# [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
|
|
1918
1914
|
# [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken
|
|
1919
1915
|
# [8]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
|
|
@@ -2030,10 +2026,10 @@ module Aws::STS
|
|
|
2030
2026
|
# The duration, in seconds, that the session should last. Acceptable
|
|
2031
2027
|
# durations for federation sessions range from 900 seconds (15 minutes)
|
|
2032
2028
|
# to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the
|
|
2033
|
-
# default. Sessions obtained using
|
|
2034
|
-
#
|
|
2035
|
-
#
|
|
2036
|
-
#
|
|
2029
|
+
# default. Sessions obtained using root user credentials are restricted
|
|
2030
|
+
# to a maximum of 3,600 seconds (one hour). If the specified duration is
|
|
2031
|
+
# longer than one hour, the session obtained by using root user
|
|
2032
|
+
# credentials defaults to one hour.
|
|
2037
2033
|
#
|
|
2038
2034
|
# @option params [Array<Types::Tag>] :tags
|
|
2039
2035
|
# A list of session tags. Each session tag consists of a key name and an
|
|
@@ -2153,14 +2149,15 @@ module Aws::STS
|
|
|
2153
2149
|
# secret access key, and a security token. Typically, you use
|
|
2154
2150
|
# `GetSessionToken` if you want to use MFA to protect programmatic calls
|
|
2155
2151
|
# to specific Amazon Web Services API operations like Amazon EC2
|
|
2156
|
-
# `StopInstances`.
|
|
2157
|
-
#
|
|
2158
|
-
# MFA
|
|
2159
|
-
#
|
|
2160
|
-
#
|
|
2161
|
-
#
|
|
2162
|
-
#
|
|
2163
|
-
#
|
|
2152
|
+
# `StopInstances`.
|
|
2153
|
+
#
|
|
2154
|
+
# MFA-enabled IAM users must call `GetSessionToken` and submit an MFA
|
|
2155
|
+
# code that is associated with their MFA device. Using the temporary
|
|
2156
|
+
# security credentials that the call returns, IAM users can then make
|
|
2157
|
+
# programmatic calls to API operations that require MFA authentication.
|
|
2158
|
+
# An incorrect MFA code causes the API to return an access denied error.
|
|
2159
|
+
# For a comparison of `GetSessionToken` with the other API operations
|
|
2160
|
+
# that produce temporary credentials, see [Requesting Temporary Security
|
|
2164
2161
|
# Credentials][1] and [Comparing the Amazon Web Services STS API
|
|
2165
2162
|
# operations][2] in the *IAM User Guide*.
|
|
2166
2163
|
#
|
|
@@ -2175,13 +2172,13 @@ module Aws::STS
|
|
|
2175
2172
|
# **Session Duration**
|
|
2176
2173
|
#
|
|
2177
2174
|
# The `GetSessionToken` operation must be called by using the long-term
|
|
2178
|
-
# Amazon Web Services security credentials of
|
|
2179
|
-
#
|
|
2180
|
-
#
|
|
2181
|
-
#
|
|
2182
|
-
# (
|
|
2183
|
-
#
|
|
2184
|
-
#
|
|
2175
|
+
# Amazon Web Services security credentials of an IAM user. Credentials
|
|
2176
|
+
# that are created by IAM users are valid for the duration that you
|
|
2177
|
+
# specify. This duration can range from 900 seconds (15 minutes) up to a
|
|
2178
|
+
# maximum of 129,600 seconds (36 hours), with a default of 43,200
|
|
2179
|
+
# seconds (12 hours). Credentials based on account credentials can range
|
|
2180
|
+
# from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a
|
|
2181
|
+
# default of 1 hour.
|
|
2185
2182
|
#
|
|
2186
2183
|
# **Permissions**
|
|
2187
2184
|
#
|
|
@@ -2195,24 +2192,23 @@ module Aws::STS
|
|
|
2195
2192
|
# * You cannot call any STS API *except* `AssumeRole` or
|
|
2196
2193
|
# `GetCallerIdentity`.
|
|
2197
2194
|
#
|
|
2198
|
-
#
|
|
2199
|
-
#
|
|
2200
|
-
#
|
|
2201
|
-
#
|
|
2202
|
-
# with Amazon Web Services.
|
|
2195
|
+
# The credentials that `GetSessionToken` returns are based on
|
|
2196
|
+
# permissions associated with the IAM user whose credentials were used
|
|
2197
|
+
# to call the operation. The temporary credentials have the same
|
|
2198
|
+
# permissions as the IAM user.
|
|
2203
2199
|
#
|
|
2204
|
-
#
|
|
2200
|
+
# <note markdown="1"> Although it is possible to call `GetSessionToken` using the security
|
|
2201
|
+
# credentials of an Amazon Web Services account root user rather than an
|
|
2202
|
+
# IAM user, we do not recommend it. If `GetSessionToken` is called using
|
|
2203
|
+
# root user credentials, the temporary credentials have root user
|
|
2204
|
+
# permissions. For more information, see [Safeguard your root user
|
|
2205
|
+
# credentials and don't use them for everyday tasks][4] in the *IAM
|
|
2206
|
+
# User Guide*
|
|
2205
2207
|
#
|
|
2206
|
-
#
|
|
2207
|
-
# permissions associated with the user whose credentials were used to
|
|
2208
|
-
# call the operation. If `GetSessionToken` is called using Amazon Web
|
|
2209
|
-
# Services account root user credentials, the temporary credentials have
|
|
2210
|
-
# root user permissions. Similarly, if `GetSessionToken` is called using
|
|
2211
|
-
# the credentials of an IAM user, the temporary credentials have the
|
|
2212
|
-
# same permissions as the IAM user.
|
|
2208
|
+
# </note>
|
|
2213
2209
|
#
|
|
2214
2210
|
# For more information about using `GetSessionToken` to create temporary
|
|
2215
|
-
# credentials,
|
|
2211
|
+
# credentials, see [Temporary Credentials for Users in Untrusted
|
|
2216
2212
|
# Environments][5] in the *IAM User Guide*.
|
|
2217
2213
|
#
|
|
2218
2214
|
#
|
|
@@ -2220,7 +2216,7 @@ module Aws::STS
|
|
|
2220
2216
|
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
|
|
2221
2217
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
|
|
2222
2218
|
# [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html
|
|
2223
|
-
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#
|
|
2219
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials
|
|
2224
2220
|
# [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken
|
|
2225
2221
|
#
|
|
2226
2222
|
# @option params [Integer] :duration_seconds
|
|
@@ -2318,7 +2314,7 @@ module Aws::STS
|
|
|
2318
2314
|
params: params,
|
|
2319
2315
|
config: config)
|
|
2320
2316
|
context[:gem_name] = 'aws-sdk-core'
|
|
2321
|
-
context[:gem_version] = '3.
|
|
2317
|
+
context[:gem_version] = '3.172.0'
|
|
2322
2318
|
Seahorse::Client::Request.new(handlers, context)
|
|
2323
2319
|
end
|
|
2324
2320
|
|
|
@@ -15,93 +15,96 @@ module Aws::STS
|
|
|
15
15
|
use_fips = parameters.use_fips
|
|
16
16
|
endpoint = parameters.endpoint
|
|
17
17
|
use_global_endpoint = parameters.use_global_endpoint
|
|
18
|
-
if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
|
|
19
|
-
if Aws::Endpoints::Matchers.
|
|
20
|
-
|
|
21
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
22
|
-
end
|
|
23
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "ap-south-1")
|
|
24
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
25
|
-
end
|
|
26
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-1")
|
|
27
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
28
|
-
end
|
|
29
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-2")
|
|
30
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
31
|
-
end
|
|
32
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
|
|
33
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
34
|
-
end
|
|
35
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "ca-central-1")
|
|
36
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
37
|
-
end
|
|
38
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "eu-central-1")
|
|
39
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
40
|
-
end
|
|
41
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "eu-north-1")
|
|
42
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
43
|
-
end
|
|
44
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-1")
|
|
45
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
46
|
-
end
|
|
47
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-2")
|
|
48
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
49
|
-
end
|
|
50
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-3")
|
|
51
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
52
|
-
end
|
|
53
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "sa-east-1")
|
|
54
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
55
|
-
end
|
|
56
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "us-east-1")
|
|
57
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
58
|
-
end
|
|
59
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "us-east-2")
|
|
60
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
61
|
-
end
|
|
62
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "us-west-1")
|
|
63
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
64
|
-
end
|
|
65
|
-
if Aws::Endpoints::Matchers.string_equals?(region, "us-west-2")
|
|
66
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"us-east-1", "signingName"=>"sts"}]})
|
|
67
|
-
end
|
|
68
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingRegion"=>"#{region}", "signingName"=>"sts"}]})
|
|
18
|
+
if Aws::Endpoints::Matchers.boolean_equals?(use_global_endpoint, true) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(endpoint)) && Aws::Endpoints::Matchers.set?(region) && (partition_result = Aws::Endpoints::Matchers.aws_partition(region)) && Aws::Endpoints::Matchers.boolean_equals?(use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, false)
|
|
19
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "ap-northeast-1")
|
|
20
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
69
21
|
end
|
|
70
|
-
if Aws::Endpoints::Matchers.
|
|
71
|
-
|
|
72
|
-
raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
|
|
73
|
-
end
|
|
74
|
-
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
|
75
|
-
raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
|
|
76
|
-
end
|
|
77
|
-
return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
|
|
22
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "ap-south-1")
|
|
23
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
78
24
|
end
|
|
79
|
-
if Aws::Endpoints::Matchers.
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
25
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-1")
|
|
26
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
27
|
+
end
|
|
28
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "ap-southeast-2")
|
|
29
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
30
|
+
end
|
|
31
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
|
|
32
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
33
|
+
end
|
|
34
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "ca-central-1")
|
|
35
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
84
36
|
end
|
|
37
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "eu-central-1")
|
|
38
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
39
|
+
end
|
|
40
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "eu-north-1")
|
|
41
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
42
|
+
end
|
|
43
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-1")
|
|
44
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
45
|
+
end
|
|
46
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-2")
|
|
47
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
48
|
+
end
|
|
49
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "eu-west-3")
|
|
50
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
51
|
+
end
|
|
52
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "sa-east-1")
|
|
53
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
54
|
+
end
|
|
55
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "us-east-1")
|
|
56
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
57
|
+
end
|
|
58
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "us-east-2")
|
|
59
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
60
|
+
end
|
|
61
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "us-west-1")
|
|
62
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
63
|
+
end
|
|
64
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "us-west-2")
|
|
65
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
66
|
+
end
|
|
67
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"#{region}"}]})
|
|
68
|
+
end
|
|
69
|
+
if Aws::Endpoints::Matchers.set?(endpoint)
|
|
85
70
|
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
|
86
|
-
|
|
87
|
-
if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
|
|
88
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
|
89
|
-
end
|
|
90
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
|
91
|
-
end
|
|
92
|
-
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
|
71
|
+
raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
|
|
93
72
|
end
|
|
94
73
|
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
|
95
|
-
|
|
96
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
|
|
97
|
-
end
|
|
98
|
-
raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
|
|
74
|
+
raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
|
|
99
75
|
end
|
|
100
|
-
|
|
101
|
-
|
|
76
|
+
return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
|
|
77
|
+
end
|
|
78
|
+
if Aws::Endpoints::Matchers.set?(region)
|
|
79
|
+
if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
|
|
80
|
+
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
|
81
|
+
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
|
82
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
|
|
83
|
+
end
|
|
84
|
+
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
|
85
|
+
end
|
|
86
|
+
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
|
87
|
+
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
|
|
88
|
+
if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
|
|
89
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.amazonaws.com", headers: {}, properties: {})
|
|
90
|
+
end
|
|
91
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
|
92
|
+
end
|
|
93
|
+
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
|
94
|
+
end
|
|
95
|
+
if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
|
|
96
|
+
if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
|
|
97
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
|
|
98
|
+
end
|
|
99
|
+
raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
|
|
100
|
+
end
|
|
101
|
+
if Aws::Endpoints::Matchers.string_equals?(region, "aws-global")
|
|
102
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
|
|
103
|
+
end
|
|
104
|
+
return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
|
102
105
|
end
|
|
103
|
-
return Aws::Endpoints::Endpoint.new(url: "https://sts.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
|
104
106
|
end
|
|
107
|
+
raise ArgumentError, "Invalid Configuration: Missing Region"
|
|
105
108
|
raise ArgumentError, 'No endpoint could be resolved'
|
|
106
109
|
|
|
107
110
|
end
|
data/lib/aws-sdk-sts/types.rb
CHANGED
|
@@ -576,7 +576,7 @@ module Aws::STS
|
|
|
576
576
|
# in IAM.
|
|
577
577
|
#
|
|
578
578
|
# The combination of `NameQualifier` and `Subject` can be used to
|
|
579
|
-
# uniquely identify a
|
|
579
|
+
# uniquely identify a user.
|
|
580
580
|
#
|
|
581
581
|
# The following pseudocode shows how the hash value is calculated:
|
|
582
582
|
#
|
|
@@ -1200,11 +1200,10 @@ module Aws::STS
|
|
|
1200
1200
|
# The duration, in seconds, that the session should last. Acceptable
|
|
1201
1201
|
# durations for federation sessions range from 900 seconds (15
|
|
1202
1202
|
# minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12
|
|
1203
|
-
# hours) as the default. Sessions obtained using
|
|
1204
|
-
#
|
|
1205
|
-
#
|
|
1206
|
-
#
|
|
1207
|
-
# to one hour.
|
|
1203
|
+
# hours) as the default. Sessions obtained using root user credentials
|
|
1204
|
+
# are restricted to a maximum of 3,600 seconds (one hour). If the
|
|
1205
|
+
# specified duration is longer than one hour, the session obtained by
|
|
1206
|
+
# using root user credentials defaults to one hour.
|
|
1208
1207
|
# @return [Integer]
|
|
1209
1208
|
#
|
|
1210
1209
|
# @!attribute [rw] tags
|
data/lib/aws-sdk-sts.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-core
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.172.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-05-
|
|
11
|
+
date: 2023-05-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: jmespath
|