aws-sdk-core 3.17.1 → 3.18.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 3834a91fd34cf67522b12ccffdcb4ee82490e783
4
- data.tar.gz: 1d45e74699a975ab89b5233efcbf819111b6e360
3
+ metadata.gz: c2ae7ca81288c6143ec77918a7c61b3cf6e447ab
4
+ data.tar.gz: d07b54378f5ed3a5360720044fa41de21816e435
5
5
  SHA512:
6
- metadata.gz: 2712a378665cd3c7f950b4f6e51214ed62a65e7f2140b31c80b359dd14818cd9a05e15fa9462c815da1b744593c63bcb6b7ad31b214373d14e6db6d0696ed4be
7
- data.tar.gz: 1136c730ab97ae75bfcd373361d6a6c8c25ae13e5c2a4a9a7388823f3b8e13fac1ead9e781e3fd9644f1a62ab5dfff8fd1a8b023531521457eab81fbef764f7a
6
+ metadata.gz: b1b234195ab3a435504d69ec542ad221e14d1f40239d3f3e395e441c66b81126e0b0363733ce170a8cbe9d452a50dd4e14bc7de602f7bb1582778924083220fe
7
+ data.tar.gz: 1c14e90c4a573ed198cd84e0379635cc724a7aa70004b9e773648ab809139043f45cab347df1f0a6767453a526c45591b42fdb2753dc2762e4e3cbec64907482
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.17.1
1
+ 3.18.0
@@ -40,6 +40,6 @@ require_relative 'aws-sdk-sts/customizations'
40
40
  # @service
41
41
  module Aws::STS
42
42
 
43
- GEM_VERSION = '3.17.1'
43
+ GEM_VERSION = '3.18.0'
44
44
 
45
45
  end
@@ -180,9 +180,18 @@ module Aws::STS
180
180
  # information, see [Common Scenarios for Temporary Credentials][4] in
181
181
  # the *IAM User Guide*.
182
182
  #
183
- # The temporary security credentials are valid for the duration that you
184
- # specified when calling `AssumeRole`, which can be from 900 seconds (15
185
- # minutes) to a maximum of 3600 seconds (1 hour). The default is 1 hour.
183
+ # By default, the temporary security credentials created by `AssumeRole`
184
+ # last for one hour. However, you can use the optional `DurationSeconds`
185
+ # parameter to specify the duration of your session. You can provide a
186
+ # value from 900 seconds (15 minutes) up to the maximum session duration
187
+ # setting for the role. This setting can have a value from 1 hour to 12
188
+ # hours. To learn how to view the maximum value for your role, see [View
189
+ # the Maximum Session Duration Setting for a Role][5] in the *IAM User
190
+ # Guide*. The maximum session duration limit applies when you use the
191
+ # `AssumeRole*` API operations or the `assume-role*` CLI operations but
192
+ # does not apply when you use those operations to create a console URL.
193
+ # For more information, see [Using IAM Roles][6] in the *IAM User
194
+ # Guide*.
186
195
  #
187
196
  # The temporary security credentials created by `AssumeRole` can be used
188
197
  # to make API calls to any AWS service with the following exception: you
@@ -201,7 +210,7 @@ module Aws::STS
201
210
  # credentials. You cannot use the passed policy to grant permissions
202
211
  # that are in excess of those allowed by the access policy of the role
203
212
  # that is being assumed. For more information, see [Permissions for
204
- # AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity][5] in
213
+ # AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity][7] in
205
214
  # the *IAM User Guide*.
206
215
  #
207
216
  # To assume a role, your AWS account must be trusted by the role. The
@@ -220,7 +229,7 @@ module Aws::STS
220
229
  # trust policy acts as the only resource-based policy in IAM, and users
221
230
  # in the same account as the role do not need explicit permission to
222
231
  # assume the role. For more information about trust policies and
223
- # resource-based policies, see [IAM Policies][6] in the *IAM User
232
+ # resource-based policies, see [IAM Policies][8] in the *IAM User
224
233
  # Guide*.
225
234
  #
226
235
  # **Using MFA with AssumeRole**
@@ -237,7 +246,7 @@ module Aws::STS
237
246
  #
238
247
  # `"Condition": \{"Bool": \{"aws:MultiFactorAuthPresent": true\}\}`
239
248
  #
240
- # For more information, see [Configuring MFA-Protected API Access][7] in
249
+ # For more information, see [Configuring MFA-Protected API Access][9] in
241
250
  # the *IAM User Guide* guide.
242
251
  #
243
252
  # To use MFA with `AssumeRole`, you pass values for the `SerialNumber`
@@ -251,9 +260,11 @@ module Aws::STS
251
260
  # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
252
261
  # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html
253
262
  # [4]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html#sts-introduction
254
- # [5]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html
255
- # [6]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
256
- # [7]: http://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html
263
+ # [5]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
264
+ # [6]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
265
+ # [7]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html
266
+ # [8]: http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
267
+ # [9]: http://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html
257
268
  #
258
269
  # @option params [required, String] :role_arn
259
270
  # The Amazon Resource Name (ARN) of the role to assume.
@@ -310,22 +321,31 @@ module Aws::STS
310
321
  #
311
322
  # @option params [Integer] :duration_seconds
312
323
  # The duration, in seconds, of the role session. The value can range
313
- # from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default,
314
- # the value is set to 3600 seconds.
324
+ # from 900 seconds (15 minutes) up to the maximum session duration
325
+ # setting for the role. This setting can have a value from 1 hour to 12
326
+ # hours. If you specify a value higher than this setting, the operation
327
+ # fails. For example, if you specify a session duration of 12 hours, but
328
+ # your administrator set the maximum session duration to 6 hours, your
329
+ # operation fails. To learn how to view the maximum value for your role,
330
+ # see [View the Maximum Session Duration Setting for a Role][1] in the
331
+ # *IAM User Guide*.
332
+ #
333
+ # By default, the value is set to 3600 seconds.
315
334
  #
316
- # <note markdown="1"> This is separate from the duration of a console session that you might
317
- # request using the returned credentials. The request to the federation
318
- # endpoint for a console sign-in token takes a `SessionDuration`
319
- # parameter that specifies the maximum length of the console session,
320
- # separately from the `DurationSeconds` parameter on this API. For more
321
- # information, see [Creating a URL that Enables Federated Users to
322
- # Access the AWS Management Console][1] in the *IAM User Guide*.
335
+ # <note markdown="1"> The `DurationSeconds` parameter is separate from the duration of a
336
+ # console session that you might request using the returned credentials.
337
+ # The request to the federation endpoint for a console sign-in token
338
+ # takes a `SessionDuration` parameter that specifies the maximum length
339
+ # of the console session. For more information, see [Creating a URL that
340
+ # Enables Federated Users to Access the AWS Management Console][2] in
341
+ # the *IAM User Guide*.
323
342
  #
324
343
  # </note>
325
344
  #
326
345
  #
327
346
  #
328
- # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
347
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
348
+ # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
329
349
  #
330
350
  # @option params [String] :external_id
331
351
  # A unique identifier that is used by third parties when assuming roles
@@ -449,11 +469,21 @@ module Aws::STS
449
469
  # Applications can use these temporary security credentials to sign
450
470
  # calls to AWS services.
451
471
  #
452
- # The temporary security credentials are valid for the duration that you
453
- # specified when calling `AssumeRole`, or until the time specified in
454
- # the SAML authentication response's `SessionNotOnOrAfter` value,
455
- # whichever is shorter. The duration can be from 900 seconds (15
456
- # minutes) to a maximum of 3600 seconds (1 hour). The default is 1 hour.
472
+ # By default, the temporary security credentials created by
473
+ # `AssumeRoleWithSAML` last for one hour. However, you can use the
474
+ # optional `DurationSeconds` parameter to specify the duration of your
475
+ # session. Your role session lasts for the duration that you specify, or
476
+ # until the time specified in the SAML authentication response's
477
+ # `SessionNotOnOrAfter` value, whichever is shorter. You can provide a
478
+ # `DurationSeconds` value from 900 seconds (15 minutes) up to the
479
+ # maximum session duration setting for the role. This setting can have a
480
+ # value from 1 hour to 12 hours. To learn how to view the maximum value
481
+ # for your role, see [View the Maximum Session Duration Setting for a
482
+ # Role][3] in the *IAM User Guide*. The maximum session duration limit
483
+ # applies when you use the `AssumeRole*` API operations or the
484
+ # `assume-role*` CLI operations but does not apply when you use those
485
+ # operations to create a console URL. For more information, see [Using
486
+ # IAM Roles][4] in the *IAM User Guide*.
457
487
  #
458
488
  # The temporary security credentials created by `AssumeRoleWithSAML` can
459
489
  # be used to make API calls to any AWS service with the following
@@ -474,7 +504,7 @@ module Aws::STS
474
504
  # passed policy to grant permissions that are in excess of those allowed
475
505
  # by the access policy of the role that is being assumed. For more
476
506
  # information, see [Permissions for AssumeRole, AssumeRoleWithSAML, and
477
- # AssumeRoleWithWebIdentity][3] in the *IAM User Guide*.
507
+ # AssumeRoleWithWebIdentity][5] in the *IAM User Guide*.
478
508
  #
479
509
  # Before your application can call `AssumeRoleWithSAML`, you must
480
510
  # configure your SAML identity provider (IdP) to issue the claims
@@ -497,24 +527,26 @@ module Aws::STS
497
527
  #
498
528
  # For more information, see the following resources:
499
529
  #
500
- # * [About SAML 2.0-based Federation][4] in the *IAM User Guide*.
530
+ # * [About SAML 2.0-based Federation][6] in the *IAM User Guide*.
501
531
  #
502
- # * [Creating SAML Identity Providers][5] in the *IAM User Guide*.
532
+ # * [Creating SAML Identity Providers][7] in the *IAM User Guide*.
503
533
  #
504
- # * [Configuring a Relying Party and Claims][6] in the *IAM User Guide*.
534
+ # * [Configuring a Relying Party and Claims][8] in the *IAM User Guide*.
505
535
  #
506
- # * [Creating a Role for SAML 2.0 Federation][7] in the *IAM User
536
+ # * [Creating a Role for SAML 2.0 Federation][9] in the *IAM User
507
537
  # Guide*.
508
538
  #
509
539
  #
510
540
  #
511
541
  # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
512
542
  # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
513
- # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html
514
- # [4]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
515
- # [5]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html
516
- # [6]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html
517
- # [7]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html
543
+ # [3]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
544
+ # [4]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
545
+ # [5]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html
546
+ # [6]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
547
+ # [7]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html
548
+ # [8]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html
549
+ # [9]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html
518
550
  #
519
551
  # @option params [required, String] :role_arn
520
552
  # The Amazon Resource Name (ARN) of the role that the caller is
@@ -568,25 +600,35 @@ module Aws::STS
568
600
  # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html
569
601
  #
570
602
  # @option params [Integer] :duration_seconds
571
- # The duration, in seconds, of the role session. The value can range
572
- # from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default,
573
- # the value is set to 3600 seconds. An expiration can also be specified
574
- # in the SAML authentication response's `SessionNotOnOrAfter` value.
575
- # The actual expiration time is whichever value is shorter.
576
- #
577
- # <note markdown="1"> This is separate from the duration of a console session that you might
578
- # request using the returned credentials. The request to the federation
579
- # endpoint for a console sign-in token takes a `SessionDuration`
580
- # parameter that specifies the maximum length of the console session,
581
- # separately from the `DurationSeconds` parameter on this API. For more
582
- # information, see [Enabling SAML 2.0 Federated Users to Access the AWS
583
- # Management Console][1] in the *IAM User Guide*.
603
+ # The duration, in seconds, of the role session. Your role session lasts
604
+ # for the duration that you specify for the `DurationSeconds` parameter,
605
+ # or until the time specified in the SAML authentication response's
606
+ # `SessionNotOnOrAfter` value, whichever is shorter. You can provide a
607
+ # `DurationSeconds` value from 900 seconds (15 minutes) up to the
608
+ # maximum session duration setting for the role. This setting can have a
609
+ # value from 1 hour to 12 hours. If you specify a value higher than this
610
+ # setting, the operation fails. For example, if you specify a session
611
+ # duration of 12 hours, but your administrator set the maximum session
612
+ # duration to 6 hours, your operation fails. To learn how to view the
613
+ # maximum value for your role, see [View the Maximum Session Duration
614
+ # Setting for a Role][1] in the *IAM User Guide*.
615
+ #
616
+ # By default, the value is set to 3600 seconds.
617
+ #
618
+ # <note markdown="1"> The `DurationSeconds` parameter is separate from the duration of a
619
+ # console session that you might request using the returned credentials.
620
+ # The request to the federation endpoint for a console sign-in token
621
+ # takes a `SessionDuration` parameter that specifies the maximum length
622
+ # of the console session. For more information, see [Creating a URL that
623
+ # Enables Federated Users to Access the AWS Management Console][2] in
624
+ # the *IAM User Guide*.
584
625
  #
585
626
  # </note>
586
627
  #
587
628
  #
588
629
  #
589
- # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html
630
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
631
+ # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
590
632
  #
591
633
  # @return [Types::AssumeRoleWithSAMLResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
592
634
  #
@@ -666,9 +708,18 @@ module Aws::STS
666
708
  # can use these temporary security credentials to sign calls to AWS
667
709
  # service APIs.
668
710
  #
669
- # The credentials are valid for the duration that you specified when
670
- # calling `AssumeRoleWithWebIdentity`, which can be from 900 seconds (15
671
- # minutes) to a maximum of 3600 seconds (1 hour). The default is 1 hour.
711
+ # By default, the temporary security credentials created by
712
+ # `AssumeRoleWithWebIdentity` last for one hour. However, you can use
713
+ # the optional `DurationSeconds` parameter to specify the duration of
714
+ # your session. You can provide a value from 900 seconds (15 minutes) up
715
+ # to the maximum session duration setting for the role. This setting can
716
+ # have a value from 1 hour to 12 hours. To learn how to view the maximum
717
+ # value for your role, see [View the Maximum Session Duration Setting
718
+ # for a Role][7] in the *IAM User Guide*. The maximum session duration
719
+ # limit applies when you use the `AssumeRole*` API operations or the
720
+ # `assume-role*` CLI operations but does not apply when you use those
721
+ # operations to create a console URL. For more information, see [Using
722
+ # IAM Roles][8] in the *IAM User Guide*.
672
723
  #
673
724
  # The temporary security credentials created by
674
725
  # `AssumeRoleWithWebIdentity` can be used to make API calls to any AWS
@@ -687,7 +738,7 @@ module Aws::STS
687
738
  # credentials. You cannot use the passed policy to grant permissions
688
739
  # that are in excess of those allowed by the access policy of the role
689
740
  # that is being assumed. For more information, see [Permissions for
690
- # AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity][7] in
741
+ # AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity][9] in
691
742
  # the *IAM User Guide*.
692
743
  #
693
744
  # Before your application can call `AssumeRoleWithWebIdentity`, you must
@@ -698,19 +749,19 @@ module Aws::STS
698
749
  # specified in the role's trust policy.
699
750
  #
700
751
  # Calling `AssumeRoleWithWebIdentity` can result in an entry in your AWS
701
- # CloudTrail logs. The entry includes the [Subject][8] of the provided
752
+ # CloudTrail logs. The entry includes the [Subject][10] of the provided
702
753
  # Web Identity Token. We recommend that you avoid using any personally
703
754
  # identifiable information (PII) in this field. For example, you could
704
755
  # instead use a GUID or a pairwise identifier, as [suggested in the OIDC
705
- # specification][9].
756
+ # specification][11].
706
757
  #
707
758
  # For more information about how to use web identity federation and the
708
759
  # `AssumeRoleWithWebIdentity` API, see the following resources:
709
760
  #
710
- # * [Using Web Identity Federation APIs for Mobile Apps][10] and
711
- # [Federation Through a Web-based Identity Provider][11].
761
+ # * [Using Web Identity Federation APIs for Mobile Apps][12] and
762
+ # [Federation Through a Web-based Identity Provider][13].
712
763
  #
713
- # * [ Web Identity Federation Playground][12]. This interactive website
764
+ # * [ Web Identity Federation Playground][14]. This interactive website
714
765
  # lets you walk through the process of authenticating via Login with
715
766
  # Amazon, Facebook, or Google, getting temporary security credentials,
716
767
  # and then using those credentials to make a request to AWS.
@@ -720,7 +771,7 @@ module Aws::STS
720
771
  # and then how to use the information from these providers to get and
721
772
  # use temporary security credentials.
722
773
  #
723
- # * [Web Identity Federation with Mobile Applications][13]. This article
774
+ # * [Web Identity Federation with Mobile Applications][15]. This article
724
775
  # discusses web identity federation and shows an example of how to use
725
776
  # web identity federation to get access to content in Amazon S3.
726
777
  #
@@ -732,13 +783,15 @@ module Aws::STS
732
783
  # [4]: http://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664
733
784
  # [5]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html
734
785
  # [6]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison
735
- # [7]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html
736
- # [8]: http://openid.net/specs/openid-connect-core-1_0.html#Claims
737
- # [9]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
738
- # [10]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html
739
- # [11]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
740
- # [12]: https://web-identity-federation-playground.s3.amazonaws.com/index.html
741
- # [13]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications
786
+ # [7]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
787
+ # [8]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
788
+ # [9]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html
789
+ # [10]: http://openid.net/specs/openid-connect-core-1_0.html#Claims
790
+ # [11]: http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes
791
+ # [12]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html
792
+ # [13]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity
793
+ # [14]: https://web-identity-federation-playground.s3.amazonaws.com/index.html
794
+ # [15]: http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications
742
795
  #
743
796
  # @option params [required, String] :role_arn
744
797
  # The Amazon Resource Name (ARN) of the role that the caller is
@@ -810,22 +863,31 @@ module Aws::STS
810
863
  #
811
864
  # @option params [Integer] :duration_seconds
812
865
  # The duration, in seconds, of the role session. The value can range
813
- # from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default,
814
- # the value is set to 3600 seconds.
866
+ # from 900 seconds (15 minutes) up to the maximum session duration
867
+ # setting for the role. This setting can have a value from 1 hour to 12
868
+ # hours. If you specify a value higher than this setting, the operation
869
+ # fails. For example, if you specify a session duration of 12 hours, but
870
+ # your administrator set the maximum session duration to 6 hours, your
871
+ # operation fails. To learn how to view the maximum value for your role,
872
+ # see [View the Maximum Session Duration Setting for a Role][1] in the
873
+ # *IAM User Guide*.
874
+ #
875
+ # By default, the value is set to 3600 seconds.
815
876
  #
816
- # <note markdown="1"> This is separate from the duration of a console session that you might
817
- # request using the returned credentials. The request to the federation
818
- # endpoint for a console sign-in token takes a `SessionDuration`
819
- # parameter that specifies the maximum length of the console session,
820
- # separately from the `DurationSeconds` parameter on this API. For more
821
- # information, see [Creating a URL that Enables Federated Users to
822
- # Access the AWS Management Console][1] in the *IAM User Guide*.
877
+ # <note markdown="1"> The `DurationSeconds` parameter is separate from the duration of a
878
+ # console session that you might request using the returned credentials.
879
+ # The request to the federation endpoint for a console sign-in token
880
+ # takes a `SessionDuration` parameter that specifies the maximum length
881
+ # of the console session. For more information, see [Creating a URL that
882
+ # Enables Federated Users to Access the AWS Management Console][2] in
883
+ # the *IAM User Guide*.
823
884
  #
824
885
  # </note>
825
886
  #
826
887
  #
827
888
  #
828
- # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
889
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
890
+ # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
829
891
  #
830
892
  # @return [Types::AssumeRoleWithWebIdentityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
831
893
  #
@@ -1413,7 +1475,7 @@ module Aws::STS
1413
1475
  params: params,
1414
1476
  config: config)
1415
1477
  context[:gem_name] = 'aws-sdk-core'
1416
- context[:gem_version] = '3.17.1'
1478
+ context[:gem_version] = '3.18.0'
1417
1479
  Seahorse::Client::Request.new(handlers, context)
1418
1480
  end
1419
1481
 
@@ -80,23 +80,31 @@ module Aws::STS
80
80
  #
81
81
  # @!attribute [rw] duration_seconds
82
82
  # The duration, in seconds, of the role session. The value can range
83
- # from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default,
84
- # the value is set to 3600 seconds.
85
- #
86
- # <note markdown="1"> This is separate from the duration of a console session that you
87
- # might request using the returned credentials. The request to the
88
- # federation endpoint for a console sign-in token takes a
89
- # `SessionDuration` parameter that specifies the maximum length of the
90
- # console session, separately from the `DurationSeconds` parameter on
91
- # this API. For more information, see [Creating a URL that Enables
92
- # Federated Users to Access the AWS Management Console][1] in the *IAM
93
- # User Guide*.
83
+ # from 900 seconds (15 minutes) up to the maximum session duration
84
+ # setting for the role. This setting can have a value from 1 hour to
85
+ # 12 hours. If you specify a value higher than this setting, the
86
+ # operation fails. For example, if you specify a session duration of
87
+ # 12 hours, but your administrator set the maximum session duration to
88
+ # 6 hours, your operation fails. To learn how to view the maximum
89
+ # value for your role, see [View the Maximum Session Duration Setting
90
+ # for a Role][1] in the *IAM User Guide*.
91
+ #
92
+ # By default, the value is set to 3600 seconds.
93
+ #
94
+ # <note markdown="1"> The `DurationSeconds` parameter is separate from the duration of a
95
+ # console session that you might request using the returned
96
+ # credentials. The request to the federation endpoint for a console
97
+ # sign-in token takes a `SessionDuration` parameter that specifies the
98
+ # maximum length of the console session. For more information, see
99
+ # [Creating a URL that Enables Federated Users to Access the AWS
100
+ # Management Console][2] in the *IAM User Guide*.
94
101
  #
95
102
  # </note>
96
103
  #
97
104
  #
98
105
  #
99
- # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
106
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
107
+ # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
100
108
  # @return [Integer]
101
109
  #
102
110
  # @!attribute [rw] external_id
@@ -266,27 +274,36 @@ module Aws::STS
266
274
  # @return [String]
267
275
  #
268
276
  # @!attribute [rw] duration_seconds
269
- # The duration, in seconds, of the role session. The value can range
270
- # from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default,
271
- # the value is set to 3600 seconds. An expiration can also be
272
- # specified in the SAML authentication response's
273
- # `SessionNotOnOrAfter` value. The actual expiration time is whichever
274
- # value is shorter.
275
- #
276
- # <note markdown="1"> This is separate from the duration of a console session that you
277
- # might request using the returned credentials. The request to the
278
- # federation endpoint for a console sign-in token takes a
279
- # `SessionDuration` parameter that specifies the maximum length of the
280
- # console session, separately from the `DurationSeconds` parameter on
281
- # this API. For more information, see [Enabling SAML 2.0 Federated
282
- # Users to Access the AWS Management Console][1] in the *IAM User
277
+ # The duration, in seconds, of the role session. Your role session
278
+ # lasts for the duration that you specify for the `DurationSeconds`
279
+ # parameter, or until the time specified in the SAML authentication
280
+ # response's `SessionNotOnOrAfter` value, whichever is shorter. You
281
+ # can provide a `DurationSeconds` value from 900 seconds (15 minutes)
282
+ # up to the maximum session duration setting for the role. This
283
+ # setting can have a value from 1 hour to 12 hours. If you specify a
284
+ # value higher than this setting, the operation fails. For example, if
285
+ # you specify a session duration of 12 hours, but your administrator
286
+ # set the maximum session duration to 6 hours, your operation fails.
287
+ # To learn how to view the maximum value for your role, see [View the
288
+ # Maximum Session Duration Setting for a Role][1] in the *IAM User
283
289
  # Guide*.
284
290
  #
291
+ # By default, the value is set to 3600 seconds.
292
+ #
293
+ # <note markdown="1"> The `DurationSeconds` parameter is separate from the duration of a
294
+ # console session that you might request using the returned
295
+ # credentials. The request to the federation endpoint for a console
296
+ # sign-in token takes a `SessionDuration` parameter that specifies the
297
+ # maximum length of the console session. For more information, see
298
+ # [Creating a URL that Enables Federated Users to Access the AWS
299
+ # Management Console][2] in the *IAM User Guide*.
300
+ #
285
301
  # </note>
286
302
  #
287
303
  #
288
304
  #
289
- # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html
305
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
306
+ # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
290
307
  # @return [Integer]
291
308
  #
292
309
  # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAMLRequest AWS API Documentation
@@ -466,23 +483,31 @@ module Aws::STS
466
483
  #
467
484
  # @!attribute [rw] duration_seconds
468
485
  # The duration, in seconds, of the role session. The value can range
469
- # from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default,
470
- # the value is set to 3600 seconds.
471
- #
472
- # <note markdown="1"> This is separate from the duration of a console session that you
473
- # might request using the returned credentials. The request to the
474
- # federation endpoint for a console sign-in token takes a
475
- # `SessionDuration` parameter that specifies the maximum length of the
476
- # console session, separately from the `DurationSeconds` parameter on
477
- # this API. For more information, see [Creating a URL that Enables
478
- # Federated Users to Access the AWS Management Console][1] in the *IAM
479
- # User Guide*.
486
+ # from 900 seconds (15 minutes) up to the maximum session duration
487
+ # setting for the role. This setting can have a value from 1 hour to
488
+ # 12 hours. If you specify a value higher than this setting, the
489
+ # operation fails. For example, if you specify a session duration of
490
+ # 12 hours, but your administrator set the maximum session duration to
491
+ # 6 hours, your operation fails. To learn how to view the maximum
492
+ # value for your role, see [View the Maximum Session Duration Setting
493
+ # for a Role][1] in the *IAM User Guide*.
494
+ #
495
+ # By default, the value is set to 3600 seconds.
496
+ #
497
+ # <note markdown="1"> The `DurationSeconds` parameter is separate from the duration of a
498
+ # console session that you might request using the returned
499
+ # credentials. The request to the federation endpoint for a console
500
+ # sign-in token takes a `SessionDuration` parameter that specifies the
501
+ # maximum length of the console session. For more information, see
502
+ # [Creating a URL that Enables Federated Users to Access the AWS
503
+ # Management Console][2] in the *IAM User Guide*.
480
504
  #
481
505
  # </note>
482
506
  #
483
507
  #
484
508
  #
485
- # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
509
+ # [1]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
510
+ # [2]: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
486
511
  # @return [Integer]
487
512
  #
488
513
  # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentityRequest AWS API Documentation
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.17.1
4
+ version: 3.18.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-03-20 00:00:00.000000000 Z
11
+ date: 2018-03-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: jmespath