AWS SDK for C++  1.8.71
AWS SDK for C++
Public Member Functions | Protected Member Functions | List of all members
Aws::STS::Model::AssumeRoleWithWebIdentityRequest Class Reference

#include <AssumeRoleWithWebIdentityRequest.h>

+ Inheritance diagram for Aws::STS::Model::AssumeRoleWithWebIdentityRequest:

Public Member Functions

 AssumeRoleWithWebIdentityRequest ()
 
virtual const char * GetServiceRequestName () const override
 
Aws::String SerializePayload () const override
 
const Aws::StringGetRoleArn () const
 
bool RoleArnHasBeenSet () const
 
void SetRoleArn (const Aws::String &value)
 
void SetRoleArn (Aws::String &&value)
 
void SetRoleArn (const char *value)
 
AssumeRoleWithWebIdentityRequestWithRoleArn (const Aws::String &value)
 
AssumeRoleWithWebIdentityRequestWithRoleArn (Aws::String &&value)
 
AssumeRoleWithWebIdentityRequestWithRoleArn (const char *value)
 
const Aws::StringGetRoleSessionName () const
 
bool RoleSessionNameHasBeenSet () const
 
void SetRoleSessionName (const Aws::String &value)
 
void SetRoleSessionName (Aws::String &&value)
 
void SetRoleSessionName (const char *value)
 
AssumeRoleWithWebIdentityRequestWithRoleSessionName (const Aws::String &value)
 
AssumeRoleWithWebIdentityRequestWithRoleSessionName (Aws::String &&value)
 
AssumeRoleWithWebIdentityRequestWithRoleSessionName (const char *value)
 
const Aws::StringGetWebIdentityToken () const
 
bool WebIdentityTokenHasBeenSet () const
 
void SetWebIdentityToken (const Aws::String &value)
 
void SetWebIdentityToken (Aws::String &&value)
 
void SetWebIdentityToken (const char *value)
 
AssumeRoleWithWebIdentityRequestWithWebIdentityToken (const Aws::String &value)
 
AssumeRoleWithWebIdentityRequestWithWebIdentityToken (Aws::String &&value)
 
AssumeRoleWithWebIdentityRequestWithWebIdentityToken (const char *value)
 
const Aws::StringGetProviderId () const
 
bool ProviderIdHasBeenSet () const
 
void SetProviderId (const Aws::String &value)
 
void SetProviderId (Aws::String &&value)
 
void SetProviderId (const char *value)
 
AssumeRoleWithWebIdentityRequestWithProviderId (const Aws::String &value)
 
AssumeRoleWithWebIdentityRequestWithProviderId (Aws::String &&value)
 
AssumeRoleWithWebIdentityRequestWithProviderId (const char *value)
 
const Aws::Vector< PolicyDescriptorType > & GetPolicyArns () const
 
bool PolicyArnsHasBeenSet () const
 
void SetPolicyArns (const Aws::Vector< PolicyDescriptorType > &value)
 
void SetPolicyArns (Aws::Vector< PolicyDescriptorType > &&value)
 
AssumeRoleWithWebIdentityRequestWithPolicyArns (const Aws::Vector< PolicyDescriptorType > &value)
 
AssumeRoleWithWebIdentityRequestWithPolicyArns (Aws::Vector< PolicyDescriptorType > &&value)
 
AssumeRoleWithWebIdentityRequestAddPolicyArns (const PolicyDescriptorType &value)
 
AssumeRoleWithWebIdentityRequestAddPolicyArns (PolicyDescriptorType &&value)
 
const Aws::StringGetPolicy () const
 
bool PolicyHasBeenSet () const
 
void SetPolicy (const Aws::String &value)
 
void SetPolicy (Aws::String &&value)
 
void SetPolicy (const char *value)
 
AssumeRoleWithWebIdentityRequestWithPolicy (const Aws::String &value)
 
AssumeRoleWithWebIdentityRequestWithPolicy (Aws::String &&value)
 
AssumeRoleWithWebIdentityRequestWithPolicy (const char *value)
 
int GetDurationSeconds () const
 
bool DurationSecondsHasBeenSet () const
 
void SetDurationSeconds (int value)
 
AssumeRoleWithWebIdentityRequestWithDurationSeconds (int value)
 
- Public Member Functions inherited from Aws::STS::STSRequest
virtual ~STSRequest ()
 
void AddParametersToRequest (Aws::Http::HttpRequest &httpRequest) const
 
Aws::Http::HeaderValueCollection GetHeaders () const override
 
- Public Member Functions inherited from Aws::AmazonSerializableWebServiceRequest
 AmazonSerializableWebServiceRequest ()
 
virtual ~AmazonSerializableWebServiceRequest ()
 
std::shared_ptr< Aws::IOStreamGetBody () const override
 
- Public Member Functions inherited from Aws::AmazonWebServiceRequest
 AmazonWebServiceRequest ()
 
virtual ~AmazonWebServiceRequest ()=default
 
virtual void AddQueryStringParameters (Aws::Http::URI &uri) const
 
virtual void PutToPresignedUrl (Aws::Http::URI &uri) const
 
virtual bool IsStreaming () const
 
virtual bool IsEventStreamRequest () const
 
virtual bool SignBody () const
 
virtual bool IsChunked () const
 
virtual void SetRequestSignedHandler (const RequestSignedHandler &handler)
 
virtual const RequestSignedHandlerGetRequestSignedHandler () const
 
const Aws::IOStreamFactoryGetResponseStreamFactory () const
 
void SetResponseStreamFactory (const Aws::IOStreamFactory &factory)
 
virtual void SetDataReceivedEventHandler (const Aws::Http::DataReceivedEventHandler &dataReceivedEventHandler)
 
virtual void SetDataSentEventHandler (const Aws::Http::DataSentEventHandler &dataSentEventHandler)
 
virtual void SetContinueRequestHandler (const Aws::Http::ContinueRequestHandler &continueRequestHandler)
 
virtual void SetDataReceivedEventHandler (Aws::Http::DataReceivedEventHandler &&dataReceivedEventHandler)
 
virtual void SetDataSentEventHandler (Aws::Http::DataSentEventHandler &&dataSentEventHandler)
 
virtual void SetContinueRequestHandler (Aws::Http::ContinueRequestHandler &&continueRequestHandler)
 
virtual void SetRequestRetryHandler (const RequestRetryHandler &handler)
 
virtual void SetRequestRetryHandler (RequestRetryHandler &&handler)
 
virtual const Aws::Http::DataReceivedEventHandlerGetDataReceivedEventHandler () const
 
virtual const Aws::Http::DataSentEventHandlerGetDataSentEventHandler () const
 
virtual const Aws::Http::ContinueRequestHandlerGetContinueRequestHandler () const
 
virtual const RequestRetryHandlerGetRequestRetryHandler () const
 
virtual bool ShouldComputeContentMd5 () const
 

Protected Member Functions

void DumpBodyToUrl (Aws::Http::URI &uri) const override
 
- Protected Member Functions inherited from Aws::STS::STSRequest
virtual Aws::Http::HeaderValueCollection GetRequestSpecificHeaders () const
 

Detailed Description

Definition at line 23 of file AssumeRoleWithWebIdentityRequest.h.

Constructor & Destructor Documentation

◆ AssumeRoleWithWebIdentityRequest()

Aws::STS::Model::AssumeRoleWithWebIdentityRequest::AssumeRoleWithWebIdentityRequest ( )

Member Function Documentation

◆ AddPolicyArns() [1/2]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::AddPolicyArns ( const PolicyDescriptorType value)
inline

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

Definition at line 505 of file AssumeRoleWithWebIdentityRequest.h.

◆ AddPolicyArns() [2/2]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::AddPolicyArns ( PolicyDescriptorType &&  value)
inline

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

Definition at line 531 of file AssumeRoleWithWebIdentityRequest.h.

◆ DumpBodyToUrl()

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::DumpBodyToUrl ( Aws::Http::URI uri) const
overrideprotectedvirtual

Default does nothing. Override this to convert what would otherwise be the payload of the request to a query string format.

Reimplemented from Aws::AmazonWebServiceRequest.

◆ DurationSecondsHasBeenSet()

bool Aws::STS::Model::AssumeRoleWithWebIdentityRequest::DurationSecondsHasBeenSet ( ) const
inline

The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

By default, the value is set to 3600 seconds.

The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User Guide.

Definition at line 769 of file AssumeRoleWithWebIdentityRequest.h.

◆ GetDurationSeconds()

int Aws::STS::Model::AssumeRoleWithWebIdentityRequest::GetDurationSeconds ( ) const
inline

The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

By default, the value is set to 3600 seconds.

The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User Guide.

Definition at line 747 of file AssumeRoleWithWebIdentityRequest.h.

◆ GetPolicy()

const Aws::String& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::GetPolicy ( ) const
inline

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plain text that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list ( through ). It can also include the tab (), linefeed (), and carriage return () characters.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Definition at line 556 of file AssumeRoleWithWebIdentityRequest.h.

◆ GetPolicyArns()

const Aws::Vector<PolicyDescriptorType>& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::GetPolicyArns ( ) const
inline

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

Definition at line 349 of file AssumeRoleWithWebIdentityRequest.h.

◆ GetProviderId()

const Aws::String& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::GetProviderId ( ) const
inline

The fully qualified host component of the domain name of the identity provider.

Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do not specify this value for OpenID Connect ID tokens.

Definition at line 252 of file AssumeRoleWithWebIdentityRequest.h.

◆ GetRoleArn()

const Aws::String& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::GetRoleArn ( ) const
inline

The Amazon Resource Name (ARN) of the role that the caller is assuming.

Definition at line 44 of file AssumeRoleWithWebIdentityRequest.h.

◆ GetRoleSessionName()

const Aws::String& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::GetRoleSessionName ( ) const
inline

An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.-

Definition at line 92 of file AssumeRoleWithWebIdentityRequest.h.

◆ GetServiceRequestName()

virtual const char* Aws::STS::Model::AssumeRoleWithWebIdentityRequest::GetServiceRequestName ( ) const
inlineoverridevirtual

Implements Aws::AmazonWebServiceRequest.

Definition at line 32 of file AssumeRoleWithWebIdentityRequest.h.

◆ GetWebIdentityToken()

const Aws::String& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::GetWebIdentityToken ( ) const
inline

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

Definition at line 185 of file AssumeRoleWithWebIdentityRequest.h.

◆ PolicyArnsHasBeenSet()

bool Aws::STS::Model::AssumeRoleWithWebIdentityRequest::PolicyArnsHasBeenSet ( ) const
inline

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

Definition at line 375 of file AssumeRoleWithWebIdentityRequest.h.

◆ PolicyHasBeenSet()

bool Aws::STS::Model::AssumeRoleWithWebIdentityRequest::PolicyHasBeenSet ( ) const
inline

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plain text that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list ( through ). It can also include the tab (), linefeed (), and carriage return () characters.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Definition at line 580 of file AssumeRoleWithWebIdentityRequest.h.

◆ ProviderIdHasBeenSet()

bool Aws::STS::Model::AssumeRoleWithWebIdentityRequest::ProviderIdHasBeenSet ( ) const
inline

The fully qualified host component of the domain name of the identity provider.

Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do not specify this value for OpenID Connect ID tokens.

Definition at line 262 of file AssumeRoleWithWebIdentityRequest.h.

◆ RoleArnHasBeenSet()

bool Aws::STS::Model::AssumeRoleWithWebIdentityRequest::RoleArnHasBeenSet ( ) const
inline

The Amazon Resource Name (ARN) of the role that the caller is assuming.

Definition at line 49 of file AssumeRoleWithWebIdentityRequest.h.

◆ RoleSessionNameHasBeenSet()

bool Aws::STS::Model::AssumeRoleWithWebIdentityRequest::RoleSessionNameHasBeenSet ( ) const
inline

An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.-

Definition at line 104 of file AssumeRoleWithWebIdentityRequest.h.

◆ SerializePayload()

Aws::String Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SerializePayload ( ) const
overridevirtual

Convert payload into String.

Implements Aws::AmazonSerializableWebServiceRequest.

◆ SetDurationSeconds()

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetDurationSeconds ( int  value)
inline

The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

By default, the value is set to 3600 seconds.

The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User Guide.

Definition at line 791 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetPolicy() [1/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetPolicy ( const Aws::String value)
inline

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plain text that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list ( through ). It can also include the tab (), linefeed (), and carriage return () characters.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Definition at line 604 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetPolicy() [2/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetPolicy ( Aws::String &&  value)
inline

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plain text that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list ( through ). It can also include the tab (), linefeed (), and carriage return () characters.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Definition at line 628 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetPolicy() [3/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetPolicy ( const char *  value)
inline

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plain text that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list ( through ). It can also include the tab (), linefeed (), and carriage return () characters.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Definition at line 652 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetPolicyArns() [1/2]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetPolicyArns ( const Aws::Vector< PolicyDescriptorType > &  value)
inline

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

Definition at line 401 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetPolicyArns() [2/2]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetPolicyArns ( Aws::Vector< PolicyDescriptorType > &&  value)
inline

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

Definition at line 427 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetProviderId() [1/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetProviderId ( const Aws::String value)
inline

The fully qualified host component of the domain name of the identity provider.

Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do not specify this value for OpenID Connect ID tokens.

Definition at line 272 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetProviderId() [2/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetProviderId ( Aws::String &&  value)
inline

The fully qualified host component of the domain name of the identity provider.

Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do not specify this value for OpenID Connect ID tokens.

Definition at line 282 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetProviderId() [3/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetProviderId ( const char *  value)
inline

The fully qualified host component of the domain name of the identity provider.

Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do not specify this value for OpenID Connect ID tokens.

Definition at line 292 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetRoleArn() [1/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetRoleArn ( const Aws::String value)
inline

The Amazon Resource Name (ARN) of the role that the caller is assuming.

Definition at line 54 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetRoleArn() [2/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetRoleArn ( Aws::String &&  value)
inline

The Amazon Resource Name (ARN) of the role that the caller is assuming.

Definition at line 59 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetRoleArn() [3/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetRoleArn ( const char *  value)
inline

The Amazon Resource Name (ARN) of the role that the caller is assuming.

Definition at line 64 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetRoleSessionName() [1/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetRoleSessionName ( const Aws::String value)
inline

An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.-

Definition at line 116 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetRoleSessionName() [2/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetRoleSessionName ( Aws::String &&  value)
inline

An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.-

Definition at line 128 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetRoleSessionName() [3/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetRoleSessionName ( const char *  value)
inline

An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.-

Definition at line 140 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetWebIdentityToken() [1/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetWebIdentityToken ( const Aws::String value)
inline

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

Definition at line 201 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetWebIdentityToken() [2/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetWebIdentityToken ( Aws::String &&  value)
inline

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

Definition at line 209 of file AssumeRoleWithWebIdentityRequest.h.

◆ SetWebIdentityToken() [3/3]

void Aws::STS::Model::AssumeRoleWithWebIdentityRequest::SetWebIdentityToken ( const char *  value)
inline

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

Definition at line 217 of file AssumeRoleWithWebIdentityRequest.h.

◆ WebIdentityTokenHasBeenSet()

bool Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WebIdentityTokenHasBeenSet ( ) const
inline

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

Definition at line 193 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithDurationSeconds()

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithDurationSeconds ( int  value)
inline

The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

By default, the value is set to 3600 seconds.

The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User Guide.

Definition at line 813 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithPolicy() [1/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithPolicy ( const Aws::String value)
inline

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plain text that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list ( through ). It can also include the tab (), linefeed (), and carriage return () characters.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Definition at line 676 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithPolicy() [2/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithPolicy ( Aws::String &&  value)
inline

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plain text that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list ( through ). It can also include the tab (), linefeed (), and carriage return () characters.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Definition at line 700 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithPolicy() [3/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithPolicy ( const char *  value)
inline

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plain text that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list ( through ). It can also include the tab (), linefeed (), and carriage return () characters.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Definition at line 724 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithPolicyArns() [1/2]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithPolicyArns ( const Aws::Vector< PolicyDescriptorType > &  value)
inline

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

Definition at line 453 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithPolicyArns() [2/2]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithPolicyArns ( Aws::Vector< PolicyDescriptorType > &&  value)
inline

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plain text that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plain text meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

Definition at line 479 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithProviderId() [1/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithProviderId ( const Aws::String value)
inline

The fully qualified host component of the domain name of the identity provider.

Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do not specify this value for OpenID Connect ID tokens.

Definition at line 302 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithProviderId() [2/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithProviderId ( Aws::String &&  value)
inline

The fully qualified host component of the domain name of the identity provider.

Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do not specify this value for OpenID Connect ID tokens.

Definition at line 312 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithProviderId() [3/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithProviderId ( const char *  value)
inline

The fully qualified host component of the domain name of the identity provider.

Specify this value only for OAuth 2.0 access tokens. Currently www.amazon.com and graph.facebook.com are the only supported identity providers for OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do not specify this value for OpenID Connect ID tokens.

Definition at line 322 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithRoleArn() [1/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithRoleArn ( const Aws::String value)
inline

The Amazon Resource Name (ARN) of the role that the caller is assuming.

Definition at line 69 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithRoleArn() [2/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithRoleArn ( Aws::String &&  value)
inline

The Amazon Resource Name (ARN) of the role that the caller is assuming.

Definition at line 74 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithRoleArn() [3/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithRoleArn ( const char *  value)
inline

The Amazon Resource Name (ARN) of the role that the caller is assuming.

Definition at line 79 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithRoleSessionName() [1/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithRoleSessionName ( const Aws::String value)
inline

An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.-

Definition at line 152 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithRoleSessionName() [2/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithRoleSessionName ( Aws::String &&  value)
inline

An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.-

Definition at line 164 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithRoleSessionName() [3/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithRoleSessionName ( const char *  value)
inline

An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.-

Definition at line 176 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithWebIdentityToken() [1/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithWebIdentityToken ( const Aws::String value)
inline

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

Definition at line 225 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithWebIdentityToken() [2/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithWebIdentityToken ( Aws::String &&  value)
inline

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

Definition at line 233 of file AssumeRoleWithWebIdentityRequest.h.

◆ WithWebIdentityToken() [3/3]

AssumeRoleWithWebIdentityRequest& Aws::STS::Model::AssumeRoleWithWebIdentityRequest::WithWebIdentityToken ( const char *  value)
inline

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

Definition at line 241 of file AssumeRoleWithWebIdentityRequest.h.


The documentation for this class was generated from the following file: