Package-level declarations

The identifiers for the temporary security credentials that the operation returns.

Contains the response to a successful AssumeRole request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.

Contains the response to a successful AssumeRoleWithSAML request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.

Contains the response to a successful AssumeRoleWithWebIdentity request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.

Amazon Web Services credentials for API authentication.

A document that contains additional information about the authorization status of a request from an encoded message that is returned in response to an Amazon Web Services request.

The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request.

Identifiers for the federated user that is associated with the credentials.

Contains the response to a successful GetCallerIdentity request, including information about the entity making the request.

Contains the response to a successful GetFederationToken request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.

Contains the response to a successful GetSessionToken request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.

The request could not be fulfilled because the identity provider (IDP) that was asked to verify the incoming identity token could not be reached. This is often a transient error caused by network conditions. Retry the request a limited number of times so that you don't exceed the request rate. If the error persists, the identity provider might be down or not responding.

The identity provider (IdP) reported that authentication failed. This might be because the claim is invalid.

The error returned if the message passed to DecodeAuthorizationMessage was invalid. This can happen if the token contains invalid characters, such as line breaks, or if the message has expired.

The web identity token that was passed could not be validated by Amazon Web Services. Get a new identity token from the identity provider and then retry the request.

The request was rejected because the policy document was malformed. The error message describes the specific error.

The request was rejected because the total packed size of the session policies and session tags combined was too large. An Amazon Web Services conversion compresses the session policy document, session policy ARNs, and session tags into a packed binary format that has a separate limit. The error message indicates by percentage how close the policies and tags are to the upper size limit. For more information, see Passing Session Tags in STS in the IAM User Guide.

A reference to the IAM managed policy that is passed as a session policy for a role session or a federated user session.

Contains information about the provided context. This includes the signed and encrypted trusted context assertion and the context provider ARN from which the trusted context assertion was generated.

STS is not activated in the requested region for the account that is being asked to generate credentials. The account administrator must use the IAM console to activate STS in that region. For more information, see Activating and Deactivating STS in an Amazon Web Services Region in the IAM User Guide.

Base class for all service related exceptions thrown by the Sts client

You can pass custom key-value pair attributes when you assume a role or federate a user. These are called session tags. You can then use the session tags to control access to resources. For more information, see Tagging Amazon Web Services STS Sessions in the IAM User Guide.