@ -1,11 +1,11 @@
// THIS FILE IS AUTOMATICALLY GENERATED . DO NOT EDIT.
// Code generated by private/model/cli/gen-api/main.go . DO NOT EDIT.
// Package sts provides a client for AWS Security Token Service.
package sts
import (
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awsutil"
"github.com/aws/aws-sdk-go/aws/request"
)
@ -14,19 +14,18 @@ const opAssumeRole = "AssumeRole"
// AssumeRoleRequest generates a "aws/request.Request" representing the
// client's request for the AssumeRole operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called .
// value will be populated with the request's response once the request completes
// successfuly .
//
// See AssumeRole for usage and error information.
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the AssumeRole method directly
// instead.
// See AssumeRole for more information on using the AssumeRole
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's reque st lifecycle. Such as custom h eaders, or retry logic .
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
// // Example sending a request using the AssumeRoleRequest method.
// req, resp := client.AssumeRoleRequest(params)
@ -36,6 +35,7 @@ const opAssumeRole = "AssumeRole"
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
func ( c * STS ) AssumeRoleRequest ( input * AssumeRoleInput ) ( req * request . Request , output * AssumeRoleOutput ) {
op := & request . Operation {
Name : opAssumeRole ,
@ -47,9 +47,8 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
input = & AssumeRoleInput { }
}
req = c . newRequest ( op , input , output )
output = & AssumeRoleOutput { }
req . Data = output
req = c . newRequest ( op , input , output )
return
}
@ -89,9 +88,18 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// Scenarios for Temporary Credentials (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html#sts-introduction)
// in the IAM User Guide.
//
// The temporary security credentials are valid for the duration that you specified
// when calling AssumeRole, which can be from 900 seconds (15 minutes) to a
// maximum of 3600 seconds (1 hour). The default is 1 hour.
// By default, the temporary security credentials created by AssumeRole last
// for one hour. However, you can use the optional DurationSeconds parameter
// to specify the duration of your session. You can provide a value from 900
// seconds (15 minutes) up to the maximum session duration setting for the role.
// This setting can have a value from 1 hour to 12 hours. To learn how to view
// the maximum value for your role, see View the Maximum Session Duration Setting
// for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide. The maximum session duration limit applies when you
// use the AssumeRole* API operations or the assume-role* CLI operations but
// does not apply when you use those operations to create a console URL. For
// more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide.
//
// The temporary security credentials created by AssumeRole can be used to make
// API calls to any AWS service with the following exception: you cannot call
@ -122,7 +130,12 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// the user to call AssumeRole on the ARN of the role in the other account.
// If the user is in the same account as the role, then you can either attach
// a policy to the user (identical to the previous different account user),
// or you can add the user as a principal directly in the role's trust policy
// or you can add the user as a principal directly in the role's trust policy.
// In this case, the trust policy acts as the only resource-based policy in
// IAM, and users in the same account as the role do not need explicit permission
// to assume the role. For more information about trust policies and resource-based
// policies, see IAM Policies (http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html)
// in the IAM User Guide.
//
// Using MFA with AssumeRole
//
@ -153,45 +166,60 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o
// API operation AssumeRole for usage and error information.
//
// Returned Error Codes:
// * MalformedPolicyDocument
// * ErrCode MalformedPolicyDocumentException "MalformedPolicyDocument"
// The request was rejected because the policy document was malformed. The error
// message describes the specific error.
//
// * PackedPolicyTooLarge
// * ErrCode PackedPolicyTooLargeException "PackedPolicyTooLarge"
// The request was rejected because the policy document was too large. The error
// message describes how big the policy document is, in packed form, as a percentage
// of what the API allows.
//
// * RegionDisabledException
// * ErrCode RegionDisabledException "RegionDisabledException"
// STS is not activated in the requested region for the account that is being
// asked to generate credentials. The account administrator must use the IAM
// console to activate STS in that region. For more information, see Activating
// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// in the IAM User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRole
func ( c * STS ) AssumeRole ( input * AssumeRoleInput ) ( * AssumeRoleOutput , error ) {
req , out := c . AssumeRoleRequest ( input )
err := req . Send ( )
return out , err
return out , req . Send ( )
}
// AssumeRoleWithContext is the same as AssumeRole with the addition of
// the ability to pass a context and additional request options.
//
// See AssumeRole for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * STS ) AssumeRoleWithContext ( ctx aws . Context , input * AssumeRoleInput , opts ... request . Option ) ( * AssumeRoleOutput , error ) {
req , out := c . AssumeRoleRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opAssumeRoleWithSAML = "AssumeRoleWithSAML"
// AssumeRoleWithSAMLRequest generates a "aws/request.Request" representing the
// client's request for the AssumeRoleWithSAML operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
// value will be populated with the request's response once the request completes
// successfuly .
//
// See AssumeRoleWithSAML for usage and error information.
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the AssumeRoleWithSAML method directly
// instead.
// See AssumeRoleWithSAML for more information on using the AssumeRoleWithSAML
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's reque st lifecycle. Such as custom h eaders, or retry logic .
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
// // Example sending a request using the AssumeRoleWithSAMLRequest method.
// req, resp := client.AssumeRoleWithSAMLRequest(params)
@ -201,6 +229,7 @@ const opAssumeRoleWithSAML = "AssumeRoleWithSAML"
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
func ( c * STS ) AssumeRoleWithSAMLRequest ( input * AssumeRoleWithSAMLInput ) ( req * request . Request , output * AssumeRoleWithSAMLOutput ) {
op := & request . Operation {
Name : opAssumeRoleWithSAML ,
@ -212,9 +241,8 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
input = & AssumeRoleWithSAMLInput { }
}
req = c . newRequest ( op , input , output )
output = & AssumeRoleWithSAMLOutput { }
req . Data = output
req = c . newRequest ( op , input , output )
return
}
@ -233,11 +261,20 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// an access key ID, a secret access key, and a security token. Applications
// can use these temporary security credentials to sign calls to AWS services.
//
// The temporary security credentials are valid for the duration that you specified
// when calling AssumeRole, or until the time specified in the SAML authentication
// response's SessionNotOnOrAfter value, whichever is shorter. The duration
// can be from 900 seconds (15 minutes) to a maximum of 3600 seconds (1 hour).
// The default is 1 hour.
// By default, the temporary security credentials created by AssumeRoleWithSAML
// last for one hour. However, you can use the optional DurationSeconds parameter
// to specify the duration of your session. Your role session lasts for the
// duration that you specify, or until the time specified in the SAML authentication
// response's SessionNotOnOrAfter value, whichever is shorter. You can provide
// a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session
// duration setting for the role. This setting can have a value from 1 hour
// to 12 hours. To learn how to view the maximum value for your role, see View
// the Maximum Session Duration Setting for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide. The maximum session duration limit applies when you
// use the AssumeRole* API operations or the assume-role* CLI operations but
// does not apply when you use those operations to create a console URL. For
// more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide.
//
// The temporary security credentials created by AssumeRoleWithSAML can be used
// to make API calls to any AWS service with the following exception: you cannot
@ -296,60 +333,75 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re
// API operation AssumeRoleWithSAML for usage and error information.
//
// Returned Error Codes:
// * MalformedPolicyDocument
// * ErrCode MalformedPolicyDocumentException "MalformedPolicyDocument"
// The request was rejected because the policy document was malformed. The error
// message describes the specific error.
//
// * PackedPolicyTooLarge
// * ErrCode PackedPolicyTooLargeException "PackedPolicyTooLarge"
// The request was rejected because the policy document was too large. The error
// message describes how big the policy document is, in packed form, as a percentage
// of what the API allows.
//
// * IDPRejectedClaim
// * ErrCode IDPRejectedClaimException "IDPRejectedClaim"
// The identity provider (IdP) reported that authentication failed. This might
// be because the claim is invalid.
//
// If this error is returned for the AssumeRoleWithWebIdentity operation, it
// can also mean that the claim has expired or has been explicitly revoked.
//
// * InvalidIdentityToken
// * ErrCode InvalidIdentityTokenException "InvalidIdentityToken"
// The web identity token that was passed could not be validated by AWS. Get
// a new identity token from the identity provider and then retry the request.
//
// * ExpiredTokenException
// * ErrCodeE xpiredTokenException "ExpiredTokenException"
// The web identity token that was passed is expired or is not valid. Get a
// new identity token from the identity provider and then retry the request.
//
// * RegionDisabledException
// * ErrCode RegionDisabledException "RegionDisabledException"
// STS is not activated in the requested region for the account that is being
// asked to generate credentials. The account administrator must use the IAM
// console to activate STS in that region. For more information, see Activating
// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// in the IAM User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML
func ( c * STS ) AssumeRoleWithSAML ( input * AssumeRoleWithSAMLInput ) ( * AssumeRoleWithSAMLOutput , error ) {
req , out := c . AssumeRoleWithSAMLRequest ( input )
err := req . Send ( )
return out , err
return out , req . Send ( )
}
// AssumeRoleWithSAMLWithContext is the same as AssumeRoleWithSAML with the addition of
// the ability to pass a context and additional request options.
//
// See AssumeRoleWithSAML for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * STS ) AssumeRoleWithSAMLWithContext ( ctx aws . Context , input * AssumeRoleWithSAMLInput , opts ... request . Option ) ( * AssumeRoleWithSAMLOutput , error ) {
req , out := c . AssumeRoleWithSAMLRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"
// AssumeRoleWithWebIdentityRequest generates a "aws/request.Request" representing the
// client's request for the AssumeRoleWithWebIdentity operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
// value will be populated with the request's response once the request completes
// successfuly .
//
// See AssumeRoleWithWebIdentity for usage and error information.
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the AssumeRoleWithWebIdentity method directly
// instead.
// See AssumeRoleWithWebIdentity for more information on using the AssumeRoleWithWebIdentity
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's reque st lifecycle. Such as custom h eaders, or retry logic .
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
// // Example sending a request using the AssumeRoleWithWebIdentityRequest method.
// req, resp := client.AssumeRoleWithWebIdentityRequest(params)
@ -359,6 +411,7 @@ const opAssumeRoleWithWebIdentity = "AssumeRoleWithWebIdentity"
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
func ( c * STS ) AssumeRoleWithWebIdentityRequest ( input * AssumeRoleWithWebIdentityInput ) ( req * request . Request , output * AssumeRoleWithWebIdentityOutput ) {
op := & request . Operation {
Name : opAssumeRoleWithWebIdentity ,
@ -370,9 +423,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
input = & AssumeRoleWithWebIdentityInput { }
}
req = c . newRequest ( op , input , output )
output = & AssumeRoleWithWebIdentityOutput { }
req . Data = output
req = c . newRequest ( op , input , output )
return
}
@ -409,9 +461,18 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// key ID, a secret access key, and a security token. Applications can use these
// temporary security credentials to sign calls to AWS service APIs.
//
// The credentials are valid for the duration that you specified when calling
// AssumeRoleWithWebIdentity, which can be from 900 seconds (15 minutes) to
// a maximum of 3600 seconds (1 hour). The default is 1 hour.
// By default, the temporary security credentials created by AssumeRoleWithWebIdentity
// last for one hour. However, you can use the optional DurationSeconds parameter
// to specify the duration of your session. You can provide a value from 900
// seconds (15 minutes) up to the maximum session duration setting for the role.
// This setting can have a value from 1 hour to 12 hours. To learn how to view
// the maximum value for your role, see View the Maximum Session Duration Setting
// for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide. The maximum session duration limit applies when you
// use the AssumeRole* API operations or the assume-role* CLI operations but
// does not apply when you use those operations to create a console URL. For
// more information, see Using IAM Roles (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html)
// in the IAM User Guide.
//
// The temporary security credentials created by AssumeRoleWithWebIdentity can
// be used to make API calls to any AWS service with the following exception:
@ -447,7 +508,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// For more information about how to use web identity federation and the AssumeRoleWithWebIdentity
// API, see the following resources:
//
// * Using Web Identity Federation APIs for Mobile Apps (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual)
// * Using Web Identity Federation APIs for Mobile Apps (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html )
// and Federation Through a Web-based Identity Provider (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity).
//
//
@ -463,7 +524,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// the information from these providers to get and use temporary security
// credentials.
//
// * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/4617974389850313 ).
// * Web Identity Federation with Mobile Applications (http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications ).
// This article discusses web identity federation and shows an example of
// how to use web identity federation to get access to content in Amazon
// S3.
@ -476,67 +537,82 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI
// API operation AssumeRoleWithWebIdentity for usage and error information.
//
// Returned Error Codes:
// * MalformedPolicyDocument
// * ErrCode MalformedPolicyDocumentException "MalformedPolicyDocument"
// The request was rejected because the policy document was malformed. The error
// message describes the specific error.
//
// * PackedPolicyTooLarge
// * ErrCode PackedPolicyTooLargeException "PackedPolicyTooLarge"
// The request was rejected because the policy document was too large. The error
// message describes how big the policy document is, in packed form, as a percentage
// of what the API allows.
//
// * IDPRejectedClaim
// * ErrCode IDPRejectedClaimException "IDPRejectedClaim"
// The identity provider (IdP) reported that authentication failed. This might
// be because the claim is invalid.
//
// If this error is returned for the AssumeRoleWithWebIdentity operation, it
// can also mean that the claim has expired or has been explicitly revoked.
//
// * IDPCommunicationError
// * ErrCode IDPCommunicationErrorException "IDPCommunicationError"
// The request could not be fulfilled because the non-AWS identity provider
// (IDP) that was asked to verify the incoming identity token could not be reached.
// This is often a transient error caused by network conditions. Retry the request
// a limited number of times so that you don't exceed the request rate. If the
// error persists, the non-AWS identity provider might be down or not responding.
//
// * InvalidIdentityToken
// * ErrCode InvalidIdentityTokenException "InvalidIdentityToken"
// The web identity token that was passed could not be validated by AWS. Get
// a new identity token from the identity provider and then retry the request.
//
// * ExpiredTokenException
// * ErrCodeE xpiredTokenException "ExpiredTokenException"
// The web identity token that was passed is expired or is not valid. Get a
// new identity token from the identity provider and then retry the request.
//
// * RegionDisabledException
// * ErrCode RegionDisabledException "RegionDisabledException"
// STS is not activated in the requested region for the account that is being
// asked to generate credentials. The account administrator must use the IAM
// console to activate STS in that region. For more information, see Activating
// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// in the IAM User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity
func ( c * STS ) AssumeRoleWithWebIdentity ( input * AssumeRoleWithWebIdentityInput ) ( * AssumeRoleWithWebIdentityOutput , error ) {
req , out := c . AssumeRoleWithWebIdentityRequest ( input )
err := req . Send ( )
return out , err
return out , req . Send ( )
}
// AssumeRoleWithWebIdentityWithContext is the same as AssumeRoleWithWebIdentity with the addition of
// the ability to pass a context and additional request options.
//
// See AssumeRoleWithWebIdentity for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * STS ) AssumeRoleWithWebIdentityWithContext ( ctx aws . Context , input * AssumeRoleWithWebIdentityInput , opts ... request . Option ) ( * AssumeRoleWithWebIdentityOutput , error ) {
req , out := c . AssumeRoleWithWebIdentityRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"
// DecodeAuthorizationMessageRequest generates a "aws/request.Request" representing the
// client's request for the DecodeAuthorizationMessage operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
// value will be populated with the request's response once the request completes
// successfuly .
//
// See DecodeAuthorizationMessage for usage and error information.
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the DecodeAuthorizationMessage method directly
// instead.
// See DecodeAuthorizationMessage for more information on using the DecodeAuthorizationMessage
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's reque st lifecycle. Such as custom h eaders, or retry logic .
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
// // Example sending a request using the DecodeAuthorizationMessageRequest method.
// req, resp := client.DecodeAuthorizationMessageRequest(params)
@ -546,6 +622,7 @@ const opDecodeAuthorizationMessage = "DecodeAuthorizationMessage"
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
func ( c * STS ) DecodeAuthorizationMessageRequest ( input * DecodeAuthorizationMessageInput ) ( req * request . Request , output * DecodeAuthorizationMessageOutput ) {
op := & request . Operation {
Name : opDecodeAuthorizationMessage ,
@ -557,9 +634,8 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
input = & DecodeAuthorizationMessageInput { }
}
req = c . newRequest ( op , input , output )
output = & DecodeAuthorizationMessageOutput { }
req . Data = output
req = c . newRequest ( op , input , output )
return
}
@ -606,34 +682,49 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag
// API operation DecodeAuthorizationMessage for usage and error information.
//
// Returned Error Codes:
// * InvalidAuthorizationMessageException
// * ErrCode InvalidAuthorizationMessageException "InvalidAuthorizationMessageException"
// The error returned if the message passed to DecodeAuthorizationMessage was
// invalid. This can happen if the token contains invalid characters, such as
// linebreaks.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessage
func ( c * STS ) DecodeAuthorizationMessage ( input * DecodeAuthorizationMessageInput ) ( * DecodeAuthorizationMessageOutput , error ) {
req , out := c . DecodeAuthorizationMessageRequest ( input )
err := req . Send ( )
return out , err
return out , req . Send ( )
}
// DecodeAuthorizationMessageWithContext is the same as DecodeAuthorizationMessage with the addition of
// the ability to pass a context and additional request options.
//
// See DecodeAuthorizationMessage for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * STS ) DecodeAuthorizationMessageWithContext ( ctx aws . Context , input * DecodeAuthorizationMessageInput , opts ... request . Option ) ( * DecodeAuthorizationMessageOutput , error ) {
req , out := c . DecodeAuthorizationMessageRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opGetCallerIdentity = "GetCallerIdentity"
// GetCallerIdentityRequest generates a "aws/request.Request" representing the
// client's request for the GetCallerIdentity operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
// value will be populated with the request's response once the request completes
// successfuly.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetCallerIdentity for usage and error information.
// See GetCallerIdentity for more information on using the GetCallerIdentity
// API call, and error handling.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetCallerIdentity method directly
// instead.
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
// // Example sending a request using the GetCallerIdentityRequest method.
// req, resp := client.GetCallerIdentityRequest(params)
@ -643,6 +734,7 @@ const opGetCallerIdentity = "GetCallerIdentity"
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
func ( c * STS ) GetCallerIdentityRequest ( input * GetCallerIdentityInput ) ( req * request . Request , output * GetCallerIdentityOutput ) {
op := & request . Operation {
Name : opGetCallerIdentity ,
@ -654,9 +746,8 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ
input = & GetCallerIdentityInput { }
}
req = c . newRequest ( op , input , output )
output = & GetCallerIdentityOutput { }
req . Data = output
req = c . newRequest ( op , input , output )
return
}
@ -671,29 +762,44 @@ func (c *STS) GetCallerIdentityRequest(input *GetCallerIdentityInput) (req *requ
//
// See the AWS API reference guide for AWS Security Token Service's
// API operation GetCallerIdentity for usage and error information.
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentity
func ( c * STS ) GetCallerIdentity ( input * GetCallerIdentityInput ) ( * GetCallerIdentityOutput , error ) {
req , out := c . GetCallerIdentityRequest ( input )
err := req . Send ( )
return out , err
return out , req . Send ( )
}
// GetCallerIdentityWithContext is the same as GetCallerIdentity with the addition of
// the ability to pass a context and additional request options.
//
// See GetCallerIdentity for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * STS ) GetCallerIdentityWithContext ( ctx aws . Context , input * GetCallerIdentityInput , opts ... request . Option ) ( * GetCallerIdentityOutput , error ) {
req , out := c . GetCallerIdentityRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opGetFederationToken = "GetFederationToken"
// GetFederationTokenRequest generates a "aws/request.Request" representing the
// client's request for the GetFederationToken operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
// value will be populated with the request's response once the request completes
// successfuly .
//
// See GetFederationToken for usage and error information.
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetFederationToken method directly
// instead.
// See GetFederationToken for more information on using the GetFederationToken
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's reque st lifecycle. Such as custom h eaders, or retry logic .
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
// // Example sending a request using the GetFederationTokenRequest method.
// req, resp := client.GetFederationTokenRequest(params)
@ -703,6 +809,7 @@ const opGetFederationToken = "GetFederationToken"
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
func ( c * STS ) GetFederationTokenRequest ( input * GetFederationTokenInput ) ( req * request . Request , output * GetFederationTokenOutput ) {
op := & request . Operation {
Name : opGetFederationToken ,
@ -714,9 +821,8 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
input = & GetFederationTokenInput { }
}
req = c . newRequest ( op , input , output )
output = & GetFederationTokenOutput { }
req . Data = output
req = c . newRequest ( op , input , output )
return
}
@ -761,7 +867,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
//
// * You cannot use these credentials to call any IAM APIs.
//
// * You cannot call any STS APIs.
// * You cannot call any STS APIs except GetCallerIdentity .
//
// Permissions
//
@ -809,45 +915,60 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re
// API operation GetFederationToken for usage and error information.
//
// Returned Error Codes:
// * MalformedPolicyDocument
// * ErrCode MalformedPolicyDocumentException "MalformedPolicyDocument"
// The request was rejected because the policy document was malformed. The error
// message describes the specific error.
//
// * PackedPolicyTooLarge
// * ErrCode PackedPolicyTooLargeException "PackedPolicyTooLarge"
// The request was rejected because the policy document was too large. The error
// message describes how big the policy document is, in packed form, as a percentage
// of what the API allows.
//
// * RegionDisabledException
// * ErrCode RegionDisabledException "RegionDisabledException"
// STS is not activated in the requested region for the account that is being
// asked to generate credentials. The account administrator must use the IAM
// console to activate STS in that region. For more information, see Activating
// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// in the IAM User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken
func ( c * STS ) GetFederationToken ( input * GetFederationTokenInput ) ( * GetFederationTokenOutput , error ) {
req , out := c . GetFederationTokenRequest ( input )
err := req . Send ( )
return out , err
return out , req . Send ( )
}
// GetFederationTokenWithContext is the same as GetFederationToken with the addition of
// the ability to pass a context and additional request options.
//
// See GetFederationToken for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * STS ) GetFederationTokenWithContext ( ctx aws . Context , input * GetFederationTokenInput , opts ... request . Option ) ( * GetFederationTokenOutput , error ) {
req , out := c . GetFederationTokenRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
const opGetSessionToken = "GetSessionToken"
// GetSessionTokenRequest generates a "aws/request.Request" representing the
// client's request for the GetSessionToken operation. The "output" return
// value can be used to capture response data after the request's "Send" method
// is called.
// value will be populated with the request's response once the request completes
// successfuly.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See GetSessionToken for usage and error information.
// See GetSessionToken for more information on using the GetSessionToken
// API call, and error handling.
//
// Creating a request object using this method should be used when you want to inject
// custom logic into the request's lifecycle using a custom handler, or if you want to
// access properties on the request object before or after sending the request. If
// you just want the service response, call the GetSessionToken method directly
// instead.
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// Note: You must call the "Send" method on the returned request object in order
// to execute the request.
//
// // Example sending a request using the GetSessionTokenRequest method.
// req, resp := client.GetSessionTokenRequest(params)
@ -857,6 +978,7 @@ const opGetSessionToken = "GetSessionToken"
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
func ( c * STS ) GetSessionTokenRequest ( input * GetSessionTokenInput ) ( req * request . Request , output * GetSessionTokenOutput ) {
op := & request . Operation {
Name : opGetSessionToken ,
@ -868,9 +990,8 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
input = & GetSessionTokenInput { }
}
req = c . newRequest ( op , input , output )
output = & GetSessionTokenOutput { }
req . Data = output
req = c . newRequest ( op , input , output )
return
}
@ -904,7 +1025,7 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
// * You cannot call any IAM APIs unless MFA authentication information is
// included in the request.
//
// * You cannot call any STS API exceptAssumeRole.
// * You cannot call any STS API exceptAssumeRole or GetCallerIdentity .
//
// We recommend that you do not call GetSessionToken with root account credentials.
// Instead, follow our best practices (http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
@ -931,32 +1052,56 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request.
// API operation GetSessionToken for usage and error information.
//
// Returned Error Codes:
// * RegionDisabledException
// * ErrCode RegionDisabledException "RegionDisabledException"
// STS is not activated in the requested region for the account that is being
// asked to generate credentials. The account administrator must use the IAM
// console to activate STS in that region. For more information, see Activating
// and Deactivating AWS STS in an AWS Region (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html)
// in the IAM User Guide.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken
func ( c * STS ) GetSessionToken ( input * GetSessionTokenInput ) ( * GetSessionTokenOutput , error ) {
req , out := c . GetSessionTokenRequest ( input )
err := req . Send ( )
return out , err
return out , req . Send ( )
}
// GetSessionTokenWithContext is the same as GetSessionToken with the addition of
// the ability to pass a context and additional request options.
//
// See GetSessionToken for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func ( c * STS ) GetSessionTokenWithContext ( ctx aws . Context , input * GetSessionTokenInput , opts ... request . Option ) ( * GetSessionTokenOutput , error ) {
req , out := c . GetSessionTokenRequest ( input )
req . SetContext ( ctx )
req . ApplyOptions ( opts ... )
return out , req . Send ( )
}
type AssumeRoleInput struct {
_ struct { } ` type:"structure" `
// The duration, in seconds, of the role session. The value can range from 900
// seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set
// to 3600 seconds.
// seconds (15 minutes) up to the maximum session duration setting for the role.
// This setting can have a value from 1 hour to 12 hours. If you specify a value
// higher than this setting, the operation fails. For example, if you specify
// a session duration of 12 hours, but your administrator set the maximum session
// duration to 6 hours, your operation fails. To learn how to view the maximum
// value for your role, see View the Maximum Session Duration Setting for a
// Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide.
//
// By default, the value is set to 3600 seconds.
//
// This is separate from the duration of a console session that you might request
// using the returned credentials. The request to the federation endpoint for
// a console sign-in token takes a SessionDuration parameter that specifies
// the maximum length of the console session, separately from the DurationSeconds
// parameter on this API. For more information, see Creating a URL that Enables
// Federated Users to Access the AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
// The Durat ionSecond s parameter is separate from the duration of a console
// session that you might request using the returned credentials. The request
// to the federation endpoint for a console sign-in token takes a SessionDuration
// parameter that specifies the maximum length of the console session. For more
// information, see Creating a URL that Enables Federated Users to Access the
// AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
// in the IAM User Guide.
DurationSeconds * int64 ` min:"900" type:"integer" `
@ -970,10 +1115,9 @@ type AssumeRoleInput struct {
// External ID When Granting Access to Your AWS Resources to a Third Party (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html)
// in the IAM User Guide.
//
// The format for this parameter, as described by its regex pattern, is a string
// of characters consisting of upper- and lower-case alphanumeric characters
// with no spaces. You can also include underscores or any of the following
// characters: =,.@:\/-
// The regex used to validated this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can
// also include underscores or any of the following characters: =,.@:/-
ExternalId * string ` min:"2" type:"string" `
// An IAM policy in JSON format.
@ -1017,10 +1161,9 @@ type AssumeRoleInput struct {
// requests using the temporary security credentials will expose the role session
// name to the external account in their CloudTrail logs.
//
// The format for this parameter, as described by its regex pattern, is a string
// of characters consisting of upper- and lower-case alphanumeric characters
// with no spaces. You can also include underscores or any of the following
// characters: =,.@-
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can
// also include underscores or any of the following characters: =,.@-
//
// RoleSessionName is a required field
RoleSessionName * string ` min:"2" type:"string" required:"true" `
@ -1031,10 +1174,9 @@ type AssumeRoleInput struct {
// The value is either the serial number for a hardware device (such as GAHT12345678)
// or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).
//
// The format for this parameter, as described by its regex pattern, is a string
// of characters consisting of upper- and lower-case alphanumeric characters
// with no spaces. You can also include underscores or any of the following
// characters: =,.@-
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can
// also include underscores or any of the following characters: =,.@-
SerialNumber * string ` min:"9" type:"string" `
// The value provided by the MFA device, if the trust policy of the role being
@ -1194,18 +1336,27 @@ func (s *AssumeRoleOutput) SetPackedPolicySize(v int64) *AssumeRoleOutput {
type AssumeRoleWithSAMLInput struct {
_ struct { } ` type:"structure" `
// The duration, in seconds, of the role session. The value can range from 900
// seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set
// to 3600 seconds. An expiration can also be specified in the SAML authentication
// response's SessionNotOnOrAfter value. The actual expiration time is whichever
// value is shorter.
// The duration, in seconds, of the role session. Your role session lasts for
// the duration that you specify for the DurationSeconds parameter, or until
// the time specified in the SAML authentication response's SessionNotOnOrAfter
// value, whichever is shorter. You can provide a DurationSeconds value from
// 900 seconds (15 minutes) up to the maximum session duration setting for the
// role. This setting can have a value from 1 hour to 12 hours. If you specify
// a value higher than this setting, the operation fails. For example, if you
// specify a session duration of 12 hours, but your administrator set the maximum
// session duration to 6 hours, your operation fails. To learn how to view the
// maximum value for your role, see View the Maximum Session Duration Setting
// for a Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide.
//
// This is separate from the duration of a console session that you might request
// using the returned credentials. The request to the federation endpoint for
// a console sign-in token takes a SessionDuration parameter that specifies
// the maximum length of the console session, separately from the DurationSeconds
// parameter on this API. For more information, see Enabling SAML 2.0 Federated
// Users to Access the AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html)
// By default, the value is set to 3600 seconds.
//
// The DurationSeconds parameter is separate from the duration of a console
// session that you might request using the returned credentials. The request
// to the federation endpoint for a console sign-in token takes a SessionDuration
// parameter that specifies the maximum length of the console session. For more
// information, see Creating a URL that Enables Federated Users to Access the
// AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
// in the IAM User Guide.
DurationSeconds * int64 ` min:"900" type:"integer" `
@ -1446,15 +1597,23 @@ type AssumeRoleWithWebIdentityInput struct {
_ struct { } ` type:"structure" `
// The duration, in seconds, of the role session. The value can range from 900
// seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is set
// to 3600 seconds.
// seconds (15 minutes) up to the maximum session duration setting for the role.
// This setting can have a value from 1 hour to 12 hours. If you specify a value
// higher than this setting, the operation fails. For example, if you specify
// a session duration of 12 hours, but your administrator set the maximum session
// duration to 6 hours, your operation fails. To learn how to view the maximum
// value for your role, see View the Maximum Session Duration Setting for a
// Role (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session)
// in the IAM User Guide.
//
// This is separate from the duration of a console session that you might request
// using the returned credentials. The request to the federation endpoint for
// a console sign-in token takes a SessionDuration parameter that specifies
// the maximum length of the console session, separately from the DurationSeconds
// parameter on this API. For more information, see Creating a URL that Enables
// Federated Users to Access the AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
// By default, the value is set to 3600 seconds.
//
// The DurationSeconds parameter is separate from the duration of a console
// session that you might request using the returned credentials. The request
// to the federation endpoint for a console sign-in token takes a SessionDuration
// parameter that specifies the maximum length of the console session. For more
// information, see Creating a URL that Enables Federated Users to Access the
// AWS Management Console (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
// in the IAM User Guide.
DurationSeconds * int64 ` min:"900" type:"integer" `
@ -1503,10 +1662,9 @@ type AssumeRoleWithWebIdentityInput struct {
// are associated with that user. This session name is included as part of the
// ARN and assumed role ID in the AssumedRoleUser response element.
//
// The format for this parameter, as described by its regex pattern, is a string
// of characters consisting of upper- and lower-case alphanumeric characters
// with no spaces. You can also include underscores or any of the following
// characters: =,.@-
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can
// also include underscores or any of the following characters: =,.@-
//
// RoleSessionName is a required field
RoleSessionName * string ` min:"2" type:"string" required:"true" `
@ -1983,10 +2141,9 @@ type GetFederationTokenInput struct {
// the federated user name in a resource-based policy, such as in an Amazon
// S3 bucket policy.
//
// The format for this parameter, as described by its regex pattern, is a string
// of characters consisting of upper- and lower-case alphanumeric characters
// with no spaces. You can also include underscores or any of the following
// characters: =,.@-
// The regex used to validate this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can
// also include underscores or any of the following characters: =,.@-
//
// Name is a required field
Name * string ` min:"2" type:"string" required:"true" `
@ -2146,10 +2303,9 @@ type GetSessionTokenInput struct {
// You can find the device for an IAM user by going to the AWS Management Console
// and viewing the user's security credentials.
//
// The format for this parameter, as described by its regex pattern, is a string
// of characters consisting of upper- and lower-case alphanumeric characters
// with no spaces. You can also include underscores or any of the following
// characters: =,.@-
// The regex used to validated this parameter is a string of characters consisting
// of upper- and lower-case alphanumeric characters with no spaces. You can
// also include underscores or any of the following characters: =,.@:/-
SerialNumber * string ` min:"9" type:"string" `
// The value provided by the MFA device, if MFA is required. If any policy requires
Simon Pasquier
7 years ago