Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@aws-sdk/client-sts
Advanced tools
@aws-sdk/client-sts - npm Package Compare versions
Comparing version 3.20.0 to 3.21.0
@@ -6,2 +6,13 @@ # Change Log | ||
| # [3.21.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.20.0...v3.21.0) (2021-07-09) | ||
| ### Features | ||
| * **clients:** update clients as of 07/08/2021 ([#2565](https://github.com/aws/aws-sdk-js-v3/issues/2565)) ([c9bd983](https://github.com/aws/aws-sdk-js-v3/commit/c9bd98328765c540b778f9085d0ec8870e5af6c9)) | ||
| # [3.20.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.19.0...v3.20.0) (2021-07-02) | ||
@@ -8,0 +19,0 @@ |
@@ -22,3 +22,3 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| /** | ||
| * <p>Returns a set of temporary security credentials that you can use to access AWS | ||
| * <p>Returns a set of temporary security credentials that you can use to access Amazon Web Services | ||
| * resources that you might not normally have access to. These temporary credentials | ||
@@ -30,3 +30,3 @@ * consist of an access key ID, a secret access key, and a security token. Typically, you | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing | ||
| * the AWS STS API operations</a> in the | ||
| * the STS API operations</a> in the | ||
| * <i>IAM User Guide</i>.</p> | ||
@@ -37,4 +37,4 @@ * <p> | ||
| * <p>The temporary security credentials created by <code>AssumeRole</code> can be used to | ||
| * make API calls to any AWS service with the following exception: You cannot call the | ||
| * AWS STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * make API calls to any Amazon Web Services service with the following exception: You cannot call the | ||
| * STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * operations.</p> | ||
@@ -48,3 +48,3 @@ * <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -54,3 +54,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>To assume a role from a different account, your AWS account must be trusted by the | ||
| * <p>To assume a role from a different account, your account must be trusted by the | ||
| * role. The trust relationship is defined in the role's trust policy when the role is | ||
@@ -96,3 +96,3 @@ * created. That trust policy states which accounts are allowed to delegate that access to | ||
| * <code>AssumeRole</code>. This is useful for cross-account scenarios to ensure that the | ||
| * user that assumes the role has been authenticated with an AWS MFA device. In that | ||
| * user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that | ||
| * scenario, the trust policy of the role being assumed includes a condition that tests for | ||
@@ -99,0 +99,0 @@ * MFA authentication. If the caller does not include valid MFA information, the request to |
@@ -26,10 +26,10 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * via a SAML authentication response. This operation provides a mechanism for tying an | ||
| * enterprise identity store or directory to role-based AWS access without user-specific | ||
| * enterprise identity store or directory to role-based Amazon Web Services access without user-specific | ||
| * credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the | ||
| * other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this operation consist of an access key | ||
| * ID, a secret access key, and a security token. Applications can use these temporary | ||
| * security credentials to sign calls to AWS services.</p> | ||
| * security credentials to sign calls to Amazon Web Services services.</p> | ||
| * <p> | ||
@@ -54,3 +54,3 @@ * <b>Session Duration</b> | ||
| * <p> | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your AWS CLI or AWS API | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your CLI or Amazon Web Services API | ||
| * role session to a maximum of one hour. When you use the <code>AssumeRole</code> API | ||
@@ -68,3 +68,3 @@ * operation to assume a role, you can specify the duration of your role session with | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithSAML</code> can be | ||
| * used to make API calls to any AWS service with the following exception: you cannot call | ||
| * used to make API calls to any Amazon Web Services service with the following exception: you cannot call | ||
| * the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -79,3 +79,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -85,7 +85,7 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of AWS security | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of Amazon Web Services security | ||
| * credentials. The identity of the caller is validated by using keys in the metadata document | ||
| * that is uploaded for the SAML provider entity for your identity provider. </p> | ||
| * <important> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your AWS CloudTrail logs. | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your CloudTrail logs. | ||
| * The entry includes the value in the <code>NameID</code> element of the SAML assertion. | ||
@@ -110,3 +110,3 @@ * We recommend that you use a <code>NameIDType</code> that is not associated with any | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -133,4 +133,4 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Before your application can call <code>AssumeRoleWithSAML</code>, you must configure | ||
| * your SAML identity provider (IdP) to issue the claims required by AWS. Additionally, you | ||
| * must use AWS Identity and Access Management (IAM) to create a SAML provider entity in your AWS account that | ||
| * your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you | ||
| * must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that | ||
| * represents your identity provider. You must also create an IAM role that specifies this | ||
@@ -137,0 +137,0 @@ * SAML provider in its trust policy. </p> |
@@ -30,14 +30,14 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * <p>For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a> to uniquely | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a> to uniquely | ||
| * identify a user. You can also supply the user with a consistent identity throughout the | ||
| * lifetime of an application.</p> | ||
| * <p>To learn more about Amazon Cognito, see <a href="https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840">Amazon Cognito Overview</a> in | ||
| * <i>AWS SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>AWS SDK for iOS Developer Guide</i>.</p> | ||
| * <i>Amazon Web Services SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>Amazon Web Services SDK for iOS Developer Guide</i>.</p> | ||
| * </note> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of AWS | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services | ||
| * security credentials. Therefore, you can distribute an application (for example, on mobile | ||
| * devices) that requests temporary security credentials without including long-term AWS | ||
| * devices) that requests temporary security credentials without including long-term Amazon Web Services | ||
| * credentials in the application. You also don't need to deploy server-based proxy services | ||
| * that use long-term AWS credentials. Instead, the identity of the caller is validated by | ||
| * that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by | ||
| * using a token from the web identity provider. For a comparison of | ||
@@ -47,6 +47,6 @@ * <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this API consist of an access key ID, a | ||
| * secret access key, and a security token. Applications can use these temporary security | ||
| * credentials to sign calls to AWS service API operations.</p> | ||
| * credentials to sign calls to Amazon Web Services service API operations.</p> | ||
| * <p> | ||
@@ -71,3 +71,3 @@ * <b>Session Duration</b> | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> can | ||
| * be used to make API calls to any AWS service with the following exception: you cannot | ||
| * be used to make API calls to any Amazon Web Services service with the following exception: you cannot | ||
| * call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -82,3 +82,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -101,3 +101,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -130,3 +130,3 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> can result in an entry in your | ||
| * AWS CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * the provided web identity token. We recommend that you avoid using any personally | ||
@@ -148,3 +148,3 @@ * identifiable information (PII) in this field. For example, you could instead use a GUID | ||
| * authenticating through Login with Amazon, Facebook, or Google, getting temporary | ||
| * security credentials, and then using those credentials to make a request to AWS. | ||
| * security credentials, and then using those credentials to make a request to Amazon Web Services. | ||
| * </p> | ||
@@ -154,3 +154,3 @@ * </li> | ||
| * <p> | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a>. These toolkits | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits | ||
| * contain sample apps that show how to invoke the identity providers. The toolkits then | ||
@@ -157,0 +157,0 @@ * show how to use the information from these providers to get and use temporary |
@@ -26,9 +26,9 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * <p>Decodes additional information about the authorization status of a request from an | ||
| * encoded message returned in response to an AWS request.</p> | ||
| * encoded message returned in response to an Amazon Web Services request.</p> | ||
| * <p>For example, if a user is not authorized to perform an operation that he or she has | ||
| * requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an | ||
| * HTTP 403 response). Some AWS operations additionally return an encoded message that can | ||
| * HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can | ||
| * provide details about this authorization failure. </p> | ||
| * <note> | ||
| * <p>Only certain AWS operations return an encoded authorization message. The | ||
| * <p>Only certain Amazon Web Services operations return an encoded authorization message. The | ||
| * documentation for an individual operation indicates whether that operation returns an | ||
@@ -35,0 +35,0 @@ * encoded message in addition to returning an HTTP code.</p> |
@@ -31,5 +31,5 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * Users</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the AWS | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services | ||
| * account to which the keys belong. Access key IDs beginning with <code>AKIA</code> are | ||
| * long-term credentials for an IAM user or the AWS account root user. Access key IDs | ||
| * long-term credentials for an IAM user or the Amazon Web Services account root user. Access key IDs | ||
| * beginning with <code>ASIA</code> are temporary credentials that are created using STS | ||
@@ -36,0 +36,0 @@ * operations. If the account in the response belongs to you, you can sign in as the root |
@@ -34,3 +34,3 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <note> | ||
@@ -44,3 +44,3 @@ * <p>You can create a mobile-based or browser-based app that can authenticate users using | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * an IAM user for the purpose of the proxy application. Then attach a policy to the IAM | ||
@@ -55,3 +55,3 @@ * user that limits federated users to only the actions and resources that they need to | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account | ||
| * root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -62,6 +62,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any | ||
| * AWS service except the following:</p> | ||
| * Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. </p> | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. </p> | ||
| * </li> | ||
@@ -104,3 +104,3 @@ * <li> | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you | ||
| * create an IAM user for the purpose of the proxy application. Then attach a policy to | ||
@@ -115,3 +115,3 @@ * the IAM user that limits federated users to only the actions and resources that they | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services | ||
| * account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -122,6 +122,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in | ||
| * any AWS service except the following:</p> | ||
| * any Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. | ||
| * </p> | ||
@@ -128,0 +128,0 @@ * </li> |
@@ -25,6 +25,6 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| /** | ||
| * <p>Returns a set of temporary credentials for an AWS account or IAM user. The | ||
| * <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The | ||
| * credentials consist of an access key ID, a secret access key, and a security token. | ||
| * Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect | ||
| * programmatic calls to specific AWS API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * programmatic calls to specific Amazon Web Services API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * MFA-enabled IAM users would need to call <code>GetSessionToken</code> and submit an MFA | ||
@@ -37,8 +37,8 @@ * code that is associated with their MFA device. Using the temporary security credentials | ||
| * Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p> | ||
| * <b>Session Duration</b> | ||
| * </p> | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term AWS | ||
| * security credentials of the AWS account root user or an IAM user. Credentials that are | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services | ||
| * security credentials of the Amazon Web Services account root user or an IAM user. Credentials that are | ||
| * created by IAM users are valid for the duration that you specify. This duration can range | ||
@@ -52,3 +52,3 @@ * from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default | ||
| * <p>The temporary security credentials created by <code>GetSessionToken</code> can be used | ||
| * to make API calls to any AWS service with the following exceptions:</p> | ||
| * to make API calls to any Amazon Web Services service with the following exceptions:</p> | ||
| * <ul> | ||
@@ -65,10 +65,10 @@ * <li> | ||
| * <note> | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with AWS account | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with Amazon Web Services account | ||
| * root user credentials. Instead, follow our <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users">best practices</a> by | ||
| * creating one or more IAM users, giving them the necessary permissions, and using IAM | ||
| * users for everyday interaction with AWS. </p> | ||
| * users for everyday interaction with Amazon Web Services. </p> | ||
| * </note> | ||
| * <p>The credentials that are returned by <code>GetSessionToken</code> are based on | ||
| * permissions associated with the user whose credentials were used to call the operation. If | ||
| * <code>GetSessionToken</code> is called using AWS account root user credentials, the | ||
| * <code>GetSessionToken</code> is called using Amazon Web Services account root user credentials, the | ||
| * temporary credentials have root user permissions. Similarly, if | ||
@@ -75,0 +75,0 @@ * <code>GetSessionToken</code> is called using the credentials of an IAM user, the |
@@ -10,3 +10,3 @@ "use strict"; | ||
| /** | ||
| * <p>Returns a set of temporary security credentials that you can use to access AWS | ||
| * <p>Returns a set of temporary security credentials that you can use to access Amazon Web Services | ||
| * resources that you might not normally have access to. These temporary credentials | ||
@@ -18,3 +18,3 @@ * consist of an access key ID, a secret access key, and a security token. Typically, you | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing | ||
| * the AWS STS API operations</a> in the | ||
| * the STS API operations</a> in the | ||
| * <i>IAM User Guide</i>.</p> | ||
@@ -25,4 +25,4 @@ * <p> | ||
| * <p>The temporary security credentials created by <code>AssumeRole</code> can be used to | ||
| * make API calls to any AWS service with the following exception: You cannot call the | ||
| * AWS STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * make API calls to any Amazon Web Services service with the following exception: You cannot call the | ||
| * STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * operations.</p> | ||
@@ -36,3 +36,3 @@ * <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -42,3 +42,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>To assume a role from a different account, your AWS account must be trusted by the | ||
| * <p>To assume a role from a different account, your account must be trusted by the | ||
| * role. The trust relationship is defined in the role's trust policy when the role is | ||
@@ -84,3 +84,3 @@ * created. That trust policy states which accounts are allowed to delegate that access to | ||
| * <code>AssumeRole</code>. This is useful for cross-account scenarios to ensure that the | ||
| * user that assumes the role has been authenticated with an AWS MFA device. In that | ||
| * user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that | ||
| * scenario, the trust policy of the role being assumed includes a condition that tests for | ||
@@ -87,0 +87,0 @@ * MFA authentication. If the caller does not include valid MFA information, the request to |
@@ -11,10 +11,10 @@ "use strict"; | ||
| * via a SAML authentication response. This operation provides a mechanism for tying an | ||
| * enterprise identity store or directory to role-based AWS access without user-specific | ||
| * enterprise identity store or directory to role-based Amazon Web Services access without user-specific | ||
| * credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the | ||
| * other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this operation consist of an access key | ||
| * ID, a secret access key, and a security token. Applications can use these temporary | ||
| * security credentials to sign calls to AWS services.</p> | ||
| * security credentials to sign calls to Amazon Web Services services.</p> | ||
| * <p> | ||
@@ -39,3 +39,3 @@ * <b>Session Duration</b> | ||
| * <p> | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your AWS CLI or AWS API | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your CLI or Amazon Web Services API | ||
| * role session to a maximum of one hour. When you use the <code>AssumeRole</code> API | ||
@@ -53,3 +53,3 @@ * operation to assume a role, you can specify the duration of your role session with | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithSAML</code> can be | ||
| * used to make API calls to any AWS service with the following exception: you cannot call | ||
| * used to make API calls to any Amazon Web Services service with the following exception: you cannot call | ||
| * the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -64,3 +64,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -70,7 +70,7 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of AWS security | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of Amazon Web Services security | ||
| * credentials. The identity of the caller is validated by using keys in the metadata document | ||
| * that is uploaded for the SAML provider entity for your identity provider. </p> | ||
| * <important> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your AWS CloudTrail logs. | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your CloudTrail logs. | ||
| * The entry includes the value in the <code>NameID</code> element of the SAML assertion. | ||
@@ -95,3 +95,3 @@ * We recommend that you use a <code>NameIDType</code> that is not associated with any | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -118,4 +118,4 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Before your application can call <code>AssumeRoleWithSAML</code>, you must configure | ||
| * your SAML identity provider (IdP) to issue the claims required by AWS. Additionally, you | ||
| * must use AWS Identity and Access Management (IAM) to create a SAML provider entity in your AWS account that | ||
| * your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you | ||
| * must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that | ||
| * represents your identity provider. You must also create an IAM role that specifies this | ||
@@ -122,0 +122,0 @@ * SAML provider in its trust policy. </p> |
@@ -15,14 +15,14 @@ "use strict"; | ||
| * <p>For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a> to uniquely | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a> to uniquely | ||
| * identify a user. You can also supply the user with a consistent identity throughout the | ||
| * lifetime of an application.</p> | ||
| * <p>To learn more about Amazon Cognito, see <a href="https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840">Amazon Cognito Overview</a> in | ||
| * <i>AWS SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>AWS SDK for iOS Developer Guide</i>.</p> | ||
| * <i>Amazon Web Services SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>Amazon Web Services SDK for iOS Developer Guide</i>.</p> | ||
| * </note> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of AWS | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services | ||
| * security credentials. Therefore, you can distribute an application (for example, on mobile | ||
| * devices) that requests temporary security credentials without including long-term AWS | ||
| * devices) that requests temporary security credentials without including long-term Amazon Web Services | ||
| * credentials in the application. You also don't need to deploy server-based proxy services | ||
| * that use long-term AWS credentials. Instead, the identity of the caller is validated by | ||
| * that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by | ||
| * using a token from the web identity provider. For a comparison of | ||
@@ -32,6 +32,6 @@ * <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this API consist of an access key ID, a | ||
| * secret access key, and a security token. Applications can use these temporary security | ||
| * credentials to sign calls to AWS service API operations.</p> | ||
| * credentials to sign calls to Amazon Web Services service API operations.</p> | ||
| * <p> | ||
@@ -56,3 +56,3 @@ * <b>Session Duration</b> | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> can | ||
| * be used to make API calls to any AWS service with the following exception: you cannot | ||
| * be used to make API calls to any Amazon Web Services service with the following exception: you cannot | ||
| * call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -67,3 +67,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -86,3 +86,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -115,3 +115,3 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> can result in an entry in your | ||
| * AWS CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * the provided web identity token. We recommend that you avoid using any personally | ||
@@ -133,3 +133,3 @@ * identifiable information (PII) in this field. For example, you could instead use a GUID | ||
| * authenticating through Login with Amazon, Facebook, or Google, getting temporary | ||
| * security credentials, and then using those credentials to make a request to AWS. | ||
| * security credentials, and then using those credentials to make a request to Amazon Web Services. | ||
| * </p> | ||
@@ -139,3 +139,3 @@ * </li> | ||
| * <p> | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a>. These toolkits | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits | ||
| * contain sample apps that show how to invoke the identity providers. The toolkits then | ||
@@ -142,0 +142,0 @@ * show how to use the information from these providers to get and use temporary |
@@ -11,9 +11,9 @@ "use strict"; | ||
| * <p>Decodes additional information about the authorization status of a request from an | ||
| * encoded message returned in response to an AWS request.</p> | ||
| * encoded message returned in response to an Amazon Web Services request.</p> | ||
| * <p>For example, if a user is not authorized to perform an operation that he or she has | ||
| * requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an | ||
| * HTTP 403 response). Some AWS operations additionally return an encoded message that can | ||
| * HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can | ||
| * provide details about this authorization failure. </p> | ||
| * <note> | ||
| * <p>Only certain AWS operations return an encoded authorization message. The | ||
| * <p>Only certain Amazon Web Services operations return an encoded authorization message. The | ||
| * documentation for an individual operation indicates whether that operation returns an | ||
@@ -20,0 +20,0 @@ * encoded message in addition to returning an HTTP code.</p> |
@@ -16,5 +16,5 @@ "use strict"; | ||
| * Users</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the AWS | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services | ||
| * account to which the keys belong. Access key IDs beginning with <code>AKIA</code> are | ||
| * long-term credentials for an IAM user or the AWS account root user. Access key IDs | ||
| * long-term credentials for an IAM user or the Amazon Web Services account root user. Access key IDs | ||
| * beginning with <code>ASIA</code> are temporary credentials that are created using STS | ||
@@ -21,0 +21,0 @@ * operations. If the account in the response belongs to you, you can sign in as the root |
@@ -19,3 +19,3 @@ "use strict"; | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <note> | ||
@@ -29,3 +29,3 @@ * <p>You can create a mobile-based or browser-based app that can authenticate users using | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * an IAM user for the purpose of the proxy application. Then attach a policy to the IAM | ||
@@ -40,3 +40,3 @@ * user that limits federated users to only the actions and resources that they need to | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account | ||
| * root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -47,6 +47,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any | ||
| * AWS service except the following:</p> | ||
| * Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. </p> | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. </p> | ||
| * </li> | ||
@@ -89,3 +89,3 @@ * <li> | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you | ||
| * create an IAM user for the purpose of the proxy application. Then attach a policy to | ||
@@ -100,3 +100,3 @@ * the IAM user that limits federated users to only the actions and resources that they | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services | ||
| * account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -107,6 +107,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in | ||
| * any AWS service except the following:</p> | ||
| * any Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. | ||
| * </p> | ||
@@ -113,0 +113,0 @@ * </li> |
@@ -10,6 +10,6 @@ "use strict"; | ||
| /** | ||
| * <p>Returns a set of temporary credentials for an AWS account or IAM user. The | ||
| * <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The | ||
| * credentials consist of an access key ID, a secret access key, and a security token. | ||
| * Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect | ||
| * programmatic calls to specific AWS API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * programmatic calls to specific Amazon Web Services API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * MFA-enabled IAM users would need to call <code>GetSessionToken</code> and submit an MFA | ||
@@ -22,8 +22,8 @@ * code that is associated with their MFA device. Using the temporary security credentials | ||
| * Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p> | ||
| * <b>Session Duration</b> | ||
| * </p> | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term AWS | ||
| * security credentials of the AWS account root user or an IAM user. Credentials that are | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services | ||
| * security credentials of the Amazon Web Services account root user or an IAM user. Credentials that are | ||
| * created by IAM users are valid for the duration that you specify. This duration can range | ||
@@ -37,3 +37,3 @@ * from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default | ||
| * <p>The temporary security credentials created by <code>GetSessionToken</code> can be used | ||
| * to make API calls to any AWS service with the following exceptions:</p> | ||
| * to make API calls to any Amazon Web Services service with the following exceptions:</p> | ||
| * <ul> | ||
@@ -50,10 +50,10 @@ * <li> | ||
| * <note> | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with AWS account | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with Amazon Web Services account | ||
| * root user credentials. Instead, follow our <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users">best practices</a> by | ||
| * creating one or more IAM users, giving them the necessary permissions, and using IAM | ||
| * users for everyday interaction with AWS. </p> | ||
| * users for everyday interaction with Amazon Web Services. </p> | ||
| * </note> | ||
| * <p>The credentials that are returned by <code>GetSessionToken</code> are based on | ||
| * permissions associated with the user whose credentials were used to call the operation. If | ||
| * <code>GetSessionToken</code> is called using AWS account root user credentials, the | ||
| * <code>GetSessionToken</code> is called using Amazon Web Services account root user credentials, the | ||
| * temporary credentials have root user permissions. Similarly, if | ||
@@ -60,0 +60,0 @@ * <code>GetSessionToken</code> is called using the credentials of an IAM user, the |
| { | ||
| "name": "@aws-sdk/client-sts", | ||
| "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", | ||
| "version": "3.20.0", | ||
| "version": "3.21.0", | ||
| "scripts": { | ||
@@ -31,3 +31,3 @@ "clean": "yarn remove-definitions && yarn remove-dist && yarn remove-documentation", | ||
| "@aws-sdk/config-resolver": "3.20.0", | ||
| "@aws-sdk/credential-provider-node": "3.20.0", | ||
| "@aws-sdk/credential-provider-node": "3.21.0", | ||
| "@aws-sdk/fetch-http-handler": "3.20.0", | ||
@@ -46,3 +46,3 @@ "@aws-sdk/hash-node": "3.20.0", | ||
| "@aws-sdk/node-config-provider": "3.20.0", | ||
| "@aws-sdk/node-http-handler": "3.20.0", | ||
| "@aws-sdk/node-http-handler": "3.21.0", | ||
| "@aws-sdk/protocol-http": "3.20.0", | ||
@@ -49,0 +49,0 @@ "@aws-sdk/smithy-client": "3.20.0", |
@@ -14,5 +14,5 @@ "use strict"; | ||
| /** | ||
| * <fullname>AWS Security Token Service</fullname> | ||
| * <p>AWS Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for AWS Identity and Access Management (IAM) users or for users that you | ||
| * <fullname>Security Token Service</fullname> | ||
| * <p>Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for Identity and Access Management (IAM) users or for users that you | ||
| * authenticate (federated users). This guide provides descriptions of the STS API. For | ||
@@ -19,0 +19,0 @@ * more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p> |
@@ -14,5 +14,5 @@ "use strict"; | ||
| /** | ||
| * <fullname>AWS Security Token Service</fullname> | ||
| * <p>AWS Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for AWS Identity and Access Management (IAM) users or for users that you | ||
| * <fullname>Security Token Service</fullname> | ||
| * <p>Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for Identity and Access Management (IAM) users or for users that you | ||
| * authenticate (federated users). This guide provides descriptions of the STS API. For | ||
@@ -19,0 +19,0 @@ * more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p> |
@@ -8,3 +8,3 @@ import { __extends } from "tslib"; | ||
| /** | ||
| * <p>Returns a set of temporary security credentials that you can use to access AWS | ||
| * <p>Returns a set of temporary security credentials that you can use to access Amazon Web Services | ||
| * resources that you might not normally have access to. These temporary credentials | ||
@@ -16,3 +16,3 @@ * consist of an access key ID, a secret access key, and a security token. Typically, you | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing | ||
| * the AWS STS API operations</a> in the | ||
| * the STS API operations</a> in the | ||
| * <i>IAM User Guide</i>.</p> | ||
@@ -23,4 +23,4 @@ * <p> | ||
| * <p>The temporary security credentials created by <code>AssumeRole</code> can be used to | ||
| * make API calls to any AWS service with the following exception: You cannot call the | ||
| * AWS STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * make API calls to any Amazon Web Services service with the following exception: You cannot call the | ||
| * STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * operations.</p> | ||
@@ -34,3 +34,3 @@ * <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -40,3 +40,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>To assume a role from a different account, your AWS account must be trusted by the | ||
| * <p>To assume a role from a different account, your account must be trusted by the | ||
| * role. The trust relationship is defined in the role's trust policy when the role is | ||
@@ -82,3 +82,3 @@ * created. That trust policy states which accounts are allowed to delegate that access to | ||
| * <code>AssumeRole</code>. This is useful for cross-account scenarios to ensure that the | ||
| * user that assumes the role has been authenticated with an AWS MFA device. In that | ||
| * user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that | ||
| * scenario, the trust policy of the role being assumed includes a condition that tests for | ||
@@ -85,0 +85,0 @@ * MFA authentication. If the caller does not include valid MFA information, the request to |
@@ -9,10 +9,10 @@ import { __extends } from "tslib"; | ||
| * via a SAML authentication response. This operation provides a mechanism for tying an | ||
| * enterprise identity store or directory to role-based AWS access without user-specific | ||
| * enterprise identity store or directory to role-based Amazon Web Services access without user-specific | ||
| * credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the | ||
| * other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this operation consist of an access key | ||
| * ID, a secret access key, and a security token. Applications can use these temporary | ||
| * security credentials to sign calls to AWS services.</p> | ||
| * security credentials to sign calls to Amazon Web Services services.</p> | ||
| * <p> | ||
@@ -37,3 +37,3 @@ * <b>Session Duration</b> | ||
| * <p> | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your AWS CLI or AWS API | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your CLI or Amazon Web Services API | ||
| * role session to a maximum of one hour. When you use the <code>AssumeRole</code> API | ||
@@ -51,3 +51,3 @@ * operation to assume a role, you can specify the duration of your role session with | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithSAML</code> can be | ||
| * used to make API calls to any AWS service with the following exception: you cannot call | ||
| * used to make API calls to any Amazon Web Services service with the following exception: you cannot call | ||
| * the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -62,3 +62,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -68,7 +68,7 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of AWS security | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of Amazon Web Services security | ||
| * credentials. The identity of the caller is validated by using keys in the metadata document | ||
| * that is uploaded for the SAML provider entity for your identity provider. </p> | ||
| * <important> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your AWS CloudTrail logs. | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your CloudTrail logs. | ||
| * The entry includes the value in the <code>NameID</code> element of the SAML assertion. | ||
@@ -93,3 +93,3 @@ * We recommend that you use a <code>NameIDType</code> that is not associated with any | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -116,4 +116,4 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Before your application can call <code>AssumeRoleWithSAML</code>, you must configure | ||
| * your SAML identity provider (IdP) to issue the claims required by AWS. Additionally, you | ||
| * must use AWS Identity and Access Management (IAM) to create a SAML provider entity in your AWS account that | ||
| * your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you | ||
| * must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that | ||
| * represents your identity provider. You must also create an IAM role that specifies this | ||
@@ -120,0 +120,0 @@ * SAML provider in its trust policy. </p> |
@@ -13,14 +13,14 @@ import { __extends } from "tslib"; | ||
| * <p>For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a> to uniquely | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a> to uniquely | ||
| * identify a user. You can also supply the user with a consistent identity throughout the | ||
| * lifetime of an application.</p> | ||
| * <p>To learn more about Amazon Cognito, see <a href="https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840">Amazon Cognito Overview</a> in | ||
| * <i>AWS SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>AWS SDK for iOS Developer Guide</i>.</p> | ||
| * <i>Amazon Web Services SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>Amazon Web Services SDK for iOS Developer Guide</i>.</p> | ||
| * </note> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of AWS | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services | ||
| * security credentials. Therefore, you can distribute an application (for example, on mobile | ||
| * devices) that requests temporary security credentials without including long-term AWS | ||
| * devices) that requests temporary security credentials without including long-term Amazon Web Services | ||
| * credentials in the application. You also don't need to deploy server-based proxy services | ||
| * that use long-term AWS credentials. Instead, the identity of the caller is validated by | ||
| * that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by | ||
| * using a token from the web identity provider. For a comparison of | ||
@@ -30,6 +30,6 @@ * <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this API consist of an access key ID, a | ||
| * secret access key, and a security token. Applications can use these temporary security | ||
| * credentials to sign calls to AWS service API operations.</p> | ||
| * credentials to sign calls to Amazon Web Services service API operations.</p> | ||
| * <p> | ||
@@ -54,3 +54,3 @@ * <b>Session Duration</b> | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> can | ||
| * be used to make API calls to any AWS service with the following exception: you cannot | ||
| * be used to make API calls to any Amazon Web Services service with the following exception: you cannot | ||
| * call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -65,3 +65,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -84,3 +84,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -113,3 +113,3 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> can result in an entry in your | ||
| * AWS CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * the provided web identity token. We recommend that you avoid using any personally | ||
@@ -131,3 +131,3 @@ * identifiable information (PII) in this field. For example, you could instead use a GUID | ||
| * authenticating through Login with Amazon, Facebook, or Google, getting temporary | ||
| * security credentials, and then using those credentials to make a request to AWS. | ||
| * security credentials, and then using those credentials to make a request to Amazon Web Services. | ||
| * </p> | ||
@@ -137,3 +137,3 @@ * </li> | ||
| * <p> | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a>. These toolkits | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits | ||
| * contain sample apps that show how to invoke the identity providers. The toolkits then | ||
@@ -140,0 +140,0 @@ * show how to use the information from these providers to get and use temporary |
@@ -9,9 +9,9 @@ import { __extends } from "tslib"; | ||
| * <p>Decodes additional information about the authorization status of a request from an | ||
| * encoded message returned in response to an AWS request.</p> | ||
| * encoded message returned in response to an Amazon Web Services request.</p> | ||
| * <p>For example, if a user is not authorized to perform an operation that he or she has | ||
| * requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an | ||
| * HTTP 403 response). Some AWS operations additionally return an encoded message that can | ||
| * HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can | ||
| * provide details about this authorization failure. </p> | ||
| * <note> | ||
| * <p>Only certain AWS operations return an encoded authorization message. The | ||
| * <p>Only certain Amazon Web Services operations return an encoded authorization message. The | ||
| * documentation for an individual operation indicates whether that operation returns an | ||
@@ -18,0 +18,0 @@ * encoded message in addition to returning an HTTP code.</p> |
@@ -14,5 +14,5 @@ import { __extends } from "tslib"; | ||
| * Users</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the AWS | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services | ||
| * account to which the keys belong. Access key IDs beginning with <code>AKIA</code> are | ||
| * long-term credentials for an IAM user or the AWS account root user. Access key IDs | ||
| * long-term credentials for an IAM user or the Amazon Web Services account root user. Access key IDs | ||
| * beginning with <code>ASIA</code> are temporary credentials that are created using STS | ||
@@ -19,0 +19,0 @@ * operations. If the account in the response belongs to you, you can sign in as the root |
@@ -17,3 +17,3 @@ import { __extends } from "tslib"; | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <note> | ||
@@ -27,3 +27,3 @@ * <p>You can create a mobile-based or browser-based app that can authenticate users using | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * an IAM user for the purpose of the proxy application. Then attach a policy to the IAM | ||
@@ -38,3 +38,3 @@ * user that limits federated users to only the actions and resources that they need to | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account | ||
| * root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -45,6 +45,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any | ||
| * AWS service except the following:</p> | ||
| * Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. </p> | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. </p> | ||
| * </li> | ||
@@ -87,3 +87,3 @@ * <li> | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you | ||
| * create an IAM user for the purpose of the proxy application. Then attach a policy to | ||
@@ -98,3 +98,3 @@ * the IAM user that limits federated users to only the actions and resources that they | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services | ||
| * account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -105,6 +105,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in | ||
| * any AWS service except the following:</p> | ||
| * any Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. | ||
| * </p> | ||
@@ -111,0 +111,0 @@ * </li> |
@@ -8,6 +8,6 @@ import { __extends } from "tslib"; | ||
| /** | ||
| * <p>Returns a set of temporary credentials for an AWS account or IAM user. The | ||
| * <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The | ||
| * credentials consist of an access key ID, a secret access key, and a security token. | ||
| * Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect | ||
| * programmatic calls to specific AWS API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * programmatic calls to specific Amazon Web Services API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * MFA-enabled IAM users would need to call <code>GetSessionToken</code> and submit an MFA | ||
@@ -20,8 +20,8 @@ * code that is associated with their MFA device. Using the temporary security credentials | ||
| * Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p> | ||
| * <b>Session Duration</b> | ||
| * </p> | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term AWS | ||
| * security credentials of the AWS account root user or an IAM user. Credentials that are | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services | ||
| * security credentials of the Amazon Web Services account root user or an IAM user. Credentials that are | ||
| * created by IAM users are valid for the duration that you specify. This duration can range | ||
@@ -35,3 +35,3 @@ * from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default | ||
| * <p>The temporary security credentials created by <code>GetSessionToken</code> can be used | ||
| * to make API calls to any AWS service with the following exceptions:</p> | ||
| * to make API calls to any Amazon Web Services service with the following exceptions:</p> | ||
| * <ul> | ||
@@ -48,10 +48,10 @@ * <li> | ||
| * <note> | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with AWS account | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with Amazon Web Services account | ||
| * root user credentials. Instead, follow our <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users">best practices</a> by | ||
| * creating one or more IAM users, giving them the necessary permissions, and using IAM | ||
| * users for everyday interaction with AWS. </p> | ||
| * users for everyday interaction with Amazon Web Services. </p> | ||
| * </note> | ||
| * <p>The credentials that are returned by <code>GetSessionToken</code> are based on | ||
| * permissions associated with the user whose credentials were used to call the operation. If | ||
| * <code>GetSessionToken</code> is called using AWS account root user credentials, the | ||
| * <code>GetSessionToken</code> is called using Amazon Web Services account root user credentials, the | ||
| * temporary credentials have root user permissions. Similarly, if | ||
@@ -58,0 +58,0 @@ * <code>GetSessionToken</code> is called using the credentials of an IAM user, the |
| { | ||
| "name": "@aws-sdk/client-sts", | ||
| "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", | ||
| "version": "3.20.0", | ||
| "version": "3.21.0", | ||
| "scripts": { | ||
@@ -31,3 +31,3 @@ "clean": "yarn remove-definitions && yarn remove-dist && yarn remove-documentation", | ||
| "@aws-sdk/config-resolver": "3.20.0", | ||
| "@aws-sdk/credential-provider-node": "3.20.0", | ||
| "@aws-sdk/credential-provider-node": "3.21.0", | ||
| "@aws-sdk/fetch-http-handler": "3.20.0", | ||
@@ -46,3 +46,3 @@ "@aws-sdk/hash-node": "3.20.0", | ||
| "@aws-sdk/node-config-provider": "3.20.0", | ||
| "@aws-sdk/node-http-handler": "3.20.0", | ||
| "@aws-sdk/node-http-handler": "3.21.0", | ||
| "@aws-sdk/protocol-http": "3.20.0", | ||
@@ -49,0 +49,0 @@ "@aws-sdk/smithy-client": "3.20.0", |
@@ -12,5 +12,5 @@ import { __extends } from "tslib"; | ||
| /** | ||
| * <fullname>AWS Security Token Service</fullname> | ||
| * <p>AWS Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for AWS Identity and Access Management (IAM) users or for users that you | ||
| * <fullname>Security Token Service</fullname> | ||
| * <p>Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for Identity and Access Management (IAM) users or for users that you | ||
| * authenticate (federated users). This guide provides descriptions of the STS API. For | ||
@@ -17,0 +17,0 @@ * more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p> |
@@ -12,5 +12,5 @@ import { __assign, __extends } from "tslib"; | ||
| /** | ||
| * <fullname>AWS Security Token Service</fullname> | ||
| * <p>AWS Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for AWS Identity and Access Management (IAM) users or for users that you | ||
| * <fullname>Security Token Service</fullname> | ||
| * <p>Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for Identity and Access Management (IAM) users or for users that you | ||
| * authenticate (federated users). This guide provides descriptions of the STS API. For | ||
@@ -17,0 +17,0 @@ * more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p> |
@@ -10,3 +10,3 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| /** | ||
| * <p>Returns a set of temporary security credentials that you can use to access AWS | ||
| * <p>Returns a set of temporary security credentials that you can use to access Amazon Web Services | ||
| * resources that you might not normally have access to. These temporary credentials | ||
@@ -18,3 +18,3 @@ * consist of an access key ID, a secret access key, and a security token. Typically, you | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing | ||
| * the AWS STS API operations</a> in the | ||
| * the STS API operations</a> in the | ||
| * <i>IAM User Guide</i>.</p> | ||
@@ -25,4 +25,4 @@ * <p> | ||
| * <p>The temporary security credentials created by <code>AssumeRole</code> can be used to | ||
| * make API calls to any AWS service with the following exception: You cannot call the | ||
| * AWS STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * make API calls to any Amazon Web Services service with the following exception: You cannot call the | ||
| * STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * operations.</p> | ||
@@ -36,3 +36,3 @@ * <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -42,3 +42,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>To assume a role from a different account, your AWS account must be trusted by the | ||
| * <p>To assume a role from a different account, your account must be trusted by the | ||
| * role. The trust relationship is defined in the role's trust policy when the role is | ||
@@ -84,3 +84,3 @@ * created. That trust policy states which accounts are allowed to delegate that access to | ||
| * <code>AssumeRole</code>. This is useful for cross-account scenarios to ensure that the | ||
| * user that assumes the role has been authenticated with an AWS MFA device. In that | ||
| * user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that | ||
| * scenario, the trust policy of the role being assumed includes a condition that tests for | ||
@@ -87,0 +87,0 @@ * MFA authentication. If the caller does not include valid MFA information, the request to |
@@ -12,10 +12,10 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * via a SAML authentication response. This operation provides a mechanism for tying an | ||
| * enterprise identity store or directory to role-based AWS access without user-specific | ||
| * enterprise identity store or directory to role-based Amazon Web Services access without user-specific | ||
| * credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the | ||
| * other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this operation consist of an access key | ||
| * ID, a secret access key, and a security token. Applications can use these temporary | ||
| * security credentials to sign calls to AWS services.</p> | ||
| * security credentials to sign calls to Amazon Web Services services.</p> | ||
| * <p> | ||
@@ -40,3 +40,3 @@ * <b>Session Duration</b> | ||
| * <p> | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your AWS CLI or AWS API | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your CLI or Amazon Web Services API | ||
| * role session to a maximum of one hour. When you use the <code>AssumeRole</code> API | ||
@@ -54,3 +54,3 @@ * operation to assume a role, you can specify the duration of your role session with | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithSAML</code> can be | ||
| * used to make API calls to any AWS service with the following exception: you cannot call | ||
| * used to make API calls to any Amazon Web Services service with the following exception: you cannot call | ||
| * the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -65,3 +65,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -71,7 +71,7 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of AWS security | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of Amazon Web Services security | ||
| * credentials. The identity of the caller is validated by using keys in the metadata document | ||
| * that is uploaded for the SAML provider entity for your identity provider. </p> | ||
| * <important> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your AWS CloudTrail logs. | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your CloudTrail logs. | ||
| * The entry includes the value in the <code>NameID</code> element of the SAML assertion. | ||
@@ -96,3 +96,3 @@ * We recommend that you use a <code>NameIDType</code> that is not associated with any | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -119,4 +119,4 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Before your application can call <code>AssumeRoleWithSAML</code>, you must configure | ||
| * your SAML identity provider (IdP) to issue the claims required by AWS. Additionally, you | ||
| * must use AWS Identity and Access Management (IAM) to create a SAML provider entity in your AWS account that | ||
| * your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you | ||
| * must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that | ||
| * represents your identity provider. You must also create an IAM role that specifies this | ||
@@ -123,0 +123,0 @@ * SAML provider in its trust policy. </p> |
@@ -16,14 +16,14 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * <p>For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a> to uniquely | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a> to uniquely | ||
| * identify a user. You can also supply the user with a consistent identity throughout the | ||
| * lifetime of an application.</p> | ||
| * <p>To learn more about Amazon Cognito, see <a href="https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840">Amazon Cognito Overview</a> in | ||
| * <i>AWS SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>AWS SDK for iOS Developer Guide</i>.</p> | ||
| * <i>Amazon Web Services SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>Amazon Web Services SDK for iOS Developer Guide</i>.</p> | ||
| * </note> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of AWS | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services | ||
| * security credentials. Therefore, you can distribute an application (for example, on mobile | ||
| * devices) that requests temporary security credentials without including long-term AWS | ||
| * devices) that requests temporary security credentials without including long-term Amazon Web Services | ||
| * credentials in the application. You also don't need to deploy server-based proxy services | ||
| * that use long-term AWS credentials. Instead, the identity of the caller is validated by | ||
| * that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by | ||
| * using a token from the web identity provider. For a comparison of | ||
@@ -33,6 +33,6 @@ * <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this API consist of an access key ID, a | ||
| * secret access key, and a security token. Applications can use these temporary security | ||
| * credentials to sign calls to AWS service API operations.</p> | ||
| * credentials to sign calls to Amazon Web Services service API operations.</p> | ||
| * <p> | ||
@@ -57,3 +57,3 @@ * <b>Session Duration</b> | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> can | ||
| * be used to make API calls to any AWS service with the following exception: you cannot | ||
| * be used to make API calls to any Amazon Web Services service with the following exception: you cannot | ||
| * call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -68,3 +68,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -87,3 +87,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -116,3 +116,3 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> can result in an entry in your | ||
| * AWS CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * the provided web identity token. We recommend that you avoid using any personally | ||
@@ -134,3 +134,3 @@ * identifiable information (PII) in this field. For example, you could instead use a GUID | ||
| * authenticating through Login with Amazon, Facebook, or Google, getting temporary | ||
| * security credentials, and then using those credentials to make a request to AWS. | ||
| * security credentials, and then using those credentials to make a request to Amazon Web Services. | ||
| * </p> | ||
@@ -140,3 +140,3 @@ * </li> | ||
| * <p> | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a>. These toolkits | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits | ||
| * contain sample apps that show how to invoke the identity providers. The toolkits then | ||
@@ -143,0 +143,0 @@ * show how to use the information from these providers to get and use temporary |
@@ -11,9 +11,9 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * <p>Decodes additional information about the authorization status of a request from an | ||
| * encoded message returned in response to an AWS request.</p> | ||
| * encoded message returned in response to an Amazon Web Services request.</p> | ||
| * <p>For example, if a user is not authorized to perform an operation that he or she has | ||
| * requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an | ||
| * HTTP 403 response). Some AWS operations additionally return an encoded message that can | ||
| * HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can | ||
| * provide details about this authorization failure. </p> | ||
| * <note> | ||
| * <p>Only certain AWS operations return an encoded authorization message. The | ||
| * <p>Only certain Amazon Web Services operations return an encoded authorization message. The | ||
| * documentation for an individual operation indicates whether that operation returns an | ||
@@ -20,0 +20,0 @@ * encoded message in addition to returning an HTTP code.</p> |
@@ -16,5 +16,5 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * Users</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the AWS | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services | ||
| * account to which the keys belong. Access key IDs beginning with <code>AKIA</code> are | ||
| * long-term credentials for an IAM user or the AWS account root user. Access key IDs | ||
| * long-term credentials for an IAM user or the Amazon Web Services account root user. Access key IDs | ||
| * beginning with <code>ASIA</code> are temporary credentials that are created using STS | ||
@@ -21,0 +21,0 @@ * operations. If the account in the response belongs to you, you can sign in as the root |
@@ -19,3 +19,3 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <note> | ||
@@ -29,3 +29,3 @@ * <p>You can create a mobile-based or browser-based app that can authenticate users using | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * an IAM user for the purpose of the proxy application. Then attach a policy to the IAM | ||
@@ -40,3 +40,3 @@ * user that limits federated users to only the actions and resources that they need to | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account | ||
| * root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -47,6 +47,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any | ||
| * AWS service except the following:</p> | ||
| * Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. </p> | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. </p> | ||
| * </li> | ||
@@ -89,3 +89,3 @@ * <li> | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you | ||
| * create an IAM user for the purpose of the proxy application. Then attach a policy to | ||
@@ -100,3 +100,3 @@ * the IAM user that limits federated users to only the actions and resources that they | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services | ||
| * account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -107,6 +107,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in | ||
| * any AWS service except the following:</p> | ||
| * any Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. | ||
| * </p> | ||
@@ -113,0 +113,0 @@ * </li> |
@@ -10,6 +10,6 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| /** | ||
| * <p>Returns a set of temporary credentials for an AWS account or IAM user. The | ||
| * <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The | ||
| * credentials consist of an access key ID, a secret access key, and a security token. | ||
| * Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect | ||
| * programmatic calls to specific AWS API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * programmatic calls to specific Amazon Web Services API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * MFA-enabled IAM users would need to call <code>GetSessionToken</code> and submit an MFA | ||
@@ -22,8 +22,8 @@ * code that is associated with their MFA device. Using the temporary security credentials | ||
| * Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p> | ||
| * <b>Session Duration</b> | ||
| * </p> | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term AWS | ||
| * security credentials of the AWS account root user or an IAM user. Credentials that are | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services | ||
| * security credentials of the Amazon Web Services account root user or an IAM user. Credentials that are | ||
| * created by IAM users are valid for the duration that you specify. This duration can range | ||
@@ -37,3 +37,3 @@ * from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default | ||
| * <p>The temporary security credentials created by <code>GetSessionToken</code> can be used | ||
| * to make API calls to any AWS service with the following exceptions:</p> | ||
| * to make API calls to any Amazon Web Services service with the following exceptions:</p> | ||
| * <ul> | ||
@@ -50,10 +50,10 @@ * <li> | ||
| * <note> | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with AWS account | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with Amazon Web Services account | ||
| * root user credentials. Instead, follow our <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users">best practices</a> by | ||
| * creating one or more IAM users, giving them the necessary permissions, and using IAM | ||
| * users for everyday interaction with AWS. </p> | ||
| * users for everyday interaction with Amazon Web Services. </p> | ||
| * </note> | ||
| * <p>The credentials that are returned by <code>GetSessionToken</code> are based on | ||
| * permissions associated with the user whose credentials were used to call the operation. If | ||
| * <code>GetSessionToken</code> is called using AWS account root user credentials, the | ||
| * <code>GetSessionToken</code> is called using Amazon Web Services account root user credentials, the | ||
| * temporary credentials have root user permissions. Similarly, if | ||
@@ -60,0 +60,0 @@ * <code>GetSessionToken</code> is called using the credentials of an IAM user, the |
@@ -12,5 +12,5 @@ import { STSClient } from "./STSClient"; | ||
| /** | ||
| * <fullname>AWS Security Token Service</fullname> | ||
| * <p>AWS Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for AWS Identity and Access Management (IAM) users or for users that you | ||
| * <fullname>Security Token Service</fullname> | ||
| * <p>Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for Identity and Access Management (IAM) users or for users that you | ||
| * authenticate (federated users). This guide provides descriptions of the STS API. For | ||
@@ -21,3 +21,3 @@ * more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p> | ||
| /** | ||
| * <p>Returns a set of temporary security credentials that you can use to access AWS | ||
| * <p>Returns a set of temporary security credentials that you can use to access Amazon Web Services | ||
| * resources that you might not normally have access to. These temporary credentials | ||
@@ -29,3 +29,3 @@ * consist of an access key ID, a secret access key, and a security token. Typically, you | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing | ||
| * the AWS STS API operations</a> in the | ||
| * the STS API operations</a> in the | ||
| * <i>IAM User Guide</i>.</p> | ||
@@ -36,4 +36,4 @@ * <p> | ||
| * <p>The temporary security credentials created by <code>AssumeRole</code> can be used to | ||
| * make API calls to any AWS service with the following exception: You cannot call the | ||
| * AWS STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * make API calls to any Amazon Web Services service with the following exception: You cannot call the | ||
| * STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * operations.</p> | ||
@@ -47,3 +47,3 @@ * <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -53,3 +53,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>To assume a role from a different account, your AWS account must be trusted by the | ||
| * <p>To assume a role from a different account, your account must be trusted by the | ||
| * role. The trust relationship is defined in the role's trust policy when the role is | ||
@@ -95,3 +95,3 @@ * created. That trust policy states which accounts are allowed to delegate that access to | ||
| * <code>AssumeRole</code>. This is useful for cross-account scenarios to ensure that the | ||
| * user that assumes the role has been authenticated with an AWS MFA device. In that | ||
| * user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that | ||
| * scenario, the trust policy of the role being assumed includes a condition that tests for | ||
@@ -118,10 +118,10 @@ * MFA authentication. If the caller does not include valid MFA information, the request to | ||
| * via a SAML authentication response. This operation provides a mechanism for tying an | ||
| * enterprise identity store or directory to role-based AWS access without user-specific | ||
| * enterprise identity store or directory to role-based Amazon Web Services access without user-specific | ||
| * credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the | ||
| * other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this operation consist of an access key | ||
| * ID, a secret access key, and a security token. Applications can use these temporary | ||
| * security credentials to sign calls to AWS services.</p> | ||
| * security credentials to sign calls to Amazon Web Services services.</p> | ||
| * <p> | ||
@@ -146,3 +146,3 @@ * <b>Session Duration</b> | ||
| * <p> | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your AWS CLI or AWS API | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your CLI or Amazon Web Services API | ||
| * role session to a maximum of one hour. When you use the <code>AssumeRole</code> API | ||
@@ -160,3 +160,3 @@ * operation to assume a role, you can specify the duration of your role session with | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithSAML</code> can be | ||
| * used to make API calls to any AWS service with the following exception: you cannot call | ||
| * used to make API calls to any Amazon Web Services service with the following exception: you cannot call | ||
| * the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -171,3 +171,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -177,7 +177,7 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of AWS security | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of Amazon Web Services security | ||
| * credentials. The identity of the caller is validated by using keys in the metadata document | ||
| * that is uploaded for the SAML provider entity for your identity provider. </p> | ||
| * <important> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your AWS CloudTrail logs. | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your CloudTrail logs. | ||
| * The entry includes the value in the <code>NameID</code> element of the SAML assertion. | ||
@@ -202,3 +202,3 @@ * We recommend that you use a <code>NameIDType</code> that is not associated with any | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -225,4 +225,4 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Before your application can call <code>AssumeRoleWithSAML</code>, you must configure | ||
| * your SAML identity provider (IdP) to issue the claims required by AWS. Additionally, you | ||
| * must use AWS Identity and Access Management (IAM) to create a SAML provider entity in your AWS account that | ||
| * your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you | ||
| * must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that | ||
| * represents your identity provider. You must also create an IAM role that specifies this | ||
@@ -266,14 +266,14 @@ * SAML provider in its trust policy. </p> | ||
| * <p>For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a> to uniquely | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a> to uniquely | ||
| * identify a user. You can also supply the user with a consistent identity throughout the | ||
| * lifetime of an application.</p> | ||
| * <p>To learn more about Amazon Cognito, see <a href="https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840">Amazon Cognito Overview</a> in | ||
| * <i>AWS SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>AWS SDK for iOS Developer Guide</i>.</p> | ||
| * <i>Amazon Web Services SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>Amazon Web Services SDK for iOS Developer Guide</i>.</p> | ||
| * </note> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of AWS | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services | ||
| * security credentials. Therefore, you can distribute an application (for example, on mobile | ||
| * devices) that requests temporary security credentials without including long-term AWS | ||
| * devices) that requests temporary security credentials without including long-term Amazon Web Services | ||
| * credentials in the application. You also don't need to deploy server-based proxy services | ||
| * that use long-term AWS credentials. Instead, the identity of the caller is validated by | ||
| * that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by | ||
| * using a token from the web identity provider. For a comparison of | ||
@@ -283,6 +283,6 @@ * <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this API consist of an access key ID, a | ||
| * secret access key, and a security token. Applications can use these temporary security | ||
| * credentials to sign calls to AWS service API operations.</p> | ||
| * credentials to sign calls to Amazon Web Services service API operations.</p> | ||
| * <p> | ||
@@ -307,3 +307,3 @@ * <b>Session Duration</b> | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> can | ||
| * be used to make API calls to any AWS service with the following exception: you cannot | ||
| * be used to make API calls to any Amazon Web Services service with the following exception: you cannot | ||
| * call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -318,3 +318,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -337,3 +337,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -366,3 +366,3 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> can result in an entry in your | ||
| * AWS CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * the provided web identity token. We recommend that you avoid using any personally | ||
@@ -384,3 +384,3 @@ * identifiable information (PII) in this field. For example, you could instead use a GUID | ||
| * authenticating through Login with Amazon, Facebook, or Google, getting temporary | ||
| * security credentials, and then using those credentials to make a request to AWS. | ||
| * security credentials, and then using those credentials to make a request to Amazon Web Services. | ||
| * </p> | ||
@@ -390,3 +390,3 @@ * </li> | ||
| * <p> | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a>. These toolkits | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits | ||
| * contain sample apps that show how to invoke the identity providers. The toolkits then | ||
@@ -410,9 +410,9 @@ * show how to use the information from these providers to get and use temporary | ||
| * <p>Decodes additional information about the authorization status of a request from an | ||
| * encoded message returned in response to an AWS request.</p> | ||
| * encoded message returned in response to an Amazon Web Services request.</p> | ||
| * <p>For example, if a user is not authorized to perform an operation that he or she has | ||
| * requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an | ||
| * HTTP 403 response). Some AWS operations additionally return an encoded message that can | ||
| * HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can | ||
| * provide details about this authorization failure. </p> | ||
| * <note> | ||
| * <p>Only certain AWS operations return an encoded authorization message. The | ||
| * <p>Only certain Amazon Web Services operations return an encoded authorization message. The | ||
| * documentation for an individual operation indicates whether that operation returns an | ||
@@ -457,5 +457,5 @@ * encoded message in addition to returning an HTTP code.</p> | ||
| * Users</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the AWS | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services | ||
| * account to which the keys belong. Access key IDs beginning with <code>AKIA</code> are | ||
| * long-term credentials for an IAM user or the AWS account root user. Access key IDs | ||
| * long-term credentials for an IAM user or the Amazon Web Services account root user. Access key IDs | ||
| * beginning with <code>ASIA</code> are temporary credentials that are created using STS | ||
@@ -499,3 +499,3 @@ * operations. If the account in the response belongs to you, you can sign in as the root | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <note> | ||
@@ -509,3 +509,3 @@ * <p>You can create a mobile-based or browser-based app that can authenticate users using | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * an IAM user for the purpose of the proxy application. Then attach a policy to the IAM | ||
@@ -520,3 +520,3 @@ * user that limits federated users to only the actions and resources that they need to | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account | ||
| * root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -527,6 +527,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any | ||
| * AWS service except the following:</p> | ||
| * Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. </p> | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. </p> | ||
| * </li> | ||
@@ -569,3 +569,3 @@ * <li> | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you | ||
| * create an IAM user for the purpose of the proxy application. Then attach a policy to | ||
@@ -580,3 +580,3 @@ * the IAM user that limits federated users to only the actions and resources that they | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services | ||
| * account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -587,6 +587,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in | ||
| * any AWS service except the following:</p> | ||
| * any Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. | ||
| * </p> | ||
@@ -641,6 +641,6 @@ * </li> | ||
| /** | ||
| * <p>Returns a set of temporary credentials for an AWS account or IAM user. The | ||
| * <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The | ||
| * credentials consist of an access key ID, a secret access key, and a security token. | ||
| * Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect | ||
| * programmatic calls to specific AWS API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * programmatic calls to specific Amazon Web Services API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * MFA-enabled IAM users would need to call <code>GetSessionToken</code> and submit an MFA | ||
@@ -653,8 +653,8 @@ * code that is associated with their MFA device. Using the temporary security credentials | ||
| * Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p> | ||
| * <b>Session Duration</b> | ||
| * </p> | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term AWS | ||
| * security credentials of the AWS account root user or an IAM user. Credentials that are | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services | ||
| * security credentials of the Amazon Web Services account root user or an IAM user. Credentials that are | ||
| * created by IAM users are valid for the duration that you specify. This duration can range | ||
@@ -668,3 +668,3 @@ * from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default | ||
| * <p>The temporary security credentials created by <code>GetSessionToken</code> can be used | ||
| * to make API calls to any AWS service with the following exceptions:</p> | ||
| * to make API calls to any Amazon Web Services service with the following exceptions:</p> | ||
| * <ul> | ||
@@ -681,10 +681,10 @@ * <li> | ||
| * <note> | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with AWS account | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with Amazon Web Services account | ||
| * root user credentials. Instead, follow our <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users">best practices</a> by | ||
| * creating one or more IAM users, giving them the necessary permissions, and using IAM | ||
| * users for everyday interaction with AWS. </p> | ||
| * users for everyday interaction with Amazon Web Services. </p> | ||
| * </note> | ||
| * <p>The credentials that are returned by <code>GetSessionToken</code> are based on | ||
| * permissions associated with the user whose credentials were used to call the operation. If | ||
| * <code>GetSessionToken</code> is called using AWS account root user credentials, the | ||
| * <code>GetSessionToken</code> is called using Amazon Web Services account root user credentials, the | ||
| * temporary credentials have root user permissions. Similarly, if | ||
@@ -691,0 +691,0 @@ * <code>GetSessionToken</code> is called using the credentials of an IAM user, the |
@@ -76,11 +76,2 @@ import { AssumeRoleCommandInput, AssumeRoleCommandOutput } from "./commands/AssumeRoleCommand"; | ||
| /** | ||
| * Unique service identifier. | ||
| * @internal | ||
| */ | ||
| serviceId?: string; | ||
| /** | ||
| * The AWS region to which this client will send requests | ||
| */ | ||
| region?: string | __Provider<string>; | ||
| /** | ||
| * Value for how many times a request will be made at most in case of retry. | ||
@@ -99,2 +90,11 @@ */ | ||
| /** | ||
| * Unique service identifier. | ||
| * @internal | ||
| */ | ||
| serviceId?: string; | ||
| /** | ||
| * The AWS region to which this client will send requests | ||
| */ | ||
| region?: string | __Provider<string>; | ||
| /** | ||
| * Default credentials provider; Not available in browser runtime. | ||
@@ -128,5 +128,5 @@ * @internal | ||
| /** | ||
| * <fullname>AWS Security Token Service</fullname> | ||
| * <p>AWS Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for AWS Identity and Access Management (IAM) users or for users that you | ||
| * <fullname>Security Token Service</fullname> | ||
| * <p>Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for Identity and Access Management (IAM) users or for users that you | ||
| * authenticate (federated users). This guide provides descriptions of the STS API. For | ||
@@ -133,0 +133,0 @@ * more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p> |
@@ -10,3 +10,3 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| /** | ||
| * <p>Returns a set of temporary security credentials that you can use to access AWS | ||
| * <p>Returns a set of temporary security credentials that you can use to access Amazon Web Services | ||
| * resources that you might not normally have access to. These temporary credentials | ||
@@ -18,3 +18,3 @@ * consist of an access key ID, a secret access key, and a security token. Typically, you | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing | ||
| * the AWS STS API operations</a> in the | ||
| * the STS API operations</a> in the | ||
| * <i>IAM User Guide</i>.</p> | ||
@@ -25,4 +25,4 @@ * <p> | ||
| * <p>The temporary security credentials created by <code>AssumeRole</code> can be used to | ||
| * make API calls to any AWS service with the following exception: You cannot call the | ||
| * AWS STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * make API calls to any Amazon Web Services service with the following exception: You cannot call the | ||
| * STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * operations.</p> | ||
@@ -36,3 +36,3 @@ * <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -42,3 +42,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>To assume a role from a different account, your AWS account must be trusted by the | ||
| * <p>To assume a role from a different account, your account must be trusted by the | ||
| * role. The trust relationship is defined in the role's trust policy when the role is | ||
@@ -84,3 +84,3 @@ * created. That trust policy states which accounts are allowed to delegate that access to | ||
| * <code>AssumeRole</code>. This is useful for cross-account scenarios to ensure that the | ||
| * user that assumes the role has been authenticated with an AWS MFA device. In that | ||
| * user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that | ||
| * scenario, the trust policy of the role being assumed includes a condition that tests for | ||
@@ -87,0 +87,0 @@ * MFA authentication. If the caller does not include valid MFA information, the request to |
@@ -12,10 +12,10 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * via a SAML authentication response. This operation provides a mechanism for tying an | ||
| * enterprise identity store or directory to role-based AWS access without user-specific | ||
| * enterprise identity store or directory to role-based Amazon Web Services access without user-specific | ||
| * credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the | ||
| * other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this operation consist of an access key | ||
| * ID, a secret access key, and a security token. Applications can use these temporary | ||
| * security credentials to sign calls to AWS services.</p> | ||
| * security credentials to sign calls to Amazon Web Services services.</p> | ||
| * <p> | ||
@@ -40,3 +40,3 @@ * <b>Session Duration</b> | ||
| * <p> | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your AWS CLI or AWS API | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your CLI or Amazon Web Services API | ||
| * role session to a maximum of one hour. When you use the <code>AssumeRole</code> API | ||
@@ -54,3 +54,3 @@ * operation to assume a role, you can specify the duration of your role session with | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithSAML</code> can be | ||
| * used to make API calls to any AWS service with the following exception: you cannot call | ||
| * used to make API calls to any Amazon Web Services service with the following exception: you cannot call | ||
| * the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -65,3 +65,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -71,7 +71,7 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of AWS security | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of Amazon Web Services security | ||
| * credentials. The identity of the caller is validated by using keys in the metadata document | ||
| * that is uploaded for the SAML provider entity for your identity provider. </p> | ||
| * <important> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your AWS CloudTrail logs. | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your CloudTrail logs. | ||
| * The entry includes the value in the <code>NameID</code> element of the SAML assertion. | ||
@@ -96,3 +96,3 @@ * We recommend that you use a <code>NameIDType</code> that is not associated with any | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -119,4 +119,4 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Before your application can call <code>AssumeRoleWithSAML</code>, you must configure | ||
| * your SAML identity provider (IdP) to issue the claims required by AWS. Additionally, you | ||
| * must use AWS Identity and Access Management (IAM) to create a SAML provider entity in your AWS account that | ||
| * your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you | ||
| * must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that | ||
| * represents your identity provider. You must also create an IAM role that specifies this | ||
@@ -123,0 +123,0 @@ * SAML provider in its trust policy. </p> |
@@ -16,14 +16,14 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * <p>For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a> to uniquely | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a> to uniquely | ||
| * identify a user. You can also supply the user with a consistent identity throughout the | ||
| * lifetime of an application.</p> | ||
| * <p>To learn more about Amazon Cognito, see <a href="https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840">Amazon Cognito Overview</a> in | ||
| * <i>AWS SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>AWS SDK for iOS Developer Guide</i>.</p> | ||
| * <i>Amazon Web Services SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>Amazon Web Services SDK for iOS Developer Guide</i>.</p> | ||
| * </note> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of AWS | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services | ||
| * security credentials. Therefore, you can distribute an application (for example, on mobile | ||
| * devices) that requests temporary security credentials without including long-term AWS | ||
| * devices) that requests temporary security credentials without including long-term Amazon Web Services | ||
| * credentials in the application. You also don't need to deploy server-based proxy services | ||
| * that use long-term AWS credentials. Instead, the identity of the caller is validated by | ||
| * that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by | ||
| * using a token from the web identity provider. For a comparison of | ||
@@ -33,6 +33,6 @@ * <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this API consist of an access key ID, a | ||
| * secret access key, and a security token. Applications can use these temporary security | ||
| * credentials to sign calls to AWS service API operations.</p> | ||
| * credentials to sign calls to Amazon Web Services service API operations.</p> | ||
| * <p> | ||
@@ -57,3 +57,3 @@ * <b>Session Duration</b> | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> can | ||
| * be used to make API calls to any AWS service with the following exception: you cannot | ||
| * be used to make API calls to any Amazon Web Services service with the following exception: you cannot | ||
| * call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -68,3 +68,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -87,3 +87,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -116,3 +116,3 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> can result in an entry in your | ||
| * AWS CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * the provided web identity token. We recommend that you avoid using any personally | ||
@@ -134,3 +134,3 @@ * identifiable information (PII) in this field. For example, you could instead use a GUID | ||
| * authenticating through Login with Amazon, Facebook, or Google, getting temporary | ||
| * security credentials, and then using those credentials to make a request to AWS. | ||
| * security credentials, and then using those credentials to make a request to Amazon Web Services. | ||
| * </p> | ||
@@ -140,3 +140,3 @@ * </li> | ||
| * <p> | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a>. These toolkits | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits | ||
| * contain sample apps that show how to invoke the identity providers. The toolkits then | ||
@@ -143,0 +143,0 @@ * show how to use the information from these providers to get and use temporary |
@@ -11,9 +11,9 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * <p>Decodes additional information about the authorization status of a request from an | ||
| * encoded message returned in response to an AWS request.</p> | ||
| * encoded message returned in response to an Amazon Web Services request.</p> | ||
| * <p>For example, if a user is not authorized to perform an operation that he or she has | ||
| * requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an | ||
| * HTTP 403 response). Some AWS operations additionally return an encoded message that can | ||
| * HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can | ||
| * provide details about this authorization failure. </p> | ||
| * <note> | ||
| * <p>Only certain AWS operations return an encoded authorization message. The | ||
| * <p>Only certain Amazon Web Services operations return an encoded authorization message. The | ||
| * documentation for an individual operation indicates whether that operation returns an | ||
@@ -20,0 +20,0 @@ * encoded message in addition to returning an HTTP code.</p> |
@@ -16,5 +16,5 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * Users</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the AWS | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services | ||
| * account to which the keys belong. Access key IDs beginning with <code>AKIA</code> are | ||
| * long-term credentials for an IAM user or the AWS account root user. Access key IDs | ||
| * long-term credentials for an IAM user or the Amazon Web Services account root user. Access key IDs | ||
| * beginning with <code>ASIA</code> are temporary credentials that are created using STS | ||
@@ -21,0 +21,0 @@ * operations. If the account in the response belongs to you, you can sign in as the root |
@@ -19,3 +19,3 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <note> | ||
@@ -29,3 +29,3 @@ * <p>You can create a mobile-based or browser-based app that can authenticate users using | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * an IAM user for the purpose of the proxy application. Then attach a policy to the IAM | ||
@@ -40,3 +40,3 @@ * user that limits federated users to only the actions and resources that they need to | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account | ||
| * root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -47,6 +47,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any | ||
| * AWS service except the following:</p> | ||
| * Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. </p> | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. </p> | ||
| * </li> | ||
@@ -89,3 +89,3 @@ * <li> | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you | ||
| * create an IAM user for the purpose of the proxy application. Then attach a policy to | ||
@@ -100,3 +100,3 @@ * the IAM user that limits federated users to only the actions and resources that they | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services | ||
| * account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -107,6 +107,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in | ||
| * any AWS service except the following:</p> | ||
| * any Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. | ||
| * </p> | ||
@@ -113,0 +113,0 @@ * </li> |
@@ -10,6 +10,6 @@ import { STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../STSClient"; | ||
| /** | ||
| * <p>Returns a set of temporary credentials for an AWS account or IAM user. The | ||
| * <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The | ||
| * credentials consist of an access key ID, a secret access key, and a security token. | ||
| * Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect | ||
| * programmatic calls to specific AWS API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * programmatic calls to specific Amazon Web Services API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * MFA-enabled IAM users would need to call <code>GetSessionToken</code> and submit an MFA | ||
@@ -22,8 +22,8 @@ * code that is associated with their MFA device. Using the temporary security credentials | ||
| * Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p> | ||
| * <b>Session Duration</b> | ||
| * </p> | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term AWS | ||
| * security credentials of the AWS account root user or an IAM user. Credentials that are | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services | ||
| * security credentials of the Amazon Web Services account root user or an IAM user. Credentials that are | ||
| * created by IAM users are valid for the duration that you specify. This duration can range | ||
@@ -37,3 +37,3 @@ * from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default | ||
| * <p>The temporary security credentials created by <code>GetSessionToken</code> can be used | ||
| * to make API calls to any AWS service with the following exceptions:</p> | ||
| * to make API calls to any Amazon Web Services service with the following exceptions:</p> | ||
| * <ul> | ||
@@ -50,10 +50,10 @@ * <li> | ||
| * <note> | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with AWS account | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with Amazon Web Services account | ||
| * root user credentials. Instead, follow our <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users">best practices</a> by | ||
| * creating one or more IAM users, giving them the necessary permissions, and using IAM | ||
| * users for everyday interaction with AWS. </p> | ||
| * users for everyday interaction with Amazon Web Services. </p> | ||
| * </note> | ||
| * <p>The credentials that are returned by <code>GetSessionToken</code> are based on | ||
| * permissions associated with the user whose credentials were used to call the operation. If | ||
| * <code>GetSessionToken</code> is called using AWS account root user credentials, the | ||
| * <code>GetSessionToken</code> is called using Amazon Web Services account root user credentials, the | ||
| * temporary credentials have root user permissions. Similarly, if | ||
@@ -60,0 +60,0 @@ * <code>GetSessionToken</code> is called using the credentials of an IAM user, the |
@@ -12,5 +12,5 @@ import { STSClient } from "./STSClient"; | ||
| /** | ||
| * <fullname>AWS Security Token Service</fullname> | ||
| * <p>AWS Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for AWS Identity and Access Management (IAM) users or for users that you | ||
| * <fullname>Security Token Service</fullname> | ||
| * <p>Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for Identity and Access Management (IAM) users or for users that you | ||
| * authenticate (federated users). This guide provides descriptions of the STS API. For | ||
@@ -21,3 +21,3 @@ * more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p> | ||
| /** | ||
| * <p>Returns a set of temporary security credentials that you can use to access AWS | ||
| * <p>Returns a set of temporary security credentials that you can use to access Amazon Web Services | ||
| * resources that you might not normally have access to. These temporary credentials | ||
@@ -29,3 +29,3 @@ * consist of an access key ID, a secret access key, and a security token. Typically, you | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing | ||
| * the AWS STS API operations</a> in the | ||
| * the STS API operations</a> in the | ||
| * <i>IAM User Guide</i>.</p> | ||
@@ -36,4 +36,4 @@ * <p> | ||
| * <p>The temporary security credentials created by <code>AssumeRole</code> can be used to | ||
| * make API calls to any AWS service with the following exception: You cannot call the | ||
| * AWS STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * make API calls to any Amazon Web Services service with the following exception: You cannot call the | ||
| * STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * operations.</p> | ||
@@ -47,3 +47,3 @@ * <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -53,3 +53,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>To assume a role from a different account, your AWS account must be trusted by the | ||
| * <p>To assume a role from a different account, your account must be trusted by the | ||
| * role. The trust relationship is defined in the role's trust policy when the role is | ||
@@ -95,3 +95,3 @@ * created. That trust policy states which accounts are allowed to delegate that access to | ||
| * <code>AssumeRole</code>. This is useful for cross-account scenarios to ensure that the | ||
| * user that assumes the role has been authenticated with an AWS MFA device. In that | ||
| * user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that | ||
| * scenario, the trust policy of the role being assumed includes a condition that tests for | ||
@@ -118,10 +118,10 @@ * MFA authentication. If the caller does not include valid MFA information, the request to | ||
| * via a SAML authentication response. This operation provides a mechanism for tying an | ||
| * enterprise identity store or directory to role-based AWS access without user-specific | ||
| * enterprise identity store or directory to role-based Amazon Web Services access without user-specific | ||
| * credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the | ||
| * other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this operation consist of an access key | ||
| * ID, a secret access key, and a security token. Applications can use these temporary | ||
| * security credentials to sign calls to AWS services.</p> | ||
| * security credentials to sign calls to Amazon Web Services services.</p> | ||
| * <p> | ||
@@ -146,3 +146,3 @@ * <b>Session Duration</b> | ||
| * <p> | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your AWS CLI or AWS API | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your CLI or Amazon Web Services API | ||
| * role session to a maximum of one hour. When you use the <code>AssumeRole</code> API | ||
@@ -160,3 +160,3 @@ * operation to assume a role, you can specify the duration of your role session with | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithSAML</code> can be | ||
| * used to make API calls to any AWS service with the following exception: you cannot call | ||
| * used to make API calls to any Amazon Web Services service with the following exception: you cannot call | ||
| * the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -171,3 +171,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -177,7 +177,7 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of AWS security | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of Amazon Web Services security | ||
| * credentials. The identity of the caller is validated by using keys in the metadata document | ||
| * that is uploaded for the SAML provider entity for your identity provider. </p> | ||
| * <important> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your AWS CloudTrail logs. | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your CloudTrail logs. | ||
| * The entry includes the value in the <code>NameID</code> element of the SAML assertion. | ||
@@ -202,3 +202,3 @@ * We recommend that you use a <code>NameIDType</code> that is not associated with any | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -225,4 +225,4 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Before your application can call <code>AssumeRoleWithSAML</code>, you must configure | ||
| * your SAML identity provider (IdP) to issue the claims required by AWS. Additionally, you | ||
| * must use AWS Identity and Access Management (IAM) to create a SAML provider entity in your AWS account that | ||
| * your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you | ||
| * must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that | ||
| * represents your identity provider. You must also create an IAM role that specifies this | ||
@@ -266,14 +266,14 @@ * SAML provider in its trust policy. </p> | ||
| * <p>For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a> to uniquely | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a> to uniquely | ||
| * identify a user. You can also supply the user with a consistent identity throughout the | ||
| * lifetime of an application.</p> | ||
| * <p>To learn more about Amazon Cognito, see <a href="https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840">Amazon Cognito Overview</a> in | ||
| * <i>AWS SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>AWS SDK for iOS Developer Guide</i>.</p> | ||
| * <i>Amazon Web Services SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>Amazon Web Services SDK for iOS Developer Guide</i>.</p> | ||
| * </note> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of AWS | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services | ||
| * security credentials. Therefore, you can distribute an application (for example, on mobile | ||
| * devices) that requests temporary security credentials without including long-term AWS | ||
| * devices) that requests temporary security credentials without including long-term Amazon Web Services | ||
| * credentials in the application. You also don't need to deploy server-based proxy services | ||
| * that use long-term AWS credentials. Instead, the identity of the caller is validated by | ||
| * that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by | ||
| * using a token from the web identity provider. For a comparison of | ||
@@ -283,6 +283,6 @@ * <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this API consist of an access key ID, a | ||
| * secret access key, and a security token. Applications can use these temporary security | ||
| * credentials to sign calls to AWS service API operations.</p> | ||
| * credentials to sign calls to Amazon Web Services service API operations.</p> | ||
| * <p> | ||
@@ -307,3 +307,3 @@ * <b>Session Duration</b> | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> can | ||
| * be used to make API calls to any AWS service with the following exception: you cannot | ||
| * be used to make API calls to any Amazon Web Services service with the following exception: you cannot | ||
| * call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -318,3 +318,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -337,3 +337,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -366,3 +366,3 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> can result in an entry in your | ||
| * AWS CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * the provided web identity token. We recommend that you avoid using any personally | ||
@@ -384,3 +384,3 @@ * identifiable information (PII) in this field. For example, you could instead use a GUID | ||
| * authenticating through Login with Amazon, Facebook, or Google, getting temporary | ||
| * security credentials, and then using those credentials to make a request to AWS. | ||
| * security credentials, and then using those credentials to make a request to Amazon Web Services. | ||
| * </p> | ||
@@ -390,3 +390,3 @@ * </li> | ||
| * <p> | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a>. These toolkits | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits | ||
| * contain sample apps that show how to invoke the identity providers. The toolkits then | ||
@@ -410,9 +410,9 @@ * show how to use the information from these providers to get and use temporary | ||
| * <p>Decodes additional information about the authorization status of a request from an | ||
| * encoded message returned in response to an AWS request.</p> | ||
| * encoded message returned in response to an Amazon Web Services request.</p> | ||
| * <p>For example, if a user is not authorized to perform an operation that he or she has | ||
| * requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an | ||
| * HTTP 403 response). Some AWS operations additionally return an encoded message that can | ||
| * HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can | ||
| * provide details about this authorization failure. </p> | ||
| * <note> | ||
| * <p>Only certain AWS operations return an encoded authorization message. The | ||
| * <p>Only certain Amazon Web Services operations return an encoded authorization message. The | ||
| * documentation for an individual operation indicates whether that operation returns an | ||
@@ -457,5 +457,5 @@ * encoded message in addition to returning an HTTP code.</p> | ||
| * Users</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the AWS | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services | ||
| * account to which the keys belong. Access key IDs beginning with <code>AKIA</code> are | ||
| * long-term credentials for an IAM user or the AWS account root user. Access key IDs | ||
| * long-term credentials for an IAM user or the Amazon Web Services account root user. Access key IDs | ||
| * beginning with <code>ASIA</code> are temporary credentials that are created using STS | ||
@@ -499,3 +499,3 @@ * operations. If the account in the response belongs to you, you can sign in as the root | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <note> | ||
@@ -509,3 +509,3 @@ * <p>You can create a mobile-based or browser-based app that can authenticate users using | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * an IAM user for the purpose of the proxy application. Then attach a policy to the IAM | ||
@@ -520,3 +520,3 @@ * user that limits federated users to only the actions and resources that they need to | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account | ||
| * root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -527,6 +527,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any | ||
| * AWS service except the following:</p> | ||
| * Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. </p> | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. </p> | ||
| * </li> | ||
@@ -569,3 +569,3 @@ * <li> | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you | ||
| * create an IAM user for the purpose of the proxy application. Then attach a policy to | ||
@@ -580,3 +580,3 @@ * the IAM user that limits federated users to only the actions and resources that they | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services | ||
| * account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -587,6 +587,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in | ||
| * any AWS service except the following:</p> | ||
| * any Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. | ||
| * </p> | ||
@@ -641,6 +641,6 @@ * </li> | ||
| /** | ||
| * <p>Returns a set of temporary credentials for an AWS account or IAM user. The | ||
| * <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The | ||
| * credentials consist of an access key ID, a secret access key, and a security token. | ||
| * Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect | ||
| * programmatic calls to specific AWS API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * programmatic calls to specific Amazon Web Services API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * MFA-enabled IAM users would need to call <code>GetSessionToken</code> and submit an MFA | ||
@@ -653,8 +653,8 @@ * code that is associated with their MFA device. Using the temporary security credentials | ||
| * Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p> | ||
| * <b>Session Duration</b> | ||
| * </p> | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term AWS | ||
| * security credentials of the AWS account root user or an IAM user. Credentials that are | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services | ||
| * security credentials of the Amazon Web Services account root user or an IAM user. Credentials that are | ||
| * created by IAM users are valid for the duration that you specify. This duration can range | ||
@@ -668,3 +668,3 @@ * from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default | ||
| * <p>The temporary security credentials created by <code>GetSessionToken</code> can be used | ||
| * to make API calls to any AWS service with the following exceptions:</p> | ||
| * to make API calls to any Amazon Web Services service with the following exceptions:</p> | ||
| * <ul> | ||
@@ -681,10 +681,10 @@ * <li> | ||
| * <note> | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with AWS account | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with Amazon Web Services account | ||
| * root user credentials. Instead, follow our <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users">best practices</a> by | ||
| * creating one or more IAM users, giving them the necessary permissions, and using IAM | ||
| * users for everyday interaction with AWS. </p> | ||
| * users for everyday interaction with Amazon Web Services. </p> | ||
| * </note> | ||
| * <p>The credentials that are returned by <code>GetSessionToken</code> are based on | ||
| * permissions associated with the user whose credentials were used to call the operation. If | ||
| * <code>GetSessionToken</code> is called using AWS account root user credentials, the | ||
| * <code>GetSessionToken</code> is called using Amazon Web Services account root user credentials, the | ||
| * temporary credentials have root user permissions. Similarly, if | ||
@@ -691,0 +691,0 @@ * <code>GetSessionToken</code> is called using the credentials of an IAM user, the |
@@ -76,11 +76,2 @@ import { AssumeRoleCommandInput, AssumeRoleCommandOutput } from "./commands/AssumeRoleCommand"; | ||
| /** | ||
| * Unique service identifier. | ||
| * @internal | ||
| */ | ||
| serviceId?: string; | ||
| /** | ||
| * The AWS region to which this client will send requests | ||
| */ | ||
| region?: string | __Provider<string>; | ||
| /** | ||
| * Value for how many times a request will be made at most in case of retry. | ||
@@ -99,2 +90,11 @@ */ | ||
| /** | ||
| * Unique service identifier. | ||
| * @internal | ||
| */ | ||
| serviceId?: string; | ||
| /** | ||
| * The AWS region to which this client will send requests | ||
| */ | ||
| region?: string | __Provider<string>; | ||
| /** | ||
| * Default credentials provider; Not available in browser runtime. | ||
@@ -128,5 +128,5 @@ * @internal | ||
| /** | ||
| * <fullname>AWS Security Token Service</fullname> | ||
| * <p>AWS Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for AWS Identity and Access Management (IAM) users or for users that you | ||
| * <fullname>Security Token Service</fullname> | ||
| * <p>Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for Identity and Access Management (IAM) users or for users that you | ||
| * authenticate (federated users). This guide provides descriptions of the STS API. For | ||
@@ -133,0 +133,0 @@ * more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p> |
| { | ||
| "name": "@aws-sdk/client-sts", | ||
| "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native", | ||
| "version": "3.20.0", | ||
| "version": "3.21.0", | ||
| "scripts": { | ||
@@ -31,3 +31,3 @@ "clean": "yarn remove-definitions && yarn remove-dist && yarn remove-documentation", | ||
| "@aws-sdk/config-resolver": "3.20.0", | ||
| "@aws-sdk/credential-provider-node": "3.20.0", | ||
| "@aws-sdk/credential-provider-node": "3.21.0", | ||
| "@aws-sdk/fetch-http-handler": "3.20.0", | ||
@@ -46,3 +46,3 @@ "@aws-sdk/hash-node": "3.20.0", | ||
| "@aws-sdk/node-config-provider": "3.20.0", | ||
| "@aws-sdk/node-http-handler": "3.20.0", | ||
| "@aws-sdk/node-http-handler": "3.21.0", | ||
| "@aws-sdk/protocol-http": "3.20.0", | ||
@@ -49,0 +49,0 @@ "@aws-sdk/smithy-client": "3.20.0", |
@@ -10,6 +10,6 @@ # @aws-sdk/client-sts | ||
| <fullname>AWS Security Token Service</fullname> | ||
| <fullname>Security Token Service</fullname> | ||
| <p>AWS Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| credentials for AWS Identity and Access Management (IAM) users or for users that you | ||
| <p>Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| credentials for Identity and Access Management (IAM) users or for users that you | ||
| authenticate (federated users). This guide provides descriptions of the STS API. For | ||
@@ -16,0 +16,0 @@ more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p> |
116
STS.ts
@@ -41,5 +41,5 @@ import { STSClient } from "./STSClient"; | ||
| /** | ||
| * <fullname>AWS Security Token Service</fullname> | ||
| * <p>AWS Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for AWS Identity and Access Management (IAM) users or for users that you | ||
| * <fullname>Security Token Service</fullname> | ||
| * <p>Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for Identity and Access Management (IAM) users or for users that you | ||
| * authenticate (federated users). This guide provides descriptions of the STS API. For | ||
@@ -50,3 +50,3 @@ * more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p> | ||
| /** | ||
| * <p>Returns a set of temporary security credentials that you can use to access AWS | ||
| * <p>Returns a set of temporary security credentials that you can use to access Amazon Web Services | ||
| * resources that you might not normally have access to. These temporary credentials | ||
@@ -58,3 +58,3 @@ * consist of an access key ID, a secret access key, and a security token. Typically, you | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing | ||
| * the AWS STS API operations</a> in the | ||
| * the STS API operations</a> in the | ||
| * <i>IAM User Guide</i>.</p> | ||
@@ -65,4 +65,4 @@ * <p> | ||
| * <p>The temporary security credentials created by <code>AssumeRole</code> can be used to | ||
| * make API calls to any AWS service with the following exception: You cannot call the | ||
| * AWS STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * make API calls to any Amazon Web Services service with the following exception: You cannot call the | ||
| * STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
| * operations.</p> | ||
@@ -76,3 +76,3 @@ * <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -82,3 +82,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>To assume a role from a different account, your AWS account must be trusted by the | ||
| * <p>To assume a role from a different account, your account must be trusted by the | ||
| * role. The trust relationship is defined in the role's trust policy when the role is | ||
@@ -124,3 +124,3 @@ * created. That trust policy states which accounts are allowed to delegate that access to | ||
| * <code>AssumeRole</code>. This is useful for cross-account scenarios to ensure that the | ||
| * user that assumes the role has been authenticated with an AWS MFA device. In that | ||
| * user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that | ||
| * scenario, the trust policy of the role being assumed includes a condition that tests for | ||
@@ -167,10 +167,10 @@ * MFA authentication. If the caller does not include valid MFA information, the request to | ||
| * via a SAML authentication response. This operation provides a mechanism for tying an | ||
| * enterprise identity store or directory to role-based AWS access without user-specific | ||
| * enterprise identity store or directory to role-based Amazon Web Services access without user-specific | ||
| * credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the | ||
| * other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this operation consist of an access key | ||
| * ID, a secret access key, and a security token. Applications can use these temporary | ||
| * security credentials to sign calls to AWS services.</p> | ||
| * security credentials to sign calls to Amazon Web Services services.</p> | ||
| * <p> | ||
@@ -195,3 +195,3 @@ * <b>Session Duration</b> | ||
| * <p> | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your AWS CLI or AWS API | ||
| * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your CLI or Amazon Web Services API | ||
| * role session to a maximum of one hour. When you use the <code>AssumeRole</code> API | ||
@@ -209,3 +209,3 @@ * operation to assume a role, you can specify the duration of your role session with | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithSAML</code> can be | ||
| * used to make API calls to any AWS service with the following exception: you cannot call | ||
| * used to make API calls to any Amazon Web Services service with the following exception: you cannot call | ||
| * the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -220,3 +220,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -226,7 +226,7 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * Policies</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of AWS security | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> does not require the use of Amazon Web Services security | ||
| * credentials. The identity of the caller is validated by using keys in the metadata document | ||
| * that is uploaded for the SAML provider entity for your identity provider. </p> | ||
| * <important> | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your AWS CloudTrail logs. | ||
| * <p>Calling <code>AssumeRoleWithSAML</code> can result in an entry in your CloudTrail logs. | ||
| * The entry includes the value in the <code>NameID</code> element of the SAML assertion. | ||
@@ -251,3 +251,3 @@ * We recommend that you use a <code>NameIDType</code> that is not associated with any | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -274,4 +274,4 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Before your application can call <code>AssumeRoleWithSAML</code>, you must configure | ||
| * your SAML identity provider (IdP) to issue the claims required by AWS. Additionally, you | ||
| * must use AWS Identity and Access Management (IAM) to create a SAML provider entity in your AWS account that | ||
| * your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you | ||
| * must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that | ||
| * represents your identity provider. You must also create an IAM role that specifies this | ||
@@ -341,14 +341,14 @@ * SAML provider in its trust policy. </p> | ||
| * <p>For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a> to uniquely | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a> to uniquely | ||
| * identify a user. You can also supply the user with a consistent identity throughout the | ||
| * lifetime of an application.</p> | ||
| * <p>To learn more about Amazon Cognito, see <a href="https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840">Amazon Cognito Overview</a> in | ||
| * <i>AWS SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>AWS SDK for iOS Developer Guide</i>.</p> | ||
| * <i>Amazon Web Services SDK for Android Developer Guide</i> and <a href="https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664">Amazon Cognito Overview</a> in the | ||
| * <i>Amazon Web Services SDK for iOS Developer Guide</i>.</p> | ||
| * </note> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of AWS | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services | ||
| * security credentials. Therefore, you can distribute an application (for example, on mobile | ||
| * devices) that requests temporary security credentials without including long-term AWS | ||
| * devices) that requests temporary security credentials without including long-term Amazon Web Services | ||
| * credentials in the application. You also don't need to deploy server-based proxy services | ||
| * that use long-term AWS credentials. Instead, the identity of the caller is validated by | ||
| * that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by | ||
| * using a token from the web identity provider. For a comparison of | ||
@@ -358,6 +358,6 @@ * <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>The temporary security credentials returned by this API consist of an access key ID, a | ||
| * secret access key, and a security token. Applications can use these temporary security | ||
| * credentials to sign calls to AWS service API operations.</p> | ||
| * credentials to sign calls to Amazon Web Services service API operations.</p> | ||
| * <p> | ||
@@ -382,3 +382,3 @@ * <b>Session Duration</b> | ||
| * <p>The temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> can | ||
| * be used to make API calls to any AWS service with the following exception: you cannot | ||
| * be used to make API calls to any Amazon Web Services service with the following exception: you cannot | ||
| * call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API | ||
@@ -393,3 +393,3 @@ * operations.</p> | ||
| * role's identity-based policy and the session policies. You can use the role's temporary | ||
| * credentials in subsequent AWS API calls to access resources in the account that owns | ||
| * credentials in subsequent Amazon Web Services API calls to access resources in the account that owns | ||
| * the role. You cannot use session policies to grant more permissions than those allowed | ||
@@ -412,3 +412,3 @@ * by the identity-based policy of the role that is being assumed. For more information, see | ||
| * <note> | ||
| * <p>An AWS conversion compresses the passed session policies and session tags into a | ||
| * <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a | ||
| * packed binary format that has a separate limit. Your request can fail for this limit | ||
@@ -441,3 +441,3 @@ * even if your plaintext meets the other requirements. The <code>PackedPolicySize</code> | ||
| * <p>Calling <code>AssumeRoleWithWebIdentity</code> can result in an entry in your | ||
| * AWS CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of | ||
| * the provided web identity token. We recommend that you avoid using any personally | ||
@@ -459,3 +459,3 @@ * identifiable information (PII) in this field. For example, you could instead use a GUID | ||
| * authenticating through Login with Amazon, Facebook, or Google, getting temporary | ||
| * security credentials, and then using those credentials to make a request to AWS. | ||
| * security credentials, and then using those credentials to make a request to Amazon Web Services. | ||
| * </p> | ||
@@ -465,3 +465,3 @@ * </li> | ||
| * <p> | ||
| * <a href="http://aws.amazon.com/sdkforios/">AWS SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">AWS SDK for Android Developer Guide</a>. These toolkits | ||
| * <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits | ||
| * contain sample apps that show how to invoke the identity providers. The toolkits then | ||
@@ -511,9 +511,9 @@ * show how to use the information from these providers to get and use temporary | ||
| * <p>Decodes additional information about the authorization status of a request from an | ||
| * encoded message returned in response to an AWS request.</p> | ||
| * encoded message returned in response to an Amazon Web Services request.</p> | ||
| * <p>For example, if a user is not authorized to perform an operation that he or she has | ||
| * requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an | ||
| * HTTP 403 response). Some AWS operations additionally return an encoded message that can | ||
| * HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can | ||
| * provide details about this authorization failure. </p> | ||
| * <note> | ||
| * <p>Only certain AWS operations return an encoded authorization message. The | ||
| * <p>Only certain Amazon Web Services operations return an encoded authorization message. The | ||
| * documentation for an individual operation indicates whether that operation returns an | ||
@@ -584,5 +584,5 @@ * encoded message in addition to returning an HTTP code.</p> | ||
| * Users</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the AWS | ||
| * <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services | ||
| * account to which the keys belong. Access key IDs beginning with <code>AKIA</code> are | ||
| * long-term credentials for an IAM user or the AWS account root user. Access key IDs | ||
| * long-term credentials for an IAM user or the Amazon Web Services account root user. Access key IDs | ||
| * beginning with <code>ASIA</code> are temporary credentials that are created using STS | ||
@@ -678,3 +678,3 @@ * operations. If the account in the response belongs to you, you can sign in as the root | ||
| * Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <note> | ||
@@ -688,3 +688,3 @@ * <p>You can create a mobile-based or browser-based app that can authenticate users using | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create | ||
| * an IAM user for the purpose of the proxy application. Then attach a policy to the IAM | ||
@@ -699,3 +699,3 @@ * user that limits federated users to only the actions and resources that they need to | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account | ||
| * root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -706,6 +706,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any | ||
| * AWS service except the following:</p> | ||
| * Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. </p> | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. </p> | ||
| * </li> | ||
@@ -748,3 +748,3 @@ * <li> | ||
| * <p>You can also call <code>GetFederationToken</code> using the security credentials of an | ||
| * AWS account root user, but we do not recommend it. Instead, we recommend that you | ||
| * Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you | ||
| * create an IAM user for the purpose of the proxy application. Then attach a policy to | ||
@@ -759,3 +759,3 @@ * the IAM user that limits federated users to only the actions and resources that they | ||
| * minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS | ||
| * 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services | ||
| * account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p> | ||
@@ -766,6 +766,6 @@ * <p> | ||
| * <p>You can use the temporary credentials created by <code>GetFederationToken</code> in | ||
| * any AWS service except the following:</p> | ||
| * any Amazon Web Services service except the following:</p> | ||
| * <ul> | ||
| * <li> | ||
| * <p>You cannot call any IAM operations using the AWS CLI or the AWS API. | ||
| * <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. | ||
| * </p> | ||
@@ -846,6 +846,6 @@ * </li> | ||
| /** | ||
| * <p>Returns a set of temporary credentials for an AWS account or IAM user. The | ||
| * <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The | ||
| * credentials consist of an access key ID, a secret access key, and a security token. | ||
| * Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect | ||
| * programmatic calls to specific AWS API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * programmatic calls to specific Amazon Web Services API operations like Amazon EC2 <code>StopInstances</code>. | ||
| * MFA-enabled IAM users would need to call <code>GetSessionToken</code> and submit an MFA | ||
@@ -858,8 +858,8 @@ * code that is associated with their MFA device. Using the temporary security credentials | ||
| * Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the | ||
| * AWS STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * STS API operations</a> in the <i>IAM User Guide</i>.</p> | ||
| * <p> | ||
| * <b>Session Duration</b> | ||
| * </p> | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term AWS | ||
| * security credentials of the AWS account root user or an IAM user. Credentials that are | ||
| * <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services | ||
| * security credentials of the Amazon Web Services account root user or an IAM user. Credentials that are | ||
| * created by IAM users are valid for the duration that you specify. This duration can range | ||
@@ -873,3 +873,3 @@ * from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default | ||
| * <p>The temporary security credentials created by <code>GetSessionToken</code> can be used | ||
| * to make API calls to any AWS service with the following exceptions:</p> | ||
| * to make API calls to any Amazon Web Services service with the following exceptions:</p> | ||
| * <ul> | ||
@@ -886,10 +886,10 @@ * <li> | ||
| * <note> | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with AWS account | ||
| * <p>We recommend that you do not call <code>GetSessionToken</code> with Amazon Web Services account | ||
| * root user credentials. Instead, follow our <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users">best practices</a> by | ||
| * creating one or more IAM users, giving them the necessary permissions, and using IAM | ||
| * users for everyday interaction with AWS. </p> | ||
| * users for everyday interaction with Amazon Web Services. </p> | ||
| * </note> | ||
| * <p>The credentials that are returned by <code>GetSessionToken</code> are based on | ||
| * permissions associated with the user whose credentials were used to call the operation. If | ||
| * <code>GetSessionToken</code> is called using AWS account root user credentials, the | ||
| * <code>GetSessionToken</code> is called using Amazon Web Services account root user credentials, the | ||
| * temporary credentials have root user permissions. Similarly, if | ||
@@ -896,0 +896,0 @@ * <code>GetSessionToken</code> is called using the credentials of an IAM user, the |
@@ -149,13 +149,2 @@ import { AssumeRoleCommandInput, AssumeRoleCommandOutput } from "./commands/AssumeRoleCommand"; | ||
| /** | ||
| * Unique service identifier. | ||
| * @internal | ||
| */ | ||
| serviceId?: string; | ||
| /** | ||
| * The AWS region to which this client will send requests | ||
| */ | ||
| region?: string | __Provider<string>; | ||
| /** | ||
| * Value for how many times a request will be made at most in case of retry. | ||
@@ -177,2 +166,13 @@ */ | ||
| /** | ||
| * Unique service identifier. | ||
| * @internal | ||
| */ | ||
| serviceId?: string; | ||
| /** | ||
| * The AWS region to which this client will send requests | ||
| */ | ||
| region?: string | __Provider<string>; | ||
| /** | ||
| * Default credentials provider; Not available in browser runtime. | ||
@@ -223,5 +223,5 @@ * @internal | ||
| /** | ||
| * <fullname>AWS Security Token Service</fullname> | ||
| * <p>AWS Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for AWS Identity and Access Management (IAM) users or for users that you | ||
| * <fullname>Security Token Service</fullname> | ||
| * <p>Security Token Service (STS) enables you to request temporary, limited-privilege | ||
| * credentials for Identity and Access Management (IAM) users or for users that you | ||
| * authenticate (federated users). This guide provides descriptions of the STS API. For | ||
@@ -228,0 +228,0 @@ * more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p> |
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is too big to display
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.64%
1313894
Dependency changes
+ Added@aws-sdk/client-sso@3.21.0(transitive)
+ Added@aws-sdk/credential-provider-node@3.21.0(transitive)
+ Added@aws-sdk/credential-provider-sso@3.21.0(transitive)
+ Added@aws-sdk/node-http-handler@3.21.0(transitive)
- Removed@aws-sdk/client-sso@3.20.0(transitive)
- Removed@aws-sdk/credential-provider-node@3.20.0(transitive)
- Removed@aws-sdk/credential-provider-sso@3.20.0(transitive)
- Removed@aws-sdk/node-http-handler@3.20.0(transitive)