You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* and a security token. Typically, you use <code>AssumeRole</code> within your account or for
34
34
* cross-account access. For a comparison of <code>AssumeRole</code> with other API operations
35
35
* that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
36
-
* Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
37
-
* Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
36
+
* Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
37
+
* credentials</a> in the <i>IAM User Guide</i>.</p>
38
38
* <p>
39
39
* <b>Permissions</b>
40
40
* </p>
41
41
* <p>The temporary security credentials created by <code>AssumeRole</code> can be used to
42
42
* make API calls to any Amazon Web Services service with the following exception: You cannot call the
43
43
* Amazon Web Services STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API
44
44
* operations.</p>
45
-
* <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to
46
-
* this operation. You can pass a single JSON policy document to use as an inline session
47
-
* policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as
48
-
* managed session policies. The plaintext that you use for both inline and managed session
49
-
* policies can't exceed 2,048 characters. Passing policies to this operation returns new
45
+
* <p>(Optional) You can pass inline or managed session policies to this operation. You can
46
+
* pass a single JSON policy document to use as an inline session policy. You can also specify
47
+
* up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies.
48
+
* The plaintext that you use for both inline and managed session policies can't exceed 2,048
49
+
* characters. Passing policies to this operation returns new
50
50
* temporary credentials. The resulting session's permissions are the intersection of the
51
51
* role's identity-based policy and the session policies. You can use the role's temporary
52
52
* credentials in subsequent Amazon Web Services API calls to access resources in the account that owns
* tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
194
194
* the <i>IAM User Guide</i>.</p>
195
195
* <p>You could receive this error even though you meet other defined session policy and
196
-
* session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
197
-
* Character Limits</a> in the <i>IAM User Guide</i>.</p>
196
+
* session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
* <p>STS is not activated in the requested region for the account that is being asked to
201
-
* generate credentials. The account administrator must use the IAM console to activate STS
202
-
* in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
203
-
* Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
204
-
* Guide</i>.</p>
201
+
* generate credentials. The account administrator must use the IAM console to activate
202
+
* STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
203
+
* Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
204
+
* Guide</i>.</p>
205
205
*
206
206
* @throws {@link STSServiceException}
207
207
* <p>Base exception class for all service exceptions from STS service.</p>
* enterprise identity store or directory to role-based Amazon Web Services access without user-specific
39
39
* credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the
40
40
* other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
41
-
* Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
42
-
* Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
41
+
* Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
42
+
* credentials</a> in the <i>IAM User Guide</i>.</p>
43
43
* <p>The temporary security credentials returned by this operation consist of an access key
44
44
* ID, a secret access key, and a security token. Applications can use these temporary
45
45
* security credentials to sign calls to Amazon Web Services services.</p>
* tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
237
237
* the <i>IAM User Guide</i>.</p>
238
238
* <p>You could receive this error even though you meet other defined session policy and
239
-
* session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
240
-
* Character Limits</a> in the <i>IAM User Guide</i>.</p>
239
+
* session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
* <p>STS is not activated in the requested region for the account that is being asked to
244
-
* generate credentials. The account administrator must use the IAM console to activate STS
245
-
* in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
246
-
* Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
247
-
* Guide</i>.</p>
244
+
* generate credentials. The account administrator must use the IAM console to activate
245
+
* STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
246
+
* Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
247
+
* Guide</i>.</p>
248
248
*
249
249
* @throws {@link STSServiceException}
250
250
* <p>Base exception class for all service exceptions from STS service.</p>
* optional <code>DurationSeconds</code> parameter to specify the duration of your session.
67
67
* You can provide a value from 900 seconds (15 minutes) up to the maximum session duration
68
68
* setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how
69
-
* to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session">View the
70
-
* Maximum Session Duration Setting for a Role</a> in the
69
+
* to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration">Update the maximum session duration for a role </a> in the
71
70
* <i>IAM User Guide</i>. The maximum session duration limit applies when
72
71
* you use the <code>AssumeRole*</code> API operations or the <code>assume-role*</code> CLI
73
72
* commands. However the limit does not apply when you use those operations to create a
* <a href="https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/"> Web Identity Federation Playground</a>. Walk through the process of
149
-
* authenticating through Login with Amazon, Facebook, or Google, getting temporary
150
-
* security credentials, and then using those credentials to make a request to Amazon Web Services.
151
-
* </p>
152
-
* </li>
153
-
* <li>
154
-
* <p>
155
147
* <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits
156
148
* contain sample apps that show how to invoke the identity providers. The toolkits then
157
149
* show how to use the information from these providers to get and use temporary
* tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
246
231
* the <i>IAM User Guide</i>.</p>
247
232
* <p>You could receive this error even though you meet other defined session policy and
248
-
* session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
249
-
* Character Limits</a> in the <i>IAM User Guide</i>.</p>
233
+
* session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
* <p>STS is not activated in the requested region for the account that is being asked to
253
-
* generate credentials. The account administrator must use the IAM console to activate STS
254
-
* in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
255
-
* Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
256
-
* Guide</i>.</p>
238
+
* generate credentials. The account administrator must use the IAM console to activate
239
+
* STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
240
+
* Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
241
+
* Guide</i>.</p>
257
242
*
258
243
* @throws {@link STSServiceException}
259
244
* <p>Base exception class for all service exceptions from STS service.</p>
0 commit comments