/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include namespace Aws { namespace STS { namespace Model { /** */ class AWS_STS_API GetFederationTokenRequest : public STSRequest { public: GetFederationTokenRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "GetFederationToken"; } Aws::String SerializePayload() const override; protected: void DumpBodyToUrl(Aws::Http::URI& uri ) const override; public: /** *

The name of the federated user. The name is used as an identifier for the * temporary security credentials (such as Bob). For example, you can * reference the federated user name in a resource-based policy, such as in an * Amazon S3 bucket policy.

The regex used to validate this parameter is a * string of characters consisting of upper- and lower-case alphanumeric characters * with no spaces. You can also include underscores or any of the following * characters: =,.@-

*/ inline const Aws::String& GetName() const{ return m_name; } /** *

The name of the federated user. The name is used as an identifier for the * temporary security credentials (such as Bob). For example, you can * reference the federated user name in a resource-based policy, such as in an * Amazon S3 bucket policy.

The regex used to validate this parameter is a * string of characters consisting of upper- and lower-case alphanumeric characters * with no spaces. You can also include underscores or any of the following * characters: =,.@-

*/ inline bool NameHasBeenSet() const { return m_nameHasBeenSet; } /** *

The name of the federated user. The name is used as an identifier for the * temporary security credentials (such as Bob). For example, you can * reference the federated user name in a resource-based policy, such as in an * Amazon S3 bucket policy.

The regex used to validate this parameter is a * string of characters consisting of upper- and lower-case alphanumeric characters * with no spaces. You can also include underscores or any of the following * characters: =,.@-

*/ inline void SetName(const Aws::String& value) { m_nameHasBeenSet = true; m_name = value; } /** *

The name of the federated user. The name is used as an identifier for the * temporary security credentials (such as Bob). For example, you can * reference the federated user name in a resource-based policy, such as in an * Amazon S3 bucket policy.

The regex used to validate this parameter is a * string of characters consisting of upper- and lower-case alphanumeric characters * with no spaces. You can also include underscores or any of the following * characters: =,.@-

*/ inline void SetName(Aws::String&& value) { m_nameHasBeenSet = true; m_name = std::move(value); } /** *

The name of the federated user. The name is used as an identifier for the * temporary security credentials (such as Bob). For example, you can * reference the federated user name in a resource-based policy, such as in an * Amazon S3 bucket policy.

The regex used to validate this parameter is a * string of characters consisting of upper- and lower-case alphanumeric characters * with no spaces. You can also include underscores or any of the following * characters: =,.@-

*/ inline void SetName(const char* value) { m_nameHasBeenSet = true; m_name.assign(value); } /** *

The name of the federated user. The name is used as an identifier for the * temporary security credentials (such as Bob). For example, you can * reference the federated user name in a resource-based policy, such as in an * Amazon S3 bucket policy.

The regex used to validate this parameter is a * string of characters consisting of upper- and lower-case alphanumeric characters * with no spaces. You can also include underscores or any of the following * characters: =,.@-

*/ inline GetFederationTokenRequest& WithName(const Aws::String& value) { SetName(value); return *this;} /** *

The name of the federated user. The name is used as an identifier for the * temporary security credentials (such as Bob). For example, you can * reference the federated user name in a resource-based policy, such as in an * Amazon S3 bucket policy.

The regex used to validate this parameter is a * string of characters consisting of upper- and lower-case alphanumeric characters * with no spaces. You can also include underscores or any of the following * characters: =,.@-

*/ inline GetFederationTokenRequest& WithName(Aws::String&& value) { SetName(std::move(value)); return *this;} /** *

The name of the federated user. The name is used as an identifier for the * temporary security credentials (such as Bob). For example, you can * reference the federated user name in a resource-based policy, such as in an * Amazon S3 bucket policy.

The regex used to validate this parameter is a * string of characters consisting of upper- and lower-case alphanumeric characters * with no spaces. You can also include underscores or any of the following * characters: =,.@-

*/ inline GetFederationTokenRequest& WithName(const char* value) { SetName(value); return *this;} /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies.

This parameter is optional. However, if * you do not pass any session policies, then the resulting federated user session * has no permissions.

When you pass session policies, the session * permissions are the intersection of the IAM user policies and the session * policies that you pass. This gives you a way to further restrict the permissions * for a federated user. You cannot use session policies to grant more permissions * than those that are defined in the permissions policy of the IAM user. For more * information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. The JSON policy * characters can be any ASCII character from the space character to the end of the * valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*/ inline const Aws::String& GetPolicy() const{ return m_policy; } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies.

This parameter is optional. However, if * you do not pass any session policies, then the resulting federated user session * has no permissions.

When you pass session policies, the session * permissions are the intersection of the IAM user policies and the session * policies that you pass. This gives you a way to further restrict the permissions * for a federated user. You cannot use session policies to grant more permissions * than those that are defined in the permissions policy of the IAM user. For more * information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. The JSON policy * characters can be any ASCII character from the space character to the end of the * valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*/ inline bool PolicyHasBeenSet() const { return m_policyHasBeenSet; } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies.

This parameter is optional. However, if * you do not pass any session policies, then the resulting federated user session * has no permissions.

When you pass session policies, the session * permissions are the intersection of the IAM user policies and the session * policies that you pass. This gives you a way to further restrict the permissions * for a federated user. You cannot use session policies to grant more permissions * than those that are defined in the permissions policy of the IAM user. For more * information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. The JSON policy * characters can be any ASCII character from the space character to the end of the * valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*/ inline void SetPolicy(const Aws::String& value) { m_policyHasBeenSet = true; m_policy = value; } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies.

This parameter is optional. However, if * you do not pass any session policies, then the resulting federated user session * has no permissions.

When you pass session policies, the session * permissions are the intersection of the IAM user policies and the session * policies that you pass. This gives you a way to further restrict the permissions * for a federated user. You cannot use session policies to grant more permissions * than those that are defined in the permissions policy of the IAM user. For more * information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. The JSON policy * characters can be any ASCII character from the space character to the end of the * valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*/ inline void SetPolicy(Aws::String&& value) { m_policyHasBeenSet = true; m_policy = std::move(value); } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies.

This parameter is optional. However, if * you do not pass any session policies, then the resulting federated user session * has no permissions.

When you pass session policies, the session * permissions are the intersection of the IAM user policies and the session * policies that you pass. This gives you a way to further restrict the permissions * for a federated user. You cannot use session policies to grant more permissions * than those that are defined in the permissions policy of the IAM user. For more * information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. The JSON policy * characters can be any ASCII character from the space character to the end of the * valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*/ inline void SetPolicy(const char* value) { m_policyHasBeenSet = true; m_policy.assign(value); } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies.

This parameter is optional. However, if * you do not pass any session policies, then the resulting federated user session * has no permissions.

When you pass session policies, the session * permissions are the intersection of the IAM user policies and the session * policies that you pass. This gives you a way to further restrict the permissions * for a federated user. You cannot use session policies to grant more permissions * than those that are defined in the permissions policy of the IAM user. For more * information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. The JSON policy * characters can be any ASCII character from the space character to the end of the * valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*/ inline GetFederationTokenRequest& WithPolicy(const Aws::String& value) { SetPolicy(value); return *this;} /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies.

This parameter is optional. However, if * you do not pass any session policies, then the resulting federated user session * has no permissions.

When you pass session policies, the session * permissions are the intersection of the IAM user policies and the session * policies that you pass. This gives you a way to further restrict the permissions * for a federated user. You cannot use session policies to grant more permissions * than those that are defined in the permissions policy of the IAM user. For more * information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. The JSON policy * characters can be any ASCII character from the space character to the end of the * valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*/ inline GetFederationTokenRequest& WithPolicy(Aws::String&& value) { SetPolicy(std::move(value)); return *this;} /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies.

This parameter is optional. However, if * you do not pass any session policies, then the resulting federated user session * has no permissions.

When you pass session policies, the session * permissions are the intersection of the IAM user policies and the session * policies that you pass. This gives you a way to further restrict the permissions * for a federated user. You cannot use session policies to grant more permissions * than those that are defined in the permissions policy of the IAM user. For more * information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. The JSON policy * characters can be any ASCII character from the space character to the end of the * valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*/ inline GetFederationTokenRequest& WithPolicy(const char* value) { SetPolicy(value); return *this;} /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as a managed session policy. The policies must exist in the same account as * the IAM user that is requesting federated access.

You must pass an inline * or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies. The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. You can provide up to 10 * managed policy ARNs. For more information about ARNs, see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

This parameter is optional. * However, if you do not pass any session policies, then the resulting federated * user session has no permissions.

When you pass session policies, the * session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the * permissions for a federated user. You cannot use session policies to grant more * permissions than those that are defined in the permissions policy of the IAM * user. For more information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

An Amazon Web Services conversion compresses * the passed session policies and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline const Aws::Vector& GetPolicyArns() const{ return m_policyArns; } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as a managed session policy. The policies must exist in the same account as * the IAM user that is requesting federated access.

You must pass an inline * or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies. The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. You can provide up to 10 * managed policy ARNs. For more information about ARNs, see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

This parameter is optional. * However, if you do not pass any session policies, then the resulting federated * user session has no permissions.

When you pass session policies, the * session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the * permissions for a federated user. You cannot use session policies to grant more * permissions than those that are defined in the permissions policy of the IAM * user. For more information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

An Amazon Web Services conversion compresses * the passed session policies and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline bool PolicyArnsHasBeenSet() const { return m_policyArnsHasBeenSet; } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as a managed session policy. The policies must exist in the same account as * the IAM user that is requesting federated access.

You must pass an inline * or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies. The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. You can provide up to 10 * managed policy ARNs. For more information about ARNs, see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

This parameter is optional. * However, if you do not pass any session policies, then the resulting federated * user session has no permissions.

When you pass session policies, the * session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the * permissions for a federated user. You cannot use session policies to grant more * permissions than those that are defined in the permissions policy of the IAM * user. For more information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

An Amazon Web Services conversion compresses * the passed session policies and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline void SetPolicyArns(const Aws::Vector& value) { m_policyArnsHasBeenSet = true; m_policyArns = value; } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as a managed session policy. The policies must exist in the same account as * the IAM user that is requesting federated access.

You must pass an inline * or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies. The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. You can provide up to 10 * managed policy ARNs. For more information about ARNs, see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

This parameter is optional. * However, if you do not pass any session policies, then the resulting federated * user session has no permissions.

When you pass session policies, the * session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the * permissions for a federated user. You cannot use session policies to grant more * permissions than those that are defined in the permissions policy of the IAM * user. For more information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

An Amazon Web Services conversion compresses * the passed session policies and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline void SetPolicyArns(Aws::Vector&& value) { m_policyArnsHasBeenSet = true; m_policyArns = std::move(value); } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as a managed session policy. The policies must exist in the same account as * the IAM user that is requesting federated access.

You must pass an inline * or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies. The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. You can provide up to 10 * managed policy ARNs. For more information about ARNs, see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

This parameter is optional. * However, if you do not pass any session policies, then the resulting federated * user session has no permissions.

When you pass session policies, the * session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the * permissions for a federated user. You cannot use session policies to grant more * permissions than those that are defined in the permissions policy of the IAM * user. For more information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

An Amazon Web Services conversion compresses * the passed session policies and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline GetFederationTokenRequest& WithPolicyArns(const Aws::Vector& value) { SetPolicyArns(value); return *this;} /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as a managed session policy. The policies must exist in the same account as * the IAM user that is requesting federated access.

You must pass an inline * or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies. The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. You can provide up to 10 * managed policy ARNs. For more information about ARNs, see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

This parameter is optional. * However, if you do not pass any session policies, then the resulting federated * user session has no permissions.

When you pass session policies, the * session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the * permissions for a federated user. You cannot use session policies to grant more * permissions than those that are defined in the permissions policy of the IAM * user. For more information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

An Amazon Web Services conversion compresses * the passed session policies and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline GetFederationTokenRequest& WithPolicyArns(Aws::Vector&& value) { SetPolicyArns(std::move(value)); return *this;} /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as a managed session policy. The policies must exist in the same account as * the IAM user that is requesting federated access.

You must pass an inline * or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies. The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. You can provide up to 10 * managed policy ARNs. For more information about ARNs, see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

This parameter is optional. * However, if you do not pass any session policies, then the resulting federated * user session has no permissions.

When you pass session policies, the * session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the * permissions for a federated user. You cannot use session policies to grant more * permissions than those that are defined in the permissions policy of the IAM * user. For more information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

An Amazon Web Services conversion compresses * the passed session policies and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline GetFederationTokenRequest& AddPolicyArns(const PolicyDescriptorType& value) { m_policyArnsHasBeenSet = true; m_policyArns.push_back(value); return *this; } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as a managed session policy. The policies must exist in the same account as * the IAM user that is requesting federated access.

You must pass an inline * or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policies to * use as managed session policies. The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. You can provide up to 10 * managed policy ARNs. For more information about ARNs, see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

This parameter is optional. * However, if you do not pass any session policies, then the resulting federated * user session has no permissions.

When you pass session policies, the * session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the * permissions for a federated user. You cannot use session policies to grant more * permissions than those that are defined in the permissions policy of the IAM * user. For more information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

An Amazon Web Services conversion compresses * the passed session policies and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline GetFederationTokenRequest& AddPolicyArns(PolicyDescriptorType&& value) { m_policyArnsHasBeenSet = true; m_policyArns.push_back(std::move(value)); return *this; } /** *

The duration, in seconds, that the session should last. Acceptable durations * for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds * (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained * using Amazon Web Services account root user credentials are restricted to a * maximum of 3,600 seconds (one hour). If the specified duration is longer than * one hour, the session obtained by using root user credentials defaults to one * hour.

*/ inline int GetDurationSeconds() const{ return m_durationSeconds; } /** *

The duration, in seconds, that the session should last. Acceptable durations * for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds * (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained * using Amazon Web Services account root user credentials are restricted to a * maximum of 3,600 seconds (one hour). If the specified duration is longer than * one hour, the session obtained by using root user credentials defaults to one * hour.

*/ inline bool DurationSecondsHasBeenSet() const { return m_durationSecondsHasBeenSet; } /** *

The duration, in seconds, that the session should last. Acceptable durations * for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds * (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained * using Amazon Web Services account root user credentials are restricted to a * maximum of 3,600 seconds (one hour). If the specified duration is longer than * one hour, the session obtained by using root user credentials defaults to one * hour.

*/ inline void SetDurationSeconds(int value) { m_durationSecondsHasBeenSet = true; m_durationSeconds = value; } /** *

The duration, in seconds, that the session should last. Acceptable durations * for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds * (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained * using Amazon Web Services account root user credentials are restricted to a * maximum of 3,600 seconds (one hour). If the specified duration is longer than * one hour, the session obtained by using root user credentials defaults to one * hour.

*/ inline GetFederationTokenRequest& WithDurationSeconds(int value) { SetDurationSeconds(value); return *this;} /** *

A list of session tags. Each session tag consists of a key name and an * associated value. For more information about session tags, see Passing * Session Tags in STS in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plaintext session tag keys * can’t exceed 128 characters and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An * Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the user you are federating. When you do, session tags override a * user tag with the same key.

Tag key–value pairs are not case sensitive, * but case is preserved. This means that you cannot have separate * Department and department tag keys. Assume that the * role has the Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

*/ inline const Aws::Vector& GetTags() const{ return m_tags; } /** *

A list of session tags. Each session tag consists of a key name and an * associated value. For more information about session tags, see Passing * Session Tags in STS in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plaintext session tag keys * can’t exceed 128 characters and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An * Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the user you are federating. When you do, session tags override a * user tag with the same key.

Tag key–value pairs are not case sensitive, * but case is preserved. This means that you cannot have separate * Department and department tag keys. Assume that the * role has the Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

*/ inline bool TagsHasBeenSet() const { return m_tagsHasBeenSet; } /** *

A list of session tags. Each session tag consists of a key name and an * associated value. For more information about session tags, see Passing * Session Tags in STS in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plaintext session tag keys * can’t exceed 128 characters and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An * Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the user you are federating. When you do, session tags override a * user tag with the same key.

Tag key–value pairs are not case sensitive, * but case is preserved. This means that you cannot have separate * Department and department tag keys. Assume that the * role has the Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

*/ inline void SetTags(const Aws::Vector& value) { m_tagsHasBeenSet = true; m_tags = value; } /** *

A list of session tags. Each session tag consists of a key name and an * associated value. For more information about session tags, see Passing * Session Tags in STS in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plaintext session tag keys * can’t exceed 128 characters and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An * Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the user you are federating. When you do, session tags override a * user tag with the same key.

Tag key–value pairs are not case sensitive, * but case is preserved. This means that you cannot have separate * Department and department tag keys. Assume that the * role has the Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

*/ inline void SetTags(Aws::Vector&& value) { m_tagsHasBeenSet = true; m_tags = std::move(value); } /** *

A list of session tags. Each session tag consists of a key name and an * associated value. For more information about session tags, see Passing * Session Tags in STS in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plaintext session tag keys * can’t exceed 128 characters and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An * Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the user you are federating. When you do, session tags override a * user tag with the same key.

Tag key–value pairs are not case sensitive, * but case is preserved. This means that you cannot have separate * Department and department tag keys. Assume that the * role has the Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

*/ inline GetFederationTokenRequest& WithTags(const Aws::Vector& value) { SetTags(value); return *this;} /** *

A list of session tags. Each session tag consists of a key name and an * associated value. For more information about session tags, see Passing * Session Tags in STS in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plaintext session tag keys * can’t exceed 128 characters and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An * Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the user you are federating. When you do, session tags override a * user tag with the same key.

Tag key–value pairs are not case sensitive, * but case is preserved. This means that you cannot have separate * Department and department tag keys. Assume that the * role has the Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

*/ inline GetFederationTokenRequest& WithTags(Aws::Vector&& value) { SetTags(std::move(value)); return *this;} /** *

A list of session tags. Each session tag consists of a key name and an * associated value. For more information about session tags, see Passing * Session Tags in STS in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plaintext session tag keys * can’t exceed 128 characters and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An * Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the user you are federating. When you do, session tags override a * user tag with the same key.

Tag key–value pairs are not case sensitive, * but case is preserved. This means that you cannot have separate * Department and department tag keys. Assume that the * role has the Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

*/ inline GetFederationTokenRequest& AddTags(const Tag& value) { m_tagsHasBeenSet = true; m_tags.push_back(value); return *this; } /** *

A list of session tags. Each session tag consists of a key name and an * associated value. For more information about session tags, see Passing * Session Tags in STS in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plaintext session tag keys * can’t exceed 128 characters and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An * Amazon Web Services conversion compresses the passed session policies and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the user you are federating. When you do, session tags override a * user tag with the same key.

Tag key–value pairs are not case sensitive, * but case is preserved. This means that you cannot have separate * Department and department tag keys. Assume that the * role has the Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

*/ inline GetFederationTokenRequest& AddTags(Tag&& value) { m_tagsHasBeenSet = true; m_tags.push_back(std::move(value)); return *this; } private: Aws::String m_name; bool m_nameHasBeenSet; Aws::String m_policy; bool m_policyHasBeenSet; Aws::Vector m_policyArns; bool m_policyArnsHasBeenSet; int m_durationSeconds; bool m_durationSecondsHasBeenSet; Aws::Vector m_tags; bool m_tagsHasBeenSet; }; } // namespace Model } // namespace STS } // namespace Aws