* The name of the federated user. The name is used as an identifier for the temporary security credentials (such as
* Bob). For example, you can reference the federated user name in a resource-based policy, such as in
* an Amazon S3 bucket policy.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@- *
*/ private String name; /** ** An IAM policy in JSON format that you want to use as an inline session policy. *
** You must pass an inline or managed session policy * to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also * specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated user * session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the permissions for a federated user. * You cannot use session policies to grant more permissions than those that are defined in the permissions policy * of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON * policy characters can be any ASCII character from the space character to the end of the valid character list ( * through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters. *
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy. * The policies must exist in the same account as the IAM user that is requesting federated access. *
** You must pass an inline or managed session policy * to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also * specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext * that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10 * managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs) * and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated user * session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the permissions for a federated user. * You cannot use session policies to grant more permissions than those that are defined in the permissions policy * of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
* The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from * 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions * obtained using root user credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified * duration is longer than one hour, the session obtained by using root user credentials defaults to one hour. *
*/ private Integer durationSeconds; /** ** A list of session tags. Each session tag consists of a key name and an associated value. For more information * about session tags, see Passing * Session Tags in STS in the IAM User Guide. *
** This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 * characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide. *
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are federating. * When you do, session tags override a user tag with the same key. *
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
Bob). For example, you can reference the federated user name in a resource-based
* policy, such as in an Amazon S3 bucket policy.
* * The regex used to validate this parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any of the following * characters: =,.@- */ public GetFederationTokenRequest(String name) { setName(name); } /** *
* The name of the federated user. The name is used as an identifier for the temporary security credentials (such as
* Bob). For example, you can reference the federated user name in a resource-based policy, such as in
* an Amazon S3 bucket policy.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@- *
* * @param name * The name of the federated user. The name is used as an identifier for the temporary security credentials * (such asBob). For example, you can reference the federated user name in a resource-based
* policy, such as in an Amazon S3 bucket policy.
* * The regex used to validate this parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any of the following * characters: =,.@- */ public void setName(String name) { this.name = name; } /** *
* The name of the federated user. The name is used as an identifier for the temporary security credentials (such as
* Bob). For example, you can reference the federated user name in a resource-based policy, such as in
* an Amazon S3 bucket policy.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@- *
* * @return The name of the federated user. The name is used as an identifier for the temporary security credentials * (such asBob). For example, you can reference the federated user name in a resource-based
* policy, such as in an Amazon S3 bucket policy.
* * The regex used to validate this parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any of the following * characters: =,.@- */ public String getName() { return this.name; } /** *
* The name of the federated user. The name is used as an identifier for the temporary security credentials (such as
* Bob). For example, you can reference the federated user name in a resource-based policy, such as in
* an Amazon S3 bucket policy.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@- *
* * @param name * The name of the federated user. The name is used as an identifier for the temporary security credentials * (such asBob). For example, you can reference the federated user name in a resource-based
* policy, such as in an Amazon S3 bucket policy.
* * The regex used to validate this parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any of the following * characters: =,.@- * @return Returns a reference to this object so that method calls can be chained together. */ public GetFederationTokenRequest withName(String name) { setName(name); return this; } /** *
* An IAM policy in JSON format that you want to use as an inline session policy. *
** You must pass an inline or managed session policy * to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also * specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated user * session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the permissions for a federated user. * You cannot use session policies to grant more permissions than those that are defined in the permissions policy * of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON * policy characters can be any ASCII character from the space character to the end of the valid character list ( * through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters. *
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
* You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use as an inline session * policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed * session policies. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated * user session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and * the session policies that you pass. This gives you a way to further restrict the permissions for a * federated user. You cannot use session policies to grant more permissions than those that are defined in * the permissions policy of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The * JSON policy characters can be any ASCII character from the space character to the end of the valid * character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) * characters. *
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* An IAM policy in JSON format that you want to use as an inline session policy. *
** You must pass an inline or managed session policy * to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also * specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated user * session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the permissions for a federated user. * You cannot use session policies to grant more permissions than those that are defined in the permissions policy * of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON * policy characters can be any ASCII character from the space character to the end of the valid character list ( * through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters. *
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
* You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use as an inline session * policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed * session policies. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting * federated user session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and * the session policies that you pass. This gives you a way to further restrict the permissions for a * federated user. You cannot use session policies to grant more permissions than those that are defined in * the permissions policy of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. * The JSON policy characters can be any ASCII character from the space character to the end of the valid * character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) * characters. *
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* An IAM policy in JSON format that you want to use as an inline session policy. *
** You must pass an inline or managed session policy * to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also * specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated user * session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the permissions for a federated user. * You cannot use session policies to grant more permissions than those that are defined in the permissions policy * of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON * policy characters can be any ASCII character from the space character to the end of the valid character list ( * through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters. *
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
* You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use as an inline session * policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed * session policies. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated * user session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and * the session policies that you pass. This gives you a way to further restrict the permissions for a * federated user. You cannot use session policies to grant more permissions than those that are defined in * the permissions policy of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The * JSON policy characters can be any ASCII character from the space character to the end of the valid * character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) * characters. *
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy. * The policies must exist in the same account as the IAM user that is requesting federated access. *
** You must pass an inline or managed session policy * to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also * specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext * that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10 * managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs) * and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated user * session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the permissions for a federated user. * You cannot use session policies to grant more permissions than those that are defined in the permissions policy * of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
* You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use as an inline session * policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed * session policies. The plaintext that you use for both inline and managed session policies can't exceed * 2,048 characters. You can provide up to 10 managed policy ARNs. For more information about ARNs, see Amazon Resource Names * (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting * federated user session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and * the session policies that you pass. This gives you a way to further restrict the permissions for a * federated user. You cannot use session policies to grant more permissions than those that are defined in * the permissions policy of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy. * The policies must exist in the same account as the IAM user that is requesting federated access. *
** You must pass an inline or managed session policy * to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also * specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext * that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10 * managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs) * and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated user * session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the permissions for a federated user. * You cannot use session policies to grant more permissions than those that are defined in the permissions policy * of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
* You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use as an inline session * policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed * session policies. The plaintext that you use for both inline and managed session policies can't exceed * 2,048 characters. You can provide up to 10 managed policy ARNs. For more information about ARNs, see Amazon Resource Names * (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated * user session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and * the session policies that you pass. This gives you a way to further restrict the permissions for a * federated user. You cannot use session policies to grant more permissions than those that are defined in * the permissions policy of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy. * The policies must exist in the same account as the IAM user that is requesting federated access. *
** You must pass an inline or managed session policy * to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also * specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext * that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10 * managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs) * and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated user * session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the permissions for a federated user. * You cannot use session policies to grant more permissions than those that are defined in the permissions policy * of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
* NOTE: This method appends the values to the existing list (if any). Use * {@link #setPolicyArns(java.util.Collection)} or {@link #withPolicyArns(java.util.Collection)} if you want to * override the existing values. *
* * @param policyArns * The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session * policy. The policies must exist in the same account as the IAM user that is requesting federated * access. ** You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use as an inline session * policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed * session policies. The plaintext that you use for both inline and managed session policies can't exceed * 2,048 characters. You can provide up to 10 managed policy ARNs. For more information about ARNs, see Amazon Resource Names * (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated * user session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and * the session policies that you pass. This gives you a way to further restrict the permissions for a * federated user. You cannot use session policies to grant more permissions than those that are defined in * the permissions policy of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy. * The policies must exist in the same account as the IAM user that is requesting federated access. *
** You must pass an inline or managed session policy * to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also * specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext * that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10 * managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs) * and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated user * session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the permissions for a federated user. * You cannot use session policies to grant more permissions than those that are defined in the permissions policy * of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
* You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use as an inline session * policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed * session policies. The plaintext that you use for both inline and managed session policies can't exceed * 2,048 characters. You can provide up to 10 managed policy ARNs. For more information about ARNs, see Amazon Resource Names * (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference. *
** This parameter is optional. However, if you do not pass any session policies, then the resulting federated * user session has no permissions. *
** When you pass session policies, the session permissions are the intersection of the IAM user policies and * the session policies that you pass. This gives you a way to further restrict the permissions for a * federated user. You cannot use session policies to grant more permissions than those that are defined in * the permissions policy of the IAM user. For more information, see Session * Policies in the IAM User Guide. *
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from * 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions * obtained using root user credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified * duration is longer than one hour, the session obtained by using root user credentials defaults to one hour. *
* * @param durationSeconds * The duration, in seconds, that the session should last. Acceptable durations for federation sessions range * from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the * default. Sessions obtained using root user credentials are restricted to a maximum of 3,600 seconds (one * hour). If the specified duration is longer than one hour, the session obtained by using root user * credentials defaults to one hour. */ public void setDurationSeconds(Integer durationSeconds) { this.durationSeconds = durationSeconds; } /** ** The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from * 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions * obtained using root user credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified * duration is longer than one hour, the session obtained by using root user credentials defaults to one hour. *
* * @return The duration, in seconds, that the session should last. Acceptable durations for federation sessions * range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the * default. Sessions obtained using root user credentials are restricted to a maximum of 3,600 seconds (one * hour). If the specified duration is longer than one hour, the session obtained by using root user * credentials defaults to one hour. */ public Integer getDurationSeconds() { return this.durationSeconds; } /** ** The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from * 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions * obtained using root user credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified * duration is longer than one hour, the session obtained by using root user credentials defaults to one hour. *
* * @param durationSeconds * The duration, in seconds, that the session should last. Acceptable durations for federation sessions range * from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the * default. Sessions obtained using root user credentials are restricted to a maximum of 3,600 seconds (one * hour). If the specified duration is longer than one hour, the session obtained by using root user * credentials defaults to one hour. * @return Returns a reference to this object so that method calls can be chained together. */ public GetFederationTokenRequest withDurationSeconds(Integer durationSeconds) { setDurationSeconds(durationSeconds); return this; } /** ** A list of session tags. Each session tag consists of a key name and an associated value. For more information * about session tags, see Passing * Session Tags in STS in the IAM User Guide. *
** This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 * characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide. *
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are federating. * When you do, session tags override a user tag with the same key. *
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t * exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide. *
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are * federating. When you do, session tags override a user tag with the same key. *
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have
* separate
* A list of session tags. Each session tag consists of a key name and an associated value. For more information
* about session tags, see Passing
* Session Tags in STS in the IAM User Guide.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
* characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The
* You can pass a session tag with the same key as a tag that is already attached to the user you are federating.
* When you do, session tags override a user tag with the same key.
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved
* as separate tags, and the session tag passed in the request takes precedence over the role tag.
*/
public java.util.ListPackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
* Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t * exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide. *
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are * federating. When you do, session tags override a user tag with the same key. *
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have
* separate
* A list of session tags. Each session tag consists of a key name and an associated value. For more information
* about session tags, see Passing
* Session Tags in STS in the IAM User Guide.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
* characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The
* You can pass a session tag with the same key as a tag that is already attached to the user you are federating.
* When you do, session tags override a user tag with the same key.
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setTags(java.util.Collection)} or {@link #withTags(java.util.Collection)} if you want to override the
* existing values.
* Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*/
public void setTags(java.util.CollectionPackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
* Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t * exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide. *
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are * federating. When you do, session tags override a user tag with the same key. *
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have
* separate
* A list of session tags. Each session tag consists of a key name and an associated value. For more information
* about session tags, see Passing
* Session Tags in STS in the IAM User Guide.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
* characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The
* You can pass a session tag with the same key as a tag that is already attached to the user you are federating.
* When you do, session tags override a user tag with the same key.
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GetFederationTokenRequest withTags(Tag... tags) {
if (this.tags == null) {
setTags(new java.util.ArrayListPackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
* Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t * exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide. *
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are * federating. When you do, session tags override a user tag with the same key. *
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have
* separate Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GetFederationTokenRequest withTags(java.util.Collection