/* * Copyright 2010-2014 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ /* * Do not modify this file. This file is generated from the sts-2011-06-15.normal.json service model. */ using System; using System.Collections.Generic; using System.Xml.Serialization; using System.Text; using System.IO; using Amazon.Runtime; using Amazon.Runtime.Internal; namespace Amazon.SecurityToken.Model { ///

/// Container for the parameters to the GetSessionToken operation. /// Returns a set of temporary credentials for an AWS account or IAM user. The credentials /// consist of an access key ID, a secret access key, and a security token. Typically, /// you use GetSessionToken if you want to use MFA to protect programmatic /// calls to specific AWS API operations like Amazon EC2 StopInstances. MFA-enabled /// IAM users would need to call GetSessionToken and submit an MFA code that /// is associated with their MFA device. Using the temporary security credentials that /// are returned from the call, IAM users can then make programmatic calls to API operations /// that require MFA authentication. If you do not supply a correct MFA code, then the /// API returns an access denied error. For a comparison of GetSessionToken /// with the other API operations that produce temporary credentials, see Requesting /// Temporary Security Credentials and Comparing /// the AWS STS API operations in the IAM User Guide. /// /// /// /// Session Duration /// /// /// /// The GetSessionToken operation must be called by using the long-term AWS /// security credentials of the AWS account root user or an IAM user. Credentials that /// are created by IAM users are valid for the duration that you specify. This duration /// can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), /// with a default of 43,200 seconds (12 hours). Credentials based on account credentials /// can range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a default /// of 1 hour. /// /// /// /// Permissions /// /// /// /// The temporary security credentials created by GetSessionToken can be /// used to make API calls to any AWS service with the following exceptions: /// ///

/// /// You cannot call any IAM API operations unless MFA authentication information is included /// in the request. /// ///
/// /// You cannot call any STS API except AssumeRole or GetCallerIdentity. /// ///

/// /// We recommend that you do not call GetSessionToken with AWS account root /// user credentials. Instead, follow our best /// practices by creating one or more IAM users, giving them the necessary permissions, /// and using IAM users for everyday interaction with AWS. /// /// /// /// The credentials that are returned by GetSessionToken are based on permissions /// associated with the user whose credentials were used to call the operation. If GetSessionToken /// is called using AWS account root user credentials, the temporary credentials have /// root user permissions. Similarly, if GetSessionToken is called using /// the credentials of an IAM user, the temporary credentials have the same permissions /// as the IAM user. /// /// /// /// For more information about using GetSessionToken to create temporary /// credentials, go to Temporary /// Credentials for Users in Untrusted Environments in the IAM User Guide. /// /// ///

public partial class GetSessionTokenRequest : AmazonSecurityTokenServiceRequest { private int? _durationSeconds; private string _serialNumber; private string _tokenCode; ///

/// Empty constructor used to set properties independently even when a simple constructor is available ///

public GetSessionTokenRequest() { } ///

/// Gets and sets the property DurationSeconds. /// /// The duration, in seconds, that the credentials should remain valid. Acceptable durations /// for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), /// with 43,200 seconds (12 hours) as the default. Sessions for AWS account owners are /// restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than /// one hour, the session for AWS account owners defaults to one hour. /// ///

[AWSProperty(Min=900, Max=129600)] public int DurationSeconds { get { return this._durationSeconds.GetValueOrDefault(); } set { this._durationSeconds = value; } } // Check to see if DurationSeconds property is set internal bool IsSetDurationSeconds() { return this._durationSeconds.HasValue; } ///

/// Gets and sets the property SerialNumber. /// /// The identification number of the MFA device that is associated with the IAM user who /// is making the GetSessionToken call. Specify this value if the IAM user /// has a policy that requires MFA authentication. The value is either the serial number /// for a hardware device (such as GAHT12345678) or an Amazon Resource Name /// (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). /// You can find the device for an IAM user by going to the AWS Management Console and /// viewing the user's security credentials. /// /// /// /// The regex used to validate this parameter is a string of characters consisting of /// upper- and lower-case alphanumeric characters with no spaces. You can also include /// underscores or any of the following characters: =,.@:/- /// ///

[AWSProperty(Min=9, Max=256)] public string SerialNumber { get { return this._serialNumber; } set { this._serialNumber = value; } } // Check to see if SerialNumber property is set internal bool IsSetSerialNumber() { return this._serialNumber != null; } ///

/// Gets and sets the property TokenCode. /// /// The value provided by the MFA device, if MFA is required. If any policy requires the /// IAM user to submit an MFA code, specify this value. If MFA authentication is required, /// the user must provide a code when requesting a set of temporary security credentials. /// A user who fails to provide the code receives an "access denied" response when requesting /// resources that require MFA authentication. /// /// /// /// The format for this parameter, as described by its regex pattern, is a sequence of /// six numeric digits. /// ///

[AWSProperty(Min=6, Max=6)] public string TokenCode { get { return this._tokenCode; } set { this._tokenCode = value; } } // Check to see if TokenCode property is set internal bool IsSetTokenCode() { return this._tokenCode != null; } } }