/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include namespace Aws { namespace STS { namespace Model { /** */ class GetFederationTokenRequest : public STSRequest { public: AWS_STS_API GetFederationTokenRequest() = default; // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "GetFederationToken"; } AWS_STS_API Aws::String SerializePayload() const override; protected: AWS_STS_API void DumpBodyToUrl(Aws::Http::URI& uri) const override; public: ///@{ /** *

The name of the federated user. The name is used as an identifier for the * temporary security credentials (such as Bob). For example, you can * reference the federated user name in a resource-based policy, such as in an * Amazon S3 bucket policy.

The regex used to validate this parameter is a * string of characters consisting of upper- and lower-case alphanumeric characters * with no spaces. You can also include underscores or any of the following * characters: =,.@-

*/ inline const Aws::String& GetName() const { return m_name; } inline bool NameHasBeenSet() const { return m_nameHasBeenSet; } template void SetName(NameT&& value) { m_nameHasBeenSet = true; m_name = std::forward(value); } template GetFederationTokenRequest& WithName(NameT&& value) { SetName(std::forward(value)); return *this; } ///@} ///@{ /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

You must pass an inline or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policy Amazon * Resource Names (ARNs) to use as managed session policies.

This parameter * is optional. However, if you do not pass any session policies, then the * resulting federated user session has no permissions.

When you pass * session policies, the session permissions are the intersection of the IAM user * policies and the session policies that you pass. This gives you a way to further * restrict the permissions for a federated user. You cannot use session policies * to grant more permissions than those that are defined in the permissions policy * of the IAM user. For more information, see Session * Policies in the IAM User Guide.

The resulting credentials can * be used to access a resource that has a resource-based policy. If that policy * specifically references the federated user session in the Principal * element of the policy, the session has the permissions allowed by the policy. * These permissions are granted in addition to the permissions that are granted by * the session policies.

The plaintext that you use for both inline and * managed session policies can't exceed 2,048 characters. The JSON policy * characters can be any ASCII character from the space character to the end of the * valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

An Amazon Web Services conversion compresses the passed inline session * policy, managed policy ARNs, and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline const Aws::String& GetPolicy() const { return m_policy; } inline bool PolicyHasBeenSet() const { return m_policyHasBeenSet; } template void SetPolicy(PolicyT&& value) { m_policyHasBeenSet = true; m_policy = std::forward(value); } template GetFederationTokenRequest& WithPolicy(PolicyT&& value) { SetPolicy(std::forward(value)); return *this; } ///@} ///@{ /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as a managed session policy. The policies must exist in the same account as * the IAM user that is requesting federated access.

You must pass an inline * or managed session * policy to this operation. You can pass a single JSON policy document to use * as an inline session policy. You can also specify up to 10 managed policy Amazon * Resource Names (ARNs) to use as managed session policies. The plaintext that you * use for both inline and managed session policies can't exceed 2,048 characters. * You can provide up to 10 managed policy ARNs. For more information about ARNs, * see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

This parameter is optional. * However, if you do not pass any session policies, then the resulting federated * user session has no permissions.

When you pass session policies, the * session permissions are the intersection of the IAM user policies and the * session policies that you pass. This gives you a way to further restrict the * permissions for a federated user. You cannot use session policies to grant more * permissions than those that are defined in the permissions policy of the IAM * user. For more information, see Session * Policies in the IAM User Guide.

An Amazon Web Services conversion compresses * the passed inline session policy, managed policy ARNs, and session tags into a * packed binary format that has a separate limit. Your request can fail for this * limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*/ inline const Aws::Vector& GetPolicyArns() const { return m_policyArns; } inline bool PolicyArnsHasBeenSet() const { return m_policyArnsHasBeenSet; } template > void SetPolicyArns(PolicyArnsT&& value) { m_policyArnsHasBeenSet = true; m_policyArns = std::forward(value); } template > GetFederationTokenRequest& WithPolicyArns(PolicyArnsT&& value) { SetPolicyArns(std::forward(value)); return *this; } template GetFederationTokenRequest& AddPolicyArns(PolicyArnsT&& value) { m_policyArnsHasBeenSet = true; m_policyArns.emplace_back(std::forward(value)); return *this; } ///@} ///@{ /** *

The duration, in seconds, that the session should last. Acceptable durations * for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds * (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained * using root user credentials are restricted to a maximum of 3,600 seconds (one * hour). If the specified duration is longer than one hour, the session obtained * by using root user credentials defaults to one hour.

*/ inline int GetDurationSeconds() const { return m_durationSeconds; } inline bool DurationSecondsHasBeenSet() const { return m_durationSecondsHasBeenSet; } inline void SetDurationSeconds(int value) { m_durationSecondsHasBeenSet = true; m_durationSeconds = value; } inline GetFederationTokenRequest& WithDurationSeconds(int value) { SetDurationSeconds(value); return *this; } ///@} ///@{ /** *

A list of session tags. Each session tag consists of a key name and an * associated value. For more information about session tags, see Passing * Session Tags in STS in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plaintext session tag keys * can’t exceed 128 characters and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An * Amazon Web Services conversion compresses the passed inline session policy, * managed policy ARNs, and session tags into a packed binary format that has a * separate limit. Your request can fail for this limit even if your plaintext * meets the other requirements. The PackedPolicySize response element * indicates by percentage how close the policies and tags for your request are to * the upper size limit.

You can pass a session tag with the same * key as a tag that is already attached to the user you are federating. When you * do, session tags override a user tag with the same key.

Tag key–value * pairs are not case sensitive, but case is preserved. This means that you cannot * have separate Department and department tag keys. * Assume that the role has the Department=Marketing tag * and you pass the department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

*/ inline const Aws::Vector& GetTags() const { return m_tags; } inline bool TagsHasBeenSet() const { return m_tagsHasBeenSet; } template > void SetTags(TagsT&& value) { m_tagsHasBeenSet = true; m_tags = std::forward(value); } template > GetFederationTokenRequest& WithTags(TagsT&& value) { SetTags(std::forward(value)); return *this; } template GetFederationTokenRequest& AddTags(TagsT&& value) { m_tagsHasBeenSet = true; m_tags.emplace_back(std::forward(value)); return *this; } ///@} private: Aws::String m_name; Aws::String m_policy; Aws::Vector m_policyArns; int m_durationSeconds{0}; Aws::Vector m_tags; bool m_nameHasBeenSet = false; bool m_policyHasBeenSet = false; bool m_policyArnsHasBeenSet = false; bool m_durationSecondsHasBeenSet = false; bool m_tagsHasBeenSet = false; }; } // namespace Model } // namespace STS } // namespace Aws