Documentation
¶
Index ¶
- type AssumedRoleUser
- type Credentials
- type ExpiredTokenException
- type FederatedUser
- type IDPCommunicationErrorException
- type IDPRejectedClaimException
- type InvalidAuthorizationMessageException
- type InvalidIdentityTokenException
- type MalformedPolicyDocumentException
- type PackedPolicyTooLargeException
- type PolicyDescriptorType
- type RegionDisabledException
- type Tag
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AssumedRoleUser ¶
type AssumedRoleUser struct {
// The ARN of the temporary security credentials that are returned from the
// AssumeRole action. For more information about ARNs and how to use them in
// policies, see IAM Identifiers
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in
// the IAM User Guide.
//
// This member is required.
Arn *string
// A unique identifier that contains the role ID and the role session name of the
// role that is being assumed. The role ID is generated by AWS when the role is
// created.
//
// This member is required.
AssumedRoleId *string
}
The identifiers for the temporary security credentials that the operation returns.
type Credentials ¶
type Credentials struct {
// The access key ID that identifies the temporary security credentials.
//
// This member is required.
AccessKeyId *string
// The date on which the current credentials expire.
//
// This member is required.
Expiration *time.Time
// The secret access key that can be used to sign requests.
//
// This member is required.
SecretAccessKey *string
// The token that users must pass to the service API to use the temporary
// credentials.
//
// This member is required.
SessionToken *string
}
AWS credentials for API authentication.
type ExpiredTokenException ¶
type ExpiredTokenException struct {
Message *string
}
The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request.
func (*ExpiredTokenException) Error ¶
func (e *ExpiredTokenException) Error() string
func (*ExpiredTokenException) ErrorCode ¶
func (e *ExpiredTokenException) ErrorCode() string
func (*ExpiredTokenException) ErrorFault ¶
func (e *ExpiredTokenException) ErrorFault() smithy.ErrorFault
func (*ExpiredTokenException) ErrorMessage ¶
func (e *ExpiredTokenException) ErrorMessage() string
type FederatedUser ¶
type FederatedUser struct {
// The ARN that specifies the federated user that is associated with the
// credentials. For more information about ARNs and how to use them in policies,
// see IAM Identifiers
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in
// the IAM User Guide.
//
// This member is required.
Arn *string
// The string that identifies the federated user associated with the credentials,
// similar to the unique ID of an IAM user.
//
// This member is required.
FederatedUserId *string
}
Identifiers for the federated user that is associated with the credentials.
type IDPCommunicationErrorException ¶
type IDPCommunicationErrorException struct {
Message *string
}
The request could not be fulfilled because the identity provider (IDP) that was asked to verify the incoming identity token could not be reached. This is often a transient error caused by network conditions. Retry the request a limited number of times so that you don't exceed the request rate. If the error persists, the identity provider might be down or not responding.
func (*IDPCommunicationErrorException) Error ¶
func (e *IDPCommunicationErrorException) Error() string
func (*IDPCommunicationErrorException) ErrorCode ¶
func (e *IDPCommunicationErrorException) ErrorCode() string
func (*IDPCommunicationErrorException) ErrorFault ¶
func (e *IDPCommunicationErrorException) ErrorFault() smithy.ErrorFault
func (*IDPCommunicationErrorException) ErrorMessage ¶
func (e *IDPCommunicationErrorException) ErrorMessage() string
type IDPRejectedClaimException ¶
type IDPRejectedClaimException struct {
Message *string
}
The identity provider (IdP) reported that authentication failed. This might be because the claim is invalid. If this error is returned for the AssumeRoleWithWebIdentity operation, it can also mean that the claim has expired or has been explicitly revoked.
func (*IDPRejectedClaimException) Error ¶
func (e *IDPRejectedClaimException) Error() string
func (*IDPRejectedClaimException) ErrorCode ¶
func (e *IDPRejectedClaimException) ErrorCode() string
func (*IDPRejectedClaimException) ErrorFault ¶
func (e *IDPRejectedClaimException) ErrorFault() smithy.ErrorFault
func (*IDPRejectedClaimException) ErrorMessage ¶
func (e *IDPRejectedClaimException) ErrorMessage() string
type InvalidAuthorizationMessageException ¶
type InvalidAuthorizationMessageException struct {
Message *string
}
The error returned if the message passed to DecodeAuthorizationMessage was invalid. This can happen if the token contains invalid characters, such as linebreaks.
func (*InvalidAuthorizationMessageException) Error ¶
func (e *InvalidAuthorizationMessageException) Error() string
func (*InvalidAuthorizationMessageException) ErrorCode ¶
func (e *InvalidAuthorizationMessageException) ErrorCode() string
func (*InvalidAuthorizationMessageException) ErrorFault ¶
func (e *InvalidAuthorizationMessageException) ErrorFault() smithy.ErrorFault
func (*InvalidAuthorizationMessageException) ErrorMessage ¶
func (e *InvalidAuthorizationMessageException) ErrorMessage() string
type InvalidIdentityTokenException ¶
type InvalidIdentityTokenException struct {
Message *string
}
The web identity token that was passed could not be validated by AWS. Get a new identity token from the identity provider and then retry the request.
func (*InvalidIdentityTokenException) Error ¶
func (e *InvalidIdentityTokenException) Error() string
func (*InvalidIdentityTokenException) ErrorCode ¶
func (e *InvalidIdentityTokenException) ErrorCode() string
func (*InvalidIdentityTokenException) ErrorFault ¶
func (e *InvalidIdentityTokenException) ErrorFault() smithy.ErrorFault
func (*InvalidIdentityTokenException) ErrorMessage ¶
func (e *InvalidIdentityTokenException) ErrorMessage() string
type MalformedPolicyDocumentException ¶
type MalformedPolicyDocumentException struct {
Message *string
}
The request was rejected because the policy document was malformed. The error message describes the specific error.
func (*MalformedPolicyDocumentException) Error ¶
func (e *MalformedPolicyDocumentException) Error() string
func (*MalformedPolicyDocumentException) ErrorCode ¶
func (e *MalformedPolicyDocumentException) ErrorCode() string
func (*MalformedPolicyDocumentException) ErrorFault ¶
func (e *MalformedPolicyDocumentException) ErrorFault() smithy.ErrorFault
func (*MalformedPolicyDocumentException) ErrorMessage ¶
func (e *MalformedPolicyDocumentException) ErrorMessage() string
type PackedPolicyTooLargeException ¶
type PackedPolicyTooLargeException struct {
Message *string
}
The request was rejected because the total packed size of the session policies and session tags combined was too large. An AWS conversion compresses the session policy document, session policy ARNs, and session tags into a packed binary format that has a separate limit. The error message indicates by percentage how close the policies and tags are to the upper size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the IAM User Guide. You could receive this error even though you meet other defined session policy and session tag limits. For more information, see IAM and STS Entity Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) in the IAM User Guide.
func (*PackedPolicyTooLargeException) Error ¶
func (e *PackedPolicyTooLargeException) Error() string
func (*PackedPolicyTooLargeException) ErrorCode ¶
func (e *PackedPolicyTooLargeException) ErrorCode() string
func (*PackedPolicyTooLargeException) ErrorFault ¶
func (e *PackedPolicyTooLargeException) ErrorFault() smithy.ErrorFault
func (*PackedPolicyTooLargeException) ErrorMessage ¶
func (e *PackedPolicyTooLargeException) ErrorMessage() string
type PolicyDescriptorType ¶
type PolicyDescriptorType struct {
// The Amazon Resource Name (ARN) of the IAM managed policy to use as a session
// policy for the role. For more information about ARNs, see Amazon Resource Names
// (ARNs) and AWS Service Namespaces
// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in
// the AWS General Reference.
Arn *string
}
A reference to the IAM managed policy that is passed as a session policy for a role session or a federated user session.
type RegionDisabledException ¶
type RegionDisabledException struct {
Message *string
}
STS is not activated in the requested region for the account that is being asked to generate credentials. The account administrator must use the IAM console to activate STS in that region. For more information, see Activating and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) in the IAM User Guide.
func (*RegionDisabledException) Error ¶
func (e *RegionDisabledException) Error() string
func (*RegionDisabledException) ErrorCode ¶
func (e *RegionDisabledException) ErrorCode() string
func (*RegionDisabledException) ErrorFault ¶
func (e *RegionDisabledException) ErrorFault() smithy.ErrorFault
func (*RegionDisabledException) ErrorMessage ¶
func (e *RegionDisabledException) ErrorMessage() string
type Tag ¶
type Tag struct {
// The key for a session tag. You can pass up to 50 session tags. The plain text
// session tag keys can’t exceed 128 characters. For these and additional limits,
// see IAM and STS Character Limits
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide.
//
// This member is required.
Key *string
// The value for a session tag. You can pass up to 50 session tags. The plain text
// session tag values can’t exceed 256 characters. For these and additional limits,
// see IAM and STS Character Limits
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length)
// in the IAM User Guide.
//
// This member is required.
Value *string
}
You can pass custom key-value pair attributes when you assume a role or federate a user. These are called session tags. You can then use the session tags to control access to resources. For more information, see Tagging AWS STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the IAM User Guide.
Source Files