class Aws::STS::Types::GetFederationTokenRequest
@see docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationTokenRequest AWS API Documentation
@return [Array<Types::Tag>]<br>: docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length<br>[1]: docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html<br><br><br><br>passed in the request takes precedence over the role tag.
‘department` are not saved as separate tags, and the session tag
`department`=`engineering` session tag. `Department` and
`Department`=`Marketing` tag and you pass the
`department` tag keys. Assume that the role has the
This means that you cannot have separate `Department` and
Tag key–value pairs are not case sensitive, but case is preserved.
session tags override a user tag with the same key.
already attached to the user you are federating. When you do,
You can pass a session tag with the same key as a tag that is
</note>
tags for your request are to the upper size limit.
response element indicates by percentage how close the policies and
plaintext meets the other requirements. The `PackedPolicySize`
separate limit. Your request can fail for this limit even if your
policies and session tags into a packed binary format that has a
<note markdown=“1”> An Amazon Web Services conversion compresses the passed session
see [IAM and STS Character Limits] in the *IAM User Guide*.
values can’t exceed 256 characters. For these and additional limits,
plaintext session tag keys can’t exceed 128 characters and the
This parameter is optional. You can pass up to 50 session tags. The
[Passing Session Tags in STS] in the *IAM User Guide*.
an associated value. For more information about session tags, see
A list of session tags. Each session tag consists of a key name and
@!attribute [rw] tags
@return [Integer]
to one hour.
hour, the session obtained by using root user credentials defaults
seconds (one hour). If the specified duration is longer than one
account root user credentials are restricted to a maximum of 3,600
hours) as the default. Sessions obtained using Amazon Web Services
minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12
durations for federation sessions range from 900 seconds (15
The duration, in seconds, that the session should last. Acceptable
@!attribute [rw] duration_seconds
@return [Array<Types::PolicyDescriptorType>]<br>: docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html<br>[1]: docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session<br><br><br><br></note>
tags for your request are to the upper size limit.
response element indicates by percentage how close the policies and
plaintext meets the other requirements. The `PackedPolicySize`
separate limit. Your request can fail for this limit even if your
policies and session tags into a packed binary format that has a
<note markdown=“1”> An Amazon Web Services conversion compresses the passed session
session policies.
are granted in addition to the permissions that are granted by the
session has the permissions allowed by the policy. These permissions
federated user session in the `Principal` element of the policy, the
a resource-based policy. If that policy specifically references the
The resulting credentials can be used to access a resource that has
*IAM User Guide*.
the IAM user. For more information, see [Session Policies] in the
permissions than those that are defined in the permissions policy of
for a federated user. You cannot use session policies to grant more
you pass. This gives you a way to further restrict the permissions
intersection of the IAM user policies and the session policies that
When you pass session policies, the session permissions are the
permissions.
policies, then the resulting federated user session has no
This parameter is optional. However, if you do not pass any session
General Reference.
Web Services Service Namespaces] in the Amazon Web Services
information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
characters. You can provide up to 10 managed policy ARNs. For more
use for both inline and managed session policies can’t exceed 2,048
policies to use as managed session policies. The plaintext that you
inline session policy. You can also specify up to 10 managed
operation. You can pass a single JSON policy document to use as an
You must pass an inline or managed [session policy] to this
access.
in the same account as the IAM user that is requesting federated
you want to use as a managed session policy. The policies must exist
The Amazon Resource Names (ARNs) of the IAM managed policies that
@!attribute [rw] policy_arns
@return [String]<br>: docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session<br><br><br><br></note>
tags for your request are to the upper size limit.
response element indicates by percentage how close the policies and
plaintext meets the other requirements. The ‘PackedPolicySize`
separate limit. Your request can fail for this limit even if your
policies and session tags into a packed binary format that has a
<note markdown=“1”> An Amazon Web Services conversion compresses the passed session
(\u000D) characters.
include the tab (\u0009), linefeed (\u000A), and carriage return
the valid character list (\u0020 through \u00FF). It can also
can be any ASCII character from the space character to the end of
policies can’t exceed 2,048 characters. The JSON policy characters
The plaintext that you use for both inline and managed session
session policies.
are granted in addition to the permissions that are granted by the
session has the permissions allowed by the policy. These permissions
federated user session in the ‘Principal` element of the policy, the
a resource-based policy. If that policy specifically references the
The resulting credentials can be used to access a resource that has
*IAM User Guide*.
the IAM user. For more information, see [Session Policies] in the
permissions than those that are defined in the permissions policy of
for a federated user. You cannot use session policies to grant more
you pass. This gives you a way to further restrict the permissions
intersection of the IAM user policies and the session policies that
When you pass session policies, the session permissions are the
permissions.
policies, then the resulting federated user session has no
This parameter is optional. However, if you do not pass any session
policies to use as managed session policies.
inline session policy. You can also specify up to 10 managed
operation. You can pass a single JSON policy document to use as an
You must pass an inline or managed [session policy] to this
session policy.
An IAM policy in JSON format that you want to use as an inline
@!attribute [rw] policy
@return [String]
characters: =,.@-
spaces. You can also include underscores or any of the following
consisting of upper- and lower-case alphanumeric characters with no
The regex used to validate this parameter is a string of characters
policy, such as in an Amazon S3 bucket policy.
you can reference the federated user name in a resource-based
for the temporary security credentials (such as `Bob`). For example,
The name of the federated user. The name is used as an identifier
@!attribute [rw] name
}
],
},
value: “tagValueType”, # required
key: “tagKeyType”, # required
{
tags: [
duration_seconds: 1,
],
},
arn: “arnType”,
{
policy_arns: [
policy: “sessionPolicyDocumentType”,
name: “userNameType”, # required
{
data as a hash:
@note When making an API call, you may pass GetFederationTokenRequest