Copyright	(c) 2013-2021 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	None

Amazonka.STS.DecodeAuthorizationMessage

Contents

Creating a Request
Request Lenses
Destructuring the Response
Response Lenses

Description

Decodes additional information about the authorization status of a request from an encoded message returned in response to an Amazon Web Services request.

For example, if a user is not authorized to perform an operation that he or she has requested, the request returns a Client.UnauthorizedOperation response (an HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can provide details about this authorization failure.

Only certain Amazon Web Services operations return an encoded authorization message. The documentation for an individual operation indicates whether that operation returns an encoded message in addition to returning an HTTP code.

The message is encoded because the details of the authorization status can constitute privileged information that the user who requested the operation should not see. To decode an authorization status message, a user must be granted permissions via an IAM policy to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) action.

The decoded message includes the following type of information:

Whether the request was denied due to an explicit deny or due to the absence of an explicit allow. For more information, see Determining Whether a Request is Allowed or Denied in the IAM User Guide.
The principal who made the request.
The requested action.
The requested resource.
The values of condition keys in the context of the user's request.

Creating a Request

data DecodeAuthorizationMessage Source #

See: newDecodeAuthorizationMessage smart constructor.

Constructors

DecodeAuthorizationMessage'
Fields encodedMessage :: Text The encoded message that was returned with the response.

Instances

Instances details

Eq DecodeAuthorizationMessage Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Methods (==) :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool # (/=) :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool #
Read DecodeAuthorizationMessage Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Methods readsPrec :: Int -> ReadS DecodeAuthorizationMessage # readList :: ReadS [DecodeAuthorizationMessage] # readPrec :: ReadPrec DecodeAuthorizationMessage # readListPrec :: ReadPrec [DecodeAuthorizationMessage] #
Show DecodeAuthorizationMessage Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Methods showsPrec :: Int -> DecodeAuthorizationMessage -> ShowS # show :: DecodeAuthorizationMessage -> String # showList :: [DecodeAuthorizationMessage] -> ShowS #
Generic DecodeAuthorizationMessage Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Associated Types type Rep DecodeAuthorizationMessage :: Type -> Type # Methods from :: DecodeAuthorizationMessage -> Rep DecodeAuthorizationMessage x # to :: Rep DecodeAuthorizationMessage x -> DecodeAuthorizationMessage #
NFData DecodeAuthorizationMessage Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Methods rnf :: DecodeAuthorizationMessage -> () #
Hashable DecodeAuthorizationMessage Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Methods hashWithSalt :: Int -> DecodeAuthorizationMessage -> Int # hash :: DecodeAuthorizationMessage -> Int #
AWSRequest DecodeAuthorizationMessage Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Associated Types type AWSResponse DecodeAuthorizationMessage # Methods request :: DecodeAuthorizationMessage -> Request DecodeAuthorizationMessage # response :: MonadResource m => Logger -> Service -> Proxy DecodeAuthorizationMessage -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse DecodeAuthorizationMessage))) #
ToHeaders DecodeAuthorizationMessage Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Methods toHeaders :: DecodeAuthorizationMessage -> [Header] #
ToPath DecodeAuthorizationMessage Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Methods toPath :: DecodeAuthorizationMessage -> ByteString #
ToQuery DecodeAuthorizationMessage Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Methods toQuery :: DecodeAuthorizationMessage -> QueryString #
type Rep DecodeAuthorizationMessage Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage type Rep DecodeAuthorizationMessage = D1 ('MetaData "DecodeAuthorizationMessage" "Amazonka.STS.DecodeAuthorizationMessage" "libZSservicesZSamazonka-stsZSamazonka-sts" 'False) (C1 ('MetaCons "DecodeAuthorizationMessage'" 'PrefixI 'True) (S1 ('MetaSel ('Just "encodedMessage") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))
type AWSResponse DecodeAuthorizationMessage Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage type AWSResponse DecodeAuthorizationMessage = DecodeAuthorizationMessageResponse

newDecodeAuthorizationMessage Source #

Arguments

:: Text	`$sel:encodedMessage:DecodeAuthorizationMessage'`
-> DecodeAuthorizationMessage

Create a value of DecodeAuthorizationMessage with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:encodedMessage:DecodeAuthorizationMessage', decodeAuthorizationMessage_encodedMessage - The encoded message that was returned with the response.

Request Lenses

decodeAuthorizationMessage_encodedMessage :: Lens' DecodeAuthorizationMessage Text Source #

The encoded message that was returned with the response.

Destructuring the Response

data DecodeAuthorizationMessageResponse Source #

A document that contains additional information about the authorization status of a request from an encoded message that is returned in response to an Amazon Web Services request.

See: newDecodeAuthorizationMessageResponse smart constructor.

Constructors

DecodeAuthorizationMessageResponse'
Fields decodedMessage :: Maybe Text An XML document that contains the decoded message. httpStatus :: Int The response's http status code.

Instances

Instances details

Eq DecodeAuthorizationMessageResponse Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Methods (==) :: DecodeAuthorizationMessageResponse -> DecodeAuthorizationMessageResponse -> Bool # (/=) :: DecodeAuthorizationMessageResponse -> DecodeAuthorizationMessageResponse -> Bool #
Read DecodeAuthorizationMessageResponse Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Methods readsPrec :: Int -> ReadS DecodeAuthorizationMessageResponse # readList :: ReadS [DecodeAuthorizationMessageResponse] # readPrec :: ReadPrec DecodeAuthorizationMessageResponse # readListPrec :: ReadPrec [DecodeAuthorizationMessageResponse] #
Show DecodeAuthorizationMessageResponse Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Methods showsPrec :: Int -> DecodeAuthorizationMessageResponse -> ShowS # show :: DecodeAuthorizationMessageResponse -> String # showList :: [DecodeAuthorizationMessageResponse] -> ShowS #
Generic DecodeAuthorizationMessageResponse Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Associated Types type Rep DecodeAuthorizationMessageResponse :: Type -> Type # Methods from :: DecodeAuthorizationMessageResponse -> Rep DecodeAuthorizationMessageResponse x # to :: Rep DecodeAuthorizationMessageResponse x -> DecodeAuthorizationMessageResponse #
NFData DecodeAuthorizationMessageResponse Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage Methods rnf :: DecodeAuthorizationMessageResponse -> () #
type Rep DecodeAuthorizationMessageResponse Source #
Instance details Defined in Amazonka.STS.DecodeAuthorizationMessage type Rep DecodeAuthorizationMessageResponse = D1 ('MetaData "DecodeAuthorizationMessageResponse" "Amazonka.STS.DecodeAuthorizationMessage" "libZSservicesZSamazonka-stsZSamazonka-sts" 'False) (C1 ('MetaCons "DecodeAuthorizationMessageResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "decodedMessage") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int)))

newDecodeAuthorizationMessageResponse Source #

Arguments

:: Int	`$sel:httpStatus:DecodeAuthorizationMessageResponse'`
-> DecodeAuthorizationMessageResponse

Create a value of DecodeAuthorizationMessageResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:decodedMessage:DecodeAuthorizationMessageResponse', decodeAuthorizationMessageResponse_decodedMessage - An XML document that contains the decoded message.

$sel:httpStatus:DecodeAuthorizationMessageResponse', decodeAuthorizationMessageResponse_httpStatus - The response's http status code.

Response Lenses

decodeAuthorizationMessageResponse_decodedMessage :: Lens' DecodeAuthorizationMessageResponse (Maybe Text) Source #

An XML document that contains the decoded message.

decodeAuthorizationMessageResponse_httpStatus :: Lens' DecodeAuthorizationMessageResponse Int Source #

The response's http status code.