libZSservicesZSamazonka-stsZSamazonka-sts
Copyright(c) 2013-2021 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone

Amazonka.STS.Types

Description

 
Synopsis

Service Configuration

defaultService :: Service Source #

API version 2011-06-15 of the Amazon Security Token Service SDK configuration.

Errors

_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the policy document was malformed. The error message describes the specific error.

_InvalidAuthorizationMessageException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The error returned if the message passed to DecodeAuthorizationMessage was invalid. This can happen if the token contains invalid characters, such as linebreaks.

_PackedPolicyTooLargeException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the total packed size of the session policies and session tags combined was too large. An Amazon Web Services conversion compresses the session policy document, session policy ARNs, and session tags into a packed binary format that has a separate limit. The error message indicates by percentage how close the policies and tags are to the upper size limit. For more information, see Passing Session Tags in STS in the IAM User Guide.

You could receive this error even though you meet other defined session policy and session tag limits. For more information, see IAM and STS Entity Character Limits in the IAM User Guide.

_RegionDisabledException :: AsError a => Getting (First ServiceError) a ServiceError Source #

STS is not activated in the requested region for the account that is being asked to generate credentials. The account administrator must use the IAM console to activate STS in that region. For more information, see Activating and Deactivating Amazon Web Services STS in an Amazon Web Services Region in the IAM User Guide.

_IDPCommunicationErrorException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request could not be fulfilled because the identity provider (IDP) that was asked to verify the incoming identity token could not be reached. This is often a transient error caused by network conditions. Retry the request a limited number of times so that you don't exceed the request rate. If the error persists, the identity provider might be down or not responding.

_InvalidIdentityTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The web identity token that was passed could not be validated by Amazon Web Services. Get a new identity token from the identity provider and then retry the request.

_ExpiredTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request.

_IDPRejectedClaimException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The identity provider (IdP) reported that authentication failed. This might be because the claim is invalid.

If this error is returned for the AssumeRoleWithWebIdentity operation, it can also mean that the claim has expired or has been explicitly revoked.

AssumedRoleUser

data AssumedRoleUser Source #

The identifiers for the temporary security credentials that the operation returns.

See: newAssumedRoleUser smart constructor.

Constructors

AssumedRoleUser' 

Fields

  • assumedRoleId :: Text

    A unique identifier that contains the role ID and the role session name of the role that is being assumed. The role ID is generated by Amazon Web Services when the role is created.

  • arn :: Text

    The ARN of the temporary security credentials that are returned from the AssumeRole action. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide.

Instances

Instances details
Eq AssumedRoleUser Source # 
Instance details

Defined in Amazonka.STS.Types.AssumedRoleUser

Read AssumedRoleUser Source # 
Instance details

Defined in Amazonka.STS.Types.AssumedRoleUser

Show AssumedRoleUser Source # 
Instance details

Defined in Amazonka.STS.Types.AssumedRoleUser

Generic AssumedRoleUser Source # 
Instance details

Defined in Amazonka.STS.Types.AssumedRoleUser

Associated Types

type Rep AssumedRoleUser :: Type -> Type #

NFData AssumedRoleUser Source # 
Instance details

Defined in Amazonka.STS.Types.AssumedRoleUser

Methods

rnf :: AssumedRoleUser -> () #

Hashable AssumedRoleUser Source # 
Instance details

Defined in Amazonka.STS.Types.AssumedRoleUser

FromXML AssumedRoleUser Source # 
Instance details

Defined in Amazonka.STS.Types.AssumedRoleUser

type Rep AssumedRoleUser Source # 
Instance details

Defined in Amazonka.STS.Types.AssumedRoleUser

type Rep AssumedRoleUser = D1 ('MetaData "AssumedRoleUser" "Amazonka.STS.Types.AssumedRoleUser" "libZSservicesZSamazonka-stsZSamazonka-sts" 'False) (C1 ('MetaCons "AssumedRoleUser'" 'PrefixI 'True) (S1 ('MetaSel ('Just "assumedRoleId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "arn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))

newAssumedRoleUser Source #

Create a value of AssumedRoleUser with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:assumedRoleId:AssumedRoleUser', assumedRoleUser_assumedRoleId - A unique identifier that contains the role ID and the role session name of the role that is being assumed. The role ID is generated by Amazon Web Services when the role is created.

$sel:arn:AssumedRoleUser', assumedRoleUser_arn - The ARN of the temporary security credentials that are returned from the AssumeRole action. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide.

assumedRoleUser_assumedRoleId :: Lens' AssumedRoleUser Text Source #

A unique identifier that contains the role ID and the role session name of the role that is being assumed. The role ID is generated by Amazon Web Services when the role is created.

assumedRoleUser_arn :: Lens' AssumedRoleUser Text Source #

The ARN of the temporary security credentials that are returned from the AssumeRole action. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide.

FederatedUser

data FederatedUser Source #

Identifiers for the federated user that is associated with the credentials.

See: newFederatedUser smart constructor.

Constructors

FederatedUser' 

Fields

  • federatedUserId :: Text

    The string that identifies the federated user associated with the credentials, similar to the unique ID of an IAM user.

  • arn :: Text

    The ARN that specifies the federated user that is associated with the credentials. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide.

Instances

Instances details
Eq FederatedUser Source # 
Instance details

Defined in Amazonka.STS.Types.FederatedUser

Read FederatedUser Source # 
Instance details

Defined in Amazonka.STS.Types.FederatedUser

Show FederatedUser Source # 
Instance details

Defined in Amazonka.STS.Types.FederatedUser

Generic FederatedUser Source # 
Instance details

Defined in Amazonka.STS.Types.FederatedUser

Associated Types

type Rep FederatedUser :: Type -> Type #

NFData FederatedUser Source # 
Instance details

Defined in Amazonka.STS.Types.FederatedUser

Methods

rnf :: FederatedUser -> () #

Hashable FederatedUser Source # 
Instance details

Defined in Amazonka.STS.Types.FederatedUser

FromXML FederatedUser Source # 
Instance details

Defined in Amazonka.STS.Types.FederatedUser

type Rep FederatedUser Source # 
Instance details

Defined in Amazonka.STS.Types.FederatedUser

type Rep FederatedUser = D1 ('MetaData "FederatedUser" "Amazonka.STS.Types.FederatedUser" "libZSservicesZSamazonka-stsZSamazonka-sts" 'False) (C1 ('MetaCons "FederatedUser'" 'PrefixI 'True) (S1 ('MetaSel ('Just "federatedUserId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "arn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))

newFederatedUser Source #

Create a value of FederatedUser with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:federatedUserId:FederatedUser', federatedUser_federatedUserId - The string that identifies the federated user associated with the credentials, similar to the unique ID of an IAM user.

$sel:arn:FederatedUser', federatedUser_arn - The ARN that specifies the federated user that is associated with the credentials. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide.

federatedUser_federatedUserId :: Lens' FederatedUser Text Source #

The string that identifies the federated user associated with the credentials, similar to the unique ID of an IAM user.

federatedUser_arn :: Lens' FederatedUser Text Source #

The ARN that specifies the federated user that is associated with the credentials. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide.

PolicyDescriptorType

data PolicyDescriptorType Source #

A reference to the IAM managed policy that is passed as a session policy for a role session or a federated user session.

See: newPolicyDescriptorType smart constructor.

Constructors

PolicyDescriptorType' 

Fields

Instances

Instances details
Eq PolicyDescriptorType Source # 
Instance details

Defined in Amazonka.STS.Types.PolicyDescriptorType

Read PolicyDescriptorType Source # 
Instance details

Defined in Amazonka.STS.Types.PolicyDescriptorType

Show PolicyDescriptorType Source # 
Instance details

Defined in Amazonka.STS.Types.PolicyDescriptorType

Generic PolicyDescriptorType Source # 
Instance details

Defined in Amazonka.STS.Types.PolicyDescriptorType

Associated Types

type Rep PolicyDescriptorType :: Type -> Type #

NFData PolicyDescriptorType Source # 
Instance details

Defined in Amazonka.STS.Types.PolicyDescriptorType

Methods

rnf :: PolicyDescriptorType -> () #

Hashable PolicyDescriptorType Source # 
Instance details

Defined in Amazonka.STS.Types.PolicyDescriptorType

ToQuery PolicyDescriptorType Source # 
Instance details

Defined in Amazonka.STS.Types.PolicyDescriptorType

type Rep PolicyDescriptorType Source # 
Instance details

Defined in Amazonka.STS.Types.PolicyDescriptorType

type Rep PolicyDescriptorType = D1 ('MetaData "PolicyDescriptorType" "Amazonka.STS.Types.PolicyDescriptorType" "libZSservicesZSamazonka-stsZSamazonka-sts" 'False) (C1 ('MetaCons "PolicyDescriptorType'" 'PrefixI 'True) (S1 ('MetaSel ('Just "arn") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))))

newPolicyDescriptorType :: PolicyDescriptorType Source #

Create a value of PolicyDescriptorType with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:arn:PolicyDescriptorType', policyDescriptorType_arn - The Amazon Resource Name (ARN) of the IAM managed policy to use as a session policy for the role. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

policyDescriptorType_arn :: Lens' PolicyDescriptorType (Maybe Text) Source #

The Amazon Resource Name (ARN) of the IAM managed policy to use as a session policy for the role. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

Tag

data Tag Source #

You can pass custom key-value pair attributes when you assume a role or federate a user. These are called session tags. You can then use the session tags to control access to resources. For more information, see Tagging STS Sessions in the IAM User Guide.

See: newTag smart constructor.

Constructors

Tag' 

Fields

  • key :: Text

    The key for a session tag.

    You can pass up to 50 session tags. The plain text session tag keys can’t exceed 128 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

  • value :: Text

    The value for a session tag.

    You can pass up to 50 session tags. The plain text session tag values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

Instances

Instances details
Eq Tag Source # 
Instance details

Defined in Amazonka.STS.Types.Tag

Methods

(==) :: Tag -> Tag -> Bool #

(/=) :: Tag -> Tag -> Bool #

Read Tag Source # 
Instance details

Defined in Amazonka.STS.Types.Tag

Show Tag Source # 
Instance details

Defined in Amazonka.STS.Types.Tag

Methods

showsPrec :: Int -> Tag -> ShowS #

show :: Tag -> String #

showList :: [Tag] -> ShowS #

Generic Tag Source # 
Instance details

Defined in Amazonka.STS.Types.Tag

Associated Types

type Rep Tag :: Type -> Type #

Methods

from :: Tag -> Rep Tag x #

to :: Rep Tag x -> Tag #

NFData Tag Source # 
Instance details

Defined in Amazonka.STS.Types.Tag

Methods

rnf :: Tag -> () #

Hashable Tag Source # 
Instance details

Defined in Amazonka.STS.Types.Tag

Methods

hashWithSalt :: Int -> Tag -> Int #

hash :: Tag -> Int #

ToQuery Tag Source # 
Instance details

Defined in Amazonka.STS.Types.Tag

Methods

toQuery :: Tag -> QueryString #

type Rep Tag Source # 
Instance details

Defined in Amazonka.STS.Types.Tag

type Rep Tag = D1 ('MetaData "Tag" "Amazonka.STS.Types.Tag" "libZSservicesZSamazonka-stsZSamazonka-sts" 'False) (C1 ('MetaCons "Tag'" 'PrefixI 'True) (S1 ('MetaSel ('Just "key") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "value") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))

newTag Source #

Create a value of Tag with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:key:Tag', tag_key - The key for a session tag.

You can pass up to 50 session tags. The plain text session tag keys can’t exceed 128 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

$sel:value:Tag', tag_value - The value for a session tag.

You can pass up to 50 session tags. The plain text session tag values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

tag_key :: Lens' Tag Text Source #

The key for a session tag.

You can pass up to 50 session tags. The plain text session tag keys can’t exceed 128 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

tag_value :: Lens' Tag Text Source #

The value for a session tag.

You can pass up to 50 session tags. The plain text session tag values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.