{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.STS.GetSessionToken
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Returns a set of temporary credentials for an Amazon Web Services
-- account or IAM user. The credentials consist of an access key ID, a
-- secret access key, and a security token. Typically, you use
-- @GetSessionToken@ if you want to use MFA to protect programmatic calls
-- to specific Amazon Web Services API operations like Amazon EC2
-- @StopInstances@. MFA-enabled IAM users would need to call
-- @GetSessionToken@ and submit an MFA code that is associated with their
-- MFA device. Using the temporary security credentials that are returned
-- from the call, IAM users can then make programmatic calls to API
-- operations that require MFA authentication. If you do not supply a
-- correct MFA code, then the API returns an access denied error. For a
-- comparison of @GetSessionToken@ with the other API operations that
-- produce temporary credentials, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html Requesting Temporary Security Credentials>
-- and
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison Comparing the STS API operations>
-- in the /IAM User Guide/.
--
-- __Session Duration__
--
-- The @GetSessionToken@ operation must be called by using the long-term
-- Amazon Web Services security credentials of the Amazon Web Services
-- account root user or an IAM user. Credentials that are created by IAM
-- users are valid for the duration that you specify. This duration can
-- range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds
-- (36 hours), with a default of 43,200 seconds (12 hours). Credentials
-- based on account credentials can range from 900 seconds (15 minutes) up
-- to 3,600 seconds (1 hour), with a default of 1 hour.
--
-- __Permissions__
--
-- The temporary security credentials created by @GetSessionToken@ can be
-- used to make API calls to any Amazon Web Services service with the
-- following exceptions:
--
-- -   You cannot call any IAM API operations unless MFA authentication
--     information is included in the request.
--
-- -   You cannot call any STS API /except/ @AssumeRole@ or
--     @GetCallerIdentity@.
--
-- We recommend that you do not call @GetSessionToken@ with Amazon Web
-- Services account root user credentials. Instead, follow our
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users best practices>
-- by creating one or more IAM users, giving them the necessary
-- permissions, and using IAM users for everyday interaction with Amazon
-- Web Services.
--
-- The credentials that are returned by @GetSessionToken@ are based on
-- permissions associated with the user whose credentials were used to call
-- the operation. If @GetSessionToken@ is called using Amazon Web Services
-- account root user credentials, the temporary credentials have root user
-- permissions. Similarly, if @GetSessionToken@ is called using the
-- credentials of an IAM user, the temporary credentials have the same
-- permissions as the IAM user.
--
-- For more information about using @GetSessionToken@ to create temporary
-- credentials, go to
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken Temporary Credentials for Users in Untrusted Environments>
-- in the /IAM User Guide/.
module Amazonka.STS.GetSessionToken
  ( -- * Creating a Request
    GetSessionToken (..),
    newGetSessionToken,

    -- * Request Lenses
    getSessionToken_tokenCode,
    getSessionToken_durationSeconds,
    getSessionToken_serialNumber,

    -- * Destructuring the Response
    GetSessionTokenResponse (..),
    newGetSessionTokenResponse,

    -- * Response Lenses
    getSessionTokenResponse_credentials,
    getSessionTokenResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.STS.Types

-- | /See:/ 'newGetSessionToken' smart constructor.
data GetSessionToken = GetSessionToken'
  { -- | The value provided by the MFA device, if MFA is required. If any policy
    -- requires the IAM user to submit an MFA code, specify this value. If MFA
    -- authentication is required, the user must provide a code when requesting
    -- a set of temporary security credentials. A user who fails to provide the
    -- code receives an \"access denied\" response when requesting resources
    -- that require MFA authentication.
    --
    -- The format for this parameter, as described by its regex pattern, is a
    -- sequence of six numeric digits.
    GetSessionToken -> Maybe Text
tokenCode :: Prelude.Maybe Prelude.Text,
    -- | The duration, in seconds, that the credentials should remain valid.
    -- Acceptable durations for IAM user sessions range from 900 seconds (15
    -- minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours)
    -- as the default. Sessions for Amazon Web Services account owners are
    -- restricted to a maximum of 3,600 seconds (one hour). If the duration is
    -- longer than one hour, the session for Amazon Web Services account owners
    -- defaults to one hour.
    GetSessionToken -> Maybe Natural
durationSeconds :: Prelude.Maybe Prelude.Natural,
    -- | The identification number of the MFA device that is associated with the
    -- IAM user who is making the @GetSessionToken@ call. Specify this value if
    -- the IAM user has a policy that requires MFA authentication. The value is
    -- either the serial number for a hardware device (such as @GAHT12345678@)
    -- or an Amazon Resource Name (ARN) for a virtual device (such as
    -- @arn:aws:iam::123456789012:mfa\/user@). You can find the device for an
    -- IAM user by going to the Management Console and viewing the user\'s
    -- security credentials.
    --
    -- The regex used to validate this parameter is a string of characters
    -- consisting of upper- and lower-case alphanumeric characters with no
    -- spaces. You can also include underscores or any of the following
    -- characters: =,.\@:\/-
    GetSessionToken -> Maybe Text
serialNumber :: Prelude.Maybe Prelude.Text
  }
  deriving (GetSessionToken -> GetSessionToken -> Bool
(GetSessionToken -> GetSessionToken -> Bool)
-> (GetSessionToken -> GetSessionToken -> Bool)
-> Eq GetSessionToken
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetSessionToken -> GetSessionToken -> Bool
$c/= :: GetSessionToken -> GetSessionToken -> Bool
== :: GetSessionToken -> GetSessionToken -> Bool
$c== :: GetSessionToken -> GetSessionToken -> Bool
Prelude.Eq, ReadPrec [GetSessionToken]
ReadPrec GetSessionToken
Int -> ReadS GetSessionToken
ReadS [GetSessionToken]
(Int -> ReadS GetSessionToken)
-> ReadS [GetSessionToken]
-> ReadPrec GetSessionToken
-> ReadPrec [GetSessionToken]
-> Read GetSessionToken
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GetSessionToken]
$creadListPrec :: ReadPrec [GetSessionToken]
readPrec :: ReadPrec GetSessionToken
$creadPrec :: ReadPrec GetSessionToken
readList :: ReadS [GetSessionToken]
$creadList :: ReadS [GetSessionToken]
readsPrec :: Int -> ReadS GetSessionToken
$creadsPrec :: Int -> ReadS GetSessionToken
Prelude.Read, Int -> GetSessionToken -> ShowS
[GetSessionToken] -> ShowS
GetSessionToken -> String
(Int -> GetSessionToken -> ShowS)
-> (GetSessionToken -> String)
-> ([GetSessionToken] -> ShowS)
-> Show GetSessionToken
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetSessionToken] -> ShowS
$cshowList :: [GetSessionToken] -> ShowS
show :: GetSessionToken -> String
$cshow :: GetSessionToken -> String
showsPrec :: Int -> GetSessionToken -> ShowS
$cshowsPrec :: Int -> GetSessionToken -> ShowS
Prelude.Show, (forall x. GetSessionToken -> Rep GetSessionToken x)
-> (forall x. Rep GetSessionToken x -> GetSessionToken)
-> Generic GetSessionToken
forall x. Rep GetSessionToken x -> GetSessionToken
forall x. GetSessionToken -> Rep GetSessionToken x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GetSessionToken x -> GetSessionToken
$cfrom :: forall x. GetSessionToken -> Rep GetSessionToken x
Prelude.Generic)

-- |
-- Create a value of 'GetSessionToken' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'tokenCode', 'getSessionToken_tokenCode' - The value provided by the MFA device, if MFA is required. If any policy
-- requires the IAM user to submit an MFA code, specify this value. If MFA
-- authentication is required, the user must provide a code when requesting
-- a set of temporary security credentials. A user who fails to provide the
-- code receives an \"access denied\" response when requesting resources
-- that require MFA authentication.
--
-- The format for this parameter, as described by its regex pattern, is a
-- sequence of six numeric digits.
--
-- 'durationSeconds', 'getSessionToken_durationSeconds' - The duration, in seconds, that the credentials should remain valid.
-- Acceptable durations for IAM user sessions range from 900 seconds (15
-- minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours)
-- as the default. Sessions for Amazon Web Services account owners are
-- restricted to a maximum of 3,600 seconds (one hour). If the duration is
-- longer than one hour, the session for Amazon Web Services account owners
-- defaults to one hour.
--
-- 'serialNumber', 'getSessionToken_serialNumber' - The identification number of the MFA device that is associated with the
-- IAM user who is making the @GetSessionToken@ call. Specify this value if
-- the IAM user has a policy that requires MFA authentication. The value is
-- either the serial number for a hardware device (such as @GAHT12345678@)
-- or an Amazon Resource Name (ARN) for a virtual device (such as
-- @arn:aws:iam::123456789012:mfa\/user@). You can find the device for an
-- IAM user by going to the Management Console and viewing the user\'s
-- security credentials.
--
-- The regex used to validate this parameter is a string of characters
-- consisting of upper- and lower-case alphanumeric characters with no
-- spaces. You can also include underscores or any of the following
-- characters: =,.\@:\/-
newGetSessionToken ::
  GetSessionToken
newGetSessionToken :: GetSessionToken
newGetSessionToken =
  GetSessionToken' :: Maybe Text -> Maybe Natural -> Maybe Text -> GetSessionToken
GetSessionToken'
    { $sel:tokenCode:GetSessionToken' :: Maybe Text
tokenCode = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:durationSeconds:GetSessionToken' :: Maybe Natural
durationSeconds = Maybe Natural
forall a. Maybe a
Prelude.Nothing,
      $sel:serialNumber:GetSessionToken' :: Maybe Text
serialNumber = Maybe Text
forall a. Maybe a
Prelude.Nothing
    }

-- | The value provided by the MFA device, if MFA is required. If any policy
-- requires the IAM user to submit an MFA code, specify this value. If MFA
-- authentication is required, the user must provide a code when requesting
-- a set of temporary security credentials. A user who fails to provide the
-- code receives an \"access denied\" response when requesting resources
-- that require MFA authentication.
--
-- The format for this parameter, as described by its regex pattern, is a
-- sequence of six numeric digits.
getSessionToken_tokenCode :: Lens.Lens' GetSessionToken (Prelude.Maybe Prelude.Text)
getSessionToken_tokenCode :: (Maybe Text -> f (Maybe Text))
-> GetSessionToken -> f GetSessionToken
getSessionToken_tokenCode = (GetSessionToken -> Maybe Text)
-> (GetSessionToken -> Maybe Text -> GetSessionToken)
-> Lens GetSessionToken GetSessionToken (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetSessionToken' {Maybe Text
tokenCode :: Maybe Text
$sel:tokenCode:GetSessionToken' :: GetSessionToken -> Maybe Text
tokenCode} -> Maybe Text
tokenCode) (\s :: GetSessionToken
s@GetSessionToken' {} Maybe Text
a -> GetSessionToken
s {$sel:tokenCode:GetSessionToken' :: Maybe Text
tokenCode = Maybe Text
a} :: GetSessionToken)

-- | The duration, in seconds, that the credentials should remain valid.
-- Acceptable durations for IAM user sessions range from 900 seconds (15
-- minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours)
-- as the default. Sessions for Amazon Web Services account owners are
-- restricted to a maximum of 3,600 seconds (one hour). If the duration is
-- longer than one hour, the session for Amazon Web Services account owners
-- defaults to one hour.
getSessionToken_durationSeconds :: Lens.Lens' GetSessionToken (Prelude.Maybe Prelude.Natural)
getSessionToken_durationSeconds :: (Maybe Natural -> f (Maybe Natural))
-> GetSessionToken -> f GetSessionToken
getSessionToken_durationSeconds = (GetSessionToken -> Maybe Natural)
-> (GetSessionToken -> Maybe Natural -> GetSessionToken)
-> Lens
     GetSessionToken GetSessionToken (Maybe Natural) (Maybe Natural)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetSessionToken' {Maybe Natural
durationSeconds :: Maybe Natural
$sel:durationSeconds:GetSessionToken' :: GetSessionToken -> Maybe Natural
durationSeconds} -> Maybe Natural
durationSeconds) (\s :: GetSessionToken
s@GetSessionToken' {} Maybe Natural
a -> GetSessionToken
s {$sel:durationSeconds:GetSessionToken' :: Maybe Natural
durationSeconds = Maybe Natural
a} :: GetSessionToken)

-- | The identification number of the MFA device that is associated with the
-- IAM user who is making the @GetSessionToken@ call. Specify this value if
-- the IAM user has a policy that requires MFA authentication. The value is
-- either the serial number for a hardware device (such as @GAHT12345678@)
-- or an Amazon Resource Name (ARN) for a virtual device (such as
-- @arn:aws:iam::123456789012:mfa\/user@). You can find the device for an
-- IAM user by going to the Management Console and viewing the user\'s
-- security credentials.
--
-- The regex used to validate this parameter is a string of characters
-- consisting of upper- and lower-case alphanumeric characters with no
-- spaces. You can also include underscores or any of the following
-- characters: =,.\@:\/-
getSessionToken_serialNumber :: Lens.Lens' GetSessionToken (Prelude.Maybe Prelude.Text)
getSessionToken_serialNumber :: (Maybe Text -> f (Maybe Text))
-> GetSessionToken -> f GetSessionToken
getSessionToken_serialNumber = (GetSessionToken -> Maybe Text)
-> (GetSessionToken -> Maybe Text -> GetSessionToken)
-> Lens GetSessionToken GetSessionToken (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetSessionToken' {Maybe Text
serialNumber :: Maybe Text
$sel:serialNumber:GetSessionToken' :: GetSessionToken -> Maybe Text
serialNumber} -> Maybe Text
serialNumber) (\s :: GetSessionToken
s@GetSessionToken' {} Maybe Text
a -> GetSessionToken
s {$sel:serialNumber:GetSessionToken' :: Maybe Text
serialNumber = Maybe Text
a} :: GetSessionToken)

instance Core.AWSRequest GetSessionToken where
  type
    AWSResponse GetSessionToken =
      GetSessionTokenResponse
  request :: GetSessionToken -> Request GetSessionToken
request = Service -> GetSessionToken -> Request GetSessionToken
forall a. ToRequest a => Service -> a -> Request a
Request.postQuery Service
defaultService
  response :: Logger
-> Service
-> Proxy GetSessionToken
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse GetSessionToken)))
response =
    Text
-> (Int
    -> ResponseHeaders
    -> [Node]
    -> Either String (AWSResponse GetSessionToken))
-> Logger
-> Service
-> Proxy GetSessionToken
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse GetSessionToken)))
forall (m :: * -> *) a.
MonadResource m =>
Text
-> (Int
    -> ResponseHeaders -> [Node] -> Either String (AWSResponse a))
-> Logger
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveXMLWrapper
      Text
"GetSessionTokenResult"
      ( \Int
s ResponseHeaders
h [Node]
x ->
          Maybe AuthEnv -> Int -> GetSessionTokenResponse
GetSessionTokenResponse'
            (Maybe AuthEnv -> Int -> GetSessionTokenResponse)
-> Either String (Maybe AuthEnv)
-> Either String (Int -> GetSessionTokenResponse)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ([Node]
x [Node] -> Text -> Either String (Maybe AuthEnv)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"Credentials")
            Either String (Int -> GetSessionTokenResponse)
-> Either String Int -> Either String GetSessionTokenResponse
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Int -> Either String Int
forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (Int -> Int
forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable GetSessionToken

instance Prelude.NFData GetSessionToken

instance Core.ToHeaders GetSessionToken where
  toHeaders :: GetSessionToken -> ResponseHeaders
toHeaders = ResponseHeaders -> GetSessionToken -> ResponseHeaders
forall a b. a -> b -> a
Prelude.const ResponseHeaders
forall a. Monoid a => a
Prelude.mempty

instance Core.ToPath GetSessionToken where
  toPath :: GetSessionToken -> ByteString
toPath = ByteString -> GetSessionToken -> ByteString
forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Core.ToQuery GetSessionToken where
  toQuery :: GetSessionToken -> QueryString
toQuery GetSessionToken' {Maybe Natural
Maybe Text
serialNumber :: Maybe Text
durationSeconds :: Maybe Natural
tokenCode :: Maybe Text
$sel:serialNumber:GetSessionToken' :: GetSessionToken -> Maybe Text
$sel:durationSeconds:GetSessionToken' :: GetSessionToken -> Maybe Natural
$sel:tokenCode:GetSessionToken' :: GetSessionToken -> Maybe Text
..} =
    [QueryString] -> QueryString
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"Action"
          ByteString -> ByteString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: (ByteString
"GetSessionToken" :: Prelude.ByteString),
        ByteString
"Version"
          ByteString -> ByteString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: (ByteString
"2011-06-15" :: Prelude.ByteString),
        ByteString
"TokenCode" ByteString -> Maybe Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Maybe Text
tokenCode,
        ByteString
"DurationSeconds" ByteString -> Maybe Natural -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Maybe Natural
durationSeconds,
        ByteString
"SerialNumber" ByteString -> Maybe Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Maybe Text
serialNumber
      ]

-- | Contains the response to a successful GetSessionToken request, including
-- temporary Amazon Web Services credentials that can be used to make
-- Amazon Web Services requests.
--
-- /See:/ 'newGetSessionTokenResponse' smart constructor.
data GetSessionTokenResponse = GetSessionTokenResponse'
  { -- | The temporary security credentials, which include an access key ID, a
    -- secret access key, and a security (or session) token.
    --
    -- The size of the security token that STS API operations return is not
    -- fixed. We strongly recommend that you make no assumptions about the
    -- maximum size.
    GetSessionTokenResponse -> Maybe AuthEnv
credentials :: Prelude.Maybe Core.AuthEnv,
    -- | The response's http status code.
    GetSessionTokenResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (GetSessionTokenResponse -> GetSessionTokenResponse -> Bool
(GetSessionTokenResponse -> GetSessionTokenResponse -> Bool)
-> (GetSessionTokenResponse -> GetSessionTokenResponse -> Bool)
-> Eq GetSessionTokenResponse
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetSessionTokenResponse -> GetSessionTokenResponse -> Bool
$c/= :: GetSessionTokenResponse -> GetSessionTokenResponse -> Bool
== :: GetSessionTokenResponse -> GetSessionTokenResponse -> Bool
$c== :: GetSessionTokenResponse -> GetSessionTokenResponse -> Bool
Prelude.Eq, Int -> GetSessionTokenResponse -> ShowS
[GetSessionTokenResponse] -> ShowS
GetSessionTokenResponse -> String
(Int -> GetSessionTokenResponse -> ShowS)
-> (GetSessionTokenResponse -> String)
-> ([GetSessionTokenResponse] -> ShowS)
-> Show GetSessionTokenResponse
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetSessionTokenResponse] -> ShowS
$cshowList :: [GetSessionTokenResponse] -> ShowS
show :: GetSessionTokenResponse -> String
$cshow :: GetSessionTokenResponse -> String
showsPrec :: Int -> GetSessionTokenResponse -> ShowS
$cshowsPrec :: Int -> GetSessionTokenResponse -> ShowS
Prelude.Show, (forall x.
 GetSessionTokenResponse -> Rep GetSessionTokenResponse x)
-> (forall x.
    Rep GetSessionTokenResponse x -> GetSessionTokenResponse)
-> Generic GetSessionTokenResponse
forall x. Rep GetSessionTokenResponse x -> GetSessionTokenResponse
forall x. GetSessionTokenResponse -> Rep GetSessionTokenResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GetSessionTokenResponse x -> GetSessionTokenResponse
$cfrom :: forall x. GetSessionTokenResponse -> Rep GetSessionTokenResponse x
Prelude.Generic)

-- |
-- Create a value of 'GetSessionTokenResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'credentials', 'getSessionTokenResponse_credentials' - The temporary security credentials, which include an access key ID, a
-- secret access key, and a security (or session) token.
--
-- The size of the security token that STS API operations return is not
-- fixed. We strongly recommend that you make no assumptions about the
-- maximum size.
--
-- 'httpStatus', 'getSessionTokenResponse_httpStatus' - The response's http status code.
newGetSessionTokenResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  GetSessionTokenResponse
newGetSessionTokenResponse :: Int -> GetSessionTokenResponse
newGetSessionTokenResponse Int
pHttpStatus_ =
  GetSessionTokenResponse' :: Maybe AuthEnv -> Int -> GetSessionTokenResponse
GetSessionTokenResponse'
    { $sel:credentials:GetSessionTokenResponse' :: Maybe AuthEnv
credentials =
        Maybe AuthEnv
forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:GetSessionTokenResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The temporary security credentials, which include an access key ID, a
-- secret access key, and a security (or session) token.
--
-- The size of the security token that STS API operations return is not
-- fixed. We strongly recommend that you make no assumptions about the
-- maximum size.
getSessionTokenResponse_credentials :: Lens.Lens' GetSessionTokenResponse (Prelude.Maybe Core.AuthEnv)
getSessionTokenResponse_credentials :: (Maybe AuthEnv -> f (Maybe AuthEnv))
-> GetSessionTokenResponse -> f GetSessionTokenResponse
getSessionTokenResponse_credentials = (GetSessionTokenResponse -> Maybe AuthEnv)
-> (GetSessionTokenResponse
    -> Maybe AuthEnv -> GetSessionTokenResponse)
-> Lens
     GetSessionTokenResponse
     GetSessionTokenResponse
     (Maybe AuthEnv)
     (Maybe AuthEnv)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetSessionTokenResponse' {Maybe AuthEnv
credentials :: Maybe AuthEnv
$sel:credentials:GetSessionTokenResponse' :: GetSessionTokenResponse -> Maybe AuthEnv
credentials} -> Maybe AuthEnv
credentials) (\s :: GetSessionTokenResponse
s@GetSessionTokenResponse' {} Maybe AuthEnv
a -> GetSessionTokenResponse
s {$sel:credentials:GetSessionTokenResponse' :: Maybe AuthEnv
credentials = Maybe AuthEnv
a} :: GetSessionTokenResponse)

-- | The response's http status code.
getSessionTokenResponse_httpStatus :: Lens.Lens' GetSessionTokenResponse Prelude.Int
getSessionTokenResponse_httpStatus :: (Int -> f Int)
-> GetSessionTokenResponse -> f GetSessionTokenResponse
getSessionTokenResponse_httpStatus = (GetSessionTokenResponse -> Int)
-> (GetSessionTokenResponse -> Int -> GetSessionTokenResponse)
-> Lens GetSessionTokenResponse GetSessionTokenResponse Int Int
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetSessionTokenResponse' {Int
httpStatus :: Int
$sel:httpStatus:GetSessionTokenResponse' :: GetSessionTokenResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: GetSessionTokenResponse
s@GetSessionTokenResponse' {} Int
a -> GetSessionTokenResponse
s {$sel:httpStatus:GetSessionTokenResponse' :: Int
httpStatus = Int
a} :: GetSessionTokenResponse)

instance Prelude.NFData GetSessionTokenResponse