com.amazonaws.services.securitytoken.model.GetFederationTokenRequest Maven / Gradle / Ivy
Show all versions of aws-java-sdk-sts Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.securitytoken.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.AmazonWebServiceRequest;
/**
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class GetFederationTokenRequest extends com.amazonaws.AmazonWebServiceRequest implements Serializable, Cloneable {
/**
*
* The name of the federated user. The name is used as an identifier for the temporary security credentials (such as
* Bob). For example, you can reference the federated user name in a resource-based policy, such as in
* an Amazon S3 bucket policy.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*/
private String name;
/**
*
* An IAM policy in JSON format that you want to use as an inline session policy.
*
*
* You must pass an inline or managed session policy
* to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also
* specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated user
* session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and the
* session policies that you pass. This gives you a way to further restrict the permissions for a federated user.
* You cannot use session policies to grant more permissions than those that are defined in the permissions policy
* of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON
* policy characters can be any ASCII character from the space character to the end of the valid character list (
* through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*/
private String policy;
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy.
* The policies must exist in the same account as the IAM user that is requesting federated access.
*
*
* You must pass an inline or managed session policy
* to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also
* specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext
* that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10
* managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs)
* and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated user
* session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and the
* session policies that you pass. This gives you a way to further restrict the permissions for a federated user.
* You cannot use session policies to grant more permissions than those that are defined in the permissions policy
* of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*/
private java.util.List policyArns;
/**
*
* The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from
* 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions
* obtained using root user credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified
* duration is longer than one hour, the session obtained by using root user credentials defaults to one hour.
*
*/
private Integer durationSeconds;
/**
*
* A list of session tags. Each session tag consists of a key name and an associated value. For more information
* about session tags, see Passing
* Session Tags in STS in the IAM User Guide.
*
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
* characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are federating.
* When you do, session tags override a user tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*/
private java.util.List tags;
/**
* Default constructor for GetFederationTokenRequest object. Callers should use the setter or fluent setter
* (with...) methods to initialize the object after creating it.
*/
public GetFederationTokenRequest() {
}
/**
* Constructs a new GetFederationTokenRequest object. Callers should use the setter or fluent setter (with...)
* methods to initialize any additional object members.
*
* @param name
* The name of the federated user. The name is used as an identifier for the temporary security credentials
* (such as Bob). For example, you can reference the federated user name in a resource-based
* policy, such as in an Amazon S3 bucket policy.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-
*/
public GetFederationTokenRequest(String name) {
setName(name);
}
/**
*
* The name of the federated user. The name is used as an identifier for the temporary security credentials (such as
* Bob). For example, you can reference the federated user name in a resource-based policy, such as in
* an Amazon S3 bucket policy.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*
* @param name
* The name of the federated user. The name is used as an identifier for the temporary security credentials
* (such as Bob). For example, you can reference the federated user name in a resource-based
* policy, such as in an Amazon S3 bucket policy.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-
*/
public void setName(String name) {
this.name = name;
}
/**
*
* The name of the federated user. The name is used as an identifier for the temporary security credentials (such as
* Bob). For example, you can reference the federated user name in a resource-based policy, such as in
* an Amazon S3 bucket policy.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*
* @return The name of the federated user. The name is used as an identifier for the temporary security credentials
* (such as Bob). For example, you can reference the federated user name in a resource-based
* policy, such as in an Amazon S3 bucket policy.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-
*/
public String getName() {
return this.name;
}
/**
*
* The name of the federated user. The name is used as an identifier for the temporary security credentials (such as
* Bob). For example, you can reference the federated user name in a resource-based policy, such as in
* an Amazon S3 bucket policy.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*
* @param name
* The name of the federated user. The name is used as an identifier for the temporary security credentials
* (such as Bob). For example, you can reference the federated user name in a resource-based
* policy, such as in an Amazon S3 bucket policy.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GetFederationTokenRequest withName(String name) {
setName(name);
return this;
}
/**
*
* An IAM policy in JSON format that you want to use as an inline session policy.
*
*
* You must pass an inline or managed session policy
* to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also
* specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated user
* session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and the
* session policies that you pass. This gives you a way to further restrict the permissions for a federated user.
* You cannot use session policies to grant more permissions than those that are defined in the permissions policy
* of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON
* policy characters can be any ASCII character from the space character to the end of the valid character list (
* through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* @param policy
* An IAM policy in JSON format that you want to use as an inline session policy.
*
* You must pass an inline or managed session
* policy to this operation. You can pass a single JSON policy document to use as an inline session
* policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
* session policies.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated
* user session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and
* the session policies that you pass. This gives you a way to further restrict the permissions for a
* federated user. You cannot use session policies to grant more permissions than those that are defined in
* the permissions policy of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The
* JSON policy characters can be any ASCII character from the space character to the end of the valid
* character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( )
* characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*/
public void setPolicy(String policy) {
this.policy = policy;
}
/**
*
* An IAM policy in JSON format that you want to use as an inline session policy.
*
*
* You must pass an inline or managed session policy
* to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also
* specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated user
* session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and the
* session policies that you pass. This gives you a way to further restrict the permissions for a federated user.
* You cannot use session policies to grant more permissions than those that are defined in the permissions policy
* of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON
* policy characters can be any ASCII character from the space character to the end of the valid character list (
* through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* @return An IAM policy in JSON format that you want to use as an inline session policy.
*
* You must pass an inline or managed session
* policy to this operation. You can pass a single JSON policy document to use as an inline session
* policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
* session policies.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting
* federated user session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and
* the session policies that you pass. This gives you a way to further restrict the permissions for a
* federated user. You cannot use session policies to grant more permissions than those that are defined in
* the permissions policy of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters.
* The JSON policy characters can be any ASCII character from the space character to the end of the valid
* character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( )
* characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*/
public String getPolicy() {
return this.policy;
}
/**
*
* An IAM policy in JSON format that you want to use as an inline session policy.
*
*
* You must pass an inline or managed session policy
* to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also
* specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated user
* session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and the
* session policies that you pass. This gives you a way to further restrict the permissions for a federated user.
* You cannot use session policies to grant more permissions than those that are defined in the permissions policy
* of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON
* policy characters can be any ASCII character from the space character to the end of the valid character list (
* through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* @param policy
* An IAM policy in JSON format that you want to use as an inline session policy.
*
* You must pass an inline or managed session
* policy to this operation. You can pass a single JSON policy document to use as an inline session
* policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
* session policies.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated
* user session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and
* the session policies that you pass. This gives you a way to further restrict the permissions for a
* federated user. You cannot use session policies to grant more permissions than those that are defined in
* the permissions policy of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The
* JSON policy characters can be any ASCII character from the space character to the end of the valid
* character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( )
* characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GetFederationTokenRequest withPolicy(String policy) {
setPolicy(policy);
return this;
}
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy.
* The policies must exist in the same account as the IAM user that is requesting federated access.
*
*
* You must pass an inline or managed session policy
* to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also
* specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext
* that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10
* managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs)
* and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated user
* session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and the
* session policies that you pass. This gives you a way to further restrict the permissions for a federated user.
* You cannot use session policies to grant more permissions than those that are defined in the permissions policy
* of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* @return The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session
* policy. The policies must exist in the same account as the IAM user that is requesting federated
* access.
*
* You must pass an inline or managed session
* policy to this operation. You can pass a single JSON policy document to use as an inline session
* policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
* session policies. The plaintext that you use for both inline and managed session policies can't exceed
* 2,048 characters. You can provide up to 10 managed policy ARNs. For more information about ARNs, see Amazon Resource Names
* (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting
* federated user session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and
* the session policies that you pass. This gives you a way to further restrict the permissions for a
* federated user. You cannot use session policies to grant more permissions than those that are defined in
* the permissions policy of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*/
public java.util.List getPolicyArns() {
return policyArns;
}
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy.
* The policies must exist in the same account as the IAM user that is requesting federated access.
*
*
* You must pass an inline or managed session policy
* to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also
* specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext
* that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10
* managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs)
* and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated user
* session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and the
* session policies that you pass. This gives you a way to further restrict the permissions for a federated user.
* You cannot use session policies to grant more permissions than those that are defined in the permissions policy
* of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* @param policyArns
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session
* policy. The policies must exist in the same account as the IAM user that is requesting federated
* access.
*
* You must pass an inline or managed session
* policy to this operation. You can pass a single JSON policy document to use as an inline session
* policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
* session policies. The plaintext that you use for both inline and managed session policies can't exceed
* 2,048 characters. You can provide up to 10 managed policy ARNs. For more information about ARNs, see Amazon Resource Names
* (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated
* user session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and
* the session policies that you pass. This gives you a way to further restrict the permissions for a
* federated user. You cannot use session policies to grant more permissions than those that are defined in
* the permissions policy of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*/
public void setPolicyArns(java.util.Collection policyArns) {
if (policyArns == null) {
this.policyArns = null;
return;
}
this.policyArns = new java.util.ArrayList(policyArns);
}
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy.
* The policies must exist in the same account as the IAM user that is requesting federated access.
*
*
* You must pass an inline or managed session policy
* to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also
* specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext
* that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10
* managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs)
* and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated user
* session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and the
* session policies that you pass. This gives you a way to further restrict the permissions for a federated user.
* You cannot use session policies to grant more permissions than those that are defined in the permissions policy
* of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setPolicyArns(java.util.Collection)} or {@link #withPolicyArns(java.util.Collection)} if you want to
* override the existing values.
*
*
* @param policyArns
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session
* policy. The policies must exist in the same account as the IAM user that is requesting federated
* access.
*
* You must pass an inline or managed session
* policy to this operation. You can pass a single JSON policy document to use as an inline session
* policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
* session policies. The plaintext that you use for both inline and managed session policies can't exceed
* 2,048 characters. You can provide up to 10 managed policy ARNs. For more information about ARNs, see Amazon Resource Names
* (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated
* user session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and
* the session policies that you pass. This gives you a way to further restrict the permissions for a
* federated user. You cannot use session policies to grant more permissions than those that are defined in
* the permissions policy of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GetFederationTokenRequest withPolicyArns(PolicyDescriptorType... policyArns) {
if (this.policyArns == null) {
setPolicyArns(new java.util.ArrayList(policyArns.length));
}
for (PolicyDescriptorType ele : policyArns) {
this.policyArns.add(ele);
}
return this;
}
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy.
* The policies must exist in the same account as the IAM user that is requesting federated access.
*
*
* You must pass an inline or managed session policy
* to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also
* specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext
* that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10
* managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs)
* and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated user
* session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and the
* session policies that you pass. This gives you a way to further restrict the permissions for a federated user.
* You cannot use session policies to grant more permissions than those that are defined in the permissions policy
* of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that policy
* specifically references the federated user session in the Principal element of the policy, the
* session has the permissions allowed by the policy. These permissions are granted in addition to the permissions
* that are granted by the session policies.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* @param policyArns
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session
* policy. The policies must exist in the same account as the IAM user that is requesting federated
* access.
*
* You must pass an inline or managed session
* policy to this operation. You can pass a single JSON policy document to use as an inline session
* policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
* session policies. The plaintext that you use for both inline and managed session policies can't exceed
* 2,048 characters. You can provide up to 10 managed policy ARNs. For more information about ARNs, see Amazon Resource Names
* (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
* This parameter is optional. However, if you do not pass any session policies, then the resulting federated
* user session has no permissions.
*
*
* When you pass session policies, the session permissions are the intersection of the IAM user policies and
* the session policies that you pass. This gives you a way to further restrict the permissions for a
* federated user. You cannot use session policies to grant more permissions than those that are defined in
* the permissions policy of the IAM user. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The resulting credentials can be used to access a resource that has a resource-based policy. If that
* policy specifically references the federated user session in the Principal element of the
* policy, the session has the permissions allowed by the policy. These permissions are granted in addition
* to the permissions that are granted by the session policies.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GetFederationTokenRequest withPolicyArns(java.util.Collection policyArns) {
setPolicyArns(policyArns);
return this;
}
/**
*
* The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from
* 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions
* obtained using root user credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified
* duration is longer than one hour, the session obtained by using root user credentials defaults to one hour.
*
*
* @param durationSeconds
* The duration, in seconds, that the session should last. Acceptable durations for federation sessions range
* from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the
* default. Sessions obtained using root user credentials are restricted to a maximum of 3,600 seconds (one
* hour). If the specified duration is longer than one hour, the session obtained by using root user
* credentials defaults to one hour.
*/
public void setDurationSeconds(Integer durationSeconds) {
this.durationSeconds = durationSeconds;
}
/**
*
* The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from
* 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions
* obtained using root user credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified
* duration is longer than one hour, the session obtained by using root user credentials defaults to one hour.
*
*
* @return The duration, in seconds, that the session should last. Acceptable durations for federation sessions
* range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the
* default. Sessions obtained using root user credentials are restricted to a maximum of 3,600 seconds (one
* hour). If the specified duration is longer than one hour, the session obtained by using root user
* credentials defaults to one hour.
*/
public Integer getDurationSeconds() {
return this.durationSeconds;
}
/**
*
* The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from
* 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions
* obtained using root user credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified
* duration is longer than one hour, the session obtained by using root user credentials defaults to one hour.
*
*
* @param durationSeconds
* The duration, in seconds, that the session should last. Acceptable durations for federation sessions range
* from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the
* default. Sessions obtained using root user credentials are restricted to a maximum of 3,600 seconds (one
* hour). If the specified duration is longer than one hour, the session obtained by using root user
* credentials defaults to one hour.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GetFederationTokenRequest withDurationSeconds(Integer durationSeconds) {
setDurationSeconds(durationSeconds);
return this;
}
/**
*
* A list of session tags. Each session tag consists of a key name and an associated value. For more information
* about session tags, see Passing
* Session Tags in STS in the IAM User Guide.
*
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
* characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are federating.
* When you do, session tags override a user tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*
* @return A list of session tags. Each session tag consists of a key name and an associated value. For more
* information about session tags, see Passing Session Tags in
* STS in the IAM User Guide.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t
* exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are
* federating. When you do, session tags override a user tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have
* separate Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved
* as separate tags, and the session tag passed in the request takes precedence over the role tag.
*/
public java.util.List getTags() {
return tags;
}
/**
*
* A list of session tags. Each session tag consists of a key name and an associated value. For more information
* about session tags, see Passing
* Session Tags in STS in the IAM User Guide.
*
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
* characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are federating.
* When you do, session tags override a user tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*
* @param tags
* A list of session tags. Each session tag consists of a key name and an associated value. For more
* information about session tags, see Passing Session Tags in
* STS in the IAM User Guide.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t
* exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are
* federating. When you do, session tags override a user tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have
* separate Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*/
public void setTags(java.util.Collection tags) {
if (tags == null) {
this.tags = null;
return;
}
this.tags = new java.util.ArrayList(tags);
}
/**
*
* A list of session tags. Each session tag consists of a key name and an associated value. For more information
* about session tags, see Passing
* Session Tags in STS in the IAM User Guide.
*
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
* characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are federating.
* When you do, session tags override a user tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setTags(java.util.Collection)} or {@link #withTags(java.util.Collection)} if you want to override the
* existing values.
*
*
* @param tags
* A list of session tags. Each session tag consists of a key name and an associated value. For more
* information about session tags, see Passing Session Tags in
* STS in the IAM User Guide.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t
* exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are
* federating. When you do, session tags override a user tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have
* separate Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GetFederationTokenRequest withTags(Tag... tags) {
if (this.tags == null) {
setTags(new java.util.ArrayList(tags.length));
}
for (Tag ele : tags) {
this.tags.add(ele);
}
return this;
}
/**
*
* A list of session tags. Each session tag consists of a key name and an associated value. For more information
* about session tags, see Passing
* Session Tags in STS in the IAM User Guide.
*
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
* characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are federating.
* When you do, session tags override a user tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*
* @param tags
* A list of session tags. Each session tag consists of a key name and an associated value. For more
* information about session tags, see Passing Session Tags in
* STS in the IAM User Guide.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t
* exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the user you are
* federating. When you do, session tags override a user tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have
* separate Department and department tag keys. Assume that the role has the
* Department=Marketing tag and you pass the department=
* engineering session tag. Department and department are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public GetFederationTokenRequest withTags(java.util.Collection tags) {
setTags(tags);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getName() != null)
sb.append("Name: ").append(getName()).append(",");
if (getPolicy() != null)
sb.append("Policy: ").append(getPolicy()).append(",");
if (getPolicyArns() != null)
sb.append("PolicyArns: ").append(getPolicyArns()).append(",");
if (getDurationSeconds() != null)
sb.append("DurationSeconds: ").append(getDurationSeconds()).append(",");
if (getTags() != null)
sb.append("Tags: ").append(getTags());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof GetFederationTokenRequest == false)
return false;
GetFederationTokenRequest other = (GetFederationTokenRequest) obj;
if (other.getName() == null ^ this.getName() == null)
return false;
if (other.getName() != null && other.getName().equals(this.getName()) == false)
return false;
if (other.getPolicy() == null ^ this.getPolicy() == null)
return false;
if (other.getPolicy() != null && other.getPolicy().equals(this.getPolicy()) == false)
return false;
if (other.getPolicyArns() == null ^ this.getPolicyArns() == null)
return false;
if (other.getPolicyArns() != null && other.getPolicyArns().equals(this.getPolicyArns()) == false)
return false;
if (other.getDurationSeconds() == null ^ this.getDurationSeconds() == null)
return false;
if (other.getDurationSeconds() != null && other.getDurationSeconds().equals(this.getDurationSeconds()) == false)
return false;
if (other.getTags() == null ^ this.getTags() == null)
return false;
if (other.getTags() != null && other.getTags().equals(this.getTags()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getName() == null) ? 0 : getName().hashCode());
hashCode = prime * hashCode + ((getPolicy() == null) ? 0 : getPolicy().hashCode());
hashCode = prime * hashCode + ((getPolicyArns() == null) ? 0 : getPolicyArns().hashCode());
hashCode = prime * hashCode + ((getDurationSeconds() == null) ? 0 : getDurationSeconds().hashCode());
hashCode = prime * hashCode + ((getTags() == null) ? 0 : getTags().hashCode());
return hashCode;
}
@Override
public GetFederationTokenRequest clone() {
return (GetFederationTokenRequest) super.clone();
}
}