com.amazonaws.services.securitytoken.model.AssumeRoleRequest Maven / Gradle / Ivy
Show all versions of aws-java-sdk-sts Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.securitytoken.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.AmazonWebServiceRequest;
/**
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class AssumeRoleRequest extends com.amazonaws.AmazonWebServiceRequest implements Serializable, Cloneable {
/**
*
* The Amazon Resource Name (ARN) of the role to assume.
*
*/
private String roleArn;
/**
*
* An identifier for the assumed role session.
*
*
* Use the role session name to uniquely identify a session when the same role is assumed by different principals or
* for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the
* account that owns the role. The role session name is also used in the ARN of the assumed role principal. This
* means that subsequent cross-account API requests that use the temporary security credentials will expose the role
* session name to the external account in their CloudTrail logs.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*/
private String roleSessionName;
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies.
* The policies must exist in the same account as the role.
*
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for
* both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs)
* and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the
* intersection of the role's identity-based policy and the session policies. You can use the role's temporary
* credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role.
* You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the
* role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*/
private java.util.List policyArns;
/**
*
* An IAM policy in JSON format that you want to use as an inline session policy.
*
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting
* session's permissions are the intersection of the role's identity-based policy and the session policies. You can
* use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the
* account that owns the role. You cannot use session policies to grant more permissions than those allowed by the
* identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON
* policy characters can be any ASCII character from the space character to the end of the valid character list (
* through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*/
private String policy;
/**
*
* The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to
* the maximum session duration set for the role. The maximum session duration setting can have a value from 1 hour
* to 12 hours. If you specify a value higher than this setting or the administrator setting (whichever is lower),
* the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the
* maximum session duration to 6 hours, your operation fails.
*
*
* Role chaining limits your Amazon Web Services CLI or Amazon Web Services API role session to a maximum of one
* hour. When you use the AssumeRole
API operation to assume a role, you can specify the duration of
* your role session with the DurationSeconds
parameter. You can specify a parameter value of up to
* 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume
* a role using role chaining and provide a DurationSeconds
parameter value greater than one hour, the
* operation fails. To learn how to view the maximum value for your role, see View
* the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
*
* By default, the value is set to 3600
seconds.
*
*
*
* The DurationSeconds
parameter is separate from the duration of a console session that you might
* request using the returned credentials. The request to the federation endpoint for a console sign-in token takes
* a SessionDuration
parameter that specifies the maximum length of the console session. For more
* information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console in the
* IAM User Guide.
*
*
*/
private Integer durationSeconds;
/**
*
* A list of session tags that you want to pass. Each session tag consists of a key name and an associated value.
* For more information about session tags, see Tagging Amazon Web Services STS
* Sessions in the IAM User Guide.
*
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
* characters, and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the role. When you do, session
* tags override a role tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department
and department
tag keys. Assume that the role has the
* Department
=Marketing
tag and you pass the department
=
* engineering
session tag. Department
and department
are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*
* Additionally, if you used temporary credentials to perform this operation, the new session inherits any
* transitive session tags from the calling session. If you pass a session tag with the same key as an inherited
* tag, the operation fails. To view the inherited tags for a session, see the CloudTrail logs. For more
* information, see Viewing
* Session Tags in CloudTrail in the IAM User Guide.
*
*/
private java.util.List tags;
/**
*
* A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the
* corresponding key and value passes to subsequent sessions in a role chain. For more information, see Chaining Roles with Session Tags in the IAM User Guide.
*
*
* This parameter is optional. When you set session tags as transitive, the session policy and session tags packed
* binary limit is not affected.
*
*
* If you choose not to specify a transitive tag key, then no tags are passed from this session to any subsequent
* sessions.
*
*/
private java.util.List transitiveTagKeys;
/**
*
* A unique identifier that might be required when you assume a role in another account. If the administrator of the
* account to which the role belongs provided you with an external ID, then provide that value in the
* ExternalId
parameter. This value can be any string, such as a passphrase or account number. A
* cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the
* trusting account might send an external ID to the administrator of the trusted account. That way, only someone
* with the ID can assume the role, rather than everyone in the account. For more information about the external ID,
* see How to
* Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party in the IAM
* User Guide.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters:
* =,.@:/-
*
*/
private String externalId;
/**
*
* The identification number of the MFA device that is associated with the user who is making the
* AssumeRole
call. Specify this value if the trust policy of the role being assumed includes a
* condition that requires MFA authentication. The value is either the serial number for a hardware device (such as
* GAHT12345678
) or an Amazon Resource Name (ARN) for a virtual device (such as
* arn:aws:iam::123456789012:mfa/user
).
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*/
private String serialNumber;
/**
*
* The value provided by the MFA device, if the trust policy of the role being assumed requires MFA. (In other
* words, if the policy includes a condition that tests for MFA). If the role being assumed requires MFA and if the
* TokenCode
value is missing or expired, the AssumeRole
call returns an "access denied"
* error.
*
*
* The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.
*
*/
private String tokenCode;
/**
*
* The source identity specified by the principal that is calling the AssumeRole
operation.
*
*
* You can require users to specify a source identity when they assume a role. You do this by using the
* sts:SourceIdentity
condition key in a role trust policy. You can use source identity information in
* CloudTrail logs to determine who took actions with a role. You can use the aws:SourceIdentity
* condition key to further control access to Amazon Web Services resources based on the value of source identity.
* For more information about using source identity, see Monitor
* and control actions taken with assumed roles in the IAM User Guide.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters:
* =,.@-. You cannot use a value that begins with the text aws:
. This prefix is reserved for Amazon Web
* Services internal use.
*
*/
private String sourceIdentity;
/**
*
* A list of previously acquired trusted context assertions in the format of a JSON array. The trusted context
* assertion is signed and encrypted by Amazon Web Services STS.
*
*
* The following is an example of a ProvidedContext
value that includes a single trusted context
* assertion and the ARN of the context provider from which the trusted context assertion was generated.
*
*
* [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
*
*/
private java.util.List providedContexts;
/**
*
* The Amazon Resource Name (ARN) of the role to assume.
*
*
* @param roleArn
* The Amazon Resource Name (ARN) of the role to assume.
*/
public void setRoleArn(String roleArn) {
this.roleArn = roleArn;
}
/**
*
* The Amazon Resource Name (ARN) of the role to assume.
*
*
* @return The Amazon Resource Name (ARN) of the role to assume.
*/
public String getRoleArn() {
return this.roleArn;
}
/**
*
* The Amazon Resource Name (ARN) of the role to assume.
*
*
* @param roleArn
* The Amazon Resource Name (ARN) of the role to assume.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withRoleArn(String roleArn) {
setRoleArn(roleArn);
return this;
}
/**
*
* An identifier for the assumed role session.
*
*
* Use the role session name to uniquely identify a session when the same role is assumed by different principals or
* for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the
* account that owns the role. The role session name is also used in the ARN of the assumed role principal. This
* means that subsequent cross-account API requests that use the temporary security credentials will expose the role
* session name to the external account in their CloudTrail logs.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*
* @param roleSessionName
* An identifier for the assumed role session.
*
* Use the role session name to uniquely identify a session when the same role is assumed by different
* principals or for different reasons. In cross-account scenarios, the role session name is visible to, and
* can be logged by the account that owns the role. The role session name is also used in the ARN of the
* assumed role principal. This means that subsequent cross-account API requests that use the temporary
* security credentials will expose the role session name to the external account in their CloudTrail logs.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-
*/
public void setRoleSessionName(String roleSessionName) {
this.roleSessionName = roleSessionName;
}
/**
*
* An identifier for the assumed role session.
*
*
* Use the role session name to uniquely identify a session when the same role is assumed by different principals or
* for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the
* account that owns the role. The role session name is also used in the ARN of the assumed role principal. This
* means that subsequent cross-account API requests that use the temporary security credentials will expose the role
* session name to the external account in their CloudTrail logs.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*
* @return An identifier for the assumed role session.
*
* Use the role session name to uniquely identify a session when the same role is assumed by different
* principals or for different reasons. In cross-account scenarios, the role session name is visible to, and
* can be logged by the account that owns the role. The role session name is also used in the ARN of the
* assumed role principal. This means that subsequent cross-account API requests that use the temporary
* security credentials will expose the role session name to the external account in their CloudTrail logs.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-
*/
public String getRoleSessionName() {
return this.roleSessionName;
}
/**
*
* An identifier for the assumed role session.
*
*
* Use the role session name to uniquely identify a session when the same role is assumed by different principals or
* for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the
* account that owns the role. The role session name is also used in the ARN of the assumed role principal. This
* means that subsequent cross-account API requests that use the temporary security credentials will expose the role
* session name to the external account in their CloudTrail logs.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*
* @param roleSessionName
* An identifier for the assumed role session.
*
* Use the role session name to uniquely identify a session when the same role is assumed by different
* principals or for different reasons. In cross-account scenarios, the role session name is visible to, and
* can be logged by the account that owns the role. The role session name is also used in the ARN of the
* assumed role principal. This means that subsequent cross-account API requests that use the temporary
* security credentials will expose the role session name to the external account in their CloudTrail logs.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withRoleSessionName(String roleSessionName) {
setRoleSessionName(roleSessionName);
return this;
}
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies.
* The policies must exist in the same account as the role.
*
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for
* both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs)
* and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the
* intersection of the role's identity-based policy and the session policies. You can use the role's temporary
* credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role.
* You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the
* role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* @return The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you
* use for both inline and managed session policies can't exceed 2,048 characters. For more information
* about ARNs, see Amazon Resource Names
* (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize
response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions
* are the intersection of the role's identity-based policy and the session policies. You can use the role's
* temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that
* owns the role. You cannot use session policies to grant more permissions than those allowed by the
* identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*/
public java.util.List getPolicyArns() {
return policyArns;
}
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies.
* The policies must exist in the same account as the role.
*
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for
* both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs)
* and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the
* intersection of the role's identity-based policy and the session policies. You can use the role's temporary
* credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role.
* You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the
* role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* @param policyArns
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you
* use for both inline and managed session policies can't exceed 2,048 characters. For more information about
* ARNs, see Amazon
* Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General
* Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize
response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions
* are the intersection of the role's identity-based policy and the session policies. You can use the role's
* temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that
* owns the role. You cannot use session policies to grant more permissions than those allowed by the
* identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*/
public void setPolicyArns(java.util.Collection policyArns) {
if (policyArns == null) {
this.policyArns = null;
return;
}
this.policyArns = new java.util.ArrayList(policyArns);
}
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies.
* The policies must exist in the same account as the role.
*
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for
* both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs)
* and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the
* intersection of the role's identity-based policy and the session policies. You can use the role's temporary
* credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role.
* You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the
* role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setPolicyArns(java.util.Collection)} or {@link #withPolicyArns(java.util.Collection)} if you want to
* override the existing values.
*
*
* @param policyArns
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you
* use for both inline and managed session policies can't exceed 2,048 characters. For more information about
* ARNs, see Amazon
* Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General
* Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize
response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions
* are the intersection of the role's identity-based policy and the session policies. You can use the role's
* temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that
* owns the role. You cannot use session policies to grant more permissions than those allowed by the
* identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withPolicyArns(PolicyDescriptorType... policyArns) {
if (this.policyArns == null) {
setPolicyArns(new java.util.ArrayList(policyArns.length));
}
for (PolicyDescriptorType ele : policyArns) {
this.policyArns.add(ele);
}
return this;
}
/**
*
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies.
* The policies must exist in the same account as the role.
*
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for
* both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs)
* and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the
* intersection of the role's identity-based policy and the session policies. You can use the role's temporary
* credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role.
* You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the
* role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* @param policyArns
* The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session
* policies. The policies must exist in the same account as the role.
*
* This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you
* use for both inline and managed session policies can't exceed 2,048 characters. For more information about
* ARNs, see Amazon
* Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General
* Reference.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize
response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* Passing policies to this operation returns new temporary credentials. The resulting session's permissions
* are the intersection of the role's identity-based policy and the session policies. You can use the role's
* temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that
* owns the role. You cannot use session policies to grant more permissions than those allowed by the
* identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withPolicyArns(java.util.Collection policyArns) {
setPolicyArns(policyArns);
return this;
}
/**
*
* An IAM policy in JSON format that you want to use as an inline session policy.
*
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting
* session's permissions are the intersection of the role's identity-based policy and the session policies. You can
* use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the
* account that owns the role. You cannot use session policies to grant more permissions than those allowed by the
* identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON
* policy characters can be any ASCII character from the space character to the end of the valid character list (
* through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* @param policy
* An IAM policy in JSON format that you want to use as an inline session policy.
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The
* resulting session's permissions are the intersection of the role's identity-based policy and the session
* policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to
* access resources in the account that owns the role. You cannot use session policies to grant more
* permissions than those allowed by the identity-based policy of the role that is being assumed. For more
* information, see Session
* Policies in the IAM User Guide.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The
* JSON policy characters can be any ASCII character from the space character to the end of the valid
* character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( )
* characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize
response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*/
public void setPolicy(String policy) {
this.policy = policy;
}
/**
*
* An IAM policy in JSON format that you want to use as an inline session policy.
*
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting
* session's permissions are the intersection of the role's identity-based policy and the session policies. You can
* use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the
* account that owns the role. You cannot use session policies to grant more permissions than those allowed by the
* identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON
* policy characters can be any ASCII character from the space character to the end of the valid character list (
* through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* @return An IAM policy in JSON format that you want to use as an inline session policy.
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The
* resulting session's permissions are the intersection of the role's identity-based policy and the session
* policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to
* access resources in the account that owns the role. You cannot use session policies to grant more
* permissions than those allowed by the identity-based policy of the role that is being assumed. For more
* information, see Session
* Policies in the IAM User Guide.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters.
* The JSON policy characters can be any ASCII character from the space character to the end of the valid
* character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( )
* characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize
response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*/
public String getPolicy() {
return this.policy;
}
/**
*
* An IAM policy in JSON format that you want to use as an inline session policy.
*
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting
* session's permissions are the intersection of the role's identity-based policy and the session policies. You can
* use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the
* account that owns the role. You cannot use session policies to grant more permissions than those allowed by the
* identity-based policy of the role that is being assumed. For more information, see Session
* Policies in the IAM User Guide.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON
* policy characters can be any ASCII character from the space character to the end of the valid character list (
* through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( ) characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* @param policy
* An IAM policy in JSON format that you want to use as an inline session policy.
*
* This parameter is optional. Passing policies to this operation returns new temporary credentials. The
* resulting session's permissions are the intersection of the role's identity-based policy and the session
* policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to
* access resources in the account that owns the role. You cannot use session policies to grant more
* permissions than those allowed by the identity-based policy of the role that is being assumed. For more
* information, see Session
* Policies in the IAM User Guide.
*
*
* The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The
* JSON policy characters can be any ASCII character from the space character to the end of the valid
* character list ( through \u00FF). It can also include the tab ( ), linefeed ( ), and carriage return ( )
* characters.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize
response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withPolicy(String policy) {
setPolicy(policy);
return this;
}
/**
*
* The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to
* the maximum session duration set for the role. The maximum session duration setting can have a value from 1 hour
* to 12 hours. If you specify a value higher than this setting or the administrator setting (whichever is lower),
* the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the
* maximum session duration to 6 hours, your operation fails.
*
*
* Role chaining limits your Amazon Web Services CLI or Amazon Web Services API role session to a maximum of one
* hour. When you use the AssumeRole
API operation to assume a role, you can specify the duration of
* your role session with the DurationSeconds
parameter. You can specify a parameter value of up to
* 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume
* a role using role chaining and provide a DurationSeconds
parameter value greater than one hour, the
* operation fails. To learn how to view the maximum value for your role, see View
* the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
*
* By default, the value is set to 3600
seconds.
*
*
*
* The DurationSeconds
parameter is separate from the duration of a console session that you might
* request using the returned credentials. The request to the federation endpoint for a console sign-in token takes
* a SessionDuration
parameter that specifies the maximum length of the console session. For more
* information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console in the
* IAM User Guide.
*
*
*
* @param durationSeconds
* The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes)
* up to the maximum session duration set for the role. The maximum session duration setting can have a value
* from 1 hour to 12 hours. If you specify a value higher than this setting or the administrator setting
* (whichever is lower), the operation fails. For example, if you specify a session duration of 12 hours, but
* your administrator set the maximum session duration to 6 hours, your operation fails.
*
* Role chaining limits your Amazon Web Services CLI or Amazon Web Services API role session to a maximum of
* one hour. When you use the AssumeRole
API operation to assume a role, you can specify the
* duration of your role session with the DurationSeconds
parameter. You can specify a parameter
* value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role.
* However, if you assume a role using role chaining and provide a DurationSeconds
parameter
* value greater than one hour, the operation fails. To learn how to view the maximum value for your role,
* see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
*
* By default, the value is set to 3600
seconds.
*
*
*
* The DurationSeconds
parameter is separate from the duration of a console session that you
* might request using the returned credentials. The request to the federation endpoint for a console sign-in
* token takes a SessionDuration
parameter that specifies the maximum length of the console
* session. For more information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console in
* the IAM User Guide.
*
*/
public void setDurationSeconds(Integer durationSeconds) {
this.durationSeconds = durationSeconds;
}
/**
*
* The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to
* the maximum session duration set for the role. The maximum session duration setting can have a value from 1 hour
* to 12 hours. If you specify a value higher than this setting or the administrator setting (whichever is lower),
* the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the
* maximum session duration to 6 hours, your operation fails.
*
*
* Role chaining limits your Amazon Web Services CLI or Amazon Web Services API role session to a maximum of one
* hour. When you use the AssumeRole
API operation to assume a role, you can specify the duration of
* your role session with the DurationSeconds
parameter. You can specify a parameter value of up to
* 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume
* a role using role chaining and provide a DurationSeconds
parameter value greater than one hour, the
* operation fails. To learn how to view the maximum value for your role, see View
* the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
*
* By default, the value is set to 3600
seconds.
*
*
*
* The DurationSeconds
parameter is separate from the duration of a console session that you might
* request using the returned credentials. The request to the federation endpoint for a console sign-in token takes
* a SessionDuration
parameter that specifies the maximum length of the console session. For more
* information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console in the
* IAM User Guide.
*
*
*
* @return The duration, in seconds, of the role session. The value specified can range from 900 seconds (15
* minutes) up to the maximum session duration set for the role. The maximum session duration setting can
* have a value from 1 hour to 12 hours. If you specify a value higher than this setting or the
* administrator setting (whichever is lower), the operation fails. For example, if you specify a session
* duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation
* fails.
*
* Role chaining limits your Amazon Web Services CLI or Amazon Web Services API role session to a maximum of
* one hour. When you use the AssumeRole
API operation to assume a role, you can specify the
* duration of your role session with the DurationSeconds
parameter. You can specify a
* parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for
* your role. However, if you assume a role using role chaining and provide a DurationSeconds
* parameter value greater than one hour, the operation fails. To learn how to view the maximum value for
* your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
*
* By default, the value is set to 3600
seconds.
*
*
*
* The DurationSeconds
parameter is separate from the duration of a console session that you
* might request using the returned credentials. The request to the federation endpoint for a console
* sign-in token takes a SessionDuration
parameter that specifies the maximum length of the
* console session. For more information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console in
* the IAM User Guide.
*
*/
public Integer getDurationSeconds() {
return this.durationSeconds;
}
/**
*
* The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to
* the maximum session duration set for the role. The maximum session duration setting can have a value from 1 hour
* to 12 hours. If you specify a value higher than this setting or the administrator setting (whichever is lower),
* the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the
* maximum session duration to 6 hours, your operation fails.
*
*
* Role chaining limits your Amazon Web Services CLI or Amazon Web Services API role session to a maximum of one
* hour. When you use the AssumeRole
API operation to assume a role, you can specify the duration of
* your role session with the DurationSeconds
parameter. You can specify a parameter value of up to
* 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume
* a role using role chaining and provide a DurationSeconds
parameter value greater than one hour, the
* operation fails. To learn how to view the maximum value for your role, see View
* the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
*
* By default, the value is set to 3600
seconds.
*
*
*
* The DurationSeconds
parameter is separate from the duration of a console session that you might
* request using the returned credentials. The request to the federation endpoint for a console sign-in token takes
* a SessionDuration
parameter that specifies the maximum length of the console session. For more
* information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console in the
* IAM User Guide.
*
*
*
* @param durationSeconds
* The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes)
* up to the maximum session duration set for the role. The maximum session duration setting can have a value
* from 1 hour to 12 hours. If you specify a value higher than this setting or the administrator setting
* (whichever is lower), the operation fails. For example, if you specify a session duration of 12 hours, but
* your administrator set the maximum session duration to 6 hours, your operation fails.
*
* Role chaining limits your Amazon Web Services CLI or Amazon Web Services API role session to a maximum of
* one hour. When you use the AssumeRole
API operation to assume a role, you can specify the
* duration of your role session with the DurationSeconds
parameter. You can specify a parameter
* value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role.
* However, if you assume a role using role chaining and provide a DurationSeconds
parameter
* value greater than one hour, the operation fails. To learn how to view the maximum value for your role,
* see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
*
*
* By default, the value is set to 3600
seconds.
*
*
*
* The DurationSeconds
parameter is separate from the duration of a console session that you
* might request using the returned credentials. The request to the federation endpoint for a console sign-in
* token takes a SessionDuration
parameter that specifies the maximum length of the console
* session. For more information, see Creating a URL that Enables Federated Users to Access the Amazon Web Services Management Console in
* the IAM User Guide.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withDurationSeconds(Integer durationSeconds) {
setDurationSeconds(durationSeconds);
return this;
}
/**
*
* A list of session tags that you want to pass. Each session tag consists of a key name and an associated value.
* For more information about session tags, see Tagging Amazon Web Services STS
* Sessions in the IAM User Guide.
*
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
* characters, and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the role. When you do, session
* tags override a role tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department
and department
tag keys. Assume that the role has the
* Department
=Marketing
tag and you pass the department
=
* engineering
session tag. Department
and department
are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*
* Additionally, if you used temporary credentials to perform this operation, the new session inherits any
* transitive session tags from the calling session. If you pass a session tag with the same key as an inherited
* tag, the operation fails. To view the inherited tags for a session, see the CloudTrail logs. For more
* information, see Viewing
* Session Tags in CloudTrail in the IAM User Guide.
*
*
* @return A list of session tags that you want to pass. Each session tag consists of a key name and an associated
* value. For more information about session tags, see Tagging Amazon Web Services
* STS Sessions in the IAM User Guide.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t
* exceed 128 characters, and the values can’t exceed 256 characters. For these and additional limits, see
* IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize
response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the role. When you do,
* session tags override a role tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have
* separate Department
and department
tag keys. Assume that the role has the
* Department
=Marketing
tag and you pass the department
=
* engineering
session tag. Department
and department
are not saved
* as separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*
* Additionally, if you used temporary credentials to perform this operation, the new session inherits any
* transitive session tags from the calling session. If you pass a session tag with the same key as an
* inherited tag, the operation fails. To view the inherited tags for a session, see the CloudTrail logs.
* For more information, see Viewing Session Tags in CloudTrail in the IAM User Guide.
*/
public java.util.List getTags() {
return tags;
}
/**
*
* A list of session tags that you want to pass. Each session tag consists of a key name and an associated value.
* For more information about session tags, see Tagging Amazon Web Services STS
* Sessions in the IAM User Guide.
*
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
* characters, and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the role. When you do, session
* tags override a role tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department
and department
tag keys. Assume that the role has the
* Department
=Marketing
tag and you pass the department
=
* engineering
session tag. Department
and department
are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*
* Additionally, if you used temporary credentials to perform this operation, the new session inherits any
* transitive session tags from the calling session. If you pass a session tag with the same key as an inherited
* tag, the operation fails. To view the inherited tags for a session, see the CloudTrail logs. For more
* information, see Viewing
* Session Tags in CloudTrail in the IAM User Guide.
*
*
* @param tags
* A list of session tags that you want to pass. Each session tag consists of a key name and an associated
* value. For more information about session tags, see Tagging Amazon Web Services
* STS Sessions in the IAM User Guide.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t
* exceed 128 characters, and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize
response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the role. When you do,
* session tags override a role tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have
* separate Department
and department
tag keys. Assume that the role has the
* Department
=Marketing
tag and you pass the department
=
* engineering
session tag. Department
and department
are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*
* Additionally, if you used temporary credentials to perform this operation, the new session inherits any
* transitive session tags from the calling session. If you pass a session tag with the same key as an
* inherited tag, the operation fails. To view the inherited tags for a session, see the CloudTrail logs. For
* more information, see Viewing Session Tags in CloudTrail in the IAM User Guide.
*/
public void setTags(java.util.Collection tags) {
if (tags == null) {
this.tags = null;
return;
}
this.tags = new java.util.ArrayList(tags);
}
/**
*
* A list of session tags that you want to pass. Each session tag consists of a key name and an associated value.
* For more information about session tags, see Tagging Amazon Web Services STS
* Sessions in the IAM User Guide.
*
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
* characters, and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the role. When you do, session
* tags override a role tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department
and department
tag keys. Assume that the role has the
* Department
=Marketing
tag and you pass the department
=
* engineering
session tag. Department
and department
are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*
* Additionally, if you used temporary credentials to perform this operation, the new session inherits any
* transitive session tags from the calling session. If you pass a session tag with the same key as an inherited
* tag, the operation fails. To view the inherited tags for a session, see the CloudTrail logs. For more
* information, see Viewing
* Session Tags in CloudTrail in the IAM User Guide.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setTags(java.util.Collection)} or {@link #withTags(java.util.Collection)} if you want to override the
* existing values.
*
*
* @param tags
* A list of session tags that you want to pass. Each session tag consists of a key name and an associated
* value. For more information about session tags, see Tagging Amazon Web Services
* STS Sessions in the IAM User Guide.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t
* exceed 128 characters, and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize
response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the role. When you do,
* session tags override a role tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have
* separate Department
and department
tag keys. Assume that the role has the
* Department
=Marketing
tag and you pass the department
=
* engineering
session tag. Department
and department
are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*
* Additionally, if you used temporary credentials to perform this operation, the new session inherits any
* transitive session tags from the calling session. If you pass a session tag with the same key as an
* inherited tag, the operation fails. To view the inherited tags for a session, see the CloudTrail logs. For
* more information, see Viewing Session Tags in CloudTrail in the IAM User Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withTags(Tag... tags) {
if (this.tags == null) {
setTags(new java.util.ArrayList(tags.length));
}
for (Tag ele : tags) {
this.tags.add(ele);
}
return this;
}
/**
*
* A list of session tags that you want to pass. Each session tag consists of a key name and an associated value.
* For more information about session tags, see Tagging Amazon Web Services STS
* Sessions in the IAM User Guide.
*
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
* characters, and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* plaintext meets the other requirements. The PackedPolicySize
response element indicates by
* percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the role. When you do, session
* tags override a role tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate
* Department
and department
tag keys. Assume that the role has the
* Department
=Marketing
tag and you pass the department
=
* engineering
session tag. Department
and department
are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*
* Additionally, if you used temporary credentials to perform this operation, the new session inherits any
* transitive session tags from the calling session. If you pass a session tag with the same key as an inherited
* tag, the operation fails. To view the inherited tags for a session, see the CloudTrail logs. For more
* information, see Viewing
* Session Tags in CloudTrail in the IAM User Guide.
*
*
* @param tags
* A list of session tags that you want to pass. Each session tag consists of a key name and an associated
* value. For more information about session tags, see Tagging Amazon Web Services
* STS Sessions in the IAM User Guide.
*
* This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t
* exceed 128 characters, and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.
*
*
*
* An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and
* session tags into a packed binary format that has a separate limit. Your request can fail for this limit
* even if your plaintext meets the other requirements. The PackedPolicySize
response element
* indicates by percentage how close the policies and tags for your request are to the upper size limit.
*
*
*
* You can pass a session tag with the same key as a tag that is already attached to the role. When you do,
* session tags override a role tag with the same key.
*
*
* Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have
* separate Department
and department
tag keys. Assume that the role has the
* Department
=Marketing
tag and you pass the department
=
* engineering
session tag. Department
and department
are not saved as
* separate tags, and the session tag passed in the request takes precedence over the role tag.
*
*
* Additionally, if you used temporary credentials to perform this operation, the new session inherits any
* transitive session tags from the calling session. If you pass a session tag with the same key as an
* inherited tag, the operation fails. To view the inherited tags for a session, see the CloudTrail logs. For
* more information, see Viewing Session Tags in CloudTrail in the IAM User Guide.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withTags(java.util.Collection tags) {
setTags(tags);
return this;
}
/**
*
* A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the
* corresponding key and value passes to subsequent sessions in a role chain. For more information, see Chaining Roles with Session Tags in the IAM User Guide.
*
*
* This parameter is optional. When you set session tags as transitive, the session policy and session tags packed
* binary limit is not affected.
*
*
* If you choose not to specify a transitive tag key, then no tags are passed from this session to any subsequent
* sessions.
*
*
* @return A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive,
* the corresponding key and value passes to subsequent sessions in a role chain. For more information, see
* Chaining Roles with Session Tags in the IAM User Guide.
*
* This parameter is optional. When you set session tags as transitive, the session policy and session tags
* packed binary limit is not affected.
*
*
* If you choose not to specify a transitive tag key, then no tags are passed from this session to any
* subsequent sessions.
*/
public java.util.List getTransitiveTagKeys() {
return transitiveTagKeys;
}
/**
*
* A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the
* corresponding key and value passes to subsequent sessions in a role chain. For more information, see Chaining Roles with Session Tags in the IAM User Guide.
*
*
* This parameter is optional. When you set session tags as transitive, the session policy and session tags packed
* binary limit is not affected.
*
*
* If you choose not to specify a transitive tag key, then no tags are passed from this session to any subsequent
* sessions.
*
*
* @param transitiveTagKeys
* A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive,
* the corresponding key and value passes to subsequent sessions in a role chain. For more information, see
* Chaining Roles with Session Tags in the IAM User Guide.
*
* This parameter is optional. When you set session tags as transitive, the session policy and session tags
* packed binary limit is not affected.
*
*
* If you choose not to specify a transitive tag key, then no tags are passed from this session to any
* subsequent sessions.
*/
public void setTransitiveTagKeys(java.util.Collection transitiveTagKeys) {
if (transitiveTagKeys == null) {
this.transitiveTagKeys = null;
return;
}
this.transitiveTagKeys = new java.util.ArrayList(transitiveTagKeys);
}
/**
*
* A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the
* corresponding key and value passes to subsequent sessions in a role chain. For more information, see Chaining Roles with Session Tags in the IAM User Guide.
*
*
* This parameter is optional. When you set session tags as transitive, the session policy and session tags packed
* binary limit is not affected.
*
*
* If you choose not to specify a transitive tag key, then no tags are passed from this session to any subsequent
* sessions.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setTransitiveTagKeys(java.util.Collection)} or {@link #withTransitiveTagKeys(java.util.Collection)} if
* you want to override the existing values.
*
*
* @param transitiveTagKeys
* A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive,
* the corresponding key and value passes to subsequent sessions in a role chain. For more information, see
* Chaining Roles with Session Tags in the IAM User Guide.
*
* This parameter is optional. When you set session tags as transitive, the session policy and session tags
* packed binary limit is not affected.
*
*
* If you choose not to specify a transitive tag key, then no tags are passed from this session to any
* subsequent sessions.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withTransitiveTagKeys(String... transitiveTagKeys) {
if (this.transitiveTagKeys == null) {
setTransitiveTagKeys(new java.util.ArrayList(transitiveTagKeys.length));
}
for (String ele : transitiveTagKeys) {
this.transitiveTagKeys.add(ele);
}
return this;
}
/**
*
* A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the
* corresponding key and value passes to subsequent sessions in a role chain. For more information, see Chaining Roles with Session Tags in the IAM User Guide.
*
*
* This parameter is optional. When you set session tags as transitive, the session policy and session tags packed
* binary limit is not affected.
*
*
* If you choose not to specify a transitive tag key, then no tags are passed from this session to any subsequent
* sessions.
*
*
* @param transitiveTagKeys
* A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive,
* the corresponding key and value passes to subsequent sessions in a role chain. For more information, see
* Chaining Roles with Session Tags in the IAM User Guide.
*
* This parameter is optional. When you set session tags as transitive, the session policy and session tags
* packed binary limit is not affected.
*
*
* If you choose not to specify a transitive tag key, then no tags are passed from this session to any
* subsequent sessions.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withTransitiveTagKeys(java.util.Collection transitiveTagKeys) {
setTransitiveTagKeys(transitiveTagKeys);
return this;
}
/**
*
* A unique identifier that might be required when you assume a role in another account. If the administrator of the
* account to which the role belongs provided you with an external ID, then provide that value in the
* ExternalId
parameter. This value can be any string, such as a passphrase or account number. A
* cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the
* trusting account might send an external ID to the administrator of the trusted account. That way, only someone
* with the ID can assume the role, rather than everyone in the account. For more information about the external ID,
* see How to
* Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party in the IAM
* User Guide.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters:
* =,.@:/-
*
*
* @param externalId
* A unique identifier that might be required when you assume a role in another account. If the administrator
* of the account to which the role belongs provided you with an external ID, then provide that value in the
* ExternalId
parameter. This value can be any string, such as a passphrase or account number. A
* cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the
* trusting account might send an external ID to the administrator of the trusted account. That way, only
* someone with the ID can assume the role, rather than everyone in the account. For more information about
* the external ID, see How to
* Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party in the
* IAM User Guide.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@:/-
*/
public void setExternalId(String externalId) {
this.externalId = externalId;
}
/**
*
* A unique identifier that might be required when you assume a role in another account. If the administrator of the
* account to which the role belongs provided you with an external ID, then provide that value in the
* ExternalId
parameter. This value can be any string, such as a passphrase or account number. A
* cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the
* trusting account might send an external ID to the administrator of the trusted account. That way, only someone
* with the ID can assume the role, rather than everyone in the account. For more information about the external ID,
* see How to
* Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party in the IAM
* User Guide.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters:
* =,.@:/-
*
*
* @return A unique identifier that might be required when you assume a role in another account. If the
* administrator of the account to which the role belongs provided you with an external ID, then provide
* that value in the ExternalId
parameter. This value can be any string, such as a passphrase
* or account number. A cross-account role is usually set up to trust everyone in an account. Therefore, the
* administrator of the trusting account might send an external ID to the administrator of the trusted
* account. That way, only someone with the ID can assume the role, rather than everyone in the account. For
* more information about the external ID, see How to
* Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party in the
* IAM User Guide.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@:/-
*/
public String getExternalId() {
return this.externalId;
}
/**
*
* A unique identifier that might be required when you assume a role in another account. If the administrator of the
* account to which the role belongs provided you with an external ID, then provide that value in the
* ExternalId
parameter. This value can be any string, such as a passphrase or account number. A
* cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the
* trusting account might send an external ID to the administrator of the trusted account. That way, only someone
* with the ID can assume the role, rather than everyone in the account. For more information about the external ID,
* see How to
* Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party in the IAM
* User Guide.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters:
* =,.@:/-
*
*
* @param externalId
* A unique identifier that might be required when you assume a role in another account. If the administrator
* of the account to which the role belongs provided you with an external ID, then provide that value in the
* ExternalId
parameter. This value can be any string, such as a passphrase or account number. A
* cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the
* trusting account might send an external ID to the administrator of the trusted account. That way, only
* someone with the ID can assume the role, rather than everyone in the account. For more information about
* the external ID, see How to
* Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party in the
* IAM User Guide.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@:/-
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withExternalId(String externalId) {
setExternalId(externalId);
return this;
}
/**
*
* The identification number of the MFA device that is associated with the user who is making the
* AssumeRole
call. Specify this value if the trust policy of the role being assumed includes a
* condition that requires MFA authentication. The value is either the serial number for a hardware device (such as
* GAHT12345678
) or an Amazon Resource Name (ARN) for a virtual device (such as
* arn:aws:iam::123456789012:mfa/user
).
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*
* @param serialNumber
* The identification number of the MFA device that is associated with the user who is making the
* AssumeRole
call. Specify this value if the trust policy of the role being assumed includes a
* condition that requires MFA authentication. The value is either the serial number for a hardware device
* (such as GAHT12345678
) or an Amazon Resource Name (ARN) for a virtual device (such as
* arn:aws:iam::123456789012:mfa/user
).
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-
*/
public void setSerialNumber(String serialNumber) {
this.serialNumber = serialNumber;
}
/**
*
* The identification number of the MFA device that is associated with the user who is making the
* AssumeRole
call. Specify this value if the trust policy of the role being assumed includes a
* condition that requires MFA authentication. The value is either the serial number for a hardware device (such as
* GAHT12345678
) or an Amazon Resource Name (ARN) for a virtual device (such as
* arn:aws:iam::123456789012:mfa/user
).
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*
* @return The identification number of the MFA device that is associated with the user who is making the
* AssumeRole
call. Specify this value if the trust policy of the role being assumed includes a
* condition that requires MFA authentication. The value is either the serial number for a hardware device
* (such as GAHT12345678
) or an Amazon Resource Name (ARN) for a virtual device (such as
* arn:aws:iam::123456789012:mfa/user
).
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-
*/
public String getSerialNumber() {
return this.serialNumber;
}
/**
*
* The identification number of the MFA device that is associated with the user who is making the
* AssumeRole
call. Specify this value if the trust policy of the role being assumed includes a
* condition that requires MFA authentication. The value is either the serial number for a hardware device (such as
* GAHT12345678
) or an Amazon Resource Name (ARN) for a virtual device (such as
* arn:aws:iam::123456789012:mfa/user
).
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
*
* @param serialNumber
* The identification number of the MFA device that is associated with the user who is making the
* AssumeRole
call. Specify this value if the trust policy of the role being assumed includes a
* condition that requires MFA authentication. The value is either the serial number for a hardware device
* (such as GAHT12345678
) or an Amazon Resource Name (ARN) for a virtual device (such as
* arn:aws:iam::123456789012:mfa/user
).
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withSerialNumber(String serialNumber) {
setSerialNumber(serialNumber);
return this;
}
/**
*
* The value provided by the MFA device, if the trust policy of the role being assumed requires MFA. (In other
* words, if the policy includes a condition that tests for MFA). If the role being assumed requires MFA and if the
* TokenCode
value is missing or expired, the AssumeRole
call returns an "access denied"
* error.
*
*
* The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.
*
*
* @param tokenCode
* The value provided by the MFA device, if the trust policy of the role being assumed requires MFA. (In
* other words, if the policy includes a condition that tests for MFA). If the role being assumed requires
* MFA and if the TokenCode
value is missing or expired, the AssumeRole
call
* returns an "access denied" error.
*
* The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.
*/
public void setTokenCode(String tokenCode) {
this.tokenCode = tokenCode;
}
/**
*
* The value provided by the MFA device, if the trust policy of the role being assumed requires MFA. (In other
* words, if the policy includes a condition that tests for MFA). If the role being assumed requires MFA and if the
* TokenCode
value is missing or expired, the AssumeRole
call returns an "access denied"
* error.
*
*
* The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.
*
*
* @return The value provided by the MFA device, if the trust policy of the role being assumed requires MFA. (In
* other words, if the policy includes a condition that tests for MFA). If the role being assumed requires
* MFA and if the TokenCode
value is missing or expired, the AssumeRole
call
* returns an "access denied" error.
*
* The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.
*/
public String getTokenCode() {
return this.tokenCode;
}
/**
*
* The value provided by the MFA device, if the trust policy of the role being assumed requires MFA. (In other
* words, if the policy includes a condition that tests for MFA). If the role being assumed requires MFA and if the
* TokenCode
value is missing or expired, the AssumeRole
call returns an "access denied"
* error.
*
*
* The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.
*
*
* @param tokenCode
* The value provided by the MFA device, if the trust policy of the role being assumed requires MFA. (In
* other words, if the policy includes a condition that tests for MFA). If the role being assumed requires
* MFA and if the TokenCode
value is missing or expired, the AssumeRole
call
* returns an "access denied" error.
*
* The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withTokenCode(String tokenCode) {
setTokenCode(tokenCode);
return this;
}
/**
*
* The source identity specified by the principal that is calling the AssumeRole
operation.
*
*
* You can require users to specify a source identity when they assume a role. You do this by using the
* sts:SourceIdentity
condition key in a role trust policy. You can use source identity information in
* CloudTrail logs to determine who took actions with a role. You can use the aws:SourceIdentity
* condition key to further control access to Amazon Web Services resources based on the value of source identity.
* For more information about using source identity, see Monitor
* and control actions taken with assumed roles in the IAM User Guide.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters:
* =,.@-. You cannot use a value that begins with the text aws:
. This prefix is reserved for Amazon Web
* Services internal use.
*
*
* @param sourceIdentity
* The source identity specified by the principal that is calling the AssumeRole
operation.
*
* You can require users to specify a source identity when they assume a role. You do this by using the
* sts:SourceIdentity
condition key in a role trust policy. You can use source identity
* information in CloudTrail logs to determine who took actions with a role. You can use the
* aws:SourceIdentity
condition key to further control access to Amazon Web Services resources
* based on the value of source identity. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-. You cannot use a value that begins with the text aws:
. This prefix is
* reserved for Amazon Web Services internal use.
*/
public void setSourceIdentity(String sourceIdentity) {
this.sourceIdentity = sourceIdentity;
}
/**
*
* The source identity specified by the principal that is calling the AssumeRole
operation.
*
*
* You can require users to specify a source identity when they assume a role. You do this by using the
* sts:SourceIdentity
condition key in a role trust policy. You can use source identity information in
* CloudTrail logs to determine who took actions with a role. You can use the aws:SourceIdentity
* condition key to further control access to Amazon Web Services resources based on the value of source identity.
* For more information about using source identity, see Monitor
* and control actions taken with assumed roles in the IAM User Guide.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters:
* =,.@-. You cannot use a value that begins with the text aws:
. This prefix is reserved for Amazon Web
* Services internal use.
*
*
* @return The source identity specified by the principal that is calling the AssumeRole
operation.
*
* You can require users to specify a source identity when they assume a role. You do this by using the
* sts:SourceIdentity
condition key in a role trust policy. You can use source identity
* information in CloudTrail logs to determine who took actions with a role. You can use the
* aws:SourceIdentity
condition key to further control access to Amazon Web Services resources
* based on the value of source identity. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-. You cannot use a value that begins with the text aws:
. This prefix is
* reserved for Amazon Web Services internal use.
*/
public String getSourceIdentity() {
return this.sourceIdentity;
}
/**
*
* The source identity specified by the principal that is calling the AssumeRole
operation.
*
*
* You can require users to specify a source identity when they assume a role. You do this by using the
* sts:SourceIdentity
condition key in a role trust policy. You can use source identity information in
* CloudTrail logs to determine who took actions with a role. You can use the aws:SourceIdentity
* condition key to further control access to Amazon Web Services resources based on the value of source identity.
* For more information about using source identity, see Monitor
* and control actions taken with assumed roles in the IAM User Guide.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following characters:
* =,.@-. You cannot use a value that begins with the text aws:
. This prefix is reserved for Amazon Web
* Services internal use.
*
*
* @param sourceIdentity
* The source identity specified by the principal that is calling the AssumeRole
operation.
*
* You can require users to specify a source identity when they assume a role. You do this by using the
* sts:SourceIdentity
condition key in a role trust policy. You can use source identity
* information in CloudTrail logs to determine who took actions with a role. You can use the
* aws:SourceIdentity
condition key to further control access to Amazon Web Services resources
* based on the value of source identity. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.
*
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include underscores or any of the following
* characters: =,.@-. You cannot use a value that begins with the text aws:
. This prefix is
* reserved for Amazon Web Services internal use.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withSourceIdentity(String sourceIdentity) {
setSourceIdentity(sourceIdentity);
return this;
}
/**
*
* A list of previously acquired trusted context assertions in the format of a JSON array. The trusted context
* assertion is signed and encrypted by Amazon Web Services STS.
*
*
* The following is an example of a ProvidedContext
value that includes a single trusted context
* assertion and the ARN of the context provider from which the trusted context assertion was generated.
*
*
* [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
*
*
* @return A list of previously acquired trusted context assertions in the format of a JSON array. The trusted
* context assertion is signed and encrypted by Amazon Web Services STS.
*
* The following is an example of a ProvidedContext
value that includes a single trusted
* context assertion and the ARN of the context provider from which the trusted context assertion was
* generated.
*
*
* [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
*/
public java.util.List getProvidedContexts() {
return providedContexts;
}
/**
*
* A list of previously acquired trusted context assertions in the format of a JSON array. The trusted context
* assertion is signed and encrypted by Amazon Web Services STS.
*
*
* The following is an example of a ProvidedContext
value that includes a single trusted context
* assertion and the ARN of the context provider from which the trusted context assertion was generated.
*
*
* [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
*
*
* @param providedContexts
* A list of previously acquired trusted context assertions in the format of a JSON array. The trusted
* context assertion is signed and encrypted by Amazon Web Services STS.
*
* The following is an example of a ProvidedContext
value that includes a single trusted context
* assertion and the ARN of the context provider from which the trusted context assertion was generated.
*
*
* [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
*/
public void setProvidedContexts(java.util.Collection providedContexts) {
if (providedContexts == null) {
this.providedContexts = null;
return;
}
this.providedContexts = new java.util.ArrayList(providedContexts);
}
/**
*
* A list of previously acquired trusted context assertions in the format of a JSON array. The trusted context
* assertion is signed and encrypted by Amazon Web Services STS.
*
*
* The following is an example of a ProvidedContext
value that includes a single trusted context
* assertion and the ARN of the context provider from which the trusted context assertion was generated.
*
*
* [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setProvidedContexts(java.util.Collection)} or {@link #withProvidedContexts(java.util.Collection)} if you
* want to override the existing values.
*
*
* @param providedContexts
* A list of previously acquired trusted context assertions in the format of a JSON array. The trusted
* context assertion is signed and encrypted by Amazon Web Services STS.
*
* The following is an example of a ProvidedContext
value that includes a single trusted context
* assertion and the ARN of the context provider from which the trusted context assertion was generated.
*
*
* [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withProvidedContexts(ProvidedContext... providedContexts) {
if (this.providedContexts == null) {
setProvidedContexts(new java.util.ArrayList(providedContexts.length));
}
for (ProvidedContext ele : providedContexts) {
this.providedContexts.add(ele);
}
return this;
}
/**
*
* A list of previously acquired trusted context assertions in the format of a JSON array. The trusted context
* assertion is signed and encrypted by Amazon Web Services STS.
*
*
* The following is an example of a ProvidedContext
value that includes a single trusted context
* assertion and the ARN of the context provider from which the trusted context assertion was generated.
*
*
* [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
*
*
* @param providedContexts
* A list of previously acquired trusted context assertions in the format of a JSON array. The trusted
* context assertion is signed and encrypted by Amazon Web Services STS.
*
* The following is an example of a ProvidedContext
value that includes a single trusted context
* assertion and the ARN of the context provider from which the trusted context assertion was generated.
*
*
* [{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"}]
* @return Returns a reference to this object so that method calls can be chained together.
*/
public AssumeRoleRequest withProvidedContexts(java.util.Collection providedContexts) {
setProvidedContexts(providedContexts);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getRoleArn() != null)
sb.append("RoleArn: ").append(getRoleArn()).append(",");
if (getRoleSessionName() != null)
sb.append("RoleSessionName: ").append(getRoleSessionName()).append(",");
if (getPolicyArns() != null)
sb.append("PolicyArns: ").append(getPolicyArns()).append(",");
if (getPolicy() != null)
sb.append("Policy: ").append(getPolicy()).append(",");
if (getDurationSeconds() != null)
sb.append("DurationSeconds: ").append(getDurationSeconds()).append(",");
if (getTags() != null)
sb.append("Tags: ").append(getTags()).append(",");
if (getTransitiveTagKeys() != null)
sb.append("TransitiveTagKeys: ").append(getTransitiveTagKeys()).append(",");
if (getExternalId() != null)
sb.append("ExternalId: ").append(getExternalId()).append(",");
if (getSerialNumber() != null)
sb.append("SerialNumber: ").append(getSerialNumber()).append(",");
if (getTokenCode() != null)
sb.append("TokenCode: ").append(getTokenCode()).append(",");
if (getSourceIdentity() != null)
sb.append("SourceIdentity: ").append(getSourceIdentity()).append(",");
if (getProvidedContexts() != null)
sb.append("ProvidedContexts: ").append(getProvidedContexts());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof AssumeRoleRequest == false)
return false;
AssumeRoleRequest other = (AssumeRoleRequest) obj;
if (other.getRoleArn() == null ^ this.getRoleArn() == null)
return false;
if (other.getRoleArn() != null && other.getRoleArn().equals(this.getRoleArn()) == false)
return false;
if (other.getRoleSessionName() == null ^ this.getRoleSessionName() == null)
return false;
if (other.getRoleSessionName() != null && other.getRoleSessionName().equals(this.getRoleSessionName()) == false)
return false;
if (other.getPolicyArns() == null ^ this.getPolicyArns() == null)
return false;
if (other.getPolicyArns() != null && other.getPolicyArns().equals(this.getPolicyArns()) == false)
return false;
if (other.getPolicy() == null ^ this.getPolicy() == null)
return false;
if (other.getPolicy() != null && other.getPolicy().equals(this.getPolicy()) == false)
return false;
if (other.getDurationSeconds() == null ^ this.getDurationSeconds() == null)
return false;
if (other.getDurationSeconds() != null && other.getDurationSeconds().equals(this.getDurationSeconds()) == false)
return false;
if (other.getTags() == null ^ this.getTags() == null)
return false;
if (other.getTags() != null && other.getTags().equals(this.getTags()) == false)
return false;
if (other.getTransitiveTagKeys() == null ^ this.getTransitiveTagKeys() == null)
return false;
if (other.getTransitiveTagKeys() != null && other.getTransitiveTagKeys().equals(this.getTransitiveTagKeys()) == false)
return false;
if (other.getExternalId() == null ^ this.getExternalId() == null)
return false;
if (other.getExternalId() != null && other.getExternalId().equals(this.getExternalId()) == false)
return false;
if (other.getSerialNumber() == null ^ this.getSerialNumber() == null)
return false;
if (other.getSerialNumber() != null && other.getSerialNumber().equals(this.getSerialNumber()) == false)
return false;
if (other.getTokenCode() == null ^ this.getTokenCode() == null)
return false;
if (other.getTokenCode() != null && other.getTokenCode().equals(this.getTokenCode()) == false)
return false;
if (other.getSourceIdentity() == null ^ this.getSourceIdentity() == null)
return false;
if (other.getSourceIdentity() != null && other.getSourceIdentity().equals(this.getSourceIdentity()) == false)
return false;
if (other.getProvidedContexts() == null ^ this.getProvidedContexts() == null)
return false;
if (other.getProvidedContexts() != null && other.getProvidedContexts().equals(this.getProvidedContexts()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getRoleArn() == null) ? 0 : getRoleArn().hashCode());
hashCode = prime * hashCode + ((getRoleSessionName() == null) ? 0 : getRoleSessionName().hashCode());
hashCode = prime * hashCode + ((getPolicyArns() == null) ? 0 : getPolicyArns().hashCode());
hashCode = prime * hashCode + ((getPolicy() == null) ? 0 : getPolicy().hashCode());
hashCode = prime * hashCode + ((getDurationSeconds() == null) ? 0 : getDurationSeconds().hashCode());
hashCode = prime * hashCode + ((getTags() == null) ? 0 : getTags().hashCode());
hashCode = prime * hashCode + ((getTransitiveTagKeys() == null) ? 0 : getTransitiveTagKeys().hashCode());
hashCode = prime * hashCode + ((getExternalId() == null) ? 0 : getExternalId().hashCode());
hashCode = prime * hashCode + ((getSerialNumber() == null) ? 0 : getSerialNumber().hashCode());
hashCode = prime * hashCode + ((getTokenCode() == null) ? 0 : getTokenCode().hashCode());
hashCode = prime * hashCode + ((getSourceIdentity() == null) ? 0 : getSourceIdentity().hashCode());
hashCode = prime * hashCode + ((getProvidedContexts() == null) ? 0 : getProvidedContexts().hashCode());
return hashCode;
}
@Override
public AssumeRoleRequest clone() {
return (AssumeRoleRequest) super.clone();
}
}