com.amazonaws.services.securitytoken.model.GetSessionTokenRequest Maven / Gradle / Ivy
Show all versions of aws-java-sdk-core Show documentation
/*
* Copyright 2010-2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package com.amazonaws.services.securitytoken.model;
import java.io.Serializable;
import com.amazonaws.AmazonWebServiceRequest;
/**
*
* Returns a set of temporary credentials for an AWS account or IAM user. The
* credentials consist of an access key ID, a secret access key, and a security
* token. Typically, you use GetSessionToken if you want to use MFA
* to protect programmatic calls to specific AWS APIs like Amazon EC2
* StopInstances. MFA-enabled IAM users would need to call
* GetSessionToken and submit an MFA code that is associated with
* their MFA device. Using the temporary security credentials that are returned
* from the call, IAM users can then make programmatic calls to APIs that
* require MFA authentication. If you do not supply a correct MFA code, then the
* API returns an access denied error. For a comparison of
* GetSessionToken with the other APIs that produce temporary
* credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS APIs in the IAM User Guide.
*
*
* The GetSessionToken action must be called by using the long-term
* AWS security credentials of the AWS account or an IAM user. Credentials that
* are created by IAM users are valid for the duration that you specify, from
* 900 seconds (15 minutes) up to a maximum of 129600 seconds (36 hours), with a
* default of 43200 seconds (12 hours); credentials that are created by using
* account credentials can range from 900 seconds (15 minutes) up to a maximum
* of 3600 seconds (1 hour), with a default of 1 hour.
*
*
* The temporary security credentials created by GetSessionToken
* can be used to make API calls to any AWS service with the following
* exceptions:
*
*
* -
*
* You cannot call any IAM APIs unless MFA authentication information is
* included in the request.
*
*
* -
*
* You cannot call any STS API except AssumeRole.
*
*
*
*
*
* We recommend that you do not call GetSessionToken with root
* account credentials. Instead, follow our best practices by creating one or more IAM users, giving them the
* necessary permissions, and using IAM users for everyday interaction with AWS.
*
*
*
* The permissions associated with the temporary security credentials returned
* by GetSessionToken are based on the permissions associated with
* account or IAM user whose credentials are used to call the action. If
* GetSessionToken is called using root account credentials, the
* temporary credentials have root account permissions. Similarly, if
* GetSessionToken is called using the credentials of an IAM user,
* the temporary credentials have the same permissions as the IAM user.
*
*
* For more information about using GetSessionToken to create
* temporary credentials, go to Temporary Credentials for Users in Untrusted Environments in the IAM
* User Guide.
*
*/
public class GetSessionTokenRequest extends AmazonWebServiceRequest implements Serializable {
/**
*
* The duration, in seconds, that the credentials should remain valid.
* Acceptable durations for IAM user sessions range from 900 seconds (15
* minutes) to 129600 seconds (36 hours), with 43200 seconds (12 hours) as
* the default. Sessions for AWS account owners are restricted to a maximum
* of 3600 seconds (one hour). If the duration is longer than one hour, the
* session for AWS account owners defaults to one hour.
*
*
* Constraints:
* Range: 900 - 129600
*/
private Integer durationSeconds;
/**
*
* The identification number of the MFA device that is associated with the
* IAM user who is making the GetSessionToken call. Specify
* this value if the IAM user has a policy that requires MFA authentication.
* The value is either the serial number for a hardware device (such as
* GAHT12345678) or an Amazon Resource Name (ARN) for a virtual
* device (such as arn:aws:iam::123456789012:mfa/user). You can
* find the device for an IAM user by going to the AWS Management Console
* and viewing the user's security credentials.
*
*
* The format for this parameter, as described by its regex pattern, is a
* string of characters consisting of upper- and lower-case alphanumeric
* characters with no spaces. You can also include any of the following
* characters: =,.@-
*
*
* Constraints:
* Length: 9 - 256
* Pattern: [\w+=/:,.@-]*
*/
private String serialNumber;
/**
*
* The value provided by the MFA device, if MFA is required. If any policy
* requires the IAM user to submit an MFA code, specify this value. If MFA
* authentication is required, and the user does not provide a code when
* requesting a set of temporary security credentials, the user will receive
* an "access denied" response when requesting resources that require MFA
* authentication.
*
*
* The format for this parameter, as described by its regex pattern, is a
* sequence of six numeric digits.
*
*
* Constraints:
* Length: 6 - 6
* Pattern: [\d]*
*/
private String tokenCode;
/**
*
* The duration, in seconds, that the credentials should remain valid.
* Acceptable durations for IAM user sessions range from 900 seconds (15
* minutes) to 129600 seconds (36 hours), with 43200 seconds (12 hours) as
* the default. Sessions for AWS account owners are restricted to a maximum
* of 3600 seconds (one hour). If the duration is longer than one hour, the
* session for AWS account owners defaults to one hour.
*
*
* Constraints:
* Range: 900 - 129600
*
* @return
* The duration, in seconds, that the credentials should remain
* valid. Acceptable durations for IAM user sessions range from 900
* seconds (15 minutes) to 129600 seconds (36 hours), with 43200
* seconds (12 hours) as the default. Sessions for AWS account
* owners are restricted to a maximum of 3600 seconds (one hour). If
* the duration is longer than one hour, the session for AWS account
* owners defaults to one hour.
*
*/
public Integer getDurationSeconds() {
return durationSeconds;
}
/**
*
* The duration, in seconds, that the credentials should remain valid.
* Acceptable durations for IAM user sessions range from 900 seconds (15
* minutes) to 129600 seconds (36 hours), with 43200 seconds (12 hours) as
* the default. Sessions for AWS account owners are restricted to a maximum
* of 3600 seconds (one hour). If the duration is longer than one hour, the
* session for AWS account owners defaults to one hour.
*
*
* Constraints:
* Range: 900 - 129600
*
* @param durationSeconds
* The duration, in seconds, that the credentials should remain
* valid. Acceptable durations for IAM user sessions range from
* 900 seconds (15 minutes) to 129600 seconds (36 hours), with
* 43200 seconds (12 hours) as the default. Sessions for AWS
* account owners are restricted to a maximum of 3600 seconds
* (one hour). If the duration is longer than one hour, the
* session for AWS account owners defaults to one hour.
*
*/
public void setDurationSeconds(Integer durationSeconds) {
this.durationSeconds = durationSeconds;
}
/**
*
* The duration, in seconds, that the credentials should remain valid.
* Acceptable durations for IAM user sessions range from 900 seconds (15
* minutes) to 129600 seconds (36 hours), with 43200 seconds (12 hours) as
* the default. Sessions for AWS account owners are restricted to a maximum
* of 3600 seconds (one hour). If the duration is longer than one hour, the
* session for AWS account owners defaults to one hour.
*
*
* Returns a reference to this object so that method calls can be chained
* together.
*
* Constraints:
* Range: 900 - 129600
*
* @param durationSeconds
* The duration, in seconds, that the credentials should remain
* valid. Acceptable durations for IAM user sessions range from
* 900 seconds (15 minutes) to 129600 seconds (36 hours), with
* 43200 seconds (12 hours) as the default. Sessions for AWS
* account owners are restricted to a maximum of 3600 seconds
* (one hour). If the duration is longer than one hour, the
* session for AWS account owners defaults to one hour.
*
* @return A reference to this updated object so that method calls can be
* chained together.
*/
public GetSessionTokenRequest withDurationSeconds(Integer durationSeconds) {
this.durationSeconds = durationSeconds;
return this;
}
/**
*
* The identification number of the MFA device that is associated with the
* IAM user who is making the GetSessionToken call. Specify
* this value if the IAM user has a policy that requires MFA authentication.
* The value is either the serial number for a hardware device (such as
* GAHT12345678) or an Amazon Resource Name (ARN) for a virtual
* device (such as arn:aws:iam::123456789012:mfa/user). You can
* find the device for an IAM user by going to the AWS Management Console
* and viewing the user's security credentials.
*
*
* The format for this parameter, as described by its regex pattern, is a
* string of characters consisting of upper- and lower-case alphanumeric
* characters with no spaces. You can also include any of the following
* characters: =,.@-
*
*
* Constraints:
* Length: 9 - 256
* Pattern: [\w+=/:,.@-]*
*
* @return
* The identification number of the MFA device that is associated
* with the IAM user who is making the GetSessionToken
* call. Specify this value if the IAM user has a policy that
* requires MFA authentication. The value is either the serial
* number for a hardware device (such as GAHT12345678)
* or an Amazon Resource Name (ARN) for a virtual device (such as
* arn:aws:iam::123456789012:mfa/user). You can find
* the device for an IAM user by going to the AWS Management Console
* and viewing the user's security credentials.
*
*
* The format for this parameter, as described by its regex pattern,
* is a string of characters consisting of upper- and lower-case
* alphanumeric characters with no spaces. You can also include any
* of the following characters: =,.@-
*
*/
public String getSerialNumber() {
return serialNumber;
}
/**
*
* The identification number of the MFA device that is associated with the
* IAM user who is making the GetSessionToken call. Specify
* this value if the IAM user has a policy that requires MFA authentication.
* The value is either the serial number for a hardware device (such as
* GAHT12345678) or an Amazon Resource Name (ARN) for a virtual
* device (such as arn:aws:iam::123456789012:mfa/user). You can
* find the device for an IAM user by going to the AWS Management Console
* and viewing the user's security credentials.
*
*
* The format for this parameter, as described by its regex pattern, is a
* string of characters consisting of upper- and lower-case alphanumeric
* characters with no spaces. You can also include any of the following
* characters: =,.@-
*
*
* Constraints:
* Length: 9 - 256
* Pattern: [\w+=/:,.@-]*
*
* @param serialNumber
* The identification number of the MFA device that is associated
* with the IAM user who is making the
* GetSessionToken call. Specify this value if the
* IAM user has a policy that requires MFA authentication. The
* value is either the serial number for a hardware device (such
* as GAHT12345678) or an Amazon Resource Name (ARN)
* for a virtual device (such as
* arn:aws:iam::123456789012:mfa/user). You can find
* the device for an IAM user by going to the AWS Management
* Console and viewing the user's security credentials.
*
*
* The format for this parameter, as described by its regex
* pattern, is a string of characters consisting of upper- and
* lower-case alphanumeric characters with no spaces. You can
* also include any of the following characters: =,.@-
*
*/
public void setSerialNumber(String serialNumber) {
this.serialNumber = serialNumber;
}
/**
*
* The identification number of the MFA device that is associated with the
* IAM user who is making the GetSessionToken call. Specify
* this value if the IAM user has a policy that requires MFA authentication.
* The value is either the serial number for a hardware device (such as
* GAHT12345678) or an Amazon Resource Name (ARN) for a virtual
* device (such as arn:aws:iam::123456789012:mfa/user). You can
* find the device for an IAM user by going to the AWS Management Console
* and viewing the user's security credentials.
*
*
* The format for this parameter, as described by its regex pattern, is a
* string of characters consisting of upper- and lower-case alphanumeric
* characters with no spaces. You can also include any of the following
* characters: =,.@-
*
*
* Returns a reference to this object so that method calls can be chained
* together.
*
* Constraints:
* Length: 9 - 256
* Pattern: [\w+=/:,.@-]*
*
* @param serialNumber
* The identification number of the MFA device that is associated
* with the IAM user who is making the
* GetSessionToken call. Specify this value if the
* IAM user has a policy that requires MFA authentication. The
* value is either the serial number for a hardware device (such
* as GAHT12345678) or an Amazon Resource Name (ARN)
* for a virtual device (such as
* arn:aws:iam::123456789012:mfa/user). You can find
* the device for an IAM user by going to the AWS Management
* Console and viewing the user's security credentials.
*
*
* The format for this parameter, as described by its regex
* pattern, is a string of characters consisting of upper- and
* lower-case alphanumeric characters with no spaces. You can
* also include any of the following characters: =,.@-
*
* @return A reference to this updated object so that method calls can be
* chained together.
*/
public GetSessionTokenRequest withSerialNumber(String serialNumber) {
this.serialNumber = serialNumber;
return this;
}
/**
*
* The value provided by the MFA device, if MFA is required. If any policy
* requires the IAM user to submit an MFA code, specify this value. If MFA
* authentication is required, and the user does not provide a code when
* requesting a set of temporary security credentials, the user will receive
* an "access denied" response when requesting resources that require MFA
* authentication.
*
*
* The format for this parameter, as described by its regex pattern, is a
* sequence of six numeric digits.
*
*
* Constraints:
* Length: 6 - 6
* Pattern: [\d]*
*
* @return
* The value provided by the MFA device, if MFA is required. If any
* policy requires the IAM user to submit an MFA code, specify this
* value. If MFA authentication is required, and the user does not
* provide a code when requesting a set of temporary security
* credentials, the user will receive an "access denied" response
* when requesting resources that require MFA authentication.
*
*
* The format for this parameter, as described by its regex pattern,
* is a sequence of six numeric digits.
*
*/
public String getTokenCode() {
return tokenCode;
}
/**
*
* The value provided by the MFA device, if MFA is required. If any policy
* requires the IAM user to submit an MFA code, specify this value. If MFA
* authentication is required, and the user does not provide a code when
* requesting a set of temporary security credentials, the user will receive
* an "access denied" response when requesting resources that require MFA
* authentication.
*
*
* The format for this parameter, as described by its regex pattern, is a
* sequence of six numeric digits.
*
*
* Constraints:
* Length: 6 - 6
* Pattern: [\d]*
*
* @param tokenCode
* The value provided by the MFA device, if MFA is required. If
* any policy requires the IAM user to submit an MFA code,
* specify this value. If MFA authentication is required, and the
* user does not provide a code when requesting a set of
* temporary security credentials, the user will receive an
* "access denied" response when requesting resources that
* require MFA authentication.
*
*
* The format for this parameter, as described by its regex
* pattern, is a sequence of six numeric digits.
*
*/
public void setTokenCode(String tokenCode) {
this.tokenCode = tokenCode;
}
/**
*
* The value provided by the MFA device, if MFA is required. If any policy
* requires the IAM user to submit an MFA code, specify this value. If MFA
* authentication is required, and the user does not provide a code when
* requesting a set of temporary security credentials, the user will receive
* an "access denied" response when requesting resources that require MFA
* authentication.
*
*
* The format for this parameter, as described by its regex pattern, is a
* sequence of six numeric digits.
*
*
* Returns a reference to this object so that method calls can be chained
* together.
*
* Constraints:
* Length: 6 - 6
* Pattern: [\d]*
*
* @param tokenCode
* The value provided by the MFA device, if MFA is required. If
* any policy requires the IAM user to submit an MFA code,
* specify this value. If MFA authentication is required, and the
* user does not provide a code when requesting a set of
* temporary security credentials, the user will receive an
* "access denied" response when requesting resources that
* require MFA authentication.
*
*
* The format for this parameter, as described by its regex
* pattern, is a sequence of six numeric digits.
*
* @return A reference to this updated object so that method calls can be
* chained together.
*/
public GetSessionTokenRequest withTokenCode(String tokenCode) {
this.tokenCode = tokenCode;
return this;
}
/**
* Returns a string representation of this object; useful for testing and
* debugging.
*
* @return A string representation of this object.
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getDurationSeconds() != null)
sb.append("DurationSeconds: " + getDurationSeconds() + ",");
if (getSerialNumber() != null)
sb.append("SerialNumber: " + getSerialNumber() + ",");
if (getTokenCode() != null)
sb.append("TokenCode: " + getTokenCode());
sb.append("}");
return sb.toString();
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode
+ ((getDurationSeconds() == null) ? 0 : getDurationSeconds().hashCode());
hashCode = prime * hashCode
+ ((getSerialNumber() == null) ? 0 : getSerialNumber().hashCode());
hashCode = prime * hashCode + ((getTokenCode() == null) ? 0 : getTokenCode().hashCode());
return hashCode;
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof GetSessionTokenRequest == false)
return false;
GetSessionTokenRequest other = (GetSessionTokenRequest) obj;
if (other.getDurationSeconds() == null ^ this.getDurationSeconds() == null)
return false;
if (other.getDurationSeconds() != null
&& other.getDurationSeconds().equals(this.getDurationSeconds()) == false)
return false;
if (other.getSerialNumber() == null ^ this.getSerialNumber() == null)
return false;
if (other.getSerialNumber() != null
&& other.getSerialNumber().equals(this.getSerialNumber()) == false)
return false;
if (other.getTokenCode() == null ^ this.getTokenCode() == null)
return false;
if (other.getTokenCode() != null
&& other.getTokenCode().equals(this.getTokenCode()) == false)
return false;
return true;
}
}