{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE TypeFamilies #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-binds #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.STS.GetSessionToken
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
--
-- Returns a set of temporary credentials for an Amazon Web Services
-- account or IAM user. The credentials consist of an access key ID, a
-- secret access key, and a security token. Typically, you use
-- @GetSessionToken@ if you want to use MFA to protect programmatic calls
-- to specific Amazon Web Services API operations like Amazon EC2
-- @StopInstances@. MFA-enabled IAM users would need to call
-- @GetSessionToken@ and submit an MFA code that is associated with their
-- MFA device. Using the temporary security credentials that are returned
-- from the call, IAM users can then make programmatic calls to API
-- operations that require MFA authentication. If you do not supply a
-- correct MFA code, then the API returns an access denied error. For a
-- comparison of @GetSessionToken@ with the other API operations that
-- produce temporary credentials, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html Requesting Temporary Security Credentials>
-- and
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison Comparing the Amazon Web Services STS API operations>
-- in the /IAM User Guide/.
--
-- No permissions are required for users to perform this operation. The
-- purpose of the @sts:GetSessionToken@ operation is to authenticate the
-- user using MFA. You cannot use policies to control authentication
-- operations. For more information, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html Permissions for GetSessionToken>
-- in the /IAM User Guide/.
--
-- __Session Duration__
--
-- The @GetSessionToken@ operation must be called by using the long-term
-- Amazon Web Services security credentials of the Amazon Web Services
-- account root user or an IAM user. Credentials that are created by IAM
-- users are valid for the duration that you specify. This duration can
-- range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds
-- (36 hours), with a default of 43,200 seconds (12 hours). Credentials
-- based on account credentials can range from 900 seconds (15 minutes) up
-- to 3,600 seconds (1 hour), with a default of 1 hour.
--
-- __Permissions__
--
-- The temporary security credentials created by @GetSessionToken@ can be
-- used to make API calls to any Amazon Web Services service with the
-- following exceptions:
--
-- -   You cannot call any IAM API operations unless MFA authentication
--     information is included in the request.
--
-- -   You cannot call any STS API /except/ @AssumeRole@ or
--     @GetCallerIdentity@.
--
-- We recommend that you do not call @GetSessionToken@ with Amazon Web
-- Services account root user credentials. Instead, follow our
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users best practices>
-- by creating one or more IAM users, giving them the necessary
-- permissions, and using IAM users for everyday interaction with Amazon
-- Web Services.
--
-- The credentials that are returned by @GetSessionToken@ are based on
-- permissions associated with the user whose credentials were used to call
-- the operation. If @GetSessionToken@ is called using Amazon Web Services
-- account root user credentials, the temporary credentials have root user
-- permissions. Similarly, if @GetSessionToken@ is called using the
-- credentials of an IAM user, the temporary credentials have the same
-- permissions as the IAM user.
--
-- For more information about using @GetSessionToken@ to create temporary
-- credentials, go to
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken Temporary Credentials for Users in Untrusted Environments>
-- in the /IAM User Guide/.
module Amazonka.STS.GetSessionToken
  ( -- * Creating a Request
    GetSessionToken (..),
    newGetSessionToken,

    -- * Request Lenses
    getSessionToken_durationSeconds,
    getSessionToken_serialNumber,
    getSessionToken_tokenCode,

    -- * Destructuring the Response
    GetSessionTokenResponse (..),
    newGetSessionTokenResponse,

    -- * Response Lenses
    getSessionTokenResponse_credentials,
    getSessionTokenResponse_httpStatus,
  )
where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import qualified Amazonka.Request as Request
import qualified Amazonka.Response as Response
import Amazonka.STS.Types

-- | /See:/ 'newGetSessionToken' smart constructor.
data GetSessionToken = GetSessionToken'
  { -- | The duration, in seconds, that the credentials should remain valid.
    -- Acceptable durations for IAM user sessions range from 900 seconds (15
    -- minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours)
    -- as the default. Sessions for Amazon Web Services account owners are
    -- restricted to a maximum of 3,600 seconds (one hour). If the duration is
    -- longer than one hour, the session for Amazon Web Services account owners
    -- defaults to one hour.
    GetSessionToken -> Maybe Natural
durationSeconds :: Prelude.Maybe Prelude.Natural,
    -- | The identification number of the MFA device that is associated with the
    -- IAM user who is making the @GetSessionToken@ call. Specify this value if
    -- the IAM user has a policy that requires MFA authentication. The value is
    -- either the serial number for a hardware device (such as @GAHT12345678@)
    -- or an Amazon Resource Name (ARN) for a virtual device (such as
    -- @arn:aws:iam::123456789012:mfa\/user@). You can find the device for an
    -- IAM user by going to the Amazon Web Services Management Console and
    -- viewing the user\'s security credentials.
    --
    -- The regex used to validate this parameter is a string of characters
    -- consisting of upper- and lower-case alphanumeric characters with no
    -- spaces. You can also include underscores or any of the following
    -- characters: =,.\@:\/-
    GetSessionToken -> Maybe Text
serialNumber :: Prelude.Maybe Prelude.Text,
    -- | The value provided by the MFA device, if MFA is required. If any policy
    -- requires the IAM user to submit an MFA code, specify this value. If MFA
    -- authentication is required, the user must provide a code when requesting
    -- a set of temporary security credentials. A user who fails to provide the
    -- code receives an \"access denied\" response when requesting resources
    -- that require MFA authentication.
    --
    -- The format for this parameter, as described by its regex pattern, is a
    -- sequence of six numeric digits.
    GetSessionToken -> Maybe Text
tokenCode :: Prelude.Maybe Prelude.Text
  }
  deriving (GetSessionToken -> GetSessionToken -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetSessionToken -> GetSessionToken -> Bool
$c/= :: GetSessionToken -> GetSessionToken -> Bool
== :: GetSessionToken -> GetSessionToken -> Bool
$c== :: GetSessionToken -> GetSessionToken -> Bool
Prelude.Eq, ReadPrec [GetSessionToken]
ReadPrec GetSessionToken
Int -> ReadS GetSessionToken
ReadS [GetSessionToken]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GetSessionToken]
$creadListPrec :: ReadPrec [GetSessionToken]
readPrec :: ReadPrec GetSessionToken
$creadPrec :: ReadPrec GetSessionToken
readList :: ReadS [GetSessionToken]
$creadList :: ReadS [GetSessionToken]
readsPrec :: Int -> ReadS GetSessionToken
$creadsPrec :: Int -> ReadS GetSessionToken
Prelude.Read, Int -> GetSessionToken -> ShowS
[GetSessionToken] -> ShowS
GetSessionToken -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetSessionToken] -> ShowS
$cshowList :: [GetSessionToken] -> ShowS
show :: GetSessionToken -> String
$cshow :: GetSessionToken -> String
showsPrec :: Int -> GetSessionToken -> ShowS
$cshowsPrec :: Int -> GetSessionToken -> ShowS
Prelude.Show, forall x. Rep GetSessionToken x -> GetSessionToken
forall x. GetSessionToken -> Rep GetSessionToken x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GetSessionToken x -> GetSessionToken
$cfrom :: forall x. GetSessionToken -> Rep GetSessionToken x
Prelude.Generic)

-- |
-- Create a value of 'GetSessionToken' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'durationSeconds', 'getSessionToken_durationSeconds' - The duration, in seconds, that the credentials should remain valid.
-- Acceptable durations for IAM user sessions range from 900 seconds (15
-- minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours)
-- as the default. Sessions for Amazon Web Services account owners are
-- restricted to a maximum of 3,600 seconds (one hour). If the duration is
-- longer than one hour, the session for Amazon Web Services account owners
-- defaults to one hour.
--
-- 'serialNumber', 'getSessionToken_serialNumber' - The identification number of the MFA device that is associated with the
-- IAM user who is making the @GetSessionToken@ call. Specify this value if
-- the IAM user has a policy that requires MFA authentication. The value is
-- either the serial number for a hardware device (such as @GAHT12345678@)
-- or an Amazon Resource Name (ARN) for a virtual device (such as
-- @arn:aws:iam::123456789012:mfa\/user@). You can find the device for an
-- IAM user by going to the Amazon Web Services Management Console and
-- viewing the user\'s security credentials.
--
-- The regex used to validate this parameter is a string of characters
-- consisting of upper- and lower-case alphanumeric characters with no
-- spaces. You can also include underscores or any of the following
-- characters: =,.\@:\/-
--
-- 'tokenCode', 'getSessionToken_tokenCode' - The value provided by the MFA device, if MFA is required. If any policy
-- requires the IAM user to submit an MFA code, specify this value. If MFA
-- authentication is required, the user must provide a code when requesting
-- a set of temporary security credentials. A user who fails to provide the
-- code receives an \"access denied\" response when requesting resources
-- that require MFA authentication.
--
-- The format for this parameter, as described by its regex pattern, is a
-- sequence of six numeric digits.
newGetSessionToken ::
  GetSessionToken
newGetSessionToken :: GetSessionToken
newGetSessionToken =
  GetSessionToken'
    { $sel:durationSeconds:GetSessionToken' :: Maybe Natural
durationSeconds = forall a. Maybe a
Prelude.Nothing,
      $sel:serialNumber:GetSessionToken' :: Maybe Text
serialNumber = forall a. Maybe a
Prelude.Nothing,
      $sel:tokenCode:GetSessionToken' :: Maybe Text
tokenCode = forall a. Maybe a
Prelude.Nothing
    }

-- | The duration, in seconds, that the credentials should remain valid.
-- Acceptable durations for IAM user sessions range from 900 seconds (15
-- minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours)
-- as the default. Sessions for Amazon Web Services account owners are
-- restricted to a maximum of 3,600 seconds (one hour). If the duration is
-- longer than one hour, the session for Amazon Web Services account owners
-- defaults to one hour.
getSessionToken_durationSeconds :: Lens.Lens' GetSessionToken (Prelude.Maybe Prelude.Natural)
getSessionToken_durationSeconds :: Lens' GetSessionToken (Maybe Natural)
getSessionToken_durationSeconds = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetSessionToken' {Maybe Natural
durationSeconds :: Maybe Natural
$sel:durationSeconds:GetSessionToken' :: GetSessionToken -> Maybe Natural
durationSeconds} -> Maybe Natural
durationSeconds) (\s :: GetSessionToken
s@GetSessionToken' {} Maybe Natural
a -> GetSessionToken
s {$sel:durationSeconds:GetSessionToken' :: Maybe Natural
durationSeconds = Maybe Natural
a} :: GetSessionToken)

-- | The identification number of the MFA device that is associated with the
-- IAM user who is making the @GetSessionToken@ call. Specify this value if
-- the IAM user has a policy that requires MFA authentication. The value is
-- either the serial number for a hardware device (such as @GAHT12345678@)
-- or an Amazon Resource Name (ARN) for a virtual device (such as
-- @arn:aws:iam::123456789012:mfa\/user@). You can find the device for an
-- IAM user by going to the Amazon Web Services Management Console and
-- viewing the user\'s security credentials.
--
-- The regex used to validate this parameter is a string of characters
-- consisting of upper- and lower-case alphanumeric characters with no
-- spaces. You can also include underscores or any of the following
-- characters: =,.\@:\/-
getSessionToken_serialNumber :: Lens.Lens' GetSessionToken (Prelude.Maybe Prelude.Text)
getSessionToken_serialNumber :: Lens' GetSessionToken (Maybe Text)
getSessionToken_serialNumber = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetSessionToken' {Maybe Text
serialNumber :: Maybe Text
$sel:serialNumber:GetSessionToken' :: GetSessionToken -> Maybe Text
serialNumber} -> Maybe Text
serialNumber) (\s :: GetSessionToken
s@GetSessionToken' {} Maybe Text
a -> GetSessionToken
s {$sel:serialNumber:GetSessionToken' :: Maybe Text
serialNumber = Maybe Text
a} :: GetSessionToken)

-- | The value provided by the MFA device, if MFA is required. If any policy
-- requires the IAM user to submit an MFA code, specify this value. If MFA
-- authentication is required, the user must provide a code when requesting
-- a set of temporary security credentials. A user who fails to provide the
-- code receives an \"access denied\" response when requesting resources
-- that require MFA authentication.
--
-- The format for this parameter, as described by its regex pattern, is a
-- sequence of six numeric digits.
getSessionToken_tokenCode :: Lens.Lens' GetSessionToken (Prelude.Maybe Prelude.Text)
getSessionToken_tokenCode :: Lens' GetSessionToken (Maybe Text)
getSessionToken_tokenCode = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetSessionToken' {Maybe Text
tokenCode :: Maybe Text
$sel:tokenCode:GetSessionToken' :: GetSessionToken -> Maybe Text
tokenCode} -> Maybe Text
tokenCode) (\s :: GetSessionToken
s@GetSessionToken' {} Maybe Text
a -> GetSessionToken
s {$sel:tokenCode:GetSessionToken' :: Maybe Text
tokenCode = Maybe Text
a} :: GetSessionToken)

instance Core.AWSRequest GetSessionToken where
  type
    AWSResponse GetSessionToken =
      GetSessionTokenResponse
  request :: (Service -> Service) -> GetSessionToken -> Request GetSessionToken
request Service -> Service
overrides =
    forall a. ToRequest a => Service -> a -> Request a
Request.postQuery (Service -> Service
overrides Service
defaultService)
  response :: forall (m :: * -> *).
MonadResource m =>
(ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy GetSessionToken
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse GetSessionToken)))
response =
    forall (m :: * -> *) a.
MonadResource m =>
Text
-> (Int
    -> ResponseHeaders -> [Node] -> Either String (AWSResponse a))
-> (ByteStringLazy -> IO ByteStringLazy)
-> Service
-> Proxy a
-> ClientResponse ClientBody
-> m (Either Error (ClientResponse (AWSResponse a)))
Response.receiveXMLWrapper
      Text
"GetSessionTokenResult"
      ( \Int
s ResponseHeaders
h [Node]
x ->
          Maybe AuthEnv -> Int -> GetSessionTokenResponse
GetSessionTokenResponse'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"Credentials")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (forall (f :: * -> *) a. Applicative f => a -> f a
Prelude.pure (forall a. Enum a => a -> Int
Prelude.fromEnum Int
s))
      )

instance Prelude.Hashable GetSessionToken where
  hashWithSalt :: Int -> GetSessionToken -> Int
hashWithSalt Int
_salt GetSessionToken' {Maybe Natural
Maybe Text
tokenCode :: Maybe Text
serialNumber :: Maybe Text
durationSeconds :: Maybe Natural
$sel:tokenCode:GetSessionToken' :: GetSessionToken -> Maybe Text
$sel:serialNumber:GetSessionToken' :: GetSessionToken -> Maybe Text
$sel:durationSeconds:GetSessionToken' :: GetSessionToken -> Maybe Natural
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Natural
durationSeconds
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
serialNumber
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
tokenCode

instance Prelude.NFData GetSessionToken where
  rnf :: GetSessionToken -> ()
rnf GetSessionToken' {Maybe Natural
Maybe Text
tokenCode :: Maybe Text
serialNumber :: Maybe Text
durationSeconds :: Maybe Natural
$sel:tokenCode:GetSessionToken' :: GetSessionToken -> Maybe Text
$sel:serialNumber:GetSessionToken' :: GetSessionToken -> Maybe Text
$sel:durationSeconds:GetSessionToken' :: GetSessionToken -> Maybe Natural
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Natural
durationSeconds
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
serialNumber
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
tokenCode

instance Data.ToHeaders GetSessionToken where
  toHeaders :: GetSessionToken -> ResponseHeaders
toHeaders = forall a b. a -> b -> a
Prelude.const forall a. Monoid a => a
Prelude.mempty

instance Data.ToPath GetSessionToken where
  toPath :: GetSessionToken -> ByteString
toPath = forall a b. a -> b -> a
Prelude.const ByteString
"/"

instance Data.ToQuery GetSessionToken where
  toQuery :: GetSessionToken -> QueryString
toQuery GetSessionToken' {Maybe Natural
Maybe Text
tokenCode :: Maybe Text
serialNumber :: Maybe Text
durationSeconds :: Maybe Natural
$sel:tokenCode:GetSessionToken' :: GetSessionToken -> Maybe Text
$sel:serialNumber:GetSessionToken' :: GetSessionToken -> Maybe Text
$sel:durationSeconds:GetSessionToken' :: GetSessionToken -> Maybe Natural
..} =
    forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"Action"
          forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: (ByteString
"GetSessionToken" :: Prelude.ByteString),
        ByteString
"Version"
          forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: (ByteString
"2011-06-15" :: Prelude.ByteString),
        ByteString
"DurationSeconds" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Maybe Natural
durationSeconds,
        ByteString
"SerialNumber" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Maybe Text
serialNumber,
        ByteString
"TokenCode" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Maybe Text
tokenCode
      ]

-- | Contains the response to a successful GetSessionToken request, including
-- temporary Amazon Web Services credentials that can be used to make
-- Amazon Web Services requests.
--
-- /See:/ 'newGetSessionTokenResponse' smart constructor.
data GetSessionTokenResponse = GetSessionTokenResponse'
  { -- | The temporary security credentials, which include an access key ID, a
    -- secret access key, and a security (or session) token.
    --
    -- The size of the security token that STS API operations return is not
    -- fixed. We strongly recommend that you make no assumptions about the
    -- maximum size.
    GetSessionTokenResponse -> Maybe AuthEnv
credentials :: Prelude.Maybe Core.AuthEnv,
    -- | The response's http status code.
    GetSessionTokenResponse -> Int
httpStatus :: Prelude.Int
  }
  deriving (GetSessionTokenResponse -> GetSessionTokenResponse -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GetSessionTokenResponse -> GetSessionTokenResponse -> Bool
$c/= :: GetSessionTokenResponse -> GetSessionTokenResponse -> Bool
== :: GetSessionTokenResponse -> GetSessionTokenResponse -> Bool
$c== :: GetSessionTokenResponse -> GetSessionTokenResponse -> Bool
Prelude.Eq, Int -> GetSessionTokenResponse -> ShowS
[GetSessionTokenResponse] -> ShowS
GetSessionTokenResponse -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GetSessionTokenResponse] -> ShowS
$cshowList :: [GetSessionTokenResponse] -> ShowS
show :: GetSessionTokenResponse -> String
$cshow :: GetSessionTokenResponse -> String
showsPrec :: Int -> GetSessionTokenResponse -> ShowS
$cshowsPrec :: Int -> GetSessionTokenResponse -> ShowS
Prelude.Show, forall x. Rep GetSessionTokenResponse x -> GetSessionTokenResponse
forall x. GetSessionTokenResponse -> Rep GetSessionTokenResponse x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GetSessionTokenResponse x -> GetSessionTokenResponse
$cfrom :: forall x. GetSessionTokenResponse -> Rep GetSessionTokenResponse x
Prelude.Generic)

-- |
-- Create a value of 'GetSessionTokenResponse' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'credentials', 'getSessionTokenResponse_credentials' - The temporary security credentials, which include an access key ID, a
-- secret access key, and a security (or session) token.
--
-- The size of the security token that STS API operations return is not
-- fixed. We strongly recommend that you make no assumptions about the
-- maximum size.
--
-- 'httpStatus', 'getSessionTokenResponse_httpStatus' - The response's http status code.
newGetSessionTokenResponse ::
  -- | 'httpStatus'
  Prelude.Int ->
  GetSessionTokenResponse
newGetSessionTokenResponse :: Int -> GetSessionTokenResponse
newGetSessionTokenResponse Int
pHttpStatus_ =
  GetSessionTokenResponse'
    { $sel:credentials:GetSessionTokenResponse' :: Maybe AuthEnv
credentials =
        forall a. Maybe a
Prelude.Nothing,
      $sel:httpStatus:GetSessionTokenResponse' :: Int
httpStatus = Int
pHttpStatus_
    }

-- | The temporary security credentials, which include an access key ID, a
-- secret access key, and a security (or session) token.
--
-- The size of the security token that STS API operations return is not
-- fixed. We strongly recommend that you make no assumptions about the
-- maximum size.
getSessionTokenResponse_credentials :: Lens.Lens' GetSessionTokenResponse (Prelude.Maybe Core.AuthEnv)
getSessionTokenResponse_credentials :: Lens' GetSessionTokenResponse (Maybe AuthEnv)
getSessionTokenResponse_credentials = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetSessionTokenResponse' {Maybe AuthEnv
credentials :: Maybe AuthEnv
$sel:credentials:GetSessionTokenResponse' :: GetSessionTokenResponse -> Maybe AuthEnv
credentials} -> Maybe AuthEnv
credentials) (\s :: GetSessionTokenResponse
s@GetSessionTokenResponse' {} Maybe AuthEnv
a -> GetSessionTokenResponse
s {$sel:credentials:GetSessionTokenResponse' :: Maybe AuthEnv
credentials = Maybe AuthEnv
a} :: GetSessionTokenResponse)

-- | The response's http status code.
getSessionTokenResponse_httpStatus :: Lens.Lens' GetSessionTokenResponse Prelude.Int
getSessionTokenResponse_httpStatus :: Lens' GetSessionTokenResponse Int
getSessionTokenResponse_httpStatus = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GetSessionTokenResponse' {Int
httpStatus :: Int
$sel:httpStatus:GetSessionTokenResponse' :: GetSessionTokenResponse -> Int
httpStatus} -> Int
httpStatus) (\s :: GetSessionTokenResponse
s@GetSessionTokenResponse' {} Int
a -> GetSessionTokenResponse
s {$sel:httpStatus:GetSessionTokenResponse' :: Int
httpStatus = Int
a} :: GetSessionTokenResponse)

instance Prelude.NFData GetSessionTokenResponse where
  rnf :: GetSessionTokenResponse -> ()
rnf GetSessionTokenResponse' {Int
Maybe AuthEnv
httpStatus :: Int
credentials :: Maybe AuthEnv
$sel:httpStatus:GetSessionTokenResponse' :: GetSessionTokenResponse -> Int
$sel:credentials:GetSessionTokenResponse' :: GetSessionTokenResponse -> Maybe AuthEnv
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe AuthEnv
credentials
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Int
httpStatus