Copyright	(c) 2013-2016 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay@gmail.com>
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	None
Language	Haskell2010

Network.AWS.STS.DecodeAuthorizationMessage

Contents

Creating a Request
Request Lenses
Destructuring the Response
Response Lenses

Description

Decodes additional information about the authorization status of a request from an encoded message returned in response to an AWS request.

For example, if a user is not authorized to perform an action that he or she has requested, the request returns a UnauthorizedOperation response (an HTTP 403 response). Some AWS actions additionally return an encoded message that can provide details about this authorization failure.

Only certain AWS actions return an encoded authorization message. The documentation for an individual action indicates whether that action returns an encoded message in addition to returning an HTTP code.

The message is encoded because the details of the authorization status can constitute privileged information that the user who requested the action should not see. To decode an authorization status message, a user must be granted permissions via an IAM policy to request the DecodeAuthorizationMessage ('sts:DecodeAuthorizationMessage') action.

The decoded message includes the following type of information:

Whether the request was denied due to an explicit deny or due to the absence of an explicit allow. For more information, see Determining Whether a Request is Allowed or Denied in the IAM User Guide.
The principal who made the request.
The requested action.
The requested resource.
The values of condition keys in the context of the user's request.

Creating a Request

decodeAuthorizationMessage Source #

Arguments

:: Text	`damEncodedMessage`
-> DecodeAuthorizationMessage

Creates a value of DecodeAuthorizationMessage with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

damEncodedMessage

data DecodeAuthorizationMessage Source #

See: decodeAuthorizationMessage smart constructor.

Instances

Eq DecodeAuthorizationMessage Source #
Methods (==) :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool # (/=) :: DecodeAuthorizationMessage -> DecodeAuthorizationMessage -> Bool #
Data DecodeAuthorizationMessage Source #
Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> DecodeAuthorizationMessage -> c DecodeAuthorizationMessage # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c DecodeAuthorizationMessage # toConstr :: DecodeAuthorizationMessage -> Constr # dataTypeOf :: DecodeAuthorizationMessage -> DataType # dataCast1 :: Typeable (* -> ) t => (forall d. Data d => c (t d)) -> Maybe (c DecodeAuthorizationMessage) # dataCast2 :: Typeable ( -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c DecodeAuthorizationMessage) # gmapT :: (forall b. Data b => b -> b) -> DecodeAuthorizationMessage -> DecodeAuthorizationMessage # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> DecodeAuthorizationMessage -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> DecodeAuthorizationMessage -> r # gmapQ :: (forall d. Data d => d -> u) -> DecodeAuthorizationMessage -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> DecodeAuthorizationMessage -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> DecodeAuthorizationMessage -> m DecodeAuthorizationMessage # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> DecodeAuthorizationMessage -> m DecodeAuthorizationMessage # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> DecodeAuthorizationMessage -> m DecodeAuthorizationMessage #
Read DecodeAuthorizationMessage Source #
Methods readsPrec :: Int -> ReadS DecodeAuthorizationMessage # readList :: ReadS [DecodeAuthorizationMessage] # readPrec :: ReadPrec DecodeAuthorizationMessage # readListPrec :: ReadPrec [DecodeAuthorizationMessage] #
Show DecodeAuthorizationMessage Source #
Methods showsPrec :: Int -> DecodeAuthorizationMessage -> ShowS # show :: DecodeAuthorizationMessage -> String # showList :: [DecodeAuthorizationMessage] -> ShowS #
Generic DecodeAuthorizationMessage Source #
Associated Types type Rep DecodeAuthorizationMessage :: * -> * # Methods from :: DecodeAuthorizationMessage -> Rep DecodeAuthorizationMessage x # to :: Rep DecodeAuthorizationMessage x -> DecodeAuthorizationMessage #
Hashable DecodeAuthorizationMessage Source #
Methods hashWithSalt :: Int -> DecodeAuthorizationMessage -> Int # hash :: DecodeAuthorizationMessage -> Int #
NFData DecodeAuthorizationMessage Source #
Methods rnf :: DecodeAuthorizationMessage -> () #
AWSRequest DecodeAuthorizationMessage Source #
Associated Types type Rs DecodeAuthorizationMessage :: * # Methods request :: DecodeAuthorizationMessage -> Request DecodeAuthorizationMessage # response :: MonadResource m => Logger -> Service -> Proxy * DecodeAuthorizationMessage -> ClientResponse -> m (Response DecodeAuthorizationMessage) #
ToPath DecodeAuthorizationMessage Source #
Methods toPath :: DecodeAuthorizationMessage -> ByteString #
ToHeaders DecodeAuthorizationMessage Source #
Methods toHeaders :: DecodeAuthorizationMessage -> [Header] #
ToQuery DecodeAuthorizationMessage Source #
Methods toQuery :: DecodeAuthorizationMessage -> QueryString #
type Rep DecodeAuthorizationMessage Source #
type Rep DecodeAuthorizationMessage = D1 (MetaData "DecodeAuthorizationMessage" "Network.AWS.STS.DecodeAuthorizationMessage" "amazonka-sts-1.4.4-6LedVt18Nu9LYxEc2oTJZY" True) (C1 (MetaCons "DecodeAuthorizationMessage'" PrefixI True) (S1 (MetaSel (Just Symbol "_damEncodedMessage") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 Text)))
type Rs DecodeAuthorizationMessage Source #
type Rs DecodeAuthorizationMessage = DecodeAuthorizationMessageResponse

Request Lenses

damEncodedMessage :: Lens' DecodeAuthorizationMessage Text Source #

The encoded message that was returned with the response.

Destructuring the Response

decodeAuthorizationMessageResponse Source #

Arguments

:: Int	`damrsResponseStatus`
-> DecodeAuthorizationMessageResponse

Creates a value of DecodeAuthorizationMessageResponse with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

data DecodeAuthorizationMessageResponse Source #

A document that contains additional information about the authorization status of a request from an encoded message that is returned in response to an AWS request.

See: decodeAuthorizationMessageResponse smart constructor.

Instances

Eq DecodeAuthorizationMessageResponse Source #
Methods (==) :: DecodeAuthorizationMessageResponse -> DecodeAuthorizationMessageResponse -> Bool # (/=) :: DecodeAuthorizationMessageResponse -> DecodeAuthorizationMessageResponse -> Bool #
Data DecodeAuthorizationMessageResponse Source #
Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> DecodeAuthorizationMessageResponse -> c DecodeAuthorizationMessageResponse # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c DecodeAuthorizationMessageResponse # toConstr :: DecodeAuthorizationMessageResponse -> Constr # dataTypeOf :: DecodeAuthorizationMessageResponse -> DataType # dataCast1 :: Typeable (* -> ) t => (forall d. Data d => c (t d)) -> Maybe (c DecodeAuthorizationMessageResponse) # dataCast2 :: Typeable ( -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c DecodeAuthorizationMessageResponse) # gmapT :: (forall b. Data b => b -> b) -> DecodeAuthorizationMessageResponse -> DecodeAuthorizationMessageResponse # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> DecodeAuthorizationMessageResponse -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> DecodeAuthorizationMessageResponse -> r # gmapQ :: (forall d. Data d => d -> u) -> DecodeAuthorizationMessageResponse -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> DecodeAuthorizationMessageResponse -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> DecodeAuthorizationMessageResponse -> m DecodeAuthorizationMessageResponse # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> DecodeAuthorizationMessageResponse -> m DecodeAuthorizationMessageResponse # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> DecodeAuthorizationMessageResponse -> m DecodeAuthorizationMessageResponse #
Read DecodeAuthorizationMessageResponse Source #
Methods readsPrec :: Int -> ReadS DecodeAuthorizationMessageResponse # readList :: ReadS [DecodeAuthorizationMessageResponse] # readPrec :: ReadPrec DecodeAuthorizationMessageResponse # readListPrec :: ReadPrec [DecodeAuthorizationMessageResponse] #
Show DecodeAuthorizationMessageResponse Source #
Methods showsPrec :: Int -> DecodeAuthorizationMessageResponse -> ShowS # show :: DecodeAuthorizationMessageResponse -> String # showList :: [DecodeAuthorizationMessageResponse] -> ShowS #
Generic DecodeAuthorizationMessageResponse Source #
Associated Types type Rep DecodeAuthorizationMessageResponse :: * -> * # Methods from :: DecodeAuthorizationMessageResponse -> Rep DecodeAuthorizationMessageResponse x # to :: Rep DecodeAuthorizationMessageResponse x -> DecodeAuthorizationMessageResponse #
NFData DecodeAuthorizationMessageResponse Source #
Methods rnf :: DecodeAuthorizationMessageResponse -> () #
type Rep DecodeAuthorizationMessageResponse Source #
type Rep DecodeAuthorizationMessageResponse = D1 (MetaData "DecodeAuthorizationMessageResponse" "Network.AWS.STS.DecodeAuthorizationMessage" "amazonka-sts-1.4.4-6LedVt18Nu9LYxEc2oTJZY" False) (C1 (MetaCons "DecodeAuthorizationMessageResponse'" PrefixI True) ((:*:) (S1 (MetaSel (Just Symbol "_damrsDecodedMessage") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) (S1 (MetaSel (Just Symbol "_damrsResponseStatus") NoSourceUnpackedness SourceStrict DecidedUnpack) (Rec0 Int))))

Response Lenses

damrsDecodedMessage :: Lens' DecodeAuthorizationMessageResponse (Maybe Text) Source #

An XML document that contains the decoded message.

damrsResponseStatus :: Lens' DecodeAuthorizationMessageResponse Int Source #

The response status code.