amazonka-sts-1.5.0: Amazon Security Token Service SDK.

Copyright(c) 2013-2017 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone
LanguageHaskell2010

Network.AWS.STS.Types

Contents

Description

 

Synopsis

Service Configuration

sts :: Service Source #

API version 2011-06-15 of the Amazon Security Token Service SDK configuration.

Errors

_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the policy document was malformed. The error message describes the specific error.

_InvalidAuthorizationMessageException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The error returned if the message passed to DecodeAuthorizationMessage was invalid. This can happen if the token contains invalid characters, such as linebreaks.

_PackedPolicyTooLargeException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the policy document was too large. The error message describes how big the policy document is, in packed form, as a percentage of what the API allows.

_RegionDisabledException :: AsError a => Getting (First ServiceError) a ServiceError Source #

STS is not activated in the requested region for the account that is being asked to generate credentials. The account administrator must use the IAM console to activate STS in that region. For more information, see Activating and Deactivating AWS STS in an AWS Region in the IAM User Guide .

_IdPCommunicationErrorException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request could not be fulfilled because the non-AWS identity provider (IDP) that was asked to verify the incoming identity token could not be reached. This is often a transient error caused by network conditions. Retry the request a limited number of times so that you don't exceed the request rate. If the error persists, the non-AWS identity provider might be down or not responding.

_InvalidIdentityTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The web identity token that was passed could not be validated by AWS. Get a new identity token from the identity provider and then retry the request.

_ExpiredTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The web identity token that was passed is expired or is not valid. Get a new identity token from the identity provider and then retry the request.

_IdPRejectedClaimException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The identity provider (IdP) reported that authentication failed. This might be because the claim is invalid.

If this error is returned for the AssumeRoleWithWebIdentity operation, it can also mean that the claim has expired or has been explicitly revoked.

AssumedRoleUser

data AssumedRoleUser Source #

The identifiers for the temporary security credentials that the operation returns.

See: assumedRoleUser smart constructor.

Instances

Eq AssumedRoleUser Source # 
Data AssumedRoleUser Source # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> AssumedRoleUser -> c AssumedRoleUser #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c AssumedRoleUser #

toConstr :: AssumedRoleUser -> Constr #

dataTypeOf :: AssumedRoleUser -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c AssumedRoleUser) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c AssumedRoleUser) #

gmapT :: (forall b. Data b => b -> b) -> AssumedRoleUser -> AssumedRoleUser #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> AssumedRoleUser -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> AssumedRoleUser -> r #

gmapQ :: (forall d. Data d => d -> u) -> AssumedRoleUser -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> AssumedRoleUser -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> AssumedRoleUser -> m AssumedRoleUser #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> AssumedRoleUser -> m AssumedRoleUser #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> AssumedRoleUser -> m AssumedRoleUser #

Read AssumedRoleUser Source # 
Show AssumedRoleUser Source # 
Generic AssumedRoleUser Source # 
Hashable AssumedRoleUser Source # 
NFData AssumedRoleUser Source # 

Methods

rnf :: AssumedRoleUser -> () #

FromXML AssumedRoleUser Source # 
type Rep AssumedRoleUser Source # 
type Rep AssumedRoleUser = D1 (MetaData "AssumedRoleUser" "Network.AWS.STS.Types.Product" "amazonka-sts-1.5.0-1TsRqghBsTWDbeeJJE5QJN" False) (C1 (MetaCons "AssumedRoleUser'" PrefixI True) ((:*:) (S1 (MetaSel (Just Symbol "_aruAssumedRoleId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text)) (S1 (MetaSel (Just Symbol "_aruARN") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text))))

assumedRoleUser Source #

Arguments

:: Text

aruAssumedRoleId

-> Text

aruARN

-> AssumedRoleUser 

Creates a value of AssumedRoleUser with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

  • aruAssumedRoleId - A unique identifier that contains the role ID and the role session name of the role that is being assumed. The role ID is generated by AWS when the role is created.
  • aruARN - The ARN of the temporary security credentials that are returned from the AssumeRole action. For more information about ARNs and how to use them in policies, see IAM Identifiers in Using IAM .

aruAssumedRoleId :: Lens' AssumedRoleUser Text Source #

A unique identifier that contains the role ID and the role session name of the role that is being assumed. The role ID is generated by AWS when the role is created.

aruARN :: Lens' AssumedRoleUser Text Source #

The ARN of the temporary security credentials that are returned from the AssumeRole action. For more information about ARNs and how to use them in policies, see IAM Identifiers in Using IAM .

FederatedUser

data FederatedUser Source #

Identifiers for the federated user that is associated with the credentials.

See: federatedUser smart constructor.

Instances

Eq FederatedUser Source # 
Data FederatedUser Source # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> FederatedUser -> c FederatedUser #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c FederatedUser #

toConstr :: FederatedUser -> Constr #

dataTypeOf :: FederatedUser -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c FederatedUser) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c FederatedUser) #

gmapT :: (forall b. Data b => b -> b) -> FederatedUser -> FederatedUser #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> FederatedUser -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> FederatedUser -> r #

gmapQ :: (forall d. Data d => d -> u) -> FederatedUser -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> FederatedUser -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> FederatedUser -> m FederatedUser #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> FederatedUser -> m FederatedUser #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> FederatedUser -> m FederatedUser #

Read FederatedUser Source # 
Show FederatedUser Source # 
Generic FederatedUser Source # 

Associated Types

type Rep FederatedUser :: * -> * #

Methods

from :: FederatedUser -> Rep FederatedUser x #

to :: Rep FederatedUser x -> FederatedUser #

Hashable FederatedUser Source # 
NFData FederatedUser Source # 

Methods

rnf :: FederatedUser -> () #

FromXML FederatedUser Source # 
type Rep FederatedUser Source # 
type Rep FederatedUser = D1 (MetaData "FederatedUser" "Network.AWS.STS.Types.Product" "amazonka-sts-1.5.0-1TsRqghBsTWDbeeJJE5QJN" False) (C1 (MetaCons "FederatedUser'" PrefixI True) ((:*:) (S1 (MetaSel (Just Symbol "_fuFederatedUserId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text)) (S1 (MetaSel (Just Symbol "_fuARN") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text))))

federatedUser Source #

Arguments

:: Text

fuFederatedUserId

-> Text

fuARN

-> FederatedUser 

Creates a value of FederatedUser with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

  • fuFederatedUserId - The string that identifies the federated user associated with the credentials, similar to the unique ID of an IAM user.
  • fuARN - The ARN that specifies the federated user that is associated with the credentials. For more information about ARNs and how to use them in policies, see IAM Identifiers in Using IAM .

fuFederatedUserId :: Lens' FederatedUser Text Source #

The string that identifies the federated user associated with the credentials, similar to the unique ID of an IAM user.

fuARN :: Lens' FederatedUser Text Source #

The ARN that specifies the federated user that is associated with the credentials. For more information about ARNs and how to use them in policies, see IAM Identifiers in Using IAM .