1 1 | // Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
|
2 - | pub use crate::operation::create_session::_create_session_output::CreateSessionOutputBuilder;
|
3 - |
|
4 2 | pub use crate::operation::create_session::_create_session_input::CreateSessionInputBuilder;
|
5 3 |
|
4 + | pub use crate::operation::create_session::_create_session_output::CreateSessionOutputBuilder;
|
5 + |
|
6 6 | impl crate::operation::create_session::builders::CreateSessionInputBuilder {
|
7 7 | /// Sends a request with this input using the given client.
|
8 8 | pub async fn send_with(
|
9 9 | self,
|
10 10 | client: &crate::Client,
|
11 11 | ) -> ::std::result::Result<
|
12 12 | crate::operation::create_session::CreateSessionOutput,
|
13 13 | ::aws_smithy_runtime_api::client::result::SdkError<
|
14 14 | crate::operation::create_session::CreateSessionError,
|
15 15 | ::aws_smithy_runtime_api::client::orchestrator::HttpResponse,
|
16 16 | >,
|
17 17 | > {
|
18 18 | let mut fluent_builder = client.create_session();
|
19 19 | fluent_builder.inner = self;
|
20 20 | fluent_builder.send().await
|
21 21 | }
|
22 22 | }
|
23 23 | /// Fluent builder constructing a request to `CreateSession`.
|
24 24 | ///
|
25 25 | /// <p>Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint API operations on directory buckets. For more information about Zonal endpoint API operations that include the Availability Zone in the request endpoint, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html">S3 Express One Zone APIs</a> in the <i>Amazon S3 User Guide</i>.</p>
|
26 26 | /// <p>To make Zonal endpoint API requests on a directory bucket, use the <code>CreateSession</code> API operation. Specifically, you grant <code>s3express:CreateSession</code> permission to a bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials to make the <code>CreateSession</code> API request on the bucket, which returns temporary security credentials that include the access key ID, secret access key, session token, and expiration. These credentials have associated permissions to access the Zonal endpoint API operations. After the session is created, you don’t need to use other policies to grant permissions to each Zonal endpoint API individually. Instead, in your Zonal endpoint API requests, you sign your requests by applying the temporary security credentials of the session to the request headers and following the SigV4 protocol for authentication. You also apply the session token to the <code>x-amz-s3session-token</code> request header for authorization. Temporary security credentials are scoped to the bucket and expire after 5 minutes. After the expiration time, any calls that you make with those credentials will fail. You must use IAM credentials again to make a <code>CreateSession</code> API request that generates a new set of temporary credentials for use. Temporary credentials cannot be extended or refreshed beyond the original specified interval.</p>
|
27 27 | /// <p>If you use Amazon Web Services SDKs, SDKs handle the session token refreshes automatically to avoid service interruptions when a session expires. We recommend that you use the Amazon Web Services SDKs to initiate and manage requests to the CreateSession API. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-optimizing-performance-guidelines-design-patterns.html#s3-express-optimizing-performance-session-authentication">Performance guidelines and design patterns</a> in the <i>Amazon S3 User Guide</i>.</p><note>
|
28 28 | /// <ul>
|
29 29 | /// <li>
|
30 30 | /// <p>You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format <code>https://<i>bucket-name</i>.s3express-<i>zone-id</i>.<i>region-code</i>.amazonaws.com</code>. Path-style requests are not supported. For more information about endpoints in Availability Zones, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html">Regional and Zonal endpoints for directory buckets in Availability Zones</a> in the <i>Amazon S3 User Guide</i>. For more information about endpoints in Local Zones, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html">Concepts for directory buckets in Local Zones</a> in the <i>Amazon S3 User Guide</i>.</p></li>
|
31 31 | /// <li>
|
32 32 | /// <p><b> <code>CopyObject</code> API operation</b> - Unlike other Zonal endpoint API operations, the <code>CopyObject</code> API operation doesn't use the temporary security credentials returned from the <code>CreateSession</code> API operation for authentication and authorization. For information about authentication and authorization of the <code>CopyObject</code> API operation on directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html">CopyObject</a>.</p></li>
|
33 33 | /// <li>
|
34 34 | /// <p><b> <code>HeadBucket</code> API operation</b> - Unlike other Zonal endpoint API operations, the <code>HeadBucket</code> API operation doesn't use the temporary security credentials returned from the <code>CreateSession</code> API operation for authentication and authorization. For information about authentication and authorization of the <code>HeadBucket</code> API operation on directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html">HeadBucket</a>.</p></li>
|
35 35 | /// </ul>
|