aws_sdk_sts/operation/get_session_token/builders.rs
1// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
2pub use crate::operation::get_session_token::_get_session_token_output::GetSessionTokenOutputBuilder;
3
4pub use crate::operation::get_session_token::_get_session_token_input::GetSessionTokenInputBuilder;
5
6impl crate::operation::get_session_token::builders::GetSessionTokenInputBuilder {
7 /// Sends a request with this input using the given client.
8 pub async fn send_with(self, client: &crate::Client) -> ::std::result::Result<
9 crate::operation::get_session_token::GetSessionTokenOutput,
10 ::aws_smithy_runtime_api::client::result::SdkError<
11 crate::operation::get_session_token::GetSessionTokenError,
12 ::aws_smithy_runtime_api::client::orchestrator::HttpResponse
13 >
14 > {
15 let mut fluent_builder = client.get_session_token();
16 fluent_builder.inner = self;
17 fluent_builder.send().await
18 }
19 }
20/// Fluent builder constructing a request to `GetSessionToken`.
21///
22/// <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect programmatic calls to specific Amazon Web Services API operations like Amazon EC2 <code>StopInstances</code>.</p>
23/// <p>MFA-enabled IAM users must call <code>GetSessionToken</code> and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that the call returns, IAM users can then make programmatic calls to API operations that require MFA authentication. An incorrect MFA code causes the API to return an access denied error. For a comparison of <code>GetSessionToken</code> with the other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p><note>
24/// <p>No permissions are required for users to perform this operation. The purpose of the <code>sts:GetSessionToken</code> operation is to authenticate the user using MFA. You cannot use policies to control authentication operations. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html">Permissions for GetSessionToken</a> in the <i>IAM User Guide</i>.</p>
25/// </note>
26/// <p><b>Session Duration</b></p>
27/// <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services security credentials of an IAM user. Credentials that are created by IAM users are valid for the duration that you specify. This duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials based on account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a default of 1 hour.</p>
28/// <p><b>Permissions</b></p>
29/// <p>The temporary security credentials created by <code>GetSessionToken</code> can be used to make API calls to any Amazon Web Services service with the following exceptions:</p>
30/// <ul>
31/// <li>
32/// <p>You cannot call any IAM API operations unless MFA authentication information is included in the request.</p></li>
33/// <li>
34/// <p>You cannot call any STS API <i>except</i> <code>AssumeRole</code> or <code>GetCallerIdentity</code>.</p></li>
35/// </ul>
36/// <p>The credentials that <code>GetSessionToken</code> returns are based on permissions associated with the IAM user whose credentials were used to call the operation. The temporary credentials have the same permissions as the IAM user.</p><note>
37/// <p>Although it is possible to call <code>GetSessionToken</code> using the security credentials of an Amazon Web Services account root user rather than an IAM user, we do not recommend it. If <code>GetSessionToken</code> is called using root user credentials, the temporary credentials have root user permissions. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials">Safeguard your root user credentials and don't use them for everyday tasks</a> in the <i>IAM User Guide</i></p>
38/// </note>
39/// <p>For more information about using <code>GetSessionToken</code> to create temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken">Temporary Credentials for Users in Untrusted Environments</a> in the <i>IAM User Guide</i>.</p>
40#[derive(::std::clone::Clone, ::std::fmt::Debug)]
41pub struct GetSessionTokenFluentBuilder {
42 handle: ::std::sync::Arc<crate::client::Handle>,
43 inner: crate::operation::get_session_token::builders::GetSessionTokenInputBuilder,
44config_override: ::std::option::Option<crate::config::Builder>,
45 }
46impl
47 crate::client::customize::internal::CustomizableSend<
48 crate::operation::get_session_token::GetSessionTokenOutput,
49 crate::operation::get_session_token::GetSessionTokenError,
50 > for GetSessionTokenFluentBuilder
51 {
52 fn send(
53 self,
54 config_override: crate::config::Builder,
55 ) -> crate::client::customize::internal::BoxFuture<
56 crate::client::customize::internal::SendResult<
57 crate::operation::get_session_token::GetSessionTokenOutput,
58 crate::operation::get_session_token::GetSessionTokenError,
59 >,
60 > {
61 ::std::boxed::Box::pin(async move { self.config_override(config_override).send().await })
62 }
63 }
64impl GetSessionTokenFluentBuilder {
65 /// Creates a new `GetSessionTokenFluentBuilder`.
66 pub(crate) fn new(handle: ::std::sync::Arc<crate::client::Handle>) -> Self {
67 Self {
68 handle,
69 inner: ::std::default::Default::default(),
70 config_override: ::std::option::Option::None,
71 }
72 }
73 /// Access the GetSessionToken as a reference.
74 pub fn as_input(&self) -> &crate::operation::get_session_token::builders::GetSessionTokenInputBuilder {
75 &self.inner
76 }
77 /// Sends the request and returns the response.
78 ///
79 /// If an error occurs, an `SdkError` will be returned with additional details that
80 /// can be matched against.
81 ///
82 /// By default, any retryable failures will be retried twice. Retry behavior
83 /// is configurable with the [RetryConfig](aws_smithy_types::retry::RetryConfig), which can be
84 /// set when configuring the client.
85 pub async fn send(self) -> ::std::result::Result<crate::operation::get_session_token::GetSessionTokenOutput, ::aws_smithy_runtime_api::client::result::SdkError<crate::operation::get_session_token::GetSessionTokenError, ::aws_smithy_runtime_api::client::orchestrator::HttpResponse>> {
86 let input = self.inner.build().map_err(::aws_smithy_runtime_api::client::result::SdkError::construction_failure)?;
87 let runtime_plugins = crate::operation::get_session_token::GetSessionToken::operation_runtime_plugins(
88 self.handle.runtime_plugins.clone(),
89 &self.handle.conf,
90 self.config_override,
91 );
92 crate::operation::get_session_token::GetSessionToken::orchestrate(&runtime_plugins, input).await
93 }
94
95 /// Consumes this builder, creating a customizable operation that can be modified before being sent.
96 pub fn customize(
97 self,
98 ) -> crate::client::customize::CustomizableOperation<crate::operation::get_session_token::GetSessionTokenOutput, crate::operation::get_session_token::GetSessionTokenError, Self> {
99 crate::client::customize::CustomizableOperation::new(self)
100 }
101 pub(crate) fn config_override(
102 mut self,
103 config_override: impl ::std::convert::Into<crate::config::Builder>,
104 ) -> Self {
105 self.set_config_override(::std::option::Option::Some(config_override.into()));
106 self
107 }
108
109 pub(crate) fn set_config_override(
110 &mut self,
111 config_override: ::std::option::Option<crate::config::Builder>,
112 ) -> &mut Self {
113 self.config_override = config_override;
114 self
115 }
116 /// <p>The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for Amazon Web Services account owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one hour, the session for Amazon Web Services account owners defaults to one hour.</p>
117 pub fn duration_seconds(mut self, input: i32) -> Self {
118 self.inner = self.inner.duration_seconds(input);
119 self
120 }
121 /// <p>The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for Amazon Web Services account owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one hour, the session for Amazon Web Services account owners defaults to one hour.</p>
122 pub fn set_duration_seconds(mut self, input: ::std::option::Option<i32>) -> Self {
123 self.inner = self.inner.set_duration_seconds(input);
124 self
125 }
126 /// <p>The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for Amazon Web Services account owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one hour, the session for Amazon Web Services account owners defaults to one hour.</p>
127 pub fn get_duration_seconds(&self) -> &::std::option::Option<i32> {
128 self.inner.get_duration_seconds()
129 }
130 /// <p>The identification number of the MFA device that is associated with the IAM user who is making the <code>GetSessionToken</code> call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as <code>GAHT12345678</code>) or an Amazon Resource Name (ARN) for a virtual device (such as <code>arn:aws:iam::123456789012:mfa/user</code>). You can find the device for an IAM user by going to the Amazon Web Services Management Console and viewing the user's security credentials.</p>
131 /// <p>The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-</p>
132 pub fn serial_number(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
133 self.inner = self.inner.serial_number(input.into());
134 self
135 }
136 /// <p>The identification number of the MFA device that is associated with the IAM user who is making the <code>GetSessionToken</code> call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as <code>GAHT12345678</code>) or an Amazon Resource Name (ARN) for a virtual device (such as <code>arn:aws:iam::123456789012:mfa/user</code>). You can find the device for an IAM user by going to the Amazon Web Services Management Console and viewing the user's security credentials.</p>
137 /// <p>The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-</p>
138 pub fn set_serial_number(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
139 self.inner = self.inner.set_serial_number(input);
140 self
141 }
142 /// <p>The identification number of the MFA device that is associated with the IAM user who is making the <code>GetSessionToken</code> call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as <code>GAHT12345678</code>) or an Amazon Resource Name (ARN) for a virtual device (such as <code>arn:aws:iam::123456789012:mfa/user</code>). You can find the device for an IAM user by going to the Amazon Web Services Management Console and viewing the user's security credentials.</p>
143 /// <p>The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-</p>
144 pub fn get_serial_number(&self) -> &::std::option::Option<::std::string::String> {
145 self.inner.get_serial_number()
146 }
147 /// <p>The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, the user must provide a code when requesting a set of temporary security credentials. A user who fails to provide the code receives an "access denied" response when requesting resources that require MFA authentication.</p>
148 /// <p>The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.</p>
149 pub fn token_code(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
150 self.inner = self.inner.token_code(input.into());
151 self
152 }
153 /// <p>The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, the user must provide a code when requesting a set of temporary security credentials. A user who fails to provide the code receives an "access denied" response when requesting resources that require MFA authentication.</p>
154 /// <p>The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.</p>
155 pub fn set_token_code(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
156 self.inner = self.inner.set_token_code(input);
157 self
158 }
159 /// <p>The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, the user must provide a code when requesting a set of temporary security credentials. A user who fails to provide the code receives an "access denied" response when requesting resources that require MFA authentication.</p>
160 /// <p>The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.</p>
161 pub fn get_token_code(&self) -> &::std::option::Option<::std::string::String> {
162 self.inner.get_token_code()
163 }
164}
165