aws_sdk_sts/operation/assume_root/builders.rs
1// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
2pub use crate::operation::assume_root::_assume_root_output::AssumeRootOutputBuilder;
3
4pub use crate::operation::assume_root::_assume_root_input::AssumeRootInputBuilder;
5
6impl crate::operation::assume_root::builders::AssumeRootInputBuilder {
7 /// Sends a request with this input using the given client.
8 pub async fn send_with(self, client: &crate::Client) -> ::std::result::Result<
9 crate::operation::assume_root::AssumeRootOutput,
10 ::aws_smithy_runtime_api::client::result::SdkError<
11 crate::operation::assume_root::AssumeRootError,
12 ::aws_smithy_runtime_api::client::orchestrator::HttpResponse
13 >
14 > {
15 let mut fluent_builder = client.assume_root();
16 fluent_builder.inner = self;
17 fluent_builder.send().await
18 }
19 }
20/// Fluent builder constructing a request to `AssumeRoot`.
21///
22/// <p>Returns a set of short term credentials you can use to perform privileged tasks on a member account in your organization.</p>
23/// <p>Before you can launch a privileged session, you must have centralized root access in your organization. For steps to enable this feature, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html">Centralize root access for member accounts</a> in the <i>IAM User Guide</i>.</p><note>
24/// <p>The STS global endpoint is not supported for AssumeRoot. You must send this request to a Regional STS endpoint. For more information, see <a href="https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html#sts-endpoints">Endpoints</a>.</p>
25/// </note>
26/// <p>You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a session. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html">Track privileged tasks in CloudTrail</a> in the <i>IAM User Guide</i>.</p>
27#[derive(::std::clone::Clone, ::std::fmt::Debug)]
28pub struct AssumeRootFluentBuilder {
29 handle: ::std::sync::Arc<crate::client::Handle>,
30 inner: crate::operation::assume_root::builders::AssumeRootInputBuilder,
31config_override: ::std::option::Option<crate::config::Builder>,
32 }
33impl
34 crate::client::customize::internal::CustomizableSend<
35 crate::operation::assume_root::AssumeRootOutput,
36 crate::operation::assume_root::AssumeRootError,
37 > for AssumeRootFluentBuilder
38 {
39 fn send(
40 self,
41 config_override: crate::config::Builder,
42 ) -> crate::client::customize::internal::BoxFuture<
43 crate::client::customize::internal::SendResult<
44 crate::operation::assume_root::AssumeRootOutput,
45 crate::operation::assume_root::AssumeRootError,
46 >,
47 > {
48 ::std::boxed::Box::pin(async move { self.config_override(config_override).send().await })
49 }
50 }
51impl AssumeRootFluentBuilder {
52 /// Creates a new `AssumeRootFluentBuilder`.
53 pub(crate) fn new(handle: ::std::sync::Arc<crate::client::Handle>) -> Self {
54 Self {
55 handle,
56 inner: ::std::default::Default::default(),
57 config_override: ::std::option::Option::None,
58 }
59 }
60 /// Access the AssumeRoot as a reference.
61 pub fn as_input(&self) -> &crate::operation::assume_root::builders::AssumeRootInputBuilder {
62 &self.inner
63 }
64 /// Sends the request and returns the response.
65 ///
66 /// If an error occurs, an `SdkError` will be returned with additional details that
67 /// can be matched against.
68 ///
69 /// By default, any retryable failures will be retried twice. Retry behavior
70 /// is configurable with the [RetryConfig](aws_smithy_types::retry::RetryConfig), which can be
71 /// set when configuring the client. Note: retries are enabled by default when using
72 /// `aws_config::load_from_env()` or when using `BehaviorVersion::v2025_01_17()` or later.
73 pub async fn send(self) -> ::std::result::Result<crate::operation::assume_root::AssumeRootOutput, ::aws_smithy_runtime_api::client::result::SdkError<crate::operation::assume_root::AssumeRootError, ::aws_smithy_runtime_api::client::orchestrator::HttpResponse>> {
74 let input = self.inner.build().map_err(::aws_smithy_runtime_api::client::result::SdkError::construction_failure)?;
75 let runtime_plugins = crate::operation::assume_root::AssumeRoot::operation_runtime_plugins(
76 self.handle.runtime_plugins.clone(),
77 &self.handle.conf,
78 self.config_override,
79 );
80 crate::operation::assume_root::AssumeRoot::orchestrate(&runtime_plugins, input).await
81 }
82
83 /// Consumes this builder, creating a customizable operation that can be modified before being sent.
84 pub fn customize(
85 self,
86 ) -> crate::client::customize::CustomizableOperation<crate::operation::assume_root::AssumeRootOutput, crate::operation::assume_root::AssumeRootError, Self> {
87 crate::client::customize::CustomizableOperation::new(self)
88 }
89 pub(crate) fn config_override(
90 mut self,
91 config_override: impl ::std::convert::Into<crate::config::Builder>,
92 ) -> Self {
93 self.set_config_override(::std::option::Option::Some(config_override.into()));
94 self
95 }
96
97 pub(crate) fn set_config_override(
98 &mut self,
99 config_override: ::std::option::Option<crate::config::Builder>,
100 ) -> &mut Self {
101 self.config_override = config_override;
102 self
103 }
104 /// <p>The member account principal ARN or account ID.</p>
105 pub fn target_principal(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
106 self.inner = self.inner.target_principal(input.into());
107 self
108 }
109 /// <p>The member account principal ARN or account ID.</p>
110 pub fn set_target_principal(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
111 self.inner = self.inner.set_target_principal(input);
112 self
113 }
114 /// <p>The member account principal ARN or account ID.</p>
115 pub fn get_target_principal(&self) -> &::std::option::Option<::std::string::String> {
116 self.inner.get_target_principal()
117 }
118 /// <p>The identity based policy that scopes the session to the privileged tasks that can be performed. You can use one of following Amazon Web Services managed policies to scope root session actions.</p>
119 /// <ul>
120 /// <li>
121 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials">IAMAuditRootUserCredentials</a></p></li>
122 /// <li>
123 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword">IAMCreateRootUserPassword</a></p></li>
124 /// <li>
125 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials">IAMDeleteRootUserCredentials</a></p></li>
126 /// <li>
127 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy">S3UnlockBucketPolicy</a></p></li>
128 /// <li>
129 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy">SQSUnlockQueuePolicy</a></p></li>
130 /// </ul>
131 pub fn task_policy_arn(mut self, input: crate::types::PolicyDescriptorType) -> Self {
132 self.inner = self.inner.task_policy_arn(input);
133 self
134 }
135 /// <p>The identity based policy that scopes the session to the privileged tasks that can be performed. You can use one of following Amazon Web Services managed policies to scope root session actions.</p>
136 /// <ul>
137 /// <li>
138 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials">IAMAuditRootUserCredentials</a></p></li>
139 /// <li>
140 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword">IAMCreateRootUserPassword</a></p></li>
141 /// <li>
142 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials">IAMDeleteRootUserCredentials</a></p></li>
143 /// <li>
144 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy">S3UnlockBucketPolicy</a></p></li>
145 /// <li>
146 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy">SQSUnlockQueuePolicy</a></p></li>
147 /// </ul>
148 pub fn set_task_policy_arn(mut self, input: ::std::option::Option<crate::types::PolicyDescriptorType>) -> Self {
149 self.inner = self.inner.set_task_policy_arn(input);
150 self
151 }
152 /// <p>The identity based policy that scopes the session to the privileged tasks that can be performed. You can use one of following Amazon Web Services managed policies to scope root session actions.</p>
153 /// <ul>
154 /// <li>
155 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials">IAMAuditRootUserCredentials</a></p></li>
156 /// <li>
157 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword">IAMCreateRootUserPassword</a></p></li>
158 /// <li>
159 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials">IAMDeleteRootUserCredentials</a></p></li>
160 /// <li>
161 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy">S3UnlockBucketPolicy</a></p></li>
162 /// <li>
163 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy">SQSUnlockQueuePolicy</a></p></li>
164 /// </ul>
165 pub fn get_task_policy_arn(&self) -> &::std::option::Option<crate::types::PolicyDescriptorType> {
166 self.inner.get_task_policy_arn()
167 }
168 /// <p>The duration, in seconds, of the privileged session. The value can range from 0 seconds up to the maximum session duration of 900 seconds (15 minutes). If you specify a value higher than this setting, the operation fails.</p>
169 /// <p>By default, the value is set to <code>900</code> seconds.</p>
170 pub fn duration_seconds(mut self, input: i32) -> Self {
171 self.inner = self.inner.duration_seconds(input);
172 self
173 }
174 /// <p>The duration, in seconds, of the privileged session. The value can range from 0 seconds up to the maximum session duration of 900 seconds (15 minutes). If you specify a value higher than this setting, the operation fails.</p>
175 /// <p>By default, the value is set to <code>900</code> seconds.</p>
176 pub fn set_duration_seconds(mut self, input: ::std::option::Option<i32>) -> Self {
177 self.inner = self.inner.set_duration_seconds(input);
178 self
179 }
180 /// <p>The duration, in seconds, of the privileged session. The value can range from 0 seconds up to the maximum session duration of 900 seconds (15 minutes). If you specify a value higher than this setting, the operation fails.</p>
181 /// <p>By default, the value is set to <code>900</code> seconds.</p>
182 pub fn get_duration_seconds(&self) -> &::std::option::Option<i32> {
183 self.inner.get_duration_seconds()
184 }
185}
186