Returns a set of short term credentials you can use to perform privileged tasks in a - * member account.
- *Before you can launch a privileged session, you must have enabled centralized root - * access in your organization. For steps to enable this feature, see Centralize root access for member accounts in the IAM User - * Guide.
+ *Returns a set of short term credentials you can use to perform privileged tasks on a + * member account in your organization.
+ *Before you can launch a privileged session, you must have centralized root access in + * your organization. For steps to enable this feature, see Centralize root access for + * member accounts in the IAM User Guide.
*The global endpoint is not supported for AssumeRoot. You must send this request to a - * Regional STS endpoint. For more information, see Endpoints.
+ *The STS global endpoint is not supported for AssumeRoot. You must send this request + * to a Regional STS endpoint. For more information, see Endpoints.
*You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a * session. For more information, see Track privileged tasks diff --git a/clients/client-sts/src/models/models_0.ts b/clients/client-sts/src/models/models_0.ts index 27b46495c1ec..ce92d37a66d7 100644 --- a/clients/client-sts/src/models/models_0.ts +++ b/clients/client-sts/src/models/models_0.ts @@ -303,7 +303,7 @@ export interface AssumeRoleRequest { * IAM User Guide.
*The regex used to validate this parameter is a string of characters consisting of upper-
* and lower-case alphanumeric characters with no spaces. You can also include underscores or
- * any of the following characters: =,.@-. You cannot use a value that begins with the text
+ * any of the following characters: +=,.@-. You cannot use a value that begins with the text
* aws:. This prefix is reserved for Amazon Web Services internal use.
AssumeRoleWithWebIdentity call. Timestamps in the token must be formatted
- * as either an integer or a long integer. Only tokens with RSA algorithms (RS256) are
- * supported.
+ * as either an integer or a long integer. Tokens must be signed using either RSA keys (RS256,
+ * RS384, or RS512) or ECDSA keys (ES256, ES384, or ES512).
* @public
*/
WebIdentityToken: string | undefined;
@@ -1023,9 +1023,8 @@ export interface AssumeRootRequest {
/**
* The identity based policy that scopes the session to the privileged tasks that can be - * performed. You can use one of following Amazon Web Services managed policies to scope - * root session actions. You can add additional customer managed policies to further limit the - * permissions for the root session.
+ * performed. You can use one of following Amazon Web Services managed policies to scope root session + * actions. *diff --git a/codegen/sdk-codegen/aws-models/sts.json b/codegen/sdk-codegen/aws-models/sts.json index 1dba5548a464..ca172ad656ea 100644 --- a/codegen/sdk-codegen/aws-models/sts.json +++ b/codegen/sdk-codegen/aws-models/sts.json @@ -2383,7 +2383,7 @@ "SourceIdentity": { "target": "com.amazonaws.sts#sourceIdentityType", "traits": { - "smithy.api#documentation": "
The source identity specified by the principal that is calling the\n AssumeRole operation. The source identity value persists across chained role sessions.
You can require users to specify a source identity when they assume a role. You do this\n by using the \n sts:SourceIdentity\n condition key in a role trust policy. You\n can use source identity information in CloudTrail logs to determine who took actions with a\n role. You can use the aws:SourceIdentity condition key to further control\n access to Amazon Web Services resources based on the value of source identity. For more information about\n using source identity, see Monitor and control\n actions taken with assumed roles in the\n IAM User Guide.
The regex used to validate this parameter is a string of characters consisting of upper-\n and lower-case alphanumeric characters with no spaces. You can also include underscores or\n any of the following characters: =,.@-. You cannot use a value that begins with the text\n aws:. This prefix is reserved for Amazon Web Services internal use.
The source identity specified by the principal that is calling the\n AssumeRole operation. The source identity value persists across chained role sessions.
You can require users to specify a source identity when they assume a role. You do this\n by using the \n sts:SourceIdentity\n condition key in a role trust policy. You\n can use source identity information in CloudTrail logs to determine who took actions with a\n role. You can use the aws:SourceIdentity condition key to further control\n access to Amazon Web Services resources based on the value of source identity. For more information about\n using source identity, see Monitor and control\n actions taken with assumed roles in the\n IAM User Guide.
The regex used to validate this parameter is a string of characters consisting of upper-\n and lower-case alphanumeric characters with no spaces. You can also include underscores or\n any of the following characters: +=,.@-. You cannot use a value that begins with the text\n aws:. This prefix is reserved for Amazon Web Services internal use.
The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity\n provider. Your application must get this token by authenticating the user who is using your\n application with a web identity provider before the application makes an\n AssumeRoleWithWebIdentity call. Timestamps in the token must be formatted\n as either an integer or a long integer. Only tokens with RSA algorithms (RS256) are\n supported.
The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity\n provider. Your application must get this token by authenticating the user who is using your\n application with a web identity provider before the application makes an\n AssumeRoleWithWebIdentity call. Timestamps in the token must be formatted\n as either an integer or a long integer. Tokens must be signed using either RSA keys (RS256,\n RS384, or RS512) or ECDSA keys (ES256, ES384, or ES512).
Returns a set of short term credentials you can use to perform privileged tasks in a\n member account.
\nBefore you can launch a privileged session, you must have enabled centralized root\n access in your organization. For steps to enable this feature, see Centralize root access for member accounts in the IAM User\n Guide.
\nThe global endpoint is not supported for AssumeRoot. You must send this request to a\n Regional STS endpoint. For more information, see Endpoints.
\nYou can track AssumeRoot in CloudTrail logs to determine what actions were performed in a\n session. For more information, see Track privileged tasks\n in CloudTrail in the IAM User Guide.
", + "smithy.api#documentation": "Returns a set of short term credentials you can use to perform privileged tasks on a\n member account in your organization.
\nBefore you can launch a privileged session, you must have centralized root access in\n your organization. For steps to enable this feature, see Centralize root access for\n member accounts in the IAM User Guide.
\nThe STS global endpoint is not supported for AssumeRoot. You must send this request\n to a Regional STS endpoint. For more information, see Endpoints.
\nYou can track AssumeRoot in CloudTrail logs to determine what actions were performed in a\n session. For more information, see Track privileged tasks\n in CloudTrail in the IAM User Guide.
", "smithy.api#examples": [ { "title": "To launch a privileged session", @@ -2826,7 +2826,7 @@ "TaskPolicyArn": { "target": "com.amazonaws.sts#PolicyDescriptorType", "traits": { - "smithy.api#documentation": "The identity based policy that scopes the session to the privileged tasks that can be\n performed. You can use one of following Amazon Web Services managed policies to scope\n root session actions. You can add additional customer managed policies to further limit the\n permissions for the root session.
\n\n S3UnlockBucketPolicy\n
\n\n SQSUnlockQueuePolicy\n
\nThe identity based policy that scopes the session to the privileged tasks that can be\n performed. You can use one of following Amazon Web Services managed policies to scope root session\n actions.
\n\n S3UnlockBucketPolicy\n
\n\n SQSUnlockQueuePolicy\n
\n