|
2383 | 2383 | "SourceIdentity": { |
2384 | 2384 | "target": "com.amazonaws.sts#sourceIdentityType", |
2385 | 2385 | "traits": { |
2386 | | - "smithy.api#documentation": "<p>The source identity specified by the principal that is calling the\n <code>AssumeRole</code> operation. The source identity value persists across <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-role-chaining\">chained role</a> sessions.</p>\n <p>You can require users to specify a source identity when they assume a role. You do this\n by using the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceidentity\">\n <code>sts:SourceIdentity</code>\n </a> condition key in a role trust policy. You\n can use source identity information in CloudTrail logs to determine who took actions with a\n role. You can use the <code>aws:SourceIdentity</code> condition key to further control\n access to Amazon Web Services resources based on the value of source identity. For more information about\n using source identity, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html\">Monitor and control\n actions taken with assumed roles</a> in the\n <i>IAM User Guide</i>.</p>\n <p>The regex used to validate this parameter is a string of characters consisting of upper-\n and lower-case alphanumeric characters with no spaces. You can also include underscores or\n any of the following characters: =,.@-. You cannot use a value that begins with the text\n <code>aws:</code>. This prefix is reserved for Amazon Web Services internal use.</p>" |
| 2386 | + "smithy.api#documentation": "<p>The source identity specified by the principal that is calling the\n <code>AssumeRole</code> operation. The source identity value persists across <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-role-chaining\">chained role</a> sessions.</p>\n <p>You can require users to specify a source identity when they assume a role. You do this\n by using the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceidentity\">\n <code>sts:SourceIdentity</code>\n </a> condition key in a role trust policy. You\n can use source identity information in CloudTrail logs to determine who took actions with a\n role. You can use the <code>aws:SourceIdentity</code> condition key to further control\n access to Amazon Web Services resources based on the value of source identity. For more information about\n using source identity, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html\">Monitor and control\n actions taken with assumed roles</a> in the\n <i>IAM User Guide</i>.</p>\n <p>The regex used to validate this parameter is a string of characters consisting of upper-\n and lower-case alphanumeric characters with no spaces. You can also include underscores or\n any of the following characters: +=,.@-. You cannot use a value that begins with the text\n <code>aws:</code>. This prefix is reserved for Amazon Web Services internal use.</p>" |
2387 | 2387 | } |
2388 | 2388 | }, |
2389 | 2389 | "ProvidedContexts": { |
|
2687 | 2687 | "WebIdentityToken": { |
2688 | 2688 | "target": "com.amazonaws.sts#clientTokenType", |
2689 | 2689 | "traits": { |
2690 | | - "smithy.api#documentation": "<p>The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity\n provider. Your application must get this token by authenticating the user who is using your\n application with a web identity provider before the application makes an\n <code>AssumeRoleWithWebIdentity</code> call. Timestamps in the token must be formatted\n as either an integer or a long integer. Only tokens with RSA algorithms (RS256) are\n supported.</p>", |
| 2690 | + "smithy.api#documentation": "<p>The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity\n provider. Your application must get this token by authenticating the user who is using your\n application with a web identity provider before the application makes an\n <code>AssumeRoleWithWebIdentity</code> call. Timestamps in the token must be formatted\n as either an integer or a long integer. Tokens must be signed using either RSA keys (RS256,\n RS384, or RS512) or ECDSA keys (ES256, ES384, or ES512).</p>", |
2691 | 2691 | "smithy.api#required": {} |
2692 | 2692 | } |
2693 | 2693 | }, |
|
2788 | 2788 | } |
2789 | 2789 | ], |
2790 | 2790 | "traits": { |
2791 | | - "smithy.api#documentation": "<p>Returns a set of short term credentials you can use to perform privileged tasks in a\n member account.</p>\n <p>Before you can launch a privileged session, you must have enabled centralized root\n access in your organization. For steps to enable this feature, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html\">Centralize root access for member accounts</a> in the <i>IAM User\n Guide</i>.</p>\n <note>\n <p>The global endpoint is not supported for AssumeRoot. You must send this request to a\n Regional STS endpoint. For more information, see <a href=\"https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html#sts-endpoints\">Endpoints</a>.</p>\n </note>\n <p>You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a\n session. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html\">Track privileged tasks\n in CloudTrail</a> in the <i>IAM User Guide</i>.</p>", |
| 2791 | + "smithy.api#documentation": "<p>Returns a set of short term credentials you can use to perform privileged tasks on a\n member account in your organization.</p>\n <p>Before you can launch a privileged session, you must have centralized root access in\n your organization. For steps to enable this feature, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html\">Centralize root access for\n member accounts</a> in the <i>IAM User Guide</i>.</p>\n <note>\n <p>The STS global endpoint is not supported for AssumeRoot. You must send this request\n to a Regional STS endpoint. For more information, see <a href=\"https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html#sts-endpoints\">Endpoints</a>.</p>\n </note>\n <p>You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a\n session. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html\">Track privileged tasks\n in CloudTrail</a> in the <i>IAM User Guide</i>.</p>", |
2792 | 2792 | "smithy.api#examples": [ |
2793 | 2793 | { |
2794 | 2794 | "title": "To launch a privileged session", |
|
2826 | 2826 | "TaskPolicyArn": { |
2827 | 2827 | "target": "com.amazonaws.sts#PolicyDescriptorType", |
2828 | 2828 | "traits": { |
2829 | | - "smithy.api#documentation": "<p>The identity based policy that scopes the session to the privileged tasks that can be\n performed. You can use one of following Amazon Web Services managed policies to scope\n root session actions. You can add additional customer managed policies to further limit the\n permissions for the root session.</p>\n <ul>\n <li>\n <p>\n <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials\">IAMAuditRootUserCredentials</a>\n </p>\n </li>\n <li>\n <p>\n <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword\">IAMCreateRootUserPassword</a>\n </p>\n </li>\n <li>\n <p>\n <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials\">IAMDeleteRootUserCredentials</a>\n </p>\n </li>\n <li>\n <p>\n <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy\">S3UnlockBucketPolicy</a>\n </p>\n </li>\n <li>\n <p>\n <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy\">SQSUnlockQueuePolicy</a>\n </p>\n </li>\n </ul>", |
| 2829 | + "smithy.api#documentation": "<p>The identity based policy that scopes the session to the privileged tasks that can be\n performed. You can use one of following Amazon Web Services managed policies to scope root session\n actions.</p>\n <ul>\n <li>\n <p>\n <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials\">IAMAuditRootUserCredentials</a>\n </p>\n </li>\n <li>\n <p>\n <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword\">IAMCreateRootUserPassword</a>\n </p>\n </li>\n <li>\n <p>\n <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials\">IAMDeleteRootUserCredentials</a>\n </p>\n </li>\n <li>\n <p>\n <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy\">S3UnlockBucketPolicy</a>\n </p>\n </li>\n <li>\n <p>\n <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy\">SQSUnlockQueuePolicy</a>\n </p>\n </li>\n </ul>", |
2830 | 2830 | "smithy.api#required": {} |
2831 | 2831 | } |
2832 | 2832 | }, |
|
0 commit comments