/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include namespace Aws { namespace STS { namespace Model { /** */ class AssumeRoleWithWebIdentityRequest : public STSRequest { public: AWS_STS_API AssumeRoleWithWebIdentityRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "AssumeRoleWithWebIdentity"; } AWS_STS_API Aws::String SerializePayload() const override; protected: AWS_STS_API void DumpBodyToUrl(Aws::Http::URI& uri ) const override; public: /** *

The Amazon Resource Name (ARN) of the role that the caller is assuming.

*/ inline const Aws::String& GetRoleArn() const{ return m_roleArn; } /** *

The Amazon Resource Name (ARN) of the role that the caller is assuming.

*/ inline bool RoleArnHasBeenSet() const { return m_roleArnHasBeenSet; } /** *

The Amazon Resource Name (ARN) of the role that the caller is assuming.

*/ inline void SetRoleArn(const Aws::String& value) { m_roleArnHasBeenSet = true; m_roleArn = value; } /** *

The Amazon Resource Name (ARN) of the role that the caller is assuming.

*/ inline void SetRoleArn(Aws::String&& value) { m_roleArnHasBeenSet = true; m_roleArn = std::move(value); } /** *

The Amazon Resource Name (ARN) of the role that the caller is assuming.

*/ inline void SetRoleArn(const char* value) { m_roleArnHasBeenSet = true; m_roleArn.assign(value); } /** *

The Amazon Resource Name (ARN) of the role that the caller is assuming.

*/ inline AssumeRoleWithWebIdentityRequest& WithRoleArn(const Aws::String& value) { SetRoleArn(value); return *this;} /** *

The Amazon Resource Name (ARN) of the role that the caller is assuming.

*/ inline AssumeRoleWithWebIdentityRequest& WithRoleArn(Aws::String&& value) { SetRoleArn(std::move(value)); return *this;} /** *

The Amazon Resource Name (ARN) of the role that the caller is assuming.

*/ inline AssumeRoleWithWebIdentityRequest& WithRoleArn(const char* value) { SetRoleArn(value); return *this;} /** *

An identifier for the assumed role session. Typically, you pass the name or * identifier that is associated with the user who is using your application. That * way, the temporary security credentials that your application will use are * associated with that user. This session name is included as part of the ARN and * assumed role ID in the AssumedRoleUser response element.

The * regex used to validate this parameter is a string of characters consisting of * upper- and lower-case alphanumeric characters with no spaces. You can also * include underscores or any of the following characters: =,.@-

*/ inline const Aws::String& GetRoleSessionName() const{ return m_roleSessionName; } /** *

An identifier for the assumed role session. Typically, you pass the name or * identifier that is associated with the user who is using your application. That * way, the temporary security credentials that your application will use are * associated with that user. This session name is included as part of the ARN and * assumed role ID in the AssumedRoleUser response element.

The * regex used to validate this parameter is a string of characters consisting of * upper- and lower-case alphanumeric characters with no spaces. You can also * include underscores or any of the following characters: =,.@-

*/ inline bool RoleSessionNameHasBeenSet() const { return m_roleSessionNameHasBeenSet; } /** *

An identifier for the assumed role session. Typically, you pass the name or * identifier that is associated with the user who is using your application. That * way, the temporary security credentials that your application will use are * associated with that user. This session name is included as part of the ARN and * assumed role ID in the AssumedRoleUser response element.

The * regex used to validate this parameter is a string of characters consisting of * upper- and lower-case alphanumeric characters with no spaces. You can also * include underscores or any of the following characters: =,.@-

*/ inline void SetRoleSessionName(const Aws::String& value) { m_roleSessionNameHasBeenSet = true; m_roleSessionName = value; } /** *

An identifier for the assumed role session. Typically, you pass the name or * identifier that is associated with the user who is using your application. That * way, the temporary security credentials that your application will use are * associated with that user. This session name is included as part of the ARN and * assumed role ID in the AssumedRoleUser response element.

The * regex used to validate this parameter is a string of characters consisting of * upper- and lower-case alphanumeric characters with no spaces. You can also * include underscores or any of the following characters: =,.@-

*/ inline void SetRoleSessionName(Aws::String&& value) { m_roleSessionNameHasBeenSet = true; m_roleSessionName = std::move(value); } /** *

An identifier for the assumed role session. Typically, you pass the name or * identifier that is associated with the user who is using your application. That * way, the temporary security credentials that your application will use are * associated with that user. This session name is included as part of the ARN and * assumed role ID in the AssumedRoleUser response element.

The * regex used to validate this parameter is a string of characters consisting of * upper- and lower-case alphanumeric characters with no spaces. You can also * include underscores or any of the following characters: =,.@-

*/ inline void SetRoleSessionName(const char* value) { m_roleSessionNameHasBeenSet = true; m_roleSessionName.assign(value); } /** *

An identifier for the assumed role session. Typically, you pass the name or * identifier that is associated with the user who is using your application. That * way, the temporary security credentials that your application will use are * associated with that user. This session name is included as part of the ARN and * assumed role ID in the AssumedRoleUser response element.

The * regex used to validate this parameter is a string of characters consisting of * upper- and lower-case alphanumeric characters with no spaces. You can also * include underscores or any of the following characters: =,.@-

*/ inline AssumeRoleWithWebIdentityRequest& WithRoleSessionName(const Aws::String& value) { SetRoleSessionName(value); return *this;} /** *

An identifier for the assumed role session. Typically, you pass the name or * identifier that is associated with the user who is using your application. That * way, the temporary security credentials that your application will use are * associated with that user. This session name is included as part of the ARN and * assumed role ID in the AssumedRoleUser response element.

The * regex used to validate this parameter is a string of characters consisting of * upper- and lower-case alphanumeric characters with no spaces. You can also * include underscores or any of the following characters: =,.@-

*/ inline AssumeRoleWithWebIdentityRequest& WithRoleSessionName(Aws::String&& value) { SetRoleSessionName(std::move(value)); return *this;} /** *

An identifier for the assumed role session. Typically, you pass the name or * identifier that is associated with the user who is using your application. That * way, the temporary security credentials that your application will use are * associated with that user. This session name is included as part of the ARN and * assumed role ID in the AssumedRoleUser response element.

The * regex used to validate this parameter is a string of characters consisting of * upper- and lower-case alphanumeric characters with no spaces. You can also * include underscores or any of the following characters: =,.@-

*/ inline AssumeRoleWithWebIdentityRequest& WithRoleSessionName(const char* value) { SetRoleSessionName(value); return *this;} /** *

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the * identity provider. Your application must get this token by authenticating the * user who is using your application with a web identity provider before the * application makes an AssumeRoleWithWebIdentity call.

*/ inline const Aws::String& GetWebIdentityToken() const{ return m_webIdentityToken; } /** *

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the * identity provider. Your application must get this token by authenticating the * user who is using your application with a web identity provider before the * application makes an AssumeRoleWithWebIdentity call.

*/ inline bool WebIdentityTokenHasBeenSet() const { return m_webIdentityTokenHasBeenSet; } /** *

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the * identity provider. Your application must get this token by authenticating the * user who is using your application with a web identity provider before the * application makes an AssumeRoleWithWebIdentity call.

*/ inline void SetWebIdentityToken(const Aws::String& value) { m_webIdentityTokenHasBeenSet = true; m_webIdentityToken = value; } /** *

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the * identity provider. Your application must get this token by authenticating the * user who is using your application with a web identity provider before the * application makes an AssumeRoleWithWebIdentity call.

*/ inline void SetWebIdentityToken(Aws::String&& value) { m_webIdentityTokenHasBeenSet = true; m_webIdentityToken = std::move(value); } /** *

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the * identity provider. Your application must get this token by authenticating the * user who is using your application with a web identity provider before the * application makes an AssumeRoleWithWebIdentity call.

*/ inline void SetWebIdentityToken(const char* value) { m_webIdentityTokenHasBeenSet = true; m_webIdentityToken.assign(value); } /** *

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the * identity provider. Your application must get this token by authenticating the * user who is using your application with a web identity provider before the * application makes an AssumeRoleWithWebIdentity call.

*/ inline AssumeRoleWithWebIdentityRequest& WithWebIdentityToken(const Aws::String& value) { SetWebIdentityToken(value); return *this;} /** *

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the * identity provider. Your application must get this token by authenticating the * user who is using your application with a web identity provider before the * application makes an AssumeRoleWithWebIdentity call.

*/ inline AssumeRoleWithWebIdentityRequest& WithWebIdentityToken(Aws::String&& value) { SetWebIdentityToken(std::move(value)); return *this;} /** *

The OAuth 2.0 access token or OpenID Connect ID token that is provided by the * identity provider. Your application must get this token by authenticating the * user who is using your application with a web identity provider before the * application makes an AssumeRoleWithWebIdentity call.

*/ inline AssumeRoleWithWebIdentityRequest& WithWebIdentityToken(const char* value) { SetWebIdentityToken(value); return *this;} /** *

The fully qualified host component of the domain name of the OAuth 2.0 * identity provider. Do not specify this value for an OpenID Connect identity * provider.

Currently www.amazon.com and * graph.facebook.com are the only supported identity providers for * OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do * not specify this value for OpenID Connect ID tokens.

*/ inline const Aws::String& GetProviderId() const{ return m_providerId; } /** *

The fully qualified host component of the domain name of the OAuth 2.0 * identity provider. Do not specify this value for an OpenID Connect identity * provider.

Currently www.amazon.com and * graph.facebook.com are the only supported identity providers for * OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do * not specify this value for OpenID Connect ID tokens.

*/ inline bool ProviderIdHasBeenSet() const { return m_providerIdHasBeenSet; } /** *

The fully qualified host component of the domain name of the OAuth 2.0 * identity provider. Do not specify this value for an OpenID Connect identity * provider.

Currently www.amazon.com and * graph.facebook.com are the only supported identity providers for * OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do * not specify this value for OpenID Connect ID tokens.

*/ inline void SetProviderId(const Aws::String& value) { m_providerIdHasBeenSet = true; m_providerId = value; } /** *

The fully qualified host component of the domain name of the OAuth 2.0 * identity provider. Do not specify this value for an OpenID Connect identity * provider.

Currently www.amazon.com and * graph.facebook.com are the only supported identity providers for * OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do * not specify this value for OpenID Connect ID tokens.

*/ inline void SetProviderId(Aws::String&& value) { m_providerIdHasBeenSet = true; m_providerId = std::move(value); } /** *

The fully qualified host component of the domain name of the OAuth 2.0 * identity provider. Do not specify this value for an OpenID Connect identity * provider.

Currently www.amazon.com and * graph.facebook.com are the only supported identity providers for * OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do * not specify this value for OpenID Connect ID tokens.

*/ inline void SetProviderId(const char* value) { m_providerIdHasBeenSet = true; m_providerId.assign(value); } /** *

The fully qualified host component of the domain name of the OAuth 2.0 * identity provider. Do not specify this value for an OpenID Connect identity * provider.

Currently www.amazon.com and * graph.facebook.com are the only supported identity providers for * OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do * not specify this value for OpenID Connect ID tokens.

*/ inline AssumeRoleWithWebIdentityRequest& WithProviderId(const Aws::String& value) { SetProviderId(value); return *this;} /** *

The fully qualified host component of the domain name of the OAuth 2.0 * identity provider. Do not specify this value for an OpenID Connect identity * provider.

Currently www.amazon.com and * graph.facebook.com are the only supported identity providers for * OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do * not specify this value for OpenID Connect ID tokens.

*/ inline AssumeRoleWithWebIdentityRequest& WithProviderId(Aws::String&& value) { SetProviderId(std::move(value)); return *this;} /** *

The fully qualified host component of the domain name of the OAuth 2.0 * identity provider. Do not specify this value for an OpenID Connect identity * provider.

Currently www.amazon.com and * graph.facebook.com are the only supported identity providers for * OAuth 2.0 access tokens. Do not include URL schemes and port numbers.

Do * not specify this value for OpenID Connect ID tokens.

*/ inline AssumeRoleWithWebIdentityRequest& WithProviderId(const char* value) { SetProviderId(value); return *this;} /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plaintext that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

An Amazon Web Services * conversion compresses the passed inline session policy, managed policy ARNs, and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

Passing policies to this operation returns new temporary credentials. The * resulting session's permissions are the intersection of the role's * identity-based policy and the session policies. You can use the role's temporary * credentials in subsequent Amazon Web Services API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline const Aws::Vector& GetPolicyArns() const{ return m_policyArns; } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plaintext that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

An Amazon Web Services * conversion compresses the passed inline session policy, managed policy ARNs, and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

Passing policies to this operation returns new temporary credentials. The * resulting session's permissions are the intersection of the role's * identity-based policy and the session policies. You can use the role's temporary * credentials in subsequent Amazon Web Services API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline bool PolicyArnsHasBeenSet() const { return m_policyArnsHasBeenSet; } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plaintext that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

An Amazon Web Services * conversion compresses the passed inline session policy, managed policy ARNs, and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

Passing policies to this operation returns new temporary credentials. The * resulting session's permissions are the intersection of the role's * identity-based policy and the session policies. You can use the role's temporary * credentials in subsequent Amazon Web Services API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline void SetPolicyArns(const Aws::Vector& value) { m_policyArnsHasBeenSet = true; m_policyArns = value; } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plaintext that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

An Amazon Web Services * conversion compresses the passed inline session policy, managed policy ARNs, and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

Passing policies to this operation returns new temporary credentials. The * resulting session's permissions are the intersection of the role's * identity-based policy and the session policies. You can use the role's temporary * credentials in subsequent Amazon Web Services API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline void SetPolicyArns(Aws::Vector&& value) { m_policyArnsHasBeenSet = true; m_policyArns = std::move(value); } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plaintext that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

An Amazon Web Services * conversion compresses the passed inline session policy, managed policy ARNs, and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

Passing policies to this operation returns new temporary credentials. The * resulting session's permissions are the intersection of the role's * identity-based policy and the session policies. You can use the role's temporary * credentials in subsequent Amazon Web Services API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline AssumeRoleWithWebIdentityRequest& WithPolicyArns(const Aws::Vector& value) { SetPolicyArns(value); return *this;} /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plaintext that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

An Amazon Web Services * conversion compresses the passed inline session policy, managed policy ARNs, and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

Passing policies to this operation returns new temporary credentials. The * resulting session's permissions are the intersection of the role's * identity-based policy and the session policies. You can use the role's temporary * credentials in subsequent Amazon Web Services API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline AssumeRoleWithWebIdentityRequest& WithPolicyArns(Aws::Vector&& value) { SetPolicyArns(std::move(value)); return *this;} /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plaintext that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

An Amazon Web Services * conversion compresses the passed inline session policy, managed policy ARNs, and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

Passing policies to this operation returns new temporary credentials. The * resulting session's permissions are the intersection of the role's * identity-based policy and the session policies. You can use the role's temporary * credentials in subsequent Amazon Web Services API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline AssumeRoleWithWebIdentityRequest& AddPolicyArns(const PolicyDescriptorType& value) { m_policyArnsHasBeenSet = true; m_policyArns.push_back(value); return *this; } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plaintext that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and Amazon Web Services Service Namespaces in the * Amazon Web Services General Reference.

An Amazon Web Services * conversion compresses the passed inline session policy, managed policy ARNs, and * session tags into a packed binary format that has a separate limit. Your request * can fail for this limit even if your plaintext meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

Passing policies to this operation returns new temporary credentials. The * resulting session's permissions are the intersection of the role's * identity-based policy and the session policies. You can use the role's temporary * credentials in subsequent Amazon Web Services API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline AssumeRoleWithWebIdentityRequest& AddPolicyArns(PolicyDescriptorType&& value) { m_policyArnsHasBeenSet = true; m_policyArns.push_back(std::move(value)); return *this; } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent Amazon Web Services API * calls to access resources in the account that owns the role. You cannot use * session policies to grant more permissions than those allowed by the * identity-based policy of the role that is being assumed. For more information, * see Session * Policies in the IAM User Guide.

The plaintext that you use for * both inline and managed session policies can't exceed 2,048 characters. The JSON * policy characters can be any ASCII character from the space character to the end * of the valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed inline session * policy, managed policy ARNs, and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline const Aws::String& GetPolicy() const{ return m_policy; } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent Amazon Web Services API * calls to access resources in the account that owns the role. You cannot use * session policies to grant more permissions than those allowed by the * identity-based policy of the role that is being assumed. For more information, * see Session * Policies in the IAM User Guide.

The plaintext that you use for * both inline and managed session policies can't exceed 2,048 characters. The JSON * policy characters can be any ASCII character from the space character to the end * of the valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed inline session * policy, managed policy ARNs, and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline bool PolicyHasBeenSet() const { return m_policyHasBeenSet; } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent Amazon Web Services API * calls to access resources in the account that owns the role. You cannot use * session policies to grant more permissions than those allowed by the * identity-based policy of the role that is being assumed. For more information, * see Session * Policies in the IAM User Guide.

The plaintext that you use for * both inline and managed session policies can't exceed 2,048 characters. The JSON * policy characters can be any ASCII character from the space character to the end * of the valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed inline session * policy, managed policy ARNs, and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline void SetPolicy(const Aws::String& value) { m_policyHasBeenSet = true; m_policy = value; } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent Amazon Web Services API * calls to access resources in the account that owns the role. You cannot use * session policies to grant more permissions than those allowed by the * identity-based policy of the role that is being assumed. For more information, * see Session * Policies in the IAM User Guide.

The plaintext that you use for * both inline and managed session policies can't exceed 2,048 characters. The JSON * policy characters can be any ASCII character from the space character to the end * of the valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed inline session * policy, managed policy ARNs, and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline void SetPolicy(Aws::String&& value) { m_policyHasBeenSet = true; m_policy = std::move(value); } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent Amazon Web Services API * calls to access resources in the account that owns the role. You cannot use * session policies to grant more permissions than those allowed by the * identity-based policy of the role that is being assumed. For more information, * see Session * Policies in the IAM User Guide.

The plaintext that you use for * both inline and managed session policies can't exceed 2,048 characters. The JSON * policy characters can be any ASCII character from the space character to the end * of the valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed inline session * policy, managed policy ARNs, and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline void SetPolicy(const char* value) { m_policyHasBeenSet = true; m_policy.assign(value); } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent Amazon Web Services API * calls to access resources in the account that owns the role. You cannot use * session policies to grant more permissions than those allowed by the * identity-based policy of the role that is being assumed. For more information, * see Session * Policies in the IAM User Guide.

The plaintext that you use for * both inline and managed session policies can't exceed 2,048 characters. The JSON * policy characters can be any ASCII character from the space character to the end * of the valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed inline session * policy, managed policy ARNs, and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline AssumeRoleWithWebIdentityRequest& WithPolicy(const Aws::String& value) { SetPolicy(value); return *this;} /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent Amazon Web Services API * calls to access resources in the account that owns the role. You cannot use * session policies to grant more permissions than those allowed by the * identity-based policy of the role that is being assumed. For more information, * see Session * Policies in the IAM User Guide.

The plaintext that you use for * both inline and managed session policies can't exceed 2,048 characters. The JSON * policy characters can be any ASCII character from the space character to the end * of the valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed inline session * policy, managed policy ARNs, and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline AssumeRoleWithWebIdentityRequest& WithPolicy(Aws::String&& value) { SetPolicy(std::move(value)); return *this;} /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent Amazon Web Services API * calls to access resources in the account that owns the role. You cannot use * session policies to grant more permissions than those allowed by the * identity-based policy of the role that is being assumed. For more information, * see Session * Policies in the IAM User Guide.

The plaintext that you use for * both inline and managed session policies can't exceed 2,048 characters. The JSON * policy characters can be any ASCII character from the space character to the end * of the valid character list (\u0020 through \u00FF). It can also include the tab * (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.

*

An Amazon Web Services conversion compresses the passed inline session * policy, managed policy ARNs, and session tags into a packed binary format that * has a separate limit. Your request can fail for this limit even if your * plaintext meets the other requirements. The PackedPolicySize * response element indicates by percentage how close the policies and tags for * your request are to the upper size limit.

*/ inline AssumeRoleWithWebIdentityRequest& WithPolicy(const char* value) { SetPolicy(value); return *this;} /** *

The duration, in seconds, of the role session. The value can range from 900 * seconds (15 minutes) up to the maximum session duration setting for the role. * This setting can have a value from 1 hour to 12 hours. If you specify a value * higher than this setting, the operation fails. For example, if you specify a * session duration of 12 hours, but your administrator set the maximum session * duration to 6 hours, your operation fails. To learn how to view the maximum * value for your role, see View * the Maximum Session Duration Setting for a Role in the IAM User * Guide.

By default, the value is set to 3600 seconds. *

The DurationSeconds parameter is separate from the * duration of a console session that you might request using the returned * credentials. The request to the federation endpoint for a console sign-in token * takes a SessionDuration parameter that specifies the maximum length * of the console session. For more information, see Creating * a URL that Enables Federated Users to Access the Amazon Web Services Management * Console in the IAM User Guide.

*/ inline int GetDurationSeconds() const{ return m_durationSeconds; } /** *

The duration, in seconds, of the role session. The value can range from 900 * seconds (15 minutes) up to the maximum session duration setting for the role. * This setting can have a value from 1 hour to 12 hours. If you specify a value * higher than this setting, the operation fails. For example, if you specify a * session duration of 12 hours, but your administrator set the maximum session * duration to 6 hours, your operation fails. To learn how to view the maximum * value for your role, see View * the Maximum Session Duration Setting for a Role in the IAM User * Guide.

By default, the value is set to 3600 seconds. *

The DurationSeconds parameter is separate from the * duration of a console session that you might request using the returned * credentials. The request to the federation endpoint for a console sign-in token * takes a SessionDuration parameter that specifies the maximum length * of the console session. For more information, see Creating * a URL that Enables Federated Users to Access the Amazon Web Services Management * Console in the IAM User Guide.

*/ inline bool DurationSecondsHasBeenSet() const { return m_durationSecondsHasBeenSet; } /** *

The duration, in seconds, of the role session. The value can range from 900 * seconds (15 minutes) up to the maximum session duration setting for the role. * This setting can have a value from 1 hour to 12 hours. If you specify a value * higher than this setting, the operation fails. For example, if you specify a * session duration of 12 hours, but your administrator set the maximum session * duration to 6 hours, your operation fails. To learn how to view the maximum * value for your role, see View * the Maximum Session Duration Setting for a Role in the IAM User * Guide.

By default, the value is set to 3600 seconds. *

The DurationSeconds parameter is separate from the * duration of a console session that you might request using the returned * credentials. The request to the federation endpoint for a console sign-in token * takes a SessionDuration parameter that specifies the maximum length * of the console session. For more information, see Creating * a URL that Enables Federated Users to Access the Amazon Web Services Management * Console in the IAM User Guide.

*/ inline void SetDurationSeconds(int value) { m_durationSecondsHasBeenSet = true; m_durationSeconds = value; } /** *

The duration, in seconds, of the role session. The value can range from 900 * seconds (15 minutes) up to the maximum session duration setting for the role. * This setting can have a value from 1 hour to 12 hours. If you specify a value * higher than this setting, the operation fails. For example, if you specify a * session duration of 12 hours, but your administrator set the maximum session * duration to 6 hours, your operation fails. To learn how to view the maximum * value for your role, see View * the Maximum Session Duration Setting for a Role in the IAM User * Guide.

By default, the value is set to 3600 seconds. *

The DurationSeconds parameter is separate from the * duration of a console session that you might request using the returned * credentials. The request to the federation endpoint for a console sign-in token * takes a SessionDuration parameter that specifies the maximum length * of the console session. For more information, see Creating * a URL that Enables Federated Users to Access the Amazon Web Services Management * Console in the IAM User Guide.

*/ inline AssumeRoleWithWebIdentityRequest& WithDurationSeconds(int value) { SetDurationSeconds(value); return *this;} private: Aws::String m_roleArn; bool m_roleArnHasBeenSet = false; Aws::String m_roleSessionName; bool m_roleSessionNameHasBeenSet = false; Aws::String m_webIdentityToken; bool m_webIdentityTokenHasBeenSet = false; Aws::String m_providerId; bool m_providerIdHasBeenSet = false; Aws::Vector m_policyArns; bool m_policyArnsHasBeenSet = false; Aws::String m_policy; bool m_policyHasBeenSet = false; int m_durationSeconds; bool m_durationSecondsHasBeenSet = false; }; } // namespace Model } // namespace STS } // namespace Aws