line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
|
2
|
|
|
|
|
|
|
package Paws::STS::AssumeRole; |
3
|
1
|
|
|
1
|
|
572
|
use Moose; |
|
1
|
|
|
|
|
4
|
|
|
1
|
|
|
|
|
11
|
|
4
|
|
|
|
|
|
|
has DurationSeconds => (is => 'ro', isa => 'Int'); |
5
|
|
|
|
|
|
|
has ExternalId => (is => 'ro', isa => 'Str'); |
6
|
|
|
|
|
|
|
has Policy => (is => 'ro', isa => 'Str'); |
7
|
|
|
|
|
|
|
has RoleArn => (is => 'ro', isa => 'Str', required => 1); |
8
|
|
|
|
|
|
|
has RoleSessionName => (is => 'ro', isa => 'Str', required => 1); |
9
|
|
|
|
|
|
|
has SerialNumber => (is => 'ro', isa => 'Str'); |
10
|
|
|
|
|
|
|
has TokenCode => (is => 'ro', isa => 'Str'); |
11
|
|
|
|
|
|
|
|
12
|
1
|
|
|
1
|
|
7544
|
use MooseX::ClassAttribute; |
|
1
|
|
|
|
|
4
|
|
|
1
|
|
|
|
|
8
|
|
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
class_has _api_call => (isa => 'Str', is => 'ro', default => 'AssumeRole'); |
15
|
|
|
|
|
|
|
class_has _returns => (isa => 'Str', is => 'ro', default => 'Paws::STS::AssumeRoleResponse'); |
16
|
|
|
|
|
|
|
class_has _result_key => (isa => 'Str', is => 'ro', default => 'AssumeRoleResult'); |
17
|
|
|
|
|
|
|
1; |
18
|
|
|
|
|
|
|
|
19
|
|
|
|
|
|
|
### main pod documentation begin ### |
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
=head1 NAME |
22
|
|
|
|
|
|
|
|
23
|
|
|
|
|
|
|
Paws::STS::AssumeRole - Arguments for method AssumeRole on Paws::STS |
24
|
|
|
|
|
|
|
|
25
|
|
|
|
|
|
|
=head1 DESCRIPTION |
26
|
|
|
|
|
|
|
|
27
|
|
|
|
|
|
|
This class represents the parameters used for calling the method AssumeRole on the |
28
|
|
|
|
|
|
|
AWS Security Token Service service. Use the attributes of this class |
29
|
|
|
|
|
|
|
as arguments to method AssumeRole. |
30
|
|
|
|
|
|
|
|
31
|
|
|
|
|
|
|
You shouldn't make instances of this class. Each attribute should be used as a named argument in the call to AssumeRole. |
32
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
As an example: |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
$service_obj->AssumeRole(Att1 => $value1, Att2 => $value2, ...); |
36
|
|
|
|
|
|
|
|
37
|
|
|
|
|
|
|
Values for attributes that are native types (Int, String, Float, etc) can passed as-is (scalar values). Values for complex Types (objects) can be passed as a HashRef. The keys and values of the hashref will be used to instance the underlying object. |
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
=head1 ATTRIBUTES |
40
|
|
|
|
|
|
|
|
41
|
|
|
|
|
|
|
|
42
|
|
|
|
|
|
|
=head2 DurationSeconds => Int |
43
|
|
|
|
|
|
|
|
44
|
|
|
|
|
|
|
The duration, in seconds, of the role session. The value can range from |
45
|
|
|
|
|
|
|
900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the |
46
|
|
|
|
|
|
|
value is set to 3600 seconds. |
47
|
|
|
|
|
|
|
|
48
|
|
|
|
|
|
|
This is separate from the duration of a console session that you might |
49
|
|
|
|
|
|
|
request using the returned credentials. The request to the federation |
50
|
|
|
|
|
|
|
endpoint for a console sign-in token takes a C<SessionDuration> |
51
|
|
|
|
|
|
|
parameter that specifies the maximum length of the console session, |
52
|
|
|
|
|
|
|
separately from the C<DurationSeconds> parameter on this API. For more |
53
|
|
|
|
|
|
|
information, see Creating a URL that Enables Federated Users to Access |
54
|
|
|
|
|
|
|
the AWS Management Console in the I<IAM User Guide>. |
55
|
|
|
|
|
|
|
|
56
|
|
|
|
|
|
|
|
57
|
|
|
|
|
|
|
|
58
|
|
|
|
|
|
|
=head2 ExternalId => Str |
59
|
|
|
|
|
|
|
|
60
|
|
|
|
|
|
|
A unique identifier that is used by third parties when assuming roles |
61
|
|
|
|
|
|
|
in their customers' accounts. For each role that the third party can |
62
|
|
|
|
|
|
|
assume, they should instruct their customers to ensure the role's trust |
63
|
|
|
|
|
|
|
policy checks for the external ID that the third party generated. Each |
64
|
|
|
|
|
|
|
time the third party assumes the role, they should pass the customer's |
65
|
|
|
|
|
|
|
external ID. The external ID is useful in order to help third parties |
66
|
|
|
|
|
|
|
bind a role to the customer who created it. For more information about |
67
|
|
|
|
|
|
|
the external ID, see How to Use an External ID When Granting Access to |
68
|
|
|
|
|
|
|
Your AWS Resources to a Third Party in the I<IAM User Guide>. |
69
|
|
|
|
|
|
|
|
70
|
|
|
|
|
|
|
The regex used to validated this parameter is a string of characters |
71
|
|
|
|
|
|
|
consisting of upper- and lower-case alphanumeric characters with no |
72
|
|
|
|
|
|
|
spaces. You can also include underscores or any of the following |
73
|
|
|
|
|
|
|
characters: =,.@:/- |
74
|
|
|
|
|
|
|
|
75
|
|
|
|
|
|
|
|
76
|
|
|
|
|
|
|
|
77
|
|
|
|
|
|
|
=head2 Policy => Str |
78
|
|
|
|
|
|
|
|
79
|
|
|
|
|
|
|
An IAM policy in JSON format. |
80
|
|
|
|
|
|
|
|
81
|
|
|
|
|
|
|
This parameter is optional. If you pass a policy, the temporary |
82
|
|
|
|
|
|
|
security credentials that are returned by the operation have the |
83
|
|
|
|
|
|
|
permissions that are allowed by both (the intersection of) the access |
84
|
|
|
|
|
|
|
policy of the role that is being assumed, I<and> the policy that you |
85
|
|
|
|
|
|
|
pass. This gives you a way to further restrict the permissions for the |
86
|
|
|
|
|
|
|
resulting temporary security credentials. You cannot use the passed |
87
|
|
|
|
|
|
|
policy to grant permissions that are in excess of those allowed by the |
88
|
|
|
|
|
|
|
access policy of the role that is being assumed. For more information, |
89
|
|
|
|
|
|
|
see Permissions for AssumeRole, AssumeRoleWithSAML, and |
90
|
|
|
|
|
|
|
AssumeRoleWithWebIdentity in the I<IAM User Guide>. |
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
The format for this parameter, as described by its regex pattern, is a |
93
|
|
|
|
|
|
|
string of characters up to 2048 characters in length. The characters |
94
|
|
|
|
|
|
|
can be any ASCII character from the space character to the end of the |
95
|
|
|
|
|
|
|
valid character list (\u0020-\u00FF). It can also include the tab |
96
|
|
|
|
|
|
|
(\u0009), linefeed (\u000A), and carriage return (\u000D) characters. |
97
|
|
|
|
|
|
|
|
98
|
|
|
|
|
|
|
The policy plain text must be 2048 bytes or shorter. However, an |
99
|
|
|
|
|
|
|
internal conversion compresses it into a packed binary format with a |
100
|
|
|
|
|
|
|
separate limit. The PackedPolicySize response element indicates by |
101
|
|
|
|
|
|
|
percentage how close to the upper size limit the policy is, with 100% |
102
|
|
|
|
|
|
|
equaling the maximum allowed size. |
103
|
|
|
|
|
|
|
|
104
|
|
|
|
|
|
|
|
105
|
|
|
|
|
|
|
|
106
|
|
|
|
|
|
|
=head2 B<REQUIRED> RoleArn => Str |
107
|
|
|
|
|
|
|
|
108
|
|
|
|
|
|
|
The Amazon Resource Name (ARN) of the role to assume. |
109
|
|
|
|
|
|
|
|
110
|
|
|
|
|
|
|
|
111
|
|
|
|
|
|
|
|
112
|
|
|
|
|
|
|
=head2 B<REQUIRED> RoleSessionName => Str |
113
|
|
|
|
|
|
|
|
114
|
|
|
|
|
|
|
An identifier for the assumed role session. |
115
|
|
|
|
|
|
|
|
116
|
|
|
|
|
|
|
Use the role session name to uniquely identify a session when the same |
117
|
|
|
|
|
|
|
role is assumed by different principals or for different reasons. In |
118
|
|
|
|
|
|
|
cross-account scenarios, the role session name is visible to, and can |
119
|
|
|
|
|
|
|
be logged by the account that owns the role. The role session name is |
120
|
|
|
|
|
|
|
also used in the ARN of the assumed role principal. This means that |
121
|
|
|
|
|
|
|
subsequent cross-account API requests using the temporary security |
122
|
|
|
|
|
|
|
credentials will expose the role session name to the external account |
123
|
|
|
|
|
|
|
in their CloudTrail logs. |
124
|
|
|
|
|
|
|
|
125
|
|
|
|
|
|
|
The regex used to validate this parameter is a string of characters |
126
|
|
|
|
|
|
|
consisting of upper- and lower-case alphanumeric characters with no |
127
|
|
|
|
|
|
|
spaces. You can also include underscores or any of the following |
128
|
|
|
|
|
|
|
characters: =,.@- |
129
|
|
|
|
|
|
|
|
130
|
|
|
|
|
|
|
|
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
=head2 SerialNumber => Str |
133
|
|
|
|
|
|
|
|
134
|
|
|
|
|
|
|
The identification number of the MFA device that is associated with the |
135
|
|
|
|
|
|
|
user who is making the C<AssumeRole> call. Specify this value if the |
136
|
|
|
|
|
|
|
trust policy of the role being assumed includes a condition that |
137
|
|
|
|
|
|
|
requires MFA authentication. The value is either the serial number for |
138
|
|
|
|
|
|
|
a hardware device (such as C<GAHT12345678>) or an Amazon Resource Name |
139
|
|
|
|
|
|
|
(ARN) for a virtual device (such as |
140
|
|
|
|
|
|
|
C<arn:aws:iam::123456789012:mfa/user>). |
141
|
|
|
|
|
|
|
|
142
|
|
|
|
|
|
|
The regex used to validate this parameter is a string of characters |
143
|
|
|
|
|
|
|
consisting of upper- and lower-case alphanumeric characters with no |
144
|
|
|
|
|
|
|
spaces. You can also include underscores or any of the following |
145
|
|
|
|
|
|
|
characters: =,.@- |
146
|
|
|
|
|
|
|
|
147
|
|
|
|
|
|
|
|
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
=head2 TokenCode => Str |
150
|
|
|
|
|
|
|
|
151
|
|
|
|
|
|
|
The value provided by the MFA device, if the trust policy of the role |
152
|
|
|
|
|
|
|
being assumed requires MFA (that is, if the policy includes a condition |
153
|
|
|
|
|
|
|
that tests for MFA). If the role being assumed requires MFA and if the |
154
|
|
|
|
|
|
|
C<TokenCode> value is missing or expired, the C<AssumeRole> call |
155
|
|
|
|
|
|
|
returns an "access denied" error. |
156
|
|
|
|
|
|
|
|
157
|
|
|
|
|
|
|
The format for this parameter, as described by its regex pattern, is a |
158
|
|
|
|
|
|
|
sequence of six numeric digits. |
159
|
|
|
|
|
|
|
|
160
|
|
|
|
|
|
|
|
161
|
|
|
|
|
|
|
|
162
|
|
|
|
|
|
|
|
163
|
|
|
|
|
|
|
=head1 SEE ALSO |
164
|
|
|
|
|
|
|
|
165
|
|
|
|
|
|
|
This class forms part of L<Paws>, documenting arguments for method AssumeRole in L<Paws::STS> |
166
|
|
|
|
|
|
|
|
167
|
|
|
|
|
|
|
=head1 BUGS and CONTRIBUTIONS |
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
The source code is located here: https://github.com/pplu/aws-sdk-perl |
170
|
|
|
|
|
|
|
|
171
|
|
|
|
|
|
|
Please report bugs to: https://github.com/pplu/aws-sdk-perl/issues |
172
|
|
|
|
|
|
|
|
173
|
|
|
|
|
|
|
=cut |
174
|
|
|
|
|
|
|
|