amazonka-sts 1.2.0.2 → 1.3.0
raw patch · 10 files changed
+109/−109 lines, 10 filesdep ~amazonka-coredep ~amazonka-stsdep ~amazonka-testPVP ok
version bump matches the API change (PVP)
Dependency ranges changed: amazonka-core, amazonka-sts, amazonka-test
API changes (from Hackage documentation)
- Network.AWS.STS.AssumeRole: arrsStatus :: Lens' AssumeRoleResponse Int
- Network.AWS.STS.AssumeRoleWithSAML: arwsamlrsStatus :: Lens' AssumeRoleWithSAMLResponse Int
- Network.AWS.STS.AssumeRoleWithWebIdentity: arwwirsStatus :: Lens' AssumeRoleWithWebIdentityResponse Int
- Network.AWS.STS.DecodeAuthorizationMessage: damrsStatus :: Lens' DecodeAuthorizationMessageResponse Int
- Network.AWS.STS.GetFederationToken: gftrsStatus :: Lens' GetFederationTokenResponse Int
- Network.AWS.STS.GetSessionToken: gstrsStatus :: Lens' GetSessionTokenResponse Int
+ Network.AWS.STS.AssumeRole: arrsResponseStatus :: Lens' AssumeRoleResponse Int
+ Network.AWS.STS.AssumeRoleWithSAML: arwsamlrsResponseStatus :: Lens' AssumeRoleWithSAMLResponse Int
+ Network.AWS.STS.AssumeRoleWithWebIdentity: arwwirsResponseStatus :: Lens' AssumeRoleWithWebIdentityResponse Int
+ Network.AWS.STS.DecodeAuthorizationMessage: damrsResponseStatus :: Lens' DecodeAuthorizationMessageResponse Int
+ Network.AWS.STS.GetFederationToken: gftrsResponseStatus :: Lens' GetFederationTokenResponse Int
+ Network.AWS.STS.GetSessionToken: gstrsResponseStatus :: Lens' GetSessionTokenResponse Int
Files
- README.md +1/−1
- amazonka-sts.cabal +5/−5
- gen/Network/AWS/STS.hs +6/−6
- gen/Network/AWS/STS/AssumeRole.hs +27/−27
- gen/Network/AWS/STS/AssumeRoleWithSAML.hs +21/−21
- gen/Network/AWS/STS/AssumeRoleWithWebIdentity.hs +8/−8
- gen/Network/AWS/STS/DecodeAuthorizationMessage.hs +8/−8
- gen/Network/AWS/STS/GetFederationToken.hs +8/−8
- gen/Network/AWS/STS/GetSessionToken.hs +9/−9
- gen/Network/AWS/STS/Types.hs +16/−16
README.md view
@@ -8,7 +8,7 @@ ## Version -`1.2.0.2`+`1.3.0` ## Description
amazonka-sts.cabal view
@@ -1,5 +1,5 @@ name: amazonka-sts-version: 1.2.0.2+version: 1.3.0 synopsis: Amazon Security Token Service SDK. homepage: https://github.com/brendanhay/amazonka bug-reports: https://github.com/brendanhay/amazonka/issues@@ -110,7 +110,7 @@ , Network.AWS.STS.Types.Sum build-depends:- amazonka-core == 1.2.0.*+ amazonka-core == 1.3.0.* , base >= 4.7 && < 5 test-suite amazonka-sts-test@@ -130,9 +130,9 @@ , Test.AWS.STS.Internal build-depends:- amazonka-core == 1.2.0.*- , amazonka-test == 1.2.0.*- , amazonka-sts == 1.2.0.*+ amazonka-core == 1.3.0.*+ , amazonka-test == 1.3.0.*+ , amazonka-sts == 1.3.0.* , base , bytestring , lens
gen/Network/AWS/STS.hs view
@@ -80,20 +80,20 @@ -- ** MalformedPolicyDocumentException , _MalformedPolicyDocumentException - -- ** PackedPolicyTooLargeException- , _PackedPolicyTooLargeException- -- ** InvalidAuthorizationMessageException , _InvalidAuthorizationMessageException + -- ** PackedPolicyTooLargeException+ , _PackedPolicyTooLargeException+ -- ** IdPCommunicationErrorException , _IdPCommunicationErrorException - -- ** ExpiredTokenException- , _ExpiredTokenException- -- ** InvalidIdentityTokenException , _InvalidIdentityTokenException++ -- ** ExpiredTokenException+ , _ExpiredTokenException -- ** IdPRejectedClaimException , _IdPRejectedClaimException
gen/Network/AWS/STS/AssumeRole.hs view
@@ -106,8 +106,8 @@ -- * Request Lenses , arTokenCode , arDurationSeconds- , arExternalId , arPolicy+ , arExternalId , arSerialNumber , arRoleARN , arRoleSessionName@@ -119,7 +119,7 @@ , arrsPackedPolicySize , arrsCredentials , arrsAssumedRoleUser- , arrsStatus+ , arrsResponseStatus ) where import Network.AWS.Prelude@@ -132,8 +132,8 @@ data AssumeRole = AssumeRole' { _arTokenCode :: !(Maybe Text) , _arDurationSeconds :: !(Maybe Nat)- , _arExternalId :: !(Maybe Text) , _arPolicy :: !(Maybe Text)+ , _arExternalId :: !(Maybe Text) , _arSerialNumber :: !(Maybe Text) , _arRoleARN :: !Text , _arRoleSessionName :: !Text@@ -147,10 +147,10 @@ -- -- * 'arDurationSeconds' ----- * 'arExternalId'--- -- * 'arPolicy' --+-- * 'arExternalId'+-- -- * 'arSerialNumber' -- -- * 'arRoleARN'@@ -164,8 +164,8 @@ AssumeRole' { _arTokenCode = Nothing , _arDurationSeconds = Nothing- , _arExternalId = Nothing , _arPolicy = Nothing+ , _arExternalId = Nothing , _arSerialNumber = Nothing , _arRoleARN = pRoleARN_ , _arRoleSessionName = pRoleSessionName_@@ -185,19 +185,6 @@ arDurationSeconds :: Lens' AssumeRole (Maybe Natural) arDurationSeconds = lens _arDurationSeconds (\ s a -> s{_arDurationSeconds = a}) . mapping _Nat; --- | A unique identifier that is used by third parties when assuming roles in--- their customers\' accounts. For each role that the third party can--- assume, they should instruct their customers to ensure the role\'s trust--- policy checks for the external ID that the third party generated. Each--- time the third party assumes the role, they should pass the customer\'s--- external ID. The external ID is useful in order to help third parties--- bind a role to the customer who created it. For more information about--- the external ID, see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/sts-delegating-externalid.html How to Use External ID When Granting Access to Your AWS Resources>--- in /Using Temporary Security Credentials/.-arExternalId :: Lens' AssumeRole (Maybe Text)-arExternalId = lens _arExternalId (\ s a -> s{_arExternalId = a});- -- | An IAM policy in JSON format. -- -- This parameter is optional. If you pass a policy, the temporary security@@ -219,6 +206,19 @@ arPolicy :: Lens' AssumeRole (Maybe Text) arPolicy = lens _arPolicy (\ s a -> s{_arPolicy = a}); +-- | A unique identifier that is used by third parties when assuming roles in+-- their customers\' accounts. For each role that the third party can+-- assume, they should instruct their customers to ensure the role\'s trust+-- policy checks for the external ID that the third party generated. Each+-- time the third party assumes the role, they should pass the customer\'s+-- external ID. The external ID is useful in order to help third parties+-- bind a role to the customer who created it. For more information about+-- the external ID, see+-- <http://docs.aws.amazon.com/STS/latest/UsingSTS/sts-delegating-externalid.html How to Use External ID When Granting Access to Your AWS Resources>+-- in /Using Temporary Security Credentials/.+arExternalId :: Lens' AssumeRole (Maybe Text)+arExternalId = lens _arExternalId (\ s a -> s{_arExternalId = a});+ -- | The identification number of the MFA device that is associated with the -- user who is making the 'AssumeRole' call. Specify this value if the -- trust policy of the role being assumed includes a condition that@@ -270,7 +270,7 @@ "Version" =: ("2011-06-15" :: ByteString), "TokenCode" =: _arTokenCode, "DurationSeconds" =: _arDurationSeconds,- "ExternalId" =: _arExternalId, "Policy" =: _arPolicy,+ "Policy" =: _arPolicy, "ExternalId" =: _arExternalId, "SerialNumber" =: _arSerialNumber, "RoleArn" =: _arRoleARN, "RoleSessionName" =: _arRoleSessionName]@@ -283,7 +283,7 @@ { _arrsPackedPolicySize :: !(Maybe Nat) , _arrsCredentials :: !(Maybe Credentials) , _arrsAssumedRoleUser :: !(Maybe AssumedRoleUser)- , _arrsStatus :: !Int+ , _arrsResponseStatus :: !Int } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'AssumeRoleResponse' with the minimum fields required to make a request.@@ -296,16 +296,16 @@ -- -- * 'arrsAssumedRoleUser' ----- * 'arrsStatus'+-- * 'arrsResponseStatus' assumeRoleResponse- :: Int -- ^ 'arrsStatus'+ :: Int -- ^ 'arrsResponseStatus' -> AssumeRoleResponse-assumeRoleResponse pStatus_ =+assumeRoleResponse pResponseStatus_ = AssumeRoleResponse' { _arrsPackedPolicySize = Nothing , _arrsCredentials = Nothing , _arrsAssumedRoleUser = Nothing- , _arrsStatus = pStatus_+ , _arrsResponseStatus = pResponseStatus_ } -- | A percentage value that indicates the size of the policy in packed form.@@ -329,5 +329,5 @@ arrsAssumedRoleUser = lens _arrsAssumedRoleUser (\ s a -> s{_arrsAssumedRoleUser = a}); -- | The response status code.-arrsStatus :: Lens' AssumeRoleResponse Int-arrsStatus = lens _arrsStatus (\ s a -> s{_arrsStatus = a});+arrsResponseStatus :: Lens' AssumeRoleResponse Int+arrsResponseStatus = lens _arrsResponseStatus (\ s a -> s{_arrsResponseStatus = a});
gen/Network/AWS/STS/AssumeRoleWithSAML.hs view
@@ -89,15 +89,15 @@ , assumeRoleWithSAMLResponse , AssumeRoleWithSAMLResponse -- * Response Lenses- , arwsamlrsAudience , arwsamlrsSubject+ , arwsamlrsAudience , arwsamlrsPackedPolicySize , arwsamlrsCredentials , arwsamlrsSubjectType , arwsamlrsNameQualifier , arwsamlrsAssumedRoleUser , arwsamlrsIssuer- , arwsamlrsStatus+ , arwsamlrsResponseStatus ) where import Network.AWS.Prelude@@ -199,7 +199,7 @@ = receiveXMLWrapper "AssumeRoleWithSAMLResult" (\ s h x -> AssumeRoleWithSAMLResponse' <$>- (x .@? "Audience") <*> (x .@? "Subject") <*>+ (x .@? "Subject") <*> (x .@? "Audience") <*> (x .@? "PackedPolicySize") <*> (x .@? "Credentials") <*> (x .@? "SubjectType")@@ -231,25 +231,25 @@ -- -- /See:/ 'assumeRoleWithSAMLResponse' smart constructor. data AssumeRoleWithSAMLResponse = AssumeRoleWithSAMLResponse'- { _arwsamlrsAudience :: !(Maybe Text)- , _arwsamlrsSubject :: !(Maybe Text)+ { _arwsamlrsSubject :: !(Maybe Text)+ , _arwsamlrsAudience :: !(Maybe Text) , _arwsamlrsPackedPolicySize :: !(Maybe Nat) , _arwsamlrsCredentials :: !(Maybe Credentials) , _arwsamlrsSubjectType :: !(Maybe Text) , _arwsamlrsNameQualifier :: !(Maybe Text) , _arwsamlrsAssumedRoleUser :: !(Maybe AssumedRoleUser) , _arwsamlrsIssuer :: !(Maybe Text)- , _arwsamlrsStatus :: !Int+ , _arwsamlrsResponseStatus :: !Int } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'AssumeRoleWithSAMLResponse' with the minimum fields required to make a request. -- -- Use one of the following lenses to modify other fields as desired: ----- * 'arwsamlrsAudience'--- -- * 'arwsamlrsSubject' --+-- * 'arwsamlrsAudience'+-- -- * 'arwsamlrsPackedPolicySize' -- -- * 'arwsamlrsCredentials'@@ -262,33 +262,33 @@ -- -- * 'arwsamlrsIssuer' ----- * 'arwsamlrsStatus'+-- * 'arwsamlrsResponseStatus' assumeRoleWithSAMLResponse- :: Int -- ^ 'arwsamlrsStatus'+ :: Int -- ^ 'arwsamlrsResponseStatus' -> AssumeRoleWithSAMLResponse-assumeRoleWithSAMLResponse pStatus_ =+assumeRoleWithSAMLResponse pResponseStatus_ = AssumeRoleWithSAMLResponse'- { _arwsamlrsAudience = Nothing- , _arwsamlrsSubject = Nothing+ { _arwsamlrsSubject = Nothing+ , _arwsamlrsAudience = Nothing , _arwsamlrsPackedPolicySize = Nothing , _arwsamlrsCredentials = Nothing , _arwsamlrsSubjectType = Nothing , _arwsamlrsNameQualifier = Nothing , _arwsamlrsAssumedRoleUser = Nothing , _arwsamlrsIssuer = Nothing- , _arwsamlrsStatus = pStatus_+ , _arwsamlrsResponseStatus = pResponseStatus_ } --- | The value of the 'Recipient' attribute of the 'SubjectConfirmationData'--- element of the SAML assertion.-arwsamlrsAudience :: Lens' AssumeRoleWithSAMLResponse (Maybe Text)-arwsamlrsAudience = lens _arwsamlrsAudience (\ s a -> s{_arwsamlrsAudience = a});- -- | The value of the 'NameID' element in the 'Subject' element of the SAML -- assertion. arwsamlrsSubject :: Lens' AssumeRoleWithSAMLResponse (Maybe Text) arwsamlrsSubject = lens _arwsamlrsSubject (\ s a -> s{_arwsamlrsSubject = a}); +-- | The value of the 'Recipient' attribute of the 'SubjectConfirmationData'+-- element of the SAML assertion.+arwsamlrsAudience :: Lens' AssumeRoleWithSAMLResponse (Maybe Text)+arwsamlrsAudience = lens _arwsamlrsAudience (\ s a -> s{_arwsamlrsAudience = a});+ -- | A percentage value that indicates the size of the policy in packed form. -- The service rejects any policy with a packed size greater than 100 -- percent, which means the policy exceeded the allowed space.@@ -331,5 +331,5 @@ arwsamlrsIssuer = lens _arwsamlrsIssuer (\ s a -> s{_arwsamlrsIssuer = a}); -- | The response status code.-arwsamlrsStatus :: Lens' AssumeRoleWithSAMLResponse Int-arwsamlrsStatus = lens _arwsamlrsStatus (\ s a -> s{_arwsamlrsStatus = a});+arwsamlrsResponseStatus :: Lens' AssumeRoleWithSAMLResponse Int+arwsamlrsResponseStatus = lens _arwsamlrsResponseStatus (\ s a -> s{_arwsamlrsResponseStatus = a});
gen/Network/AWS/STS/AssumeRoleWithWebIdentity.hs view
@@ -118,7 +118,7 @@ , arwwirsCredentials , arwwirsAssumedRoleUser , arwwirsProvider- , arwwirsStatus+ , arwwirsResponseStatus ) where import Network.AWS.Prelude@@ -272,7 +272,7 @@ , _arwwirsCredentials :: !(Maybe Credentials) , _arwwirsAssumedRoleUser :: !(Maybe AssumedRoleUser) , _arwwirsProvider :: !(Maybe Text)- , _arwwirsStatus :: !Int+ , _arwwirsResponseStatus :: !Int } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'AssumeRoleWithWebIdentityResponse' with the minimum fields required to make a request.@@ -291,11 +291,11 @@ -- -- * 'arwwirsProvider' ----- * 'arwwirsStatus'+-- * 'arwwirsResponseStatus' assumeRoleWithWebIdentityResponse- :: Int -- ^ 'arwwirsStatus'+ :: Int -- ^ 'arwwirsResponseStatus' -> AssumeRoleWithWebIdentityResponse-assumeRoleWithWebIdentityResponse pStatus_ =+assumeRoleWithWebIdentityResponse pResponseStatus_ = AssumeRoleWithWebIdentityResponse' { _arwwirsAudience = Nothing , _arwwirsSubjectFromWebIdentityToken = Nothing@@ -303,7 +303,7 @@ , _arwwirsCredentials = Nothing , _arwwirsAssumedRoleUser = Nothing , _arwwirsProvider = Nothing- , _arwwirsStatus = pStatus_+ , _arwwirsResponseStatus = pResponseStatus_ } -- | The intended audience (also known as client ID) of the web identity@@ -350,5 +350,5 @@ arwwirsProvider = lens _arwwirsProvider (\ s a -> s{_arwwirsProvider = a}); -- | The response status code.-arwwirsStatus :: Lens' AssumeRoleWithWebIdentityResponse Int-arwwirsStatus = lens _arwwirsStatus (\ s a -> s{_arwwirsStatus = a});+arwwirsResponseStatus :: Lens' AssumeRoleWithWebIdentityResponse Int+arwwirsResponseStatus = lens _arwwirsResponseStatus (\ s a -> s{_arwwirsResponseStatus = a});
gen/Network/AWS/STS/DecodeAuthorizationMessage.hs view
@@ -62,7 +62,7 @@ , DecodeAuthorizationMessageResponse -- * Response Lenses , damrsDecodedMessage- , damrsStatus+ , damrsResponseStatus ) where import Network.AWS.Prelude@@ -125,7 +125,7 @@ -- /See:/ 'decodeAuthorizationMessageResponse' smart constructor. data DecodeAuthorizationMessageResponse = DecodeAuthorizationMessageResponse' { _damrsDecodedMessage :: !(Maybe Text)- , _damrsStatus :: !Int+ , _damrsResponseStatus :: !Int } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'DecodeAuthorizationMessageResponse' with the minimum fields required to make a request.@@ -134,14 +134,14 @@ -- -- * 'damrsDecodedMessage' ----- * 'damrsStatus'+-- * 'damrsResponseStatus' decodeAuthorizationMessageResponse- :: Int -- ^ 'damrsStatus'+ :: Int -- ^ 'damrsResponseStatus' -> DecodeAuthorizationMessageResponse-decodeAuthorizationMessageResponse pStatus_ =+decodeAuthorizationMessageResponse pResponseStatus_ = DecodeAuthorizationMessageResponse' { _damrsDecodedMessage = Nothing- , _damrsStatus = pStatus_+ , _damrsResponseStatus = pResponseStatus_ } -- | An XML document that contains the decoded message. For more information,@@ -150,5 +150,5 @@ damrsDecodedMessage = lens _damrsDecodedMessage (\ s a -> s{_damrsDecodedMessage = a}); -- | The response status code.-damrsStatus :: Lens' DecodeAuthorizationMessageResponse Int-damrsStatus = lens _damrsStatus (\ s a -> s{_damrsStatus = a});+damrsResponseStatus :: Lens' DecodeAuthorizationMessageResponse Int+damrsResponseStatus = lens _damrsResponseStatus (\ s a -> s{_damrsResponseStatus = a});
gen/Network/AWS/STS/GetFederationToken.hs view
@@ -108,7 +108,7 @@ , gftrsPackedPolicySize , gftrsCredentials , gftrsFederatedUser- , gftrsStatus+ , gftrsResponseStatus ) where import Network.AWS.Prelude@@ -223,7 +223,7 @@ { _gftrsPackedPolicySize :: !(Maybe Nat) , _gftrsCredentials :: !(Maybe Credentials) , _gftrsFederatedUser :: !(Maybe FederatedUser)- , _gftrsStatus :: !Int+ , _gftrsResponseStatus :: !Int } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'GetFederationTokenResponse' with the minimum fields required to make a request.@@ -236,16 +236,16 @@ -- -- * 'gftrsFederatedUser' ----- * 'gftrsStatus'+-- * 'gftrsResponseStatus' getFederationTokenResponse- :: Int -- ^ 'gftrsStatus'+ :: Int -- ^ 'gftrsResponseStatus' -> GetFederationTokenResponse-getFederationTokenResponse pStatus_ =+getFederationTokenResponse pResponseStatus_ = GetFederationTokenResponse' { _gftrsPackedPolicySize = Nothing , _gftrsCredentials = Nothing , _gftrsFederatedUser = Nothing- , _gftrsStatus = pStatus_+ , _gftrsResponseStatus = pResponseStatus_ } -- | A percentage value indicating the size of the policy in packed form. The@@ -266,5 +266,5 @@ gftrsFederatedUser = lens _gftrsFederatedUser (\ s a -> s{_gftrsFederatedUser = a}); -- | The response status code.-gftrsStatus :: Lens' GetFederationTokenResponse Int-gftrsStatus = lens _gftrsStatus (\ s a -> s{_gftrsStatus = a});+gftrsResponseStatus :: Lens' GetFederationTokenResponse Int+gftrsResponseStatus = lens _gftrsResponseStatus (\ s a -> s{_gftrsResponseStatus = a});
gen/Network/AWS/STS/GetSessionToken.hs view
@@ -69,7 +69,7 @@ , GetSessionTokenResponse -- * Response Lenses , gstrsCredentials- , gstrsStatus+ , gstrsResponseStatus ) where import Network.AWS.Prelude@@ -161,8 +161,8 @@ -- -- /See:/ 'getSessionTokenResponse' smart constructor. data GetSessionTokenResponse = GetSessionTokenResponse'- { _gstrsCredentials :: !(Maybe Credentials)- , _gstrsStatus :: !Int+ { _gstrsCredentials :: !(Maybe Credentials)+ , _gstrsResponseStatus :: !Int } deriving (Eq,Read,Show,Data,Typeable,Generic) -- | Creates a value of 'GetSessionTokenResponse' with the minimum fields required to make a request.@@ -171,14 +171,14 @@ -- -- * 'gstrsCredentials' ----- * 'gstrsStatus'+-- * 'gstrsResponseStatus' getSessionTokenResponse- :: Int -- ^ 'gstrsStatus'+ :: Int -- ^ 'gstrsResponseStatus' -> GetSessionTokenResponse-getSessionTokenResponse pStatus_ =+getSessionTokenResponse pResponseStatus_ = GetSessionTokenResponse' { _gstrsCredentials = Nothing- , _gstrsStatus = pStatus_+ , _gstrsResponseStatus = pResponseStatus_ } -- | The session credentials for API authentication.@@ -186,5 +186,5 @@ gstrsCredentials = lens _gstrsCredentials (\ s a -> s{_gstrsCredentials = a}); -- | The response status code.-gstrsStatus :: Lens' GetSessionTokenResponse Int-gstrsStatus = lens _gstrsStatus (\ s a -> s{_gstrsStatus = a});+gstrsResponseStatus :: Lens' GetSessionTokenResponse Int+gstrsResponseStatus = lens _gstrsResponseStatus (\ s a -> s{_gstrsResponseStatus = a});
gen/Network/AWS/STS/Types.hs view
@@ -17,11 +17,11 @@ -- * Errors , _MalformedPolicyDocumentException- , _PackedPolicyTooLargeException , _InvalidAuthorizationMessageException+ , _PackedPolicyTooLargeException , _IdPCommunicationErrorException- , _ExpiredTokenException , _InvalidIdentityTokenException+ , _ExpiredTokenException , _IdPRejectedClaimException -- * AssumedRoleUser@@ -87,13 +87,6 @@ _MalformedPolicyDocumentException = _ServiceError . hasStatus 400 . hasCode "MalformedPolicyDocument" --- | The request was rejected because the policy document was too large. The--- error message describes how big the policy document is, in packed form,--- as a percentage of what the API allows.-_PackedPolicyTooLargeException :: AsError a => Getting (First ServiceError) a ServiceError-_PackedPolicyTooLargeException =- _ServiceError . hasStatus 400 . hasCode "PackedPolicyTooLarge"- -- | The error returned if the message passed to 'DecodeAuthorizationMessage' -- was invalid. This can happen if the token contains invalid characters, -- such as linebreaks.@@ -102,6 +95,13 @@ _ServiceError . hasStatus 400 . hasCode "InvalidAuthorizationMessageException" +-- | The request was rejected because the policy document was too large. The+-- error message describes how big the policy document is, in packed form,+-- as a percentage of what the API allows.+_PackedPolicyTooLargeException :: AsError a => Getting (First ServiceError) a ServiceError+_PackedPolicyTooLargeException =+ _ServiceError . hasStatus 400 . hasCode "PackedPolicyTooLarge"+ -- | The request could not be fulfilled because the non-AWS identity provider -- (IDP) that was asked to verify the incoming identity token could not be -- reached. This is often a transient error caused by network conditions.@@ -112,19 +112,19 @@ _IdPCommunicationErrorException = _ServiceError . hasStatus 400 . hasCode "IDPCommunicationError" --- | The web identity token that was passed is expired or is not valid. Get a--- new identity token from the identity provider and then retry the--- request.-_ExpiredTokenException :: AsError a => Getting (First ServiceError) a ServiceError-_ExpiredTokenException =- _ServiceError . hasStatus 400 . hasCode "ExpiredTokenException"- -- | The web identity token that was passed could not be validated by AWS. -- Get a new identity token from the identity provider and then retry the -- request. _InvalidIdentityTokenException :: AsError a => Getting (First ServiceError) a ServiceError _InvalidIdentityTokenException = _ServiceError . hasStatus 400 . hasCode "InvalidIdentityToken"++-- | The web identity token that was passed is expired or is not valid. Get a+-- new identity token from the identity provider and then retry the+-- request.+_ExpiredTokenException :: AsError a => Getting (First ServiceError) a ServiceError+_ExpiredTokenException =+ _ServiceError . hasStatus 400 . hasCode "ExpiredTokenException" -- | The identity provider (IdP) reported that authentication failed. This -- might be because the claim is invalid.