amazonka-sts 1.3.5 → 1.3.6
raw patch · 9 files changed
+63/−58 lines, 9 filesdep ~amazonka-coredep ~amazonka-stsdep ~amazonka-testPVP ok
version bump matches the API change (PVP)
Dependency ranges changed: amazonka-core, amazonka-sts, amazonka-test
API changes (from Hackage documentation)
Files
- README.md +6/−6
- amazonka-sts.cabal +10/−10
- gen/Network/AWS/STS.hs +5/−5
- gen/Network/AWS/STS/AssumeRole.hs +10/−10
- gen/Network/AWS/STS/AssumeRoleWithSAML.hs +13/−12
- gen/Network/AWS/STS/AssumeRoleWithWebIdentity.hs +6/−4
- gen/Network/AWS/STS/DecodeAuthorizationMessage.hs +2/−2
- gen/Network/AWS/STS/GetFederationToken.hs +6/−6
- gen/Network/AWS/STS/GetSessionToken.hs +5/−3
README.md view
@@ -8,7 +8,7 @@ ## Version -`1.3.5`+`1.3.6` ## Description@@ -20,7 +20,7 @@ Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the STS API. For more detailed information about using this service, go to-<http://docs.aws.amazon.com/STS/latest/UsingSTS/Welcome.html Using Temporary Security Credentials>.+<http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html Temporary Security Credentials>. As an alternative to using the API, you can use one of the AWS SDKs, which consist of libraries and sample code for various programming@@ -39,8 +39,8 @@ <http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html Making Query Requests> in /Using IAM/. For information about using security tokens with other AWS products, go to-<http://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html Using Temporary Security Credentials to Access AWS>-in /Using Temporary Security Credentials/.+<http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html AWS Services That Work with IAM>+in the /Using IAM/. If you\'re new to AWS and need additional technical information about a specific AWS product, you can find the product\'s technical@@ -53,8 +53,8 @@ region. Additional regions are available, but must first be activated in the AWS Management Console before you can use a different region\'s endpoint. For more information about activating a region for STS see-<http://docs.aws.amazon.com/STS/latest/UsingSTS/sts-enableregions.html Activating STS in a New Region>-in the /Using Temporary Security Credentials/ guide.+<http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html Activating STS in a New Region>+in the /Using IAM/. For information about STS endpoints, see <http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region Regions and Endpoints>
amazonka-sts.cabal view
@@ -1,5 +1,5 @@ name: amazonka-sts-version: 1.3.5+version: 1.3.6 synopsis: Amazon Security Token Service SDK. homepage: https://github.com/brendanhay/amazonka bug-reports: https://github.com/brendanhay/amazonka/issues@@ -20,7 +20,7 @@ Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the STS API. For more detailed information about using this service, go to- <http://docs.aws.amazon.com/STS/latest/UsingSTS/Welcome.html Using Temporary Security Credentials>.+ <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html Temporary Security Credentials>. As an alternative to using the API, you can use one of the AWS SDKs, which consist of libraries and sample code for various programming@@ -39,8 +39,8 @@ <http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html Making Query Requests> in /Using IAM/. For information about using security tokens with other AWS products, go to- <http://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html Using Temporary Security Credentials to Access AWS>- in /Using Temporary Security Credentials/.+ <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html AWS Services That Work with IAM>+ in the /Using IAM/. If you\'re new to AWS and need additional technical information about a specific AWS product, you can find the product\'s technical@@ -53,8 +53,8 @@ region. Additional regions are available, but must first be activated in the AWS Management Console before you can use a different region\'s endpoint. For more information about activating a region for STS see- <http://docs.aws.amazon.com/STS/latest/UsingSTS/sts-enableregions.html Activating STS in a New Region>- in the /Using Temporary Security Credentials/ guide.+ <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html Activating STS in a New Region>+ in the /Using IAM/. For information about STS endpoints, see <http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region Regions and Endpoints>@@ -110,7 +110,7 @@ , Network.AWS.STS.Types.Sum build-depends:- amazonka-core == 1.3.5.*+ amazonka-core == 1.3.6.* , base >= 4.7 && < 5 test-suite amazonka-sts-test@@ -130,9 +130,9 @@ , Test.AWS.STS.Internal build-depends:- amazonka-core == 1.3.5.*- , amazonka-test == 1.3.5.*- , amazonka-sts == 1.3.5.*+ amazonka-core == 1.3.6.*+ , amazonka-test == 1.3.6.*+ , amazonka-sts == 1.3.6.* , base , bytestring , lens
gen/Network/AWS/STS.hs view
@@ -18,7 +18,7 @@ -- Access Management (IAM) users or for users that you authenticate -- (federated users). This guide provides descriptions of the STS API. For -- more detailed information about using this service, go to--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/Welcome.html Using Temporary Security Credentials>.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html Temporary Security Credentials>. -- -- As an alternative to using the API, you can use one of the AWS SDKs, -- which consist of libraries and sample code for various programming@@ -37,8 +37,8 @@ -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html Making Query Requests> -- in /Using IAM/. For information about using security tokens with other -- AWS products, go to--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/UsingTokens.html Using Temporary Security Credentials to Access AWS>--- in /Using Temporary Security Credentials/.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html AWS Services That Work with IAM>+-- in the /Using IAM/. -- -- If you\'re new to AWS and need additional technical information about a -- specific AWS product, you can find the product\'s technical@@ -51,8 +51,8 @@ -- region. Additional regions are available, but must first be activated in -- the AWS Management Console before you can use a different region\'s -- endpoint. For more information about activating a region for STS see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/sts-enableregions.html Activating STS in a New Region>--- in the /Using Temporary Security Credentials/ guide.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html Activating STS in a New Region>+-- in the /Using IAM/. -- -- For information about STS endpoints, see -- <http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region Regions and Endpoints>
gen/Network/AWS/STS/AssumeRole.hs view
@@ -36,7 +36,7 @@ -- to access all the other accounts by assuming roles in those accounts. -- For more information about roles, see -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html IAM Roles (Delegation and Federation)>--- in /Using IAM/.+-- in the /Using IAM/. -- -- For federation, you can, for example, grant single sign-on access to the -- AWS Management Console. If you already have an identity and@@ -47,8 +47,8 @@ -- get temporary security credentials for that user. With those temporary -- security credentials, you construct a sign-in URL that users can use to -- access the console. For more information, see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/STSUseCases.html Scenarios for Granting Temporary Access>--- in /Using Temporary Security Credentials/.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html#sts-introduction Common Scenarios for Temporary Credentials>+-- in the /Using IAM/. -- -- The temporary security credentials are valid for the duration that you -- specified when calling 'AssumeRole', which can be from 900 seconds (15@@ -66,8 +66,8 @@ -- policy to grant permissions that are in excess of those allowed by the -- access policy of the role that is being assumed. For more information, -- see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/permissions-assume-role.html Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity>--- in /Using Temporary Security Credentials/.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity>+-- in the /Using IAM/. -- -- To assume a role, your AWS account must be trusted by the role. The -- trust relationship is defined in the role\'s trust policy when the role@@ -90,7 +90,7 @@ -- -- For more information, see -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html Configuring MFA-Protected API Access>--- in /Using IAM/ guide.+-- in the /Using IAM/ guide. -- -- To use MFA with 'AssumeRole', you pass values for the 'SerialNumber' and -- 'TokenCode' parameters. The 'SerialNumber' value identifies the user\'s@@ -195,8 +195,8 @@ -- security credentials. You cannot use the passed policy to grant -- permissions that are in excess of those allowed by the access policy of -- the role that is being assumed. For more information, see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/permissions-assume-role.html Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity>--- in /Using Temporary Security Credentials/.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity>+-- in the /Using IAM/. -- -- The policy plain text must be 2048 bytes or shorter. However, an -- internal conversion compresses it into a packed binary format with a@@ -214,8 +214,8 @@ -- external ID. The external ID is useful in order to help third parties -- bind a role to the customer who created it. For more information about -- the external ID, see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/sts-delegating-externalid.html How to Use External ID When Granting Access to Your AWS Resources>--- in /Using Temporary Security Credentials/.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html How to Use an External ID When Granting Access to Your AWS Resources to a Third Party>+-- in the /Using IAM/. arExternalId :: Lens' AssumeRole (Maybe Text) arExternalId = lens _arExternalId (\ s a -> s{_arExternalId = a});
gen/Network/AWS/STS/AssumeRoleWithSAML.hs view
@@ -47,8 +47,8 @@ -- policy to grant permissions that are in excess of those allowed by the -- access policy of the role that is being assumed. For more information, -- see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/permissions-assume-role.html Permissions for AssumeRoleWithSAML>--- in /Using Temporary Security Credentials/.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity>+-- in the /Using IAM/. -- -- Before your application can call 'AssumeRoleWithSAML', you must -- configure your SAML identity provider (IdP) to issue the claims required@@ -64,13 +64,14 @@ -- -- For more information, see the following resources: ----- - <http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSAML.html Creating Temporary Security Credentials for SAML Federation>.--- - <http://docs.aws.amazon.com/IAM/latest/UserGuide/idp-managing-identityproviders.html SAML Providers>--- in /Using IAM/.--- - <http://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html Configuring a Relying Party and Claims>--- in /Using IAM/.--- - <http://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml.html Creating a Role for SAML-Based Federation>--- in /Using IAM/.+-- - <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html About SAML 2.0-based Federation>+-- in the /Using IAM/.+-- - <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html Creating SAML Identity Providers>+-- in the /Using IAM/.+-- - <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html Configuring a Relying Party and Claims>+-- in the /Using IAM/.+-- - <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html Creating a Role for SAML 2.0 Federation>+-- in the /Using IAM/. -- -- /See:/ <http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html AWS API Reference> for AssumeRoleWithSAML. module Network.AWS.STS.AssumeRoleWithSAML@@ -162,9 +163,9 @@ -- way to further restrict the permissions for the resulting temporary -- security credentials. You cannot use the passed policy to grant -- permissions that are in excess of those allowed by the access policy of--- the role that is being assumed. For more information, see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/permissions-assume-role.html Permissions for AssumeRoleWithSAML>--- in /Using Temporary Security Credentials/.+-- the role that is being assumed. For more information,+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity>+-- in the /Using IAM/. -- -- The policy plain text must be 2048 bytes or shorter. However, an -- internal conversion compresses it into a packed binary format with a
gen/Network/AWS/STS/AssumeRoleWithWebIdentity.hs view
@@ -64,7 +64,8 @@ -- policy to grant permissions that are in excess of those allowed by the -- access policy of the role that is being assumed. For more information, -- see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/permissions-assume-role.html Permissions for AssumeRoleWithWebIdentity>.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity>+-- in the /Using IAM/. -- -- Before your application can call 'AssumeRoleWithWebIdentity', you must -- have an identity token from a supported identity provider and create a@@ -76,9 +77,9 @@ -- For more information about how to use web identity federation and the -- 'AssumeRoleWithWebIdentity' API, see the following resources: ----- - <http://docs.aws.amazon.com/STS/latest/UsingSTS/STSUseCases.html#MobileApplication-KnownProvider Creating a Mobile Application with Third-Party Sign-In>+-- - <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual Using Web Identity Federation APIs for Mobile Apps> -- and--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingWIF.html Creating Temporary Security Credentials for Mobile Apps Using Third-Party Identity Providers>.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity Federation Through a Web-based Identity Provider>. -- - <https://web-identity-federation-playground.s3.amazonaws.com/index.html Web Identity Federation Playground>. -- This interactive website lets you walk through the process of -- authenticating via Login with Amazon, Facebook, or Google, getting@@ -195,7 +196,8 @@ -- security credentials. You cannot use the passed policy to grant -- permissions that are in excess of those allowed by the access policy of -- the role that is being assumed. For more information, see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/permissions-assume-role.html Permissions for AssumeRoleWithWebIdentity>.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html Permissions for AssumeRoleWithWebIdentity>+-- in the /Using IAM/. -- -- The policy plain text must be 2048 bytes or shorter. However, an -- internal conversion compresses it into a packed binary format with a
gen/Network/AWS/STS/DecodeAuthorizationMessage.hs view
@@ -41,8 +41,8 @@ -- -- - Whether the request was denied due to an explicit deny or due to the -- absence of an explicit allow. For more information, see--- <http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_EvaluationLogic.html#policy-eval-denyallow Determining Whether a Request is Allowed or Denied>--- in /Using IAM/.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow Determining Whether a Request is Allowed or Denied>+-- in the /Using IAM/. -- - The principal who made the request. -- - The requested action. -- - The requested resource.
gen/Network/AWS/STS/GetFederationToken.hs view
@@ -32,7 +32,7 @@ -- Facebook, Google, or an OpenID Connect-compatible identity provider, we -- recommend that you use <http://aws.amazon.com/cognito/ Amazon Cognito> -- or 'AssumeRoleWithWebIdentity'. For more information, see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingWIF.html Creating Temporary Security Credentials for Mobile Apps Using Identity Providers>.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity Federation Through a Web-based Identity Provider>. -- -- The 'GetFederationToken' action must be called by using the long-term -- AWS security credentials of an IAM user. You can also call@@ -41,8 +41,8 @@ -- create an IAM user for the purpose of the proxy application and then -- attach a policy to the IAM user that limits federated users to only the -- actions and resources they need access to. For more information, see--- <http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html IAM Best Practices>--- in /Using IAM/.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html IAM Best Practices>+-- in the /Using IAM/. -- -- The temporary security credentials that are obtained by using the -- long-term credentials of an IAM user are valid for the specified@@ -85,10 +85,10 @@ -- to access the resource. -- -- For more information about how permissions work, see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/permissions-get-federation-token.html Permissions for GetFederationToken>.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getfederationtoken.html Permissions for GetFederationToken>. -- For information about using 'GetFederationToken' to create temporary -- security credentials, see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingFedTokens.html Creating Temporary Credentials to Enable Access for Federated Users>.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken GetFederationToken—Federation Through a Custom Identity Broker>. -- -- /See:/ <http://docs.aws.amazon.com/STS/latest/APIReference/API_GetFederationToken.html AWS API Reference> for GetFederationToken. module Network.AWS.STS.GetFederationToken@@ -177,7 +177,7 @@ -- equaling the maximum allowed size. -- -- For more information about how permissions work, see--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/permissions-get-federation-token.html Permissions for GetFederationToken>.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getfederationtoken.html Permissions for GetFederationToken>. gftPolicy :: Lens' GetFederationToken (Maybe Text) gftPolicy = lens _gftPolicy (\ s a -> s{_gftPolicy = a});
gen/Network/AWS/STS/GetSessionToken.hs view
@@ -26,7 +26,8 @@ -- 'GetSessionToken' and submit an MFA code that is associated with their -- MFA device. Using the temporary security credentials that are returned -- from the call, IAM users can then make programmatic calls to APIs that--- require MFA authentication.+-- require MFA authentication. If you do not supply a correct MFA code,+-- then the API returns an access denied error. -- -- The 'GetSessionToken' action must be called by using the long-term AWS -- security credentials of the AWS account or an IAM user. Credentials that@@ -37,7 +38,7 @@ -- -- We recommend that you do not call 'GetSessionToken' with root account -- credentials. Instead, follow our--- <http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html#create-iam-users best practices>+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users best practices> -- by creating one or more IAM users, giving them the necessary -- permissions, and using IAM users for everyday interaction with AWS. --@@ -51,7 +52,8 @@ -- -- For more information about using 'GetSessionToken' to create temporary -- credentials, go to--- <http://docs.aws.amazon.com/STS/latest/UsingSTS/CreatingSessionTokens.html Creating Temporary Credentials to Enable Access for IAM Users>.+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken Temporary Credentials for Users in Untrusted Environments>+-- in the /Using IAM/. -- -- /See:/ <http://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html AWS API Reference> for GetSessionToken. module Network.AWS.STS.GetSessionToken