packages feed

amazonka-sts 1.4.0 → 1.4.1

raw patch · 15 files changed

+432/−78 lines, 15 filesdep ~amazonka-coredep ~amazonka-stsdep ~amazonka-testPVP: major bump suggested

API removals or changes: PVP suggests a major version bump

Dependency ranges changed: amazonka-core, amazonka-sts, amazonka-test

API changes (from Hackage documentation)

- Network.AWS.STS.AssumeRole: instance GHC.Generics.Constructor Network.AWS.STS.AssumeRole.C1_0AssumeRole
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Constructor Network.AWS.STS.AssumeRole.C1_0AssumeRoleResponse
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Datatype Network.AWS.STS.AssumeRole.D1AssumeRole
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Datatype Network.AWS.STS.AssumeRole.D1AssumeRoleResponse
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Selector Network.AWS.STS.AssumeRole.S1_0_0AssumeRole
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Selector Network.AWS.STS.AssumeRole.S1_0_0AssumeRoleResponse
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Selector Network.AWS.STS.AssumeRole.S1_0_1AssumeRole
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Selector Network.AWS.STS.AssumeRole.S1_0_1AssumeRoleResponse
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Selector Network.AWS.STS.AssumeRole.S1_0_2AssumeRole
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Selector Network.AWS.STS.AssumeRole.S1_0_2AssumeRoleResponse
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Selector Network.AWS.STS.AssumeRole.S1_0_3AssumeRole
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Selector Network.AWS.STS.AssumeRole.S1_0_3AssumeRoleResponse
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Selector Network.AWS.STS.AssumeRole.S1_0_4AssumeRole
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Selector Network.AWS.STS.AssumeRole.S1_0_5AssumeRole
- Network.AWS.STS.AssumeRole: instance GHC.Generics.Selector Network.AWS.STS.AssumeRole.S1_0_6AssumeRole
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Constructor Network.AWS.STS.AssumeRoleWithSAML.C1_0AssumeRoleWithSAML
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Constructor Network.AWS.STS.AssumeRoleWithSAML.C1_0AssumeRoleWithSAMLResponse
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Datatype Network.AWS.STS.AssumeRoleWithSAML.D1AssumeRoleWithSAML
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Datatype Network.AWS.STS.AssumeRoleWithSAML.D1AssumeRoleWithSAMLResponse
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_0AssumeRoleWithSAML
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_0AssumeRoleWithSAMLResponse
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_1AssumeRoleWithSAML
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_1AssumeRoleWithSAMLResponse
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_2AssumeRoleWithSAML
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_2AssumeRoleWithSAMLResponse
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_3AssumeRoleWithSAML
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_3AssumeRoleWithSAMLResponse
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_4AssumeRoleWithSAML
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_4AssumeRoleWithSAMLResponse
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_5AssumeRoleWithSAMLResponse
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_6AssumeRoleWithSAMLResponse
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_7AssumeRoleWithSAMLResponse
- Network.AWS.STS.AssumeRoleWithSAML: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithSAML.S1_0_8AssumeRoleWithSAMLResponse
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Constructor Network.AWS.STS.AssumeRoleWithWebIdentity.C1_0AssumeRoleWithWebIdentity
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Constructor Network.AWS.STS.AssumeRoleWithWebIdentity.C1_0AssumeRoleWithWebIdentityResponse
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Datatype Network.AWS.STS.AssumeRoleWithWebIdentity.D1AssumeRoleWithWebIdentity
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Datatype Network.AWS.STS.AssumeRoleWithWebIdentity.D1AssumeRoleWithWebIdentityResponse
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithWebIdentity.S1_0_0AssumeRoleWithWebIdentity
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithWebIdentity.S1_0_0AssumeRoleWithWebIdentityResponse
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithWebIdentity.S1_0_1AssumeRoleWithWebIdentity
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithWebIdentity.S1_0_1AssumeRoleWithWebIdentityResponse
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithWebIdentity.S1_0_2AssumeRoleWithWebIdentity
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithWebIdentity.S1_0_2AssumeRoleWithWebIdentityResponse
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithWebIdentity.S1_0_3AssumeRoleWithWebIdentity
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithWebIdentity.S1_0_3AssumeRoleWithWebIdentityResponse
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithWebIdentity.S1_0_4AssumeRoleWithWebIdentity
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithWebIdentity.S1_0_4AssumeRoleWithWebIdentityResponse
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithWebIdentity.S1_0_5AssumeRoleWithWebIdentity
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithWebIdentity.S1_0_5AssumeRoleWithWebIdentityResponse
- Network.AWS.STS.AssumeRoleWithWebIdentity: instance GHC.Generics.Selector Network.AWS.STS.AssumeRoleWithWebIdentity.S1_0_6AssumeRoleWithWebIdentityResponse
- Network.AWS.STS.DecodeAuthorizationMessage: instance GHC.Generics.Constructor Network.AWS.STS.DecodeAuthorizationMessage.C1_0DecodeAuthorizationMessage
- Network.AWS.STS.DecodeAuthorizationMessage: instance GHC.Generics.Constructor Network.AWS.STS.DecodeAuthorizationMessage.C1_0DecodeAuthorizationMessageResponse
- Network.AWS.STS.DecodeAuthorizationMessage: instance GHC.Generics.Datatype Network.AWS.STS.DecodeAuthorizationMessage.D1DecodeAuthorizationMessage
- Network.AWS.STS.DecodeAuthorizationMessage: instance GHC.Generics.Datatype Network.AWS.STS.DecodeAuthorizationMessage.D1DecodeAuthorizationMessageResponse
- Network.AWS.STS.DecodeAuthorizationMessage: instance GHC.Generics.Selector Network.AWS.STS.DecodeAuthorizationMessage.S1_0_0DecodeAuthorizationMessage
- Network.AWS.STS.DecodeAuthorizationMessage: instance GHC.Generics.Selector Network.AWS.STS.DecodeAuthorizationMessage.S1_0_0DecodeAuthorizationMessageResponse
- Network.AWS.STS.DecodeAuthorizationMessage: instance GHC.Generics.Selector Network.AWS.STS.DecodeAuthorizationMessage.S1_0_1DecodeAuthorizationMessageResponse
- Network.AWS.STS.GetFederationToken: instance GHC.Generics.Constructor Network.AWS.STS.GetFederationToken.C1_0GetFederationToken
- Network.AWS.STS.GetFederationToken: instance GHC.Generics.Constructor Network.AWS.STS.GetFederationToken.C1_0GetFederationTokenResponse
- Network.AWS.STS.GetFederationToken: instance GHC.Generics.Datatype Network.AWS.STS.GetFederationToken.D1GetFederationToken
- Network.AWS.STS.GetFederationToken: instance GHC.Generics.Datatype Network.AWS.STS.GetFederationToken.D1GetFederationTokenResponse
- Network.AWS.STS.GetFederationToken: instance GHC.Generics.Selector Network.AWS.STS.GetFederationToken.S1_0_0GetFederationToken
- Network.AWS.STS.GetFederationToken: instance GHC.Generics.Selector Network.AWS.STS.GetFederationToken.S1_0_0GetFederationTokenResponse
- Network.AWS.STS.GetFederationToken: instance GHC.Generics.Selector Network.AWS.STS.GetFederationToken.S1_0_1GetFederationToken
- Network.AWS.STS.GetFederationToken: instance GHC.Generics.Selector Network.AWS.STS.GetFederationToken.S1_0_1GetFederationTokenResponse
- Network.AWS.STS.GetFederationToken: instance GHC.Generics.Selector Network.AWS.STS.GetFederationToken.S1_0_2GetFederationToken
- Network.AWS.STS.GetFederationToken: instance GHC.Generics.Selector Network.AWS.STS.GetFederationToken.S1_0_2GetFederationTokenResponse
- Network.AWS.STS.GetFederationToken: instance GHC.Generics.Selector Network.AWS.STS.GetFederationToken.S1_0_3GetFederationTokenResponse
- Network.AWS.STS.GetSessionToken: instance GHC.Generics.Constructor Network.AWS.STS.GetSessionToken.C1_0GetSessionToken
- Network.AWS.STS.GetSessionToken: instance GHC.Generics.Constructor Network.AWS.STS.GetSessionToken.C1_0GetSessionTokenResponse
- Network.AWS.STS.GetSessionToken: instance GHC.Generics.Datatype Network.AWS.STS.GetSessionToken.D1GetSessionToken
- Network.AWS.STS.GetSessionToken: instance GHC.Generics.Datatype Network.AWS.STS.GetSessionToken.D1GetSessionTokenResponse
- Network.AWS.STS.GetSessionToken: instance GHC.Generics.Selector Network.AWS.STS.GetSessionToken.S1_0_0GetSessionToken
- Network.AWS.STS.GetSessionToken: instance GHC.Generics.Selector Network.AWS.STS.GetSessionToken.S1_0_0GetSessionTokenResponse
- Network.AWS.STS.GetSessionToken: instance GHC.Generics.Selector Network.AWS.STS.GetSessionToken.S1_0_1GetSessionToken
- Network.AWS.STS.GetSessionToken: instance GHC.Generics.Selector Network.AWS.STS.GetSessionToken.S1_0_1GetSessionTokenResponse
- Network.AWS.STS.GetSessionToken: instance GHC.Generics.Selector Network.AWS.STS.GetSessionToken.S1_0_2GetSessionToken
+ Network.AWS.STS.AssumeRole: instance Control.DeepSeq.NFData Network.AWS.STS.AssumeRole.AssumeRole
+ Network.AWS.STS.AssumeRole: instance Control.DeepSeq.NFData Network.AWS.STS.AssumeRole.AssumeRoleResponse
+ Network.AWS.STS.AssumeRoleWithSAML: instance Control.DeepSeq.NFData Network.AWS.STS.AssumeRoleWithSAML.AssumeRoleWithSAML
+ Network.AWS.STS.AssumeRoleWithSAML: instance Control.DeepSeq.NFData Network.AWS.STS.AssumeRoleWithSAML.AssumeRoleWithSAMLResponse
+ Network.AWS.STS.AssumeRoleWithWebIdentity: instance Control.DeepSeq.NFData Network.AWS.STS.AssumeRoleWithWebIdentity.AssumeRoleWithWebIdentity
+ Network.AWS.STS.AssumeRoleWithWebIdentity: instance Control.DeepSeq.NFData Network.AWS.STS.AssumeRoleWithWebIdentity.AssumeRoleWithWebIdentityResponse
+ Network.AWS.STS.DecodeAuthorizationMessage: instance Control.DeepSeq.NFData Network.AWS.STS.DecodeAuthorizationMessage.DecodeAuthorizationMessage
+ Network.AWS.STS.DecodeAuthorizationMessage: instance Control.DeepSeq.NFData Network.AWS.STS.DecodeAuthorizationMessage.DecodeAuthorizationMessageResponse
+ Network.AWS.STS.GetCallerIdentity: data GetCallerIdentity
+ Network.AWS.STS.GetCallerIdentity: data GetCallerIdentityResponse
+ Network.AWS.STS.GetCallerIdentity: gcirsARN :: Lens' GetCallerIdentityResponse (Maybe Text)
+ Network.AWS.STS.GetCallerIdentity: gcirsAccount :: Lens' GetCallerIdentityResponse (Maybe Text)
+ Network.AWS.STS.GetCallerIdentity: gcirsResponseStatus :: Lens' GetCallerIdentityResponse Int
+ Network.AWS.STS.GetCallerIdentity: gcirsUserId :: Lens' GetCallerIdentityResponse (Maybe Text)
+ Network.AWS.STS.GetCallerIdentity: getCallerIdentity :: GetCallerIdentity
+ Network.AWS.STS.GetCallerIdentity: getCallerIdentityResponse :: Int -> GetCallerIdentityResponse
+ Network.AWS.STS.GetCallerIdentity: instance Control.DeepSeq.NFData Network.AWS.STS.GetCallerIdentity.GetCallerIdentity
+ Network.AWS.STS.GetCallerIdentity: instance Control.DeepSeq.NFData Network.AWS.STS.GetCallerIdentity.GetCallerIdentityResponse
+ Network.AWS.STS.GetCallerIdentity: instance Data.Data.Data Network.AWS.STS.GetCallerIdentity.GetCallerIdentity
+ Network.AWS.STS.GetCallerIdentity: instance Data.Data.Data Network.AWS.STS.GetCallerIdentity.GetCallerIdentityResponse
+ Network.AWS.STS.GetCallerIdentity: instance Data.Hashable.Class.Hashable Network.AWS.STS.GetCallerIdentity.GetCallerIdentity
+ Network.AWS.STS.GetCallerIdentity: instance GHC.Classes.Eq Network.AWS.STS.GetCallerIdentity.GetCallerIdentity
+ Network.AWS.STS.GetCallerIdentity: instance GHC.Classes.Eq Network.AWS.STS.GetCallerIdentity.GetCallerIdentityResponse
+ Network.AWS.STS.GetCallerIdentity: instance GHC.Generics.Generic Network.AWS.STS.GetCallerIdentity.GetCallerIdentity
+ Network.AWS.STS.GetCallerIdentity: instance GHC.Generics.Generic Network.AWS.STS.GetCallerIdentity.GetCallerIdentityResponse
+ Network.AWS.STS.GetCallerIdentity: instance GHC.Read.Read Network.AWS.STS.GetCallerIdentity.GetCallerIdentity
+ Network.AWS.STS.GetCallerIdentity: instance GHC.Read.Read Network.AWS.STS.GetCallerIdentity.GetCallerIdentityResponse
+ Network.AWS.STS.GetCallerIdentity: instance GHC.Show.Show Network.AWS.STS.GetCallerIdentity.GetCallerIdentity
+ Network.AWS.STS.GetCallerIdentity: instance GHC.Show.Show Network.AWS.STS.GetCallerIdentity.GetCallerIdentityResponse
+ Network.AWS.STS.GetCallerIdentity: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.STS.GetCallerIdentity.GetCallerIdentity
+ Network.AWS.STS.GetCallerIdentity: instance Network.AWS.Data.Path.ToPath Network.AWS.STS.GetCallerIdentity.GetCallerIdentity
+ Network.AWS.STS.GetCallerIdentity: instance Network.AWS.Data.Query.ToQuery Network.AWS.STS.GetCallerIdentity.GetCallerIdentity
+ Network.AWS.STS.GetCallerIdentity: instance Network.AWS.Types.AWSRequest Network.AWS.STS.GetCallerIdentity.GetCallerIdentity
+ Network.AWS.STS.GetFederationToken: instance Control.DeepSeq.NFData Network.AWS.STS.GetFederationToken.GetFederationToken
+ Network.AWS.STS.GetFederationToken: instance Control.DeepSeq.NFData Network.AWS.STS.GetFederationToken.GetFederationTokenResponse
+ Network.AWS.STS.GetSessionToken: instance Control.DeepSeq.NFData Network.AWS.STS.GetSessionToken.GetSessionToken
+ Network.AWS.STS.GetSessionToken: instance Control.DeepSeq.NFData Network.AWS.STS.GetSessionToken.GetSessionTokenResponse

Files

README.md view
@@ -8,7 +8,7 @@  ## Version -`1.4.0`+`1.4.1`   ## Description@@ -40,7 +40,7 @@ in /Using IAM/. For information about using security tokens with other AWS products, go to <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html AWS Services That Work with IAM>-in the /Using IAM/.+in the /IAM User Guide/.  If you\'re new to AWS and need additional technical information about a specific AWS product, you can find the product\'s technical@@ -50,11 +50,10 @@  The AWS Security Token Service (STS) has a default endpoint of https:\/\/sts.amazonaws.com that maps to the US East (N. Virginia)-region. Additional regions are available, but must first be activated in-the AWS Management Console before you can use a different region\'s-endpoint. For more information about activating a region for STS see-<http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html Activating STS in a New Region>-in the /Using IAM/.+region. Additional regions are available and are activated by default.+For more information, see+<http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html Activating and Deactivating AWS STS in an AWS Region>+in the /IAM User Guide/.  For information about STS endpoints, see <http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region Regions and Endpoints>
amazonka-sts.cabal view
@@ -1,5 +1,5 @@ name:                  amazonka-sts-version:               1.4.0+version:               1.4.1 synopsis:              Amazon Security Token Service SDK. homepage:              https://github.com/brendanhay/amazonka bug-reports:           https://github.com/brendanhay/amazonka/issues@@ -40,7 +40,7 @@     in /Using IAM/. For information about using security tokens with other     AWS products, go to     <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html AWS Services That Work with IAM>-    in the /Using IAM/.+    in the /IAM User Guide/.      If you\'re new to AWS and need additional technical information about a     specific AWS product, you can find the product\'s technical@@ -50,11 +50,10 @@      The AWS Security Token Service (STS) has a default endpoint of     https:\/\/sts.amazonaws.com that maps to the US East (N. Virginia)-    region. Additional regions are available, but must first be activated in-    the AWS Management Console before you can use a different region\'s-    endpoint. For more information about activating a region for STS see-    <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html Activating STS in a New Region>-    in the /Using IAM/.+    region. Additional regions are available and are activated by default.+    For more information, see+    <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html Activating and Deactivating AWS STS in an AWS Region>+    in the /IAM User Guide/.      For information about STS endpoints, see     <http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region Regions and Endpoints>@@ -100,6 +99,7 @@         , Network.AWS.STS.AssumeRoleWithSAML         , Network.AWS.STS.AssumeRoleWithWebIdentity         , Network.AWS.STS.DecodeAuthorizationMessage+        , Network.AWS.STS.GetCallerIdentity         , Network.AWS.STS.GetFederationToken         , Network.AWS.STS.GetSessionToken         , Network.AWS.STS.Types@@ -110,7 +110,7 @@         , Network.AWS.STS.Types.Sum      build-depends:-          amazonka-core == 1.4.0.*+          amazonka-core == 1.4.1.*         , base          >= 4.7     && < 5  test-suite amazonka-sts-test@@ -130,9 +130,9 @@         , Test.AWS.STS.Internal      build-depends:-          amazonka-core == 1.4.0.*-        , amazonka-test == 1.4.0.*-        , amazonka-sts == 1.4.0.*+          amazonka-core == 1.4.1.*+        , amazonka-test == 1.4.1.*+        , amazonka-sts == 1.4.1.*         , base         , bytestring         , tasty
+ fixture/GetCallerIdentity.yaml view
+ fixture/GetCallerIdentityResponse.proto view
gen/Network/AWS/STS.hs view
@@ -38,7 +38,7 @@ -- in /Using IAM/. For information about using security tokens with other -- AWS products, go to -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html AWS Services That Work with IAM>--- in the /Using IAM/.+-- in the /IAM User Guide/. -- -- If you\'re new to AWS and need additional technical information about a -- specific AWS product, you can find the product\'s technical@@ -48,11 +48,10 @@ -- -- The AWS Security Token Service (STS) has a default endpoint of -- https:\/\/sts.amazonaws.com that maps to the US East (N. Virginia)--- region. Additional regions are available, but must first be activated in--- the AWS Management Console before you can use a different region\'s--- endpoint. For more information about activating a region for STS see--- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html Activating STS in a New Region>--- in the /Using IAM/.+-- region. Additional regions are available and are activated by default.+-- For more information, see+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html Activating and Deactivating AWS STS in an AWS Region>+-- in the /IAM User Guide/. -- -- For information about STS endpoints, see -- <http://docs.aws.amazon.com/general/latest/gr/rande.html#sts_region Regions and Endpoints>@@ -105,6 +104,9 @@     -- * Operations     -- $operations +    -- ** GetCallerIdentity+    , module Network.AWS.STS.GetCallerIdentity+     -- ** AssumeRole     , module Network.AWS.STS.AssumeRole @@ -150,6 +152,7 @@ import           Network.AWS.STS.AssumeRoleWithSAML import           Network.AWS.STS.AssumeRoleWithWebIdentity import           Network.AWS.STS.DecodeAuthorizationMessage+import           Network.AWS.STS.GetCallerIdentity import           Network.AWS.STS.GetFederationToken import           Network.AWS.STS.GetSessionToken import           Network.AWS.STS.Types
gen/Network/AWS/STS/AssumeRole.hs view
@@ -22,9 +22,15 @@ -- key ID, a secret access key, and a security token) that you can use to -- access AWS resources that you might not normally have access to. -- Typically, you use 'AssumeRole' for cross-account access or federation.+-- For a comparison of 'AssumeRole' with the other APIs that produce+-- temporary credentials, see+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html Requesting Temporary Security Credentials>+-- and+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison Comparing the AWS STS APIs>+-- in the /IAM User Guide/. ----- __Important:__ You cannot call 'AssumeRole' by using AWS account--- credentials; access will be denied. You must use IAM user credentials or+-- __Important:__ You cannot call 'AssumeRole' by using AWS root account+-- credentials; access is denied. You must use IAM user credentials or -- temporary security credentials to call 'AssumeRole'. -- -- For cross-account access, imagine that you own multiple accounts and@@ -36,7 +42,7 @@ -- to access all the other accounts by assuming roles in those accounts. -- For more information about roles, see -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-toplevel.html IAM Roles (Delegation and Federation)>--- in the /Using IAM/.+-- in the /IAM User Guide/. -- -- For federation, you can, for example, grant single sign-on access to the -- AWS Management Console. If you already have an identity and@@ -48,12 +54,17 @@ -- security credentials, you construct a sign-in URL that users can use to -- access the console. For more information, see -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html#sts-introduction Common Scenarios for Temporary Credentials>--- in the /Using IAM/.+-- in the /IAM User Guide/. -- -- The temporary security credentials are valid for the duration that you -- specified when calling 'AssumeRole', which can be from 900 seconds (15--- minutes) to 3600 seconds (1 hour). The default is 1 hour.+-- minutes) to a maximum of 3600 seconds (1 hour). The default is 1 hour. --+-- The temporary security credentials created by 'AssumeRole' can be used+-- to make API calls to any AWS service with the following exception: you+-- cannot call the STS service\'s 'GetFederationToken' or 'GetSessionToken'+-- APIs.+-- -- Optionally, you can pass an IAM access policy to this operation. If you -- choose not to pass a policy, the temporary security credentials that are -- returned by the operation have the permissions that are defined in the@@ -67,13 +78,22 @@ -- access policy of the role that is being assumed. For more information, -- see -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity>--- in the /Using IAM/.+-- in the /IAM User Guide/. -- -- To assume a role, your AWS account must be trusted by the role. The -- trust relationship is defined in the role\'s trust policy when the role--- is created. You must also have a policy that allows you to call--- 'sts:AssumeRole'.+-- is created. That trust policy states which accounts are allowed to+-- delegate access to this account\'s role. --+-- The user who wants to access the role must also have permissions+-- delegated from the role\'s administrator. If the user is in a different+-- account than the role, then the user\'s administrator must attach a+-- policy that allows the user to call AssumeRole on the ARN of the role in+-- the other account. If the user is in the same account as the role, then+-- you can either attach a policy to the user (identical to the previous+-- different account user), or you can add the user as a principal directly+-- in the role\'s trust policy+-- -- __Using MFA with AssumeRole__ -- -- You can optionally include multi-factor authentication (MFA) information@@ -90,7 +110,7 @@ -- -- For more information, see -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html Configuring MFA-Protected API Access>--- in the /Using IAM/ guide.+-- in the /IAM User Guide/ guide. -- -- To use MFA with 'AssumeRole', you pass values for the 'SerialNumber' and -- 'TokenCode' parameters. The 'SerialNumber' value identifies the user\'s@@ -175,6 +195,9 @@ -- that tests for MFA). If the role being assumed requires MFA and if the -- 'TokenCode' value is missing or expired, the 'AssumeRole' call returns -- an \"access denied\" error.+--+-- The format for this parameter, as described by its regex pattern, is a+-- sequence of six numeric digits. arTokenCode :: Lens' AssumeRole (Maybe Text) arTokenCode = lens _arTokenCode (\ s a -> s{_arTokenCode = a}); @@ -195,8 +218,14 @@ -- permissions that are in excess of those allowed by the access policy of -- the role that is being assumed. For more information, see -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity>--- in the /Using IAM/.+-- in the /IAM User Guide/. --+-- The format for this parameter, as described by its regex pattern, is a+-- string of characters up to 2048 characters in length. The characters can+-- be any ASCII character from the space character to the end of the valid+-- character list (\\u0020-\\u00FF). It can also include the tab (\\u0009),+-- linefeed (\\u000A), and carriage return (\\u000D) characters.+-- -- The policy plain text must be 2048 bytes or shorter. However, an -- internal conversion compresses it into a packed binary format with a -- separate limit. The PackedPolicySize response element indicates by@@ -214,7 +243,12 @@ -- bind a role to the customer who created it. For more information about -- the external ID, see -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html How to Use an External ID When Granting Access to Your AWS Resources to a Third Party>--- in the /Using IAM/.+-- in the /IAM User Guide/.+--+-- The format for this parameter, as described by its regex pattern, is a+-- string of characters consisting of upper- and lower-case alphanumeric+-- characters with no spaces. You can also include any of the following+-- characters: =,.\':\\\/- arExternalId :: Lens' AssumeRole (Maybe Text) arExternalId = lens _arExternalId (\ s a -> s{_arExternalId = a}); @@ -225,6 +259,11 @@ -- hardware device (such as 'GAHT12345678') or an Amazon Resource Name -- (ARN) for a virtual device (such as -- 'arn:aws:iam::123456789012:mfa\/user').+--+-- The format for this parameter, as described by its regex pattern, is a+-- string of characters consisting of upper- and lower-case alphanumeric+-- characters with no spaces. You can also include any of the following+-- characters: =,.\'- arSerialNumber :: Lens' AssumeRole (Maybe Text) arSerialNumber = lens _arSerialNumber (\ s a -> s{_arSerialNumber = a}); @@ -242,6 +281,11 @@ -- subsequent cross-account API requests using the temporary security -- credentials will expose the role session name to the external account in -- their CloudTrail logs.+--+-- The format for this parameter, as described by its regex pattern, is a+-- string of characters consisting of upper- and lower-case alphanumeric+-- characters with no spaces. You can also include any of the following+-- characters: =,.\'- arRoleSessionName :: Lens' AssumeRole Text arRoleSessionName = lens _arRoleSessionName (\ s a -> s{_arRoleSessionName = a}); @@ -258,6 +302,8 @@  instance Hashable AssumeRole +instance NFData AssumeRole+ instance ToHeaders AssumeRole where         toHeaders = const mempty @@ -338,3 +384,5 @@ -- | The response status code. arrsResponseStatus :: Lens' AssumeRoleResponse Int arrsResponseStatus = lens _arrsResponseStatus (\ s a -> s{_arrsResponseStatus = a});++instance NFData AssumeRoleResponse
gen/Network/AWS/STS/AssumeRoleWithSAML.hs view
@@ -22,19 +22,29 @@ -- authenticated via a SAML authentication response. This operation -- provides a mechanism for tying an enterprise identity store or directory -- to role-based AWS access without user-specific credentials or--- configuration.+-- configuration. For a comparison of 'AssumeRoleWithSAML' with the other+-- APIs that produce temporary credentials, see+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html Requesting Temporary Security Credentials>+-- and+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison Comparing the AWS STS APIs>+-- in the /IAM User Guide/. -- -- The temporary security credentials returned by this operation consist of -- an access key ID, a secret access key, and a security token. -- Applications can use these temporary security credentials to sign calls--- to AWS services. The credentials are valid for the duration that you--- specified when calling 'AssumeRoleWithSAML', which can be up to 3600--- seconds (1 hour) or until the time specified in the SAML authentication--- response\'s 'SessionNotOnOrAfter' value, whichever is shorter.+-- to AWS services. ----- The maximum duration for a session is 1 hour, and the minimum duration--- is 15 minutes, even if values outside this range are specified.+-- The temporary security credentials are valid for the duration that you+-- specified when calling 'AssumeRole', or until the time specified in the+-- SAML authentication response\'s 'SessionNotOnOrAfter' value, whichever+-- is shorter. The duration can be from 900 seconds (15 minutes) to a+-- maximum of 3600 seconds (1 hour). The default is 1 hour. --+-- The temporary security credentials created by 'AssumeRoleWithSAML' can+-- be used to make API calls to any AWS service with the following+-- exception: you cannot call the STS service\'s 'GetFederationToken' or+-- 'GetSessionToken' APIs.+-- -- Optionally, you can pass an IAM access policy to this operation. If you -- choose not to pass a policy, the temporary security credentials that are -- returned by the operation have the permissions that are defined in the@@ -48,7 +58,7 @@ -- access policy of the role that is being assumed. For more information, -- see -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity>--- in the /Using IAM/.+-- in the /IAM User Guide/. -- -- Before your application can call 'AssumeRoleWithSAML', you must -- configure your SAML identity provider (IdP) to issue the claims required@@ -62,16 +72,27 @@ -- the metadata document that is uploaded for the SAML provider entity for -- your identity provider. --+-- Calling 'AssumeRoleWithSAML' can result in an entry in your AWS+-- CloudTrail logs. The entry includes the value in the 'NameID' element of+-- the SAML assertion. We recommend that you use a NameIDType that is not+-- associated with any personally identifiable information (PII). For+-- example, you could instead use the Persistent Identifier+-- ('urn:oasis:names:tc:SAML:2.0:nameid-format:persistent').+-- -- For more information, see the following resources: -- -- -   <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html About SAML 2.0-based Federation>---     in the /Using IAM/.+--     in the /IAM User Guide/.+-- -- -   <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml.html Creating SAML Identity Providers>---     in the /Using IAM/.+--     in the /IAM User Guide/.+-- -- -   <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_saml_relying-party.html Configuring a Relying Party and Claims>---     in the /Using IAM/.+--     in the /IAM User Guide/.+-- -- -   <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_saml.html Creating a Role for SAML 2.0 Federation>---     in the /Using IAM/.+--     in the /IAM User Guide/.+-- module Network.AWS.STS.AssumeRoleWithSAML     (     -- * Creating a Request@@ -164,8 +185,14 @@ -- permissions that are in excess of those allowed by the access policy of -- the role that is being assumed. For more information, -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity>--- in the /Using IAM/.+-- in the /IAM User Guide/. --+-- The format for this parameter, as described by its regex pattern, is a+-- string of characters up to 2048 characters in length. The characters can+-- be any ASCII character from the space character to the end of the valid+-- character list (\\u0020-\\u00FF). It can also include the tab (\\u0009),+-- linefeed (\\u000A), and carriage return (\\u000D) characters.+-- -- The policy plain text must be 2048 bytes or shorter. However, an -- internal conversion compresses it into a packed binary format with a -- separate limit. The PackedPolicySize response element indicates by@@ -210,6 +237,8 @@  instance Hashable AssumeRoleWithSAML +instance NFData AssumeRoleWithSAML+ instance ToHeaders AssumeRoleWithSAML where         toHeaders = const mempty @@ -331,7 +360,8 @@ arwsamlrsNameQualifier :: Lens' AssumeRoleWithSAMLResponse (Maybe Text) arwsamlrsNameQualifier = lens _arwsamlrsNameQualifier (\ s a -> s{_arwsamlrsNameQualifier = a}); --- | Undocumented member.+-- | The identifiers for the temporary security credentials that the+-- operation returns. arwsamlrsAssumedRoleUser :: Lens' AssumeRoleWithSAMLResponse (Maybe AssumedRoleUser) arwsamlrsAssumedRoleUser = lens _arwsamlrsAssumedRoleUser (\ s a -> s{_arwsamlrsAssumedRoleUser = a}); @@ -342,3 +372,5 @@ -- | The response status code. arwsamlrsResponseStatus :: Lens' AssumeRoleWithSAMLResponse Int arwsamlrsResponseStatus = lens _arwsamlrsResponseStatus (\ s a -> s{_arwsamlrsResponseStatus = a});++instance NFData AssumeRoleWithSAMLResponse
gen/Network/AWS/STS/AssumeRoleWithWebIdentity.hs view
@@ -42,16 +42,28 @@ -- without including long-term AWS credentials in the application, and -- without deploying server-based proxy services that use long-term AWS -- credentials. Instead, the identity of the caller is validated by using a--- token from the web identity provider.+-- token from the web identity provider. For a comparison of+-- 'AssumeRoleWithWebIdentity' with the other APIs that produce temporary+-- credentials, see+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html Requesting Temporary Security Credentials>+-- and+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison Comparing the AWS STS APIs>+-- in the /IAM User Guide/. -- -- The temporary security credentials returned by this API consist of an -- access key ID, a secret access key, and a security token. Applications -- can use these temporary security credentials to sign calls to AWS--- service APIs. The credentials are valid for the duration that you--- specified when calling 'AssumeRoleWithWebIdentity', which can be from--- 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the--- temporary security credentials are valid for 1 hour.+-- service APIs. --+-- The credentials are valid for the duration that you specified when+-- calling 'AssumeRoleWithWebIdentity', which can be from 900 seconds (15+-- minutes) to a maximum of 3600 seconds (1 hour). The default is 1 hour.+--+-- The temporary security credentials created by+-- 'AssumeRoleWithWebIdentity' can be used to make API calls to any AWS+-- service with the following exception: you cannot call the STS service\'s+-- 'GetFederationToken' or 'GetSessionToken' APIs.+-- -- Optionally, you can pass an IAM access policy to this operation. If you -- choose not to pass a policy, the temporary security credentials that are -- returned by the operation have the permissions that are defined in the@@ -65,7 +77,7 @@ -- access policy of the role that is being assumed. For more information, -- see -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html Permissions for AssumeRole, AssumeRoleWithSAML, and AssumeRoleWithWebIdentity>--- in the /Using IAM/.+-- in the /IAM User Guide/. -- -- Before your application can call 'AssumeRoleWithWebIdentity', you must -- have an identity token from a supported identity provider and create a@@ -74,26 +86,38 @@ -- identity token. In other words, the identity provider must be specified -- in the role\'s trust policy. --+-- Calling 'AssumeRoleWithWebIdentity' can result in an entry in your AWS+-- CloudTrail logs. The entry includes the+-- <http://openid.net/specs/openid-connect-core-1_0.html#Claims Subject> of+-- the provided Web Identity Token. We recommend that you avoid using any+-- personally identifiable information (PII) in this field. For example,+-- you could instead use a GUID or a pairwise identifier, as+-- <http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes suggested in the OIDC specification>.+-- -- For more information about how to use web identity federation and the -- 'AssumeRoleWithWebIdentity' API, see the following resources: -- -- -   <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual Using Web Identity Federation APIs for Mobile Apps> --     and --     <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity Federation Through a Web-based Identity Provider>.+-- -- -   <https://web-identity-federation-playground.s3.amazonaws.com/index.html Web Identity Federation Playground>. --     This interactive website lets you walk through the process of --     authenticating via Login with Amazon, Facebook, or Google, getting --     temporary security credentials, and then using those credentials to --     make a request to AWS.+-- -- -   <http://aws.amazon.com/sdkforios/ AWS SDK for iOS> and --     <http://aws.amazon.com/sdkforandroid/ AWS SDK for Android>. These --     toolkits contain sample apps that show how to invoke the identity --     providers, and then how to use the information from these providers --     to get and use temporary security credentials.+-- -- -   <http://aws.amazon.com/articles/4617974389850313 Web Identity Federation with Mobile Applications>. --     This article discusses web identity federation and shows an example --     of how to use web identity federation to get access to content in --     Amazon S3.+-- module Network.AWS.STS.AssumeRoleWithWebIdentity     (     -- * Creating a Request@@ -196,8 +220,14 @@ -- permissions that are in excess of those allowed by the access policy of -- the role that is being assumed. For more information, see -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_assumerole.html Permissions for AssumeRoleWithWebIdentity>--- in the /Using IAM/.+-- in the /IAM User Guide/. --+-- The format for this parameter, as described by its regex pattern, is a+-- string of characters up to 2048 characters in length. The characters can+-- be any ASCII character from the space character to the end of the valid+-- character list (\\u0020-\\u00FF). It can also include the tab (\\u0009),+-- linefeed (\\u000A), and carriage return (\\u000D) characters.+-- -- The policy plain text must be 2048 bytes or shorter. However, an -- internal conversion compresses it into a packed binary format with a -- separate limit. The PackedPolicySize response element indicates by@@ -216,6 +246,11 @@ -- application will use are associated with that user. This session name is -- included as part of the ARN and assumed role ID in the 'AssumedRoleUser' -- response element.+--+-- The format for this parameter, as described by its regex pattern, is a+-- string of characters consisting of upper- and lower-case alphanumeric+-- characters with no spaces. You can also include any of the following+-- characters: =,.\'- arwwiRoleSessionName :: Lens' AssumeRoleWithWebIdentity Text arwwiRoleSessionName = lens _arwwiRoleSessionName (\ s a -> s{_arwwiRoleSessionName = a}); @@ -245,6 +280,8 @@  instance Hashable AssumeRoleWithWebIdentity +instance NFData AssumeRoleWithWebIdentity+ instance ToHeaders AssumeRoleWithWebIdentity where         toHeaders = const mempty @@ -361,3 +398,5 @@ -- | The response status code. arwwirsResponseStatus :: Lens' AssumeRoleWithWebIdentityResponse Int arwwirsResponseStatus = lens _arwwirsResponseStatus (\ s a -> s{_arwwirsResponseStatus = a});++instance NFData AssumeRoleWithWebIdentityResponse
gen/Network/AWS/STS/DecodeAuthorizationMessage.hs view
@@ -42,11 +42,16 @@ -- -   Whether the request was denied due to an explicit deny or due to the --     absence of an explicit allow. For more information, see --     <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow Determining Whether a Request is Allowed or Denied>---     in the /Using IAM/.+--     in the /IAM User Guide/.+-- -- -   The principal who made the request.+-- -- -   The requested action.+-- -- -   The requested resource.+-- -- -   The values of condition keys in the context of the user\'s request.+-- module Network.AWS.STS.DecodeAuthorizationMessage     (     -- * Creating a Request@@ -105,6 +110,8 @@  instance Hashable DecodeAuthorizationMessage +instance NFData DecodeAuthorizationMessage+ instance ToHeaders DecodeAuthorizationMessage where         toHeaders = const mempty @@ -145,11 +152,12 @@     , _damrsResponseStatus = pResponseStatus_     } --- | An XML document that contains the decoded message. For more information,--- see 'DecodeAuthorizationMessage'.+-- | An XML document that contains the decoded message. damrsDecodedMessage :: Lens' DecodeAuthorizationMessageResponse (Maybe Text) damrsDecodedMessage = lens _damrsDecodedMessage (\ s a -> s{_damrsDecodedMessage = a});  -- | The response status code. damrsResponseStatus :: Lens' DecodeAuthorizationMessageResponse Int damrsResponseStatus = lens _damrsResponseStatus (\ s a -> s{_damrsResponseStatus = a});++instance NFData DecodeAuthorizationMessageResponse
+ gen/Network/AWS/STS/GetCallerIdentity.hs view
@@ -0,0 +1,140 @@+{-# LANGUAGE DeriveDataTypeable #-}+{-# LANGUAGE DeriveGeneric      #-}+{-# LANGUAGE OverloadedStrings  #-}+{-# LANGUAGE RecordWildCards    #-}+{-# LANGUAGE TypeFamilies       #-}++{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-binds   #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Network.AWS.STS.GetCallerIdentity+-- Copyright   : (c) 2013-2016 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns details about the IAM identity whose credentials are used to+-- call the API.+module Network.AWS.STS.GetCallerIdentity+    (+    -- * Creating a Request+      getCallerIdentity+    , GetCallerIdentity++    -- * Destructuring the Response+    , getCallerIdentityResponse+    , GetCallerIdentityResponse+    -- * Response Lenses+    , gcirsARN+    , gcirsAccount+    , gcirsUserId+    , gcirsResponseStatus+    ) where++import           Network.AWS.Lens+import           Network.AWS.Prelude+import           Network.AWS.Request+import           Network.AWS.Response+import           Network.AWS.STS.Types+import           Network.AWS.STS.Types.Product++-- | /See:/ 'getCallerIdentity' smart constructor.+data GetCallerIdentity =+    GetCallerIdentity'+    deriving (Eq,Read,Show,Data,Typeable,Generic)++-- | Creates a value of 'GetCallerIdentity' with the minimum fields required to make a request.+--+getCallerIdentity+    :: GetCallerIdentity+getCallerIdentity = GetCallerIdentity'++instance AWSRequest GetCallerIdentity where+        type Rs GetCallerIdentity = GetCallerIdentityResponse+        request = postQuery sts+        response+          = receiveXMLWrapper "GetCallerIdentityResult"+              (\ s h x ->+                 GetCallerIdentityResponse' <$>+                   (x .@? "Arn") <*> (x .@? "Account") <*>+                     (x .@? "UserId")+                     <*> (pure (fromEnum s)))++instance Hashable GetCallerIdentity++instance NFData GetCallerIdentity++instance ToHeaders GetCallerIdentity where+        toHeaders = const mempty++instance ToPath GetCallerIdentity where+        toPath = const "/"++instance ToQuery GetCallerIdentity where+        toQuery+          = const+              (mconcat+                 ["Action" =: ("GetCallerIdentity" :: ByteString),+                  "Version" =: ("2011-06-15" :: ByteString)])++-- | Contains the response to a successful < GetCallerIdentity> request,+-- including information about the entity making the request.+--+-- /See:/ 'getCallerIdentityResponse' smart constructor.+data GetCallerIdentityResponse = GetCallerIdentityResponse'+    { _gcirsARN            :: !(Maybe Text)+    , _gcirsAccount        :: !(Maybe Text)+    , _gcirsUserId         :: !(Maybe Text)+    , _gcirsResponseStatus :: !Int+    } deriving (Eq,Read,Show,Data,Typeable,Generic)++-- | Creates a value of 'GetCallerIdentityResponse' with the minimum fields required to make a request.+--+-- Use one of the following lenses to modify other fields as desired:+--+-- * 'gcirsARN'+--+-- * 'gcirsAccount'+--+-- * 'gcirsUserId'+--+-- * 'gcirsResponseStatus'+getCallerIdentityResponse+    :: Int -- ^ 'gcirsResponseStatus'+    -> GetCallerIdentityResponse+getCallerIdentityResponse pResponseStatus_ =+    GetCallerIdentityResponse'+    { _gcirsARN = Nothing+    , _gcirsAccount = Nothing+    , _gcirsUserId = Nothing+    , _gcirsResponseStatus = pResponseStatus_+    }++-- | The AWS ARN associated with the calling entity.+gcirsARN :: Lens' GetCallerIdentityResponse (Maybe Text)+gcirsARN = lens _gcirsARN (\ s a -> s{_gcirsARN = a});++-- | The AWS account ID number of the account that owns or contains the+-- calling entity.+gcirsAccount :: Lens' GetCallerIdentityResponse (Maybe Text)+gcirsAccount = lens _gcirsAccount (\ s a -> s{_gcirsAccount = a});++-- | The unique identifier of the calling entity. The exact value depends on+-- the type of entity making the call. The values returned are those listed+-- in the __aws:userid__ column in the+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable Principal table>+-- found on the __Policy Variables__ reference page in the /IAM User+-- Guide/.+gcirsUserId :: Lens' GetCallerIdentityResponse (Maybe Text)+gcirsUserId = lens _gcirsUserId (\ s a -> s{_gcirsUserId = a});++-- | The response status code.+gcirsResponseStatus :: Lens' GetCallerIdentityResponse Int+gcirsResponseStatus = lens _gcirsResponseStatus (\ s a -> s{_gcirsResponseStatus = a});++instance NFData GetCallerIdentityResponse
gen/Network/AWS/STS/GetFederationToken.hs view
@@ -25,7 +25,12 @@ -- network. Because you must call the 'GetFederationToken' action using the -- long-term security credentials of an IAM user, this call is appropriate -- in contexts where those credentials can be safely stored, usually in a--- server-based application.+-- server-based application. For a comparison of 'GetFederationToken' with+-- the other APIs that produce temporary credentials, see+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html Requesting Temporary Security Credentials>+-- and+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison Comparing the AWS STS APIs>+-- in the /IAM User Guide/. -- -- If you are creating a mobile-based or browser-based app that can -- authenticate users using a web identity provider like Login with Amazon,@@ -36,20 +41,30 @@ -- -- The 'GetFederationToken' action must be called by using the long-term -- AWS security credentials of an IAM user. You can also call--- 'GetFederationToken' using the security credentials of an AWS account--- (root), but this is not recommended. Instead, we recommend that you+-- 'GetFederationToken' using the security credentials of an AWS root+-- account, but we do not recommended it. Instead, we recommend that you -- create an IAM user for the purpose of the proxy application and then -- attach a policy to the IAM user that limits federated users to only the--- actions and resources they need access to. For more information, see+-- actions and resources that they need access to. For more information,+-- see -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html IAM Best Practices>--- in the /Using IAM/.+-- in the /IAM User Guide/. -- -- The temporary security credentials that are obtained by using the -- long-term credentials of an IAM user are valid for the specified--- duration, between 900 seconds (15 minutes) and 129600 seconds (36--- hours). Temporary credentials that are obtained by using AWS account--- (root) credentials have a maximum duration of 3600 seconds (1 hour)+-- duration, from 900 seconds (15 minutes) up to a maximium of 129600+-- seconds (36 hours). The default is 43200 seconds (12 hours). Temporary+-- credentials that are obtained by using AWS root account credentials have+-- a maximum duration of 3600 seconds (1 hour). --+-- The temporary security credentials created by 'GetFederationToken' can+-- be used to make API calls to any AWS service with the following+-- exceptions:+--+-- -   You cannot use these credentials to call any IAM APIs.+--+-- -   You cannot call any STS APIs.+-- -- __Permissions__ -- -- The permissions for the temporary security credentials returned by@@ -57,6 +72,7 @@ -- -- -   The policy or policies that are attached to the IAM user whose --     credentials are used to call 'GetFederationToken'.+-- -- -   The policy that is passed as a parameter in the call. -- -- The passed policy is attached to the temporary security credentials that@@ -169,6 +185,12 @@ -- has a resource-based policy that specifically allows the federated user -- to access the resource. --+-- The format for this parameter, as described by its regex pattern, is a+-- string of characters up to 2048 characters in length. The characters can+-- be any ASCII character from the space character to the end of the valid+-- character list (\\u0020-\\u00FF). It can also include the tab (\\u0009),+-- linefeed (\\u000A), and carriage return (\\u000D) characters.+-- -- The policy plain text must be 2048 bytes or shorter. However, an -- internal conversion compresses it into a packed binary format with a -- separate limit. The PackedPolicySize response element indicates by@@ -184,6 +206,11 @@ -- the temporary security credentials (such as 'Bob'). For example, you can -- reference the federated user name in a resource-based policy, such as in -- an Amazon S3 bucket policy.+--+-- The format for this parameter, as described by its regex pattern, is a+-- string of characters consisting of upper- and lower-case alphanumeric+-- characters with no spaces. You can also include any of the following+-- characters: =,.\'- gftName :: Lens' GetFederationToken Text gftName = lens _gftName (\ s a -> s{_gftName = a}); @@ -201,6 +228,8 @@  instance Hashable GetFederationToken +instance NFData GetFederationToken+ instance ToHeaders GetFederationToken where         toHeaders = const mempty @@ -276,3 +305,5 @@ -- | The response status code. gftrsResponseStatus :: Lens' GetFederationTokenResponse Int gftrsResponseStatus = lens _gftrsResponseStatus (\ s a -> s{_gftrsResponseStatus = a});++instance NFData GetFederationTokenResponse
gen/Network/AWS/STS/GetSessionToken.hs view
@@ -27,15 +27,31 @@ -- MFA device. Using the temporary security credentials that are returned -- from the call, IAM users can then make programmatic calls to APIs that -- require MFA authentication. If you do not supply a correct MFA code,--- then the API returns an access denied error.+-- then the API returns an access denied error. For a comparison of+-- 'GetSessionToken' with the other APIs that produce temporary+-- credentials, see+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html Requesting Temporary Security Credentials>+-- and+-- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison Comparing the AWS STS APIs>+-- in the /IAM User Guide/. -- -- The 'GetSessionToken' action must be called by using the long-term AWS -- security credentials of the AWS account or an IAM user. Credentials that -- are created by IAM users are valid for the duration that you specify,--- between 900 seconds (15 minutes) and 129600 seconds (36 hours);--- credentials that are created by using account credentials have a maximum--- duration of 3600 seconds (1 hour).+-- from 900 seconds (15 minutes) up to a maximum of 129600 seconds (36+-- hours), with a default of 43200 seconds (12 hours); credentials that are+-- created by using account credentials can range from 900 seconds (15+-- minutes) up to a maximum of 3600 seconds (1 hour), with a default of 1+-- hour. --+-- The temporary security credentials created by 'GetSessionToken' can be+-- used to make API calls to any AWS service with the following exceptions:+--+-- -   You cannot call any IAM APIs unless MFA authentication information+--     is included in the request.+--+-- -   You cannot call any STS API /except/ 'AssumeRole'.+-- -- We recommend that you do not call 'GetSessionToken' with root account -- credentials. Instead, follow our -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users best practices>@@ -53,7 +69,7 @@ -- For more information about using 'GetSessionToken' to create temporary -- credentials, go to -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken Temporary Credentials for Users in Untrusted Environments>--- in the /Using IAM/.+-- in the /IAM User Guide/. module Network.AWS.STS.GetSessionToken     (     -- * Creating a Request@@ -110,6 +126,9 @@ -- requesting a set of temporary security credentials, the user will -- receive an \"access denied\" response when requesting resources that -- require MFA authentication.+--+-- The format for this parameter, as described by its regex pattern, is a+-- sequence of six numeric digits. gstTokenCode :: Lens' GetSessionToken (Maybe Text) gstTokenCode = lens _gstTokenCode (\ s a -> s{_gstTokenCode = a}); @@ -130,6 +149,11 @@ -- 'arn:aws:iam::123456789012:mfa\/user'). You can find the device for an -- IAM user by going to the AWS Management Console and viewing the user\'s -- security credentials.+--+-- The format for this parameter, as described by its regex pattern, is a+-- string of characters consisting of upper- and lower-case alphanumeric+-- characters with no spaces. You can also include any of the following+-- characters: =,.\'- gstSerialNumber :: Lens' GetSessionToken (Maybe Text) gstSerialNumber = lens _gstSerialNumber (\ s a -> s{_gstSerialNumber = a}); @@ -144,6 +168,8 @@  instance Hashable GetSessionToken +instance NFData GetSessionToken+ instance ToHeaders GetSessionToken where         toHeaders = const mempty @@ -199,3 +225,5 @@ -- | The response status code. gstrsResponseStatus :: Lens' GetSessionTokenResponse Int gstrsResponseStatus = lens _gstrsResponseStatus (\ s a -> s{_gstrsResponseStatus = a});++instance NFData GetSessionTokenResponse
gen/Network/AWS/STS/Types.hs view
@@ -79,6 +79,8 @@       | has (hasCode "ThrottlingException" . hasStatus 400) e =           Just "throttling_exception"       | has (hasCode "Throttling" . hasStatus 400) e = Just "throttling"+      | has (hasStatus 504) e = Just "gateway_timeout"+      | has (hasStatus 502) e = Just "bad_gateway"       | has (hasStatus 503) e = Just "service_unavailable"       | has (hasStatus 500) e = Just "general_server_error"       | has (hasStatus 509) e = Just "limit_exceeded"@@ -106,11 +108,11 @@     _ServiceError . hasStatus 400 . hasCode "PackedPolicyTooLarge"  -- | STS is not activated in the requested region for the account that is--- being asked to create temporary credentials. The account administrator--- must activate STS in that region using the IAM Console. For more--- information, see+-- being asked to generate credentials. The account administrator must use+-- the IAM console to activate STS in that region. For more information,+-- see -- <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html Activating and Deactivating AWS STS in an AWS Region>--- in the /Using IAM/.+-- in the /IAM User Guide/. _RegionDisabledException :: AsError a => Getting (First ServiceError) a ServiceError _RegionDisabledException =     _ServiceError . hasStatus 403 . hasCode "RegionDisabledException"
gen/Network/AWS/STS/Types/Product.hs view
@@ -68,6 +68,8 @@  instance Hashable AssumedRoleUser +instance NFData AssumedRoleUser+ -- | AWS credentials for API authentication. -- -- /See:/ 'credentials' smart constructor.@@ -129,6 +131,8 @@  instance Hashable Credentials +instance NFData Credentials+ -- | Identifiers for the federated user that is associated with the -- credentials. --@@ -174,3 +178,5 @@               (x .@ "FederatedUserId") <*> (x .@ "Arn")  instance Hashable FederatedUser++instance NFData FederatedUser
test/Test/AWS/Gen/STS.hs view
@@ -28,7 +28,10 @@ -- fixtures :: TestTree -- fixtures = --     [ testGroup "request"---         [ testAssumeRole $+--         [ testGetCallerIdentity $+--             getCallerIdentity+--+--         , testAssumeRole $ --             assumeRole -- --         , testDecodeAuthorizationMessage $@@ -49,7 +52,10 @@ --           ]  --     , testGroup "response"---         [ testAssumeRoleResponse $+--         [ testGetCallerIdentityResponse $+--             getCallerIdentityResponse+--+--         , testAssumeRoleResponse $ --             assumeRoleResponse -- --         , testDecodeAuthorizationMessageResponse $@@ -72,6 +78,11 @@  -- Requests +testGetCallerIdentity :: GetCallerIdentity -> TestTree+testGetCallerIdentity = req+    "GetCallerIdentity"+    "fixture/GetCallerIdentity.yaml"+ testAssumeRole :: AssumeRole -> TestTree testAssumeRole = req     "AssumeRole"@@ -103,6 +114,13 @@     "fixture/AssumeRoleWithSAML.yaml"  -- Responses++testGetCallerIdentityResponse :: GetCallerIdentityResponse -> TestTree+testGetCallerIdentityResponse = res+    "GetCallerIdentityResponse"+    "fixture/GetCallerIdentityResponse.proto"+    sts+    (Proxy :: Proxy GetCallerIdentity)  testAssumeRoleResponse :: AssumeRoleResponse -> TestTree testAssumeRoleResponse = res