amazonka-sts-2.0: gen/Amazonka/STS/Types.hs
{-# LANGUAGE DisambiguateRecordFields #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-- Derived from AWS service descriptions, licensed under Apache 2.0.
-- |
-- Module : Amazonka.STS.Types
-- Copyright : (c) 2013-2023 Brendan Hay
-- License : Mozilla Public License, v. 2.0.
-- Maintainer : Brendan Hay
-- Stability : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.STS.Types
( -- * Service Configuration
defaultService,
-- * Errors
_ExpiredTokenException,
_IDPCommunicationErrorException,
_IDPRejectedClaimException,
_InvalidAuthorizationMessageException,
_InvalidIdentityTokenException,
_MalformedPolicyDocumentException,
_PackedPolicyTooLargeException,
_RegionDisabledException,
-- * AssumedRoleUser
AssumedRoleUser (..),
newAssumedRoleUser,
assumedRoleUser_assumedRoleId,
assumedRoleUser_arn,
-- * FederatedUser
FederatedUser (..),
newFederatedUser,
federatedUser_federatedUserId,
federatedUser_arn,
-- * PolicyDescriptorType
PolicyDescriptorType (..),
newPolicyDescriptorType,
policyDescriptorType_arn,
-- * Tag
Tag (..),
newTag,
tag_key,
tag_value,
)
where
import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Prelude as Prelude
import Amazonka.STS.Types.AssumedRoleUser
import Amazonka.STS.Types.FederatedUser
import Amazonka.STS.Types.PolicyDescriptorType
import Amazonka.STS.Types.Tag
import qualified Amazonka.Sign.V4 as Sign
-- | API version @2011-06-15@ of the Amazon Security Token Service SDK configuration.
defaultService :: Core.Service
defaultService =
Core.Service
{ Core.abbrev = "STS",
Core.signer = Sign.v4,
Core.endpointPrefix = "sts",
Core.signingName = "sts",
Core.version = "2011-06-15",
Core.s3AddressingStyle = Core.S3AddressingStyleAuto,
Core.endpoint = Core.defaultEndpoint defaultService,
Core.timeout = Prelude.Just 70,
Core.check = Core.statusSuccess,
Core.error = Core.parseXMLError "STS",
Core.retry = retry
}
where
retry =
Core.Exponential
{ Core.base = 5.0e-2,
Core.growth = 2,
Core.attempts = 5,
Core.check = check
}
check e
| Lens.has (Core.hasStatus 502) e =
Prelude.Just "bad_gateway"
| Lens.has (Core.hasStatus 504) e =
Prelude.Just "gateway_timeout"
| Lens.has (Core.hasStatus 500) e =
Prelude.Just "general_server_error"
| Lens.has
( Core.hasCode "IDPCommunicationError"
Prelude.. Core.hasStatus 400
)
e =
Prelude.Just "idp_unreachable_error"
| Lens.has (Core.hasStatus 509) e =
Prelude.Just "limit_exceeded"
| Lens.has
( Core.hasCode "RequestThrottledException"
Prelude.. Core.hasStatus 400
)
e =
Prelude.Just "request_throttled_exception"
| Lens.has (Core.hasStatus 503) e =
Prelude.Just "service_unavailable"
| Lens.has
( Core.hasCode "ThrottledException"
Prelude.. Core.hasStatus 400
)
e =
Prelude.Just "throttled_exception"
| Lens.has
( Core.hasCode "Throttling"
Prelude.. Core.hasStatus 400
)
e =
Prelude.Just "throttling"
| Lens.has
( Core.hasCode "ThrottlingException"
Prelude.. Core.hasStatus 400
)
e =
Prelude.Just "throttling_exception"
| Lens.has
( Core.hasCode
"ProvisionedThroughputExceededException"
Prelude.. Core.hasStatus 400
)
e =
Prelude.Just "throughput_exceeded"
| Lens.has (Core.hasStatus 429) e =
Prelude.Just "too_many_requests"
| Prelude.otherwise = Prelude.Nothing
-- | The web identity token that was passed is expired or is not valid. Get a
-- new identity token from the identity provider and then retry the
-- request.
_ExpiredTokenException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
_ExpiredTokenException =
Core._MatchServiceError
defaultService
"ExpiredTokenException"
Prelude.. Core.hasStatus 400
-- | The request could not be fulfilled because the identity provider (IDP)
-- that was asked to verify the incoming identity token could not be
-- reached. This is often a transient error caused by network conditions.
-- Retry the request a limited number of times so that you don\'t exceed
-- the request rate. If the error persists, the identity provider might be
-- down or not responding.
_IDPCommunicationErrorException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
_IDPCommunicationErrorException =
Core._MatchServiceError
defaultService
"IDPCommunicationError"
Prelude.. Core.hasStatus 400
-- | The identity provider (IdP) reported that authentication failed. This
-- might be because the claim is invalid.
--
-- If this error is returned for the @AssumeRoleWithWebIdentity@ operation,
-- it can also mean that the claim has expired or has been explicitly
-- revoked.
_IDPRejectedClaimException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
_IDPRejectedClaimException =
Core._MatchServiceError
defaultService
"IDPRejectedClaim"
Prelude.. Core.hasStatus 403
-- | The error returned if the message passed to @DecodeAuthorizationMessage@
-- was invalid. This can happen if the token contains invalid characters,
-- such as linebreaks.
_InvalidAuthorizationMessageException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
_InvalidAuthorizationMessageException =
Core._MatchServiceError
defaultService
"InvalidAuthorizationMessageException"
Prelude.. Core.hasStatus 400
-- | The web identity token that was passed could not be validated by Amazon
-- Web Services. Get a new identity token from the identity provider and
-- then retry the request.
_InvalidIdentityTokenException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
_InvalidIdentityTokenException =
Core._MatchServiceError
defaultService
"InvalidIdentityToken"
Prelude.. Core.hasStatus 400
-- | The request was rejected because the policy document was malformed. The
-- error message describes the specific error.
_MalformedPolicyDocumentException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
_MalformedPolicyDocumentException =
Core._MatchServiceError
defaultService
"MalformedPolicyDocument"
Prelude.. Core.hasStatus 400
-- | The request was rejected because the total packed size of the session
-- policies and session tags combined was too large. An Amazon Web Services
-- conversion compresses the session policy document, session policy ARNs,
-- and session tags into a packed binary format that has a separate limit.
-- The error message indicates by percentage how close the policies and
-- tags are to the upper size limit. For more information, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html Passing Session Tags in STS>
-- in the /IAM User Guide/.
--
-- You could receive this error even though you meet other defined session
-- policy and session tag limits. For more information, see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length IAM and STS Entity Character Limits>
-- in the /IAM User Guide/.
_PackedPolicyTooLargeException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
_PackedPolicyTooLargeException =
Core._MatchServiceError
defaultService
"PackedPolicyTooLarge"
Prelude.. Core.hasStatus 400
-- | STS is not activated in the requested region for the account that is
-- being asked to generate credentials. The account administrator must use
-- the IAM console to activate STS in that region. For more information,
-- see
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html Activating and Deactivating Amazon Web Services STS in an Amazon Web Services Region>
-- in the /IAM User Guide/.
_RegionDisabledException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
_RegionDisabledException =
Core._MatchServiceError
defaultService
"RegionDisabledException"
Prelude.. Core.hasStatus 403