code.dwrz.net

api_op_GetSessionToken.go (9081B)

---

 // Code generated by smithy-go-codegen DO NOT EDIT.
 
 package sts
 
 import (
 	"context"
 	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
 	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
 	"github.com/aws/aws-sdk-go-v2/service/sts/types"
 	"github.com/aws/smithy-go/middleware"
 	smithyhttp "github.com/aws/smithy-go/transport/http"
 )
 
 // Returns a set of temporary credentials for an Amazon Web Services account or IAM
 // user. The credentials consist of an access key ID, a secret access key, and a
 // security token. Typically, you use GetSessionToken if you want to use MFA to
 // protect programmatic calls to specific Amazon Web Services API operations like
 // Amazon EC2 StopInstances. MFA-enabled IAM users would need to call
 // GetSessionToken and submit an MFA code that is associated with their MFA device.
 // Using the temporary security credentials that are returned from the call, IAM
 // users can then make programmatic calls to API operations that require MFA
 // authentication. If you do not supply a correct MFA code, then the API returns an
 // access denied error. For a comparison of GetSessionToken with the other API
 // operations that produce temporary credentials, see Requesting Temporary Security
 // Credentials
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html)
 // and Comparing the Amazon Web Services STS API operations
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison)
 // in the IAM User Guide. No permissions are required for users to perform this
 // operation. The purpose of the sts:GetSessionToken operation is to authenticate
 // the user using MFA. You cannot use policies to control authentication
 // operations. For more information, see Permissions for GetSessionToken
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html)
 // in the IAM User Guide. Session Duration The GetSessionToken operation must be
 // called by using the long-term Amazon Web Services security credentials of the
 // Amazon Web Services account root user or an IAM user. Credentials that are
 // created by IAM users are valid for the duration that you specify. This duration
 // can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
 // hours), with a default of 43,200 seconds (12 hours). Credentials based on
 // account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds
 // (1 hour), with a default of 1 hour. Permissions The temporary security
 // credentials created by GetSessionToken can be used to make API calls to any
 // Amazon Web Services service with the following exceptions:
 //
 // * You cannot call
 // any IAM API operations unless MFA authentication information is included in the
 // request.
 //
 // * You cannot call any STS API except AssumeRole or
 // GetCallerIdentity.
 //
 // We recommend that you do not call GetSessionToken with
 // Amazon Web Services account root user credentials. Instead, follow our best
 // practices
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users)
 // by creating one or more IAM users, giving them the necessary permissions, and
 // using IAM users for everyday interaction with Amazon Web Services. The
 // credentials that are returned by GetSessionToken are based on permissions
 // associated with the user whose credentials were used to call the operation. If
 // GetSessionToken is called using Amazon Web Services account root user
 // credentials, the temporary credentials have root user permissions. Similarly, if
 // GetSessionToken is called using the credentials of an IAM user, the temporary
 // credentials have the same permissions as the IAM user. For more information
 // about using GetSessionToken to create temporary credentials, go to Temporary
 // Credentials for Users in Untrusted Environments
 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken)
 // in the IAM User Guide.
 func (c *Client) GetSessionToken(ctx context.Context, params *GetSessionTokenInput, optFns ...func(*Options)) (*GetSessionTokenOutput, error) {
 	if params == nil {
 		params = &GetSessionTokenInput{}
 	}
 
 	result, metadata, err := c.invokeOperation(ctx, "GetSessionToken", params, optFns, c.addOperationGetSessionTokenMiddlewares)
 	if err != nil {
 		return nil, err
 	}
 
 	out := result.(*GetSessionTokenOutput)
 	out.ResultMetadata = metadata
 	return out, nil
 }
 
 type GetSessionTokenInput struct {
 
 	// The duration, in seconds, that the credentials should remain valid. Acceptable
 	// durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600
 	// seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for
 	// Amazon Web Services account owners are restricted to a maximum of 3,600 seconds
 	// (one hour). If the duration is longer than one hour, the session for Amazon Web
 	// Services account owners defaults to one hour.
 	DurationSeconds *int32
 
 	// The identification number of the MFA device that is associated with the IAM user
 	// who is making the GetSessionToken call. Specify this value if the IAM user has a
 	// policy that requires MFA authentication. The value is either the serial number
 	// for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN)
 	// for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find
 	// the device for an IAM user by going to the Amazon Web Services Management
 	// Console and viewing the user's security credentials. The regex used to validate
 	// this parameter is a string of characters consisting of upper- and lower-case
 	// alphanumeric characters with no spaces. You can also include underscores or any
 	// of the following characters: =,.@:/-
 	SerialNumber *string
 
 	// The value provided by the MFA device, if MFA is required. If any policy requires
 	// the IAM user to submit an MFA code, specify this value. If MFA authentication is
 	// required, the user must provide a code when requesting a set of temporary
 	// security credentials. A user who fails to provide the code receives an "access
 	// denied" response when requesting resources that require MFA authentication. The
 	// format for this parameter, as described by its regex pattern, is a sequence of
 	// six numeric digits.
 	TokenCode *string
 
 	noSmithyDocumentSerde
 }
 
 // Contains the response to a successful GetSessionToken request, including
 // temporary Amazon Web Services credentials that can be used to make Amazon Web
 // Services requests.
 type GetSessionTokenOutput struct {
 
 	// The temporary security credentials, which include an access key ID, a secret
 	// access key, and a security (or session) token. The size of the security token
 	// that STS API operations return is not fixed. We strongly recommend that you make
 	// no assumptions about the maximum size.
 	Credentials *types.Credentials
 
 	// Metadata pertaining to the operation's result.
 	ResultMetadata middleware.Metadata
 
 	noSmithyDocumentSerde
 }
 
 func (c *Client) addOperationGetSessionTokenMiddlewares(stack *middleware.Stack, options Options) (err error) {
 	err = stack.Serialize.Add(&awsAwsquery_serializeOpGetSessionToken{}, middleware.After)
 	if err != nil {
 		return err
 	}
 	err = stack.Deserialize.Add(&awsAwsquery_deserializeOpGetSessionToken{}, middleware.After)
 	if err != nil {
 		return err
 	}
 	if err = addSetLoggerMiddleware(stack, options); err != nil {
 		return err
 	}
 	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
 		return err
 	}
 	if err = addResolveEndpointMiddleware(stack, options); err != nil {
 		return err
 	}
 	if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
 		return err
 	}
 	if err = addRetryMiddlewares(stack, options); err != nil {
 		return err
 	}
 	if err = addHTTPSignerV4Middleware(stack, options); err != nil {
 		return err
 	}
 	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
 		return err
 	}
 	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
 		return err
 	}
 	if err = addClientUserAgent(stack); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
 	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
 		return err
 	}
 	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetSessionToken(options.Region), middleware.Before); err != nil {
 		return err
 	}
 	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
 		return err
 	}
 	if err = addResponseErrorMiddleware(stack); err != nil {
 		return err
 	}
 	if err = addRequestResponseLogging(stack, options); err != nil {
 		return err
 	}
 	return nil
 }
 
 func newServiceMetadataMiddleware_opGetSessionToken(region string) *awsmiddleware.RegisterServiceMetadata {
 	return &awsmiddleware.RegisterServiceMetadata{
 		Region:        region,
 		ServiceID:     ServiceID,
 		SigningName:   "sts",
 		OperationName: "GetSessionToken",
 	}
 }