public class GetSessionTokenRequest extends AmazonWebServiceRequest implements Serializable
Returns a set of temporary credentials for an AWS account or IAM user. The
credentials consist of an access key ID, a secret access key, and a security
token. Typically, you use GetSessionToken if you want to use MFA
to protect programmatic calls to specific AWS API operations like Amazon EC2
StopInstances. MFA-enabled IAM users would need to call
GetSessionToken and submit an MFA code that is associated with
their MFA device. Using the temporary security credentials that are returned
from the call, IAM users can then make programmatic calls to API operations
that require MFA authentication. If you do not supply a correct MFA code,
then the API returns an access denied error. For a comparison of
GetSessionToken with the other API operations that produce
temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS API operations in the IAM User Guide.
The GetSessionToken operation must be called by using the
long-term AWS security credentials of the AWS account root user or an IAM
user. Credentials that are created by IAM users are valid for the duration
that you specify. This duration can range from 900 seconds (15 minutes) up to
a maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12
hours). Credentials based on account credentials can range from 900 seconds
(15 minutes) up to 3,600 seconds (1 hour), with a default of 1 hour.
The temporary security credentials created by GetSessionToken
can be used to make API calls to any AWS service with the following
exceptions:
You cannot call any IAM API operations unless MFA authentication information is included in the request.
You cannot call any STS API except AssumeRole or
GetCallerIdentity.
We recommend that you do not call GetSessionToken with AWS
account root user credentials. Instead, follow our best practices by creating one or more IAM users, giving them the
necessary permissions, and using IAM users for everyday interaction with AWS.
The credentials that are returned by GetSessionToken are based
on permissions associated with the user whose credentials were used to call
the operation. If GetSessionToken is called using AWS account
root user credentials, the temporary credentials have root user permissions.
Similarly, if GetSessionToken is called using the credentials of
an IAM user, the temporary credentials have the same permissions as the IAM
user.
For more information about using GetSessionToken to create
temporary credentials, go to Temporary Credentials for Users in Untrusted Environments in the IAM
User Guide.
| Constructor and Description |
|---|
GetSessionTokenRequest() |
| Modifier and Type | Method and Description |
|---|---|
boolean |
equals(Object obj) |
Integer |
getDurationSeconds()
The duration, in seconds, that the credentials should remain valid.
|
String |
getSerialNumber()
The identification number of the MFA device that is associated with the
IAM user who is making the
GetSessionToken call. |
String |
getTokenCode()
The value provided by the MFA device, if MFA is required.
|
int |
hashCode() |
void |
setDurationSeconds(Integer durationSeconds)
The duration, in seconds, that the credentials should remain valid.
|
void |
setSerialNumber(String serialNumber)
The identification number of the MFA device that is associated with the
IAM user who is making the
GetSessionToken call. |
void |
setTokenCode(String tokenCode)
The value provided by the MFA device, if MFA is required.
|
String |
toString()
Returns a string representation of this object; useful for testing and
debugging.
|
GetSessionTokenRequest |
withDurationSeconds(Integer durationSeconds)
The duration, in seconds, that the credentials should remain valid.
|
GetSessionTokenRequest |
withSerialNumber(String serialNumber)
The identification number of the MFA device that is associated with the
IAM user who is making the
GetSessionToken call. |
GetSessionTokenRequest |
withTokenCode(String tokenCode)
The value provided by the MFA device, if MFA is required.
|
clone, copyBaseTo, getCloneRoot, getCloneSource, getGeneralProgressListener, getRequestClientOptions, getRequestCredentials, getRequestMetricCollector, setGeneralProgressListener, setRequestCredentials, setRequestMetricCollector, withGeneralProgressListener, withRequestMetricCollectorpublic Integer getDurationSeconds()
The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.
Constraints:
Range: 900 - 129600
The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.
public void setDurationSeconds(Integer durationSeconds)
The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.
Constraints:
Range: 900 - 129600
durationSeconds - The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.
public GetSessionTokenRequest withDurationSeconds(Integer durationSeconds)
The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Range: 900 - 129600
durationSeconds - The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.
public String getSerialNumber()
The identification number of the MFA device that is associated with the
IAM user who is making the GetSessionToken call. Specify
this value if the IAM user has a policy that requires MFA authentication.
The value is either the serial number for a hardware device (such as
GAHT12345678) or an Amazon Resource Name (ARN) for a virtual
device (such as arn:aws:iam::123456789012:mfa/user). You can
find the device for an IAM user by going to the AWS Management Console
and viewing the user's security credentials.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-
Constraints:
Length: 9 - 256
Pattern: [\w+=/:,.@-]*
The identification number of the MFA device that is associated
with the IAM user who is making the GetSessionToken
call. Specify this value if the IAM user has a policy that
requires MFA authentication. The value is either the serial
number for a hardware device (such as GAHT12345678)
or an Amazon Resource Name (ARN) for a virtual device (such as
arn:aws:iam::123456789012:mfa/user). You can find
the device for an IAM user by going to the AWS Management Console
and viewing the user's security credentials.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-
public void setSerialNumber(String serialNumber)
The identification number of the MFA device that is associated with the
IAM user who is making the GetSessionToken call. Specify
this value if the IAM user has a policy that requires MFA authentication.
The value is either the serial number for a hardware device (such as
GAHT12345678) or an Amazon Resource Name (ARN) for a virtual
device (such as arn:aws:iam::123456789012:mfa/user). You can
find the device for an IAM user by going to the AWS Management Console
and viewing the user's security credentials.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-
Constraints:
Length: 9 - 256
Pattern: [\w+=/:,.@-]*
serialNumber -
The identification number of the MFA device that is associated
with the IAM user who is making the
GetSessionToken call. Specify this value if the
IAM user has a policy that requires MFA authentication. The
value is either the serial number for a hardware device (such
as GAHT12345678) or an Amazon Resource Name (ARN)
for a virtual device (such as
arn:aws:iam::123456789012:mfa/user). You can find
the device for an IAM user by going to the AWS Management
Console and viewing the user's security credentials.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-
public GetSessionTokenRequest withSerialNumber(String serialNumber)
The identification number of the MFA device that is associated with the
IAM user who is making the GetSessionToken call. Specify
this value if the IAM user has a policy that requires MFA authentication.
The value is either the serial number for a hardware device (such as
GAHT12345678) or an Amazon Resource Name (ARN) for a virtual
device (such as arn:aws:iam::123456789012:mfa/user). You can
find the device for an IAM user by going to the AWS Management Console
and viewing the user's security credentials.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-
Returns a reference to this object so that method calls can be chained together.
Constraints:
Length: 9 - 256
Pattern: [\w+=/:,.@-]*
serialNumber -
The identification number of the MFA device that is associated
with the IAM user who is making the
GetSessionToken call. Specify this value if the
IAM user has a policy that requires MFA authentication. The
value is either the serial number for a hardware device (such
as GAHT12345678) or an Amazon Resource Name (ARN)
for a virtual device (such as
arn:aws:iam::123456789012:mfa/user). You can find
the device for an IAM user by going to the AWS Management
Console and viewing the user's security credentials.
The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-
public String getTokenCode()
The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, the user must provide a code when requesting a set of temporary security credentials. A user who fails to provide the code receives an "access denied" response when requesting resources that require MFA authentication.
The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.
Constraints:
Length: 6 - 6
Pattern: [\d]*
The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, the user must provide a code when requesting a set of temporary security credentials. A user who fails to provide the code receives an "access denied" response when requesting resources that require MFA authentication.
The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.
public void setTokenCode(String tokenCode)
The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, the user must provide a code when requesting a set of temporary security credentials. A user who fails to provide the code receives an "access denied" response when requesting resources that require MFA authentication.
The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.
Constraints:
Length: 6 - 6
Pattern: [\d]*
tokenCode - The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, the user must provide a code when requesting a set of temporary security credentials. A user who fails to provide the code receives an "access denied" response when requesting resources that require MFA authentication.
The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.
public GetSessionTokenRequest withTokenCode(String tokenCode)
The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, the user must provide a code when requesting a set of temporary security credentials. A user who fails to provide the code receives an "access denied" response when requesting resources that require MFA authentication.
The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Length: 6 - 6
Pattern: [\d]*
tokenCode - The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, the user must provide a code when requesting a set of temporary security credentials. A user who fails to provide the code receives an "access denied" response when requesting resources that require MFA authentication.
The format for this parameter, as described by its regex pattern, is a sequence of six numeric digits.
public String toString()
toString in class ObjectObject.toString()Copyright © 2019. All rights reserved.