File Coverage

blib/lib/Paws/STS/AssumeRole.pm

Criterion	Covered	Total	%
statement	6	6	100.0
branch			n/a
condition			n/a
subroutine	2	2	100.0
pod			n/a
total	8	8	100.0

line	stmt	sub	time	code
1
2				package Paws::STS::AssumeRole;
3	1	1	572	use Moose;
	1		4
	1		11
4				has DurationSeconds => (is => 'ro', isa => 'Int');
5				has ExternalId => (is => 'ro', isa => 'Str');
6				has Policy => (is => 'ro', isa => 'Str');
7				has RoleArn => (is => 'ro', isa => 'Str', required => 1);
8				has RoleSessionName => (is => 'ro', isa => 'Str', required => 1);
9				has SerialNumber => (is => 'ro', isa => 'Str');
10				has TokenCode => (is => 'ro', isa => 'Str');
11
12	1	1	7544	use MooseX::ClassAttribute;
	1		4
	1		8
13
14				class_has _api_call => (isa => 'Str', is => 'ro', default => 'AssumeRole');
15				class_has _returns => (isa => 'Str', is => 'ro', default => 'Paws::STS::AssumeRoleResponse');
16				class_has _result_key => (isa => 'Str', is => 'ro', default => 'AssumeRoleResult');
17				1;
18
19				### main pod documentation begin ###
20
21				=head1 NAME
22
23				Paws::STS::AssumeRole - Arguments for method AssumeRole on Paws::STS
24
25				=head1 DESCRIPTION
26
27				This class represents the parameters used for calling the method AssumeRole on the
28				AWS Security Token Service service. Use the attributes of this class
29				as arguments to method AssumeRole.
30
31				You shouldn't make instances of this class. Each attribute should be used as a named argument in the call to AssumeRole.
32
33				As an example:
34
35				$service_obj->AssumeRole(Att1 => $value1, Att2 => $value2, ...);
36
37				Values for attributes that are native types (Int, String, Float, etc) can passed as-is (scalar values). Values for complex Types (objects) can be passed as a HashRef. The keys and values of the hashref will be used to instance the underlying object.
38
39				=head1 ATTRIBUTES
40
41
42				=head2 DurationSeconds => Int
43
44				The duration, in seconds, of the role session. The value can range from
45				900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the
46				value is set to 3600 seconds.
47
48				This is separate from the duration of a console session that you might
49				request using the returned credentials. The request to the federation
50				endpoint for a console sign-in token takes a C<SessionDuration>
51				parameter that specifies the maximum length of the console session,
52				separately from the C<DurationSeconds> parameter on this API. For more
53				information, see Creating a URL that Enables Federated Users to Access
54				the AWS Management Console in the I<IAM User Guide>.
55
56
57
58				=head2 ExternalId => Str
59
60				A unique identifier that is used by third parties when assuming roles
61				in their customers' accounts. For each role that the third party can
62				assume, they should instruct their customers to ensure the role's trust
63				policy checks for the external ID that the third party generated. Each
64				time the third party assumes the role, they should pass the customer's
65				external ID. The external ID is useful in order to help third parties
66				bind a role to the customer who created it. For more information about
67				the external ID, see How to Use an External ID When Granting Access to
68				Your AWS Resources to a Third Party in the I<IAM User Guide>.
69
70				The regex used to validated this parameter is a string of characters
71				consisting of upper- and lower-case alphanumeric characters with no
72				spaces. You can also include underscores or any of the following
73				characters: =,.@:/-
74
75
76
77				=head2 Policy => Str
78
79				An IAM policy in JSON format.
80
81				This parameter is optional. If you pass a policy, the temporary
82				security credentials that are returned by the operation have the
83				permissions that are allowed by both (the intersection of) the access
84				policy of the role that is being assumed, I<and> the policy that you
85				pass. This gives you a way to further restrict the permissions for the
86				resulting temporary security credentials. You cannot use the passed
87				policy to grant permissions that are in excess of those allowed by the
88				access policy of the role that is being assumed. For more information,
89				see Permissions for AssumeRole, AssumeRoleWithSAML, and
90				AssumeRoleWithWebIdentity in the I<IAM User Guide>.
91
92				The format for this parameter, as described by its regex pattern, is a
93				string of characters up to 2048 characters in length. The characters
94				can be any ASCII character from the space character to the end of the
95				valid character list (\u0020-\u00FF). It can also include the tab
96				(\u0009), linefeed (\u000A), and carriage return (\u000D) characters.
97
98				The policy plain text must be 2048 bytes or shorter. However, an
99				internal conversion compresses it into a packed binary format with a
100				separate limit. The PackedPolicySize response element indicates by
101				percentage how close to the upper size limit the policy is, with 100%
102				equaling the maximum allowed size.
103
104
105
106				=head2 B<REQUIRED> RoleArn => Str
107
108				The Amazon Resource Name (ARN) of the role to assume.
109
110
111
112				=head2 B<REQUIRED> RoleSessionName => Str
113
114				An identifier for the assumed role session.
115
116				Use the role session name to uniquely identify a session when the same
117				role is assumed by different principals or for different reasons. In
118				cross-account scenarios, the role session name is visible to, and can
119				be logged by the account that owns the role. The role session name is
120				also used in the ARN of the assumed role principal. This means that
121				subsequent cross-account API requests using the temporary security
122				credentials will expose the role session name to the external account
123				in their CloudTrail logs.
124
125				The regex used to validate this parameter is a string of characters
126				consisting of upper- and lower-case alphanumeric characters with no
127				spaces. You can also include underscores or any of the following
128				characters: =,.@-
129
130
131
132				=head2 SerialNumber => Str
133
134				The identification number of the MFA device that is associated with the
135				user who is making the C<AssumeRole> call. Specify this value if the
136				trust policy of the role being assumed includes a condition that
137				requires MFA authentication. The value is either the serial number for
138				a hardware device (such as C<GAHT12345678>) or an Amazon Resource Name
139				(ARN) for a virtual device (such as
140				C<arn:aws:iam::123456789012:mfa/user>).
141
142				The regex used to validate this parameter is a string of characters
143				consisting of upper- and lower-case alphanumeric characters with no
144				spaces. You can also include underscores or any of the following
145				characters: =,.@-
146
147
148
149				=head2 TokenCode => Str
150
151				The value provided by the MFA device, if the trust policy of the role
152				being assumed requires MFA (that is, if the policy includes a condition
153				that tests for MFA). If the role being assumed requires MFA and if the
154				C<TokenCode> value is missing or expired, the C<AssumeRole> call
155				returns an "access denied" error.
156
157				The format for this parameter, as described by its regex pattern, is a
158				sequence of six numeric digits.
159
160
161
162
163				=head1 SEE ALSO
164
165				This class forms part of L<Paws>, documenting arguments for method AssumeRole in L<Paws::STS>
166
167				=head1 BUGS and CONTRIBUTIONS
168
169				The source code is located here: https://github.com/pplu/aws-sdk-perl
170
171				Please report bugs to: https://github.com/pplu/aws-sdk-perl/issues
172
173				=cut
174