From 6c8e52ac8b8768b3ddcda94131042dfcd1f965de Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 May 2021 10:17:37 +0200 Subject: [PATCH] Bump github.com/aws/aws-sdk-go from 1.38.14 to 1.38.30 (#12) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.38.14 to 1.38.30. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.38.14...v1.38.30) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 +- .../aws-sdk-go/aws/corehandlers/handlers.go | 2 +- .../aws/aws-sdk-go/aws/endpoints/defaults.go | 114 ++++- .../github.com/aws/aws-sdk-go/aws/version.go | 2 +- .../private/protocol/xml/xmlutil/build.go | 2 + .../protocol/xml/xmlutil/xml_to_struct.go | 22 +- .../aws-sdk-go/service/organizations/api.go | 117 ++--- .../aws-sdk-go/service/organizations/doc.go | 48 ++- .../service/organizations/errors.go | 4 +- .../aws/aws-sdk-go/service/sts/api.go | 404 ++++++++++++------ vendor/modules.txt | 2 +- 12 files changed, 527 insertions(+), 196 deletions(-) diff --git a/go.mod b/go.mod index ea48f2e..92feb75 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.16 require ( github.com/alecthomas/kong v0.2.16 - github.com/aws/aws-sdk-go v1.38.14 + github.com/aws/aws-sdk-go v1.38.30 github.com/rs/zerolog v1.21.0 github.com/smartystreets/goconvey v1.6.4 // indirect gopkg.in/ini.v1 v1.62.0 diff --git a/go.sum b/go.sum index 475087d..0749dc4 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/alecthomas/kong v0.2.16 h1:F232CiYSn54Tnl1sJGTeHmx4vJDNLVP2b9yCVMOQwHQ= github.com/alecthomas/kong v0.2.16/go.mod h1:kQOmtJgV+Lb4aj+I2LEn40cbtawdWJ9Y8QLq+lElKxE= -github.com/aws/aws-sdk-go v1.38.14 h1:MpFh9HN9zJwdyRPSZQpZQDP/I1pqHlKhNLxRJsX5nlw= -github.com/aws/aws-sdk-go v1.38.14/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= +github.com/aws/aws-sdk-go v1.38.30 h1:X+JDSwkpSQfoLqH4fBLmS0rou8W/cdCCCD5lntTk9Vs= +github.com/aws/aws-sdk-go v1.38.30/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= diff --git a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go index d95a5eb..36a915e 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/corehandlers/handlers.go @@ -178,7 +178,7 @@ func handleSendError(r *request.Request, err error) { var ValidateResponseHandler = request.NamedHandler{Name: "core.ValidateResponseHandler", Fn: func(r *request.Request) { if r.HTTPResponse.StatusCode == 0 || r.HTTPResponse.StatusCode >= 300 { // this may be replaced by an UnmarshalError handler - r.Error = awserr.New("UnknownError", "unknown error", nil) + r.Error = awserr.New("UnknownError", "unknown error", r.Error) } }} diff --git a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go index 6da1da7..257812d 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/endpoints/defaults.go @@ -1314,7 +1314,10 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "eu-central-1": endpoint{}, "eu-north-1": endpoint{}, + "eu-south-1": endpoint{}, "eu-west-1": endpoint{}, + "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, "us-west-2": endpoint{}, @@ -1375,6 +1378,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -1791,6 +1795,7 @@ var awsPartition = partition{ Endpoints: endpoints{ "ap-northeast-1": endpoint{}, "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, "eu-west-2": endpoint{}, "us-east-1": endpoint{}, @@ -3214,6 +3219,8 @@ var awsPartition = partition{ "gamelift": service{ Endpoints: endpoints{ + "af-south-1": endpoint{}, + "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, "ap-south-1": endpoint{}, @@ -3221,8 +3228,12 @@ var awsPartition = partition{ "ap-southeast-2": endpoint{}, "ca-central-1": endpoint{}, "eu-central-1": endpoint{}, + "eu-north-1": endpoint{}, + "eu-south-1": endpoint{}, "eu-west-1": endpoint{}, "eu-west-2": endpoint{}, + "eu-west-3": endpoint{}, + "me-south-1": endpoint{}, "sa-east-1": endpoint{}, "us-east-1": endpoint{}, "us-east-2": endpoint{}, @@ -3399,6 +3410,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -3982,6 +3994,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -4092,6 +4105,14 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "lookoutequipment": service{ + + Endpoints: endpoints{ + "ap-northeast-2": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + }, + }, "lookoutvision": service{ Endpoints: endpoints{ @@ -4137,6 +4158,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -4830,6 +4852,22 @@ var awsPartition = partition{ "us-west-2": endpoint{}, }, }, + "personalize": service{ + + Endpoints: endpoints{ + "ap-northeast-1": endpoint{}, + "ap-northeast-2": endpoint{}, + "ap-south-1": endpoint{}, + "ap-southeast-1": endpoint{}, + "ap-southeast-2": endpoint{}, + "ca-central-1": endpoint{}, + "eu-central-1": endpoint{}, + "eu-west-1": endpoint{}, + "us-east-1": endpoint{}, + "us-east-2": endpoint{}, + "us-west-2": endpoint{}, + }, + }, "pinpoint": service{ Defaults: endpoint{ CredentialScope: credentialScope{ @@ -5023,6 +5061,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -5987,6 +6026,7 @@ var awsPartition = partition{ "ap-east-1": endpoint{}, "ap-northeast-1": endpoint{}, "ap-northeast-2": endpoint{}, + "ap-northeast-3": endpoint{}, "ap-south-1": endpoint{}, "ap-southeast-1": endpoint{}, "ap-southeast-2": endpoint{}, @@ -6393,10 +6433,12 @@ var awsPartition = partition{ }, "me-south-1": endpoint{}, "sa-east-1": endpoint{}, - "us-east-1": endpoint{}, - "us-east-2": endpoint{}, - "us-west-1": endpoint{}, - "us-west-2": endpoint{}, + "us-east-1": endpoint{ + SSLCommonName: "queue.{dnsSuffix}", + }, + "us-east-2": endpoint{}, + "us-west-1": endpoint{}, + "us-west-2": endpoint{}, }, }, "ssm": service{ @@ -7808,7 +7850,8 @@ var awscnPartition = partition{ "lakeformation": service{ Endpoints: endpoints{ - "cn-north-1": endpoint{}, + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, }, }, "lambda": service{ @@ -7852,6 +7895,13 @@ var awscnPartition = partition{ "cn-northwest-1": endpoint{}, }, }, + "mq": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "neptune": service{ Endpoints: endpoints{ @@ -7876,6 +7926,12 @@ var awscnPartition = partition{ }, }, }, + "personalize": service{ + + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + }, + }, "polly": service{ Endpoints: endpoints{ @@ -7923,6 +7979,15 @@ var awscnPartition = partition{ }, }, }, + "route53resolver": service{ + Defaults: endpoint{ + Protocols: []string{"https"}, + }, + Endpoints: endpoints{ + "cn-north-1": endpoint{}, + "cn-northwest-1": endpoint{}, + }, + }, "runtime.sagemaker": service{ Endpoints: endpoints{ @@ -8414,6 +8479,18 @@ var awsusgovPartition = partition{ "batch": service{ Endpoints: endpoints{ + "fips-us-gov-east-1": endpoint{ + Hostname: "batch.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + "fips-us-gov-west-1": endpoint{ + Hostname: "batch.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, "us-gov-east-1": endpoint{}, "us-gov-west-1": endpoint{}, }, @@ -8938,6 +9015,27 @@ var awsusgovPartition = partition{ "us-gov-west-1": endpoint{}, }, }, + "fms": service{ + Defaults: endpoint{ + Protocols: []string{"https"}, + }, + Endpoints: endpoints{ + "fips-us-gov-east-1": endpoint{ + Hostname: "fms-fips.us-gov-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-east-1", + }, + }, + "fips-us-gov-west-1": endpoint{ + Hostname: "fms-fips.us-gov-west-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-gov-west-1", + }, + }, + "us-gov-east-1": endpoint{}, + "us-gov-west-1": endpoint{}, + }, + }, "fsx": service{ Endpoints: endpoints{ @@ -10210,6 +10308,12 @@ var awsisoPartition = partition{ "us-iso-east-1": endpoint{}, }, }, + "firehose": service{ + + Endpoints: endpoints{ + "us-iso-east-1": endpoint{}, + }, + }, "glacier": service{ Endpoints: endpoints{ diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index fc424a9..bff12b9 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.38.14" +const SDKVersion = "1.38.30" diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go index 09ad951..2fbb93a 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/build.go @@ -308,6 +308,8 @@ func (b *xmlBuilder) buildScalar(value reflect.Value, current *XMLNode, tag refl if tag.Get("xmlAttribute") != "" { // put into current node's attribute list attr := xml.Attr{Name: xname, Value: str} current.Attr = append(current.Attr, attr) + } else if len(xname.Local) == 0 { + current.Text = str } else { // regular text node current.AddChild(&XMLNode{Name: xname, Text: str}) } diff --git a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go index 42f7164..c85b79f 100644 --- a/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go +++ b/vendor/github.com/aws/aws-sdk-go/private/protocol/xml/xmlutil/xml_to_struct.go @@ -18,6 +18,14 @@ type XMLNode struct { parent *XMLNode } +// textEncoder is a string type alias that implemnts the TextMarshaler interface. +// This alias type is used to ensure that the line feed (\n) (U+000A) is escaped. +type textEncoder string + +func (t textEncoder) MarshalText() ([]byte, error) { + return []byte(t), nil +} + // NewXMLElement returns a pointer to a new XMLNode initialized to default values. func NewXMLElement(name xml.Name) *XMLNode { return &XMLNode{ @@ -130,11 +138,16 @@ func StructToXML(e *xml.Encoder, node *XMLNode, sorted bool) error { attrs = sortedAttrs } - e.EncodeToken(xml.StartElement{Name: node.Name, Attr: attrs}) + startElement := xml.StartElement{Name: node.Name, Attr: attrs} if node.Text != "" { - e.EncodeToken(xml.CharData([]byte(node.Text))) - } else if sorted { + e.EncodeElement(textEncoder(node.Text), startElement) + return e.Flush() + } + + e.EncodeToken(startElement) + + if sorted { sortedNames := []string{} for k := range node.Children { sortedNames = append(sortedNames, k) @@ -154,6 +167,7 @@ func StructToXML(e *xml.Encoder, node *XMLNode, sorted bool) error { } } - e.EncodeToken(xml.EndElement{Name: node.Name}) + e.EncodeToken(startElement.End()) + return e.Flush() } diff --git a/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go b/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go index 655f28a..c7497d4 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/organizations/api.go @@ -372,7 +372,7 @@ func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *requ // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -439,7 +439,7 @@ func (c *Organizations) AttachPolicyRequest(input *AttachPolicyInput) (req *requ // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -890,8 +890,8 @@ func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *re // operation. // // * Check the AWS CloudTrail log for the CreateAccountResult event. For -// information on using AWS CloudTrail with AWS Organizations, see Monitoring -// the Activity in Your Organization (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_monitoring.html) +// information on using AWS CloudTrail with AWS Organizations, see Logging +// and monitoring in AWS Organizations (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#orgs_cloudtrail-integration) // in the AWS Organizations User Guide. // // The user who calls the API to create an account must have the organizations:CreateAccount @@ -980,7 +980,7 @@ func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *re // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -1047,7 +1047,7 @@ func (c *Organizations) CreateAccountRequest(input *CreateAccountInput) (req *re // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -1418,7 +1418,7 @@ func (c *Organizations) CreateGovCloudAccountRequest(input *CreateGovCloudAccoun // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -1485,7 +1485,7 @@ func (c *Organizations) CreateGovCloudAccountRequest(input *CreateGovCloudAccoun // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -1761,7 +1761,7 @@ func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -1828,7 +1828,7 @@ func (c *Organizations) CreateOrganizationRequest(input *CreateOrganizationInput // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -2099,7 +2099,7 @@ func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizatio // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -2166,7 +2166,7 @@ func (c *Organizations) CreateOrganizationalUnitRequest(input *CreateOrganizatio // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -2435,7 +2435,7 @@ func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *requ // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -2502,7 +2502,7 @@ func (c *Organizations) CreatePolicyRequest(input *CreatePolicyInput) (req *requ // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -3572,7 +3572,7 @@ func (c *Organizations) DeregisterDelegatedAdministratorRequest(input *Deregiste // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -3639,7 +3639,7 @@ func (c *Organizations) DeregisterDelegatedAdministratorRequest(input *Deregiste // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -4277,7 +4277,7 @@ func (c *Organizations) DescribeEffectivePolicyRequest(input *DescribeEffectiveP // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -4344,7 +4344,7 @@ func (c *Organizations) DescribeEffectivePolicyRequest(input *DescribeEffectiveP // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -5294,7 +5294,7 @@ func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *requ // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -5361,7 +5361,7 @@ func (c *Organizations) DetachPolicyRequest(input *DetachPolicyInput) (req *requ // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -5686,7 +5686,7 @@ func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceA // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -5753,7 +5753,7 @@ func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceA // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -6025,7 +6025,7 @@ func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -6092,7 +6092,7 @@ func (c *Organizations) DisablePolicyTypeRequest(input *DisablePolicyTypeInput) // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -6383,7 +6383,7 @@ func (c *Organizations) EnableAWSServiceAccessRequest(input *EnableAWSServiceAcc // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -6450,7 +6450,7 @@ func (c *Organizations) EnableAWSServiceAccessRequest(input *EnableAWSServiceAcc // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -6974,7 +6974,7 @@ func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (r // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -7041,7 +7041,7 @@ func (c *Organizations) EnablePolicyTypeRequest(input *EnablePolicyTypeInput) (r // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -7392,7 +7392,7 @@ func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountT // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -7459,7 +7459,7 @@ func (c *Organizations) InviteAccountToOrganizationRequest(input *InviteAccountT // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -7724,6 +7724,10 @@ func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) // to the account object in the organization are deleted. AWS accounts outside // of an organization do not support tags. // +// * A newly created account has a waiting period before it can be removed +// from its organization. If you get an error that indicates that a wait +// period is required, then try again in a few days. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7763,7 +7767,7 @@ func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -7830,7 +7834,7 @@ func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -8102,7 +8106,7 @@ func (c *Organizations) ListAWSServiceAccessForOrganizationRequest(input *ListAW // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -8169,7 +8173,7 @@ func (c *Organizations) ListAWSServiceAccessForOrganizationRequest(input *ListAW // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -9474,7 +9478,7 @@ func (c *Organizations) ListDelegatedAdministratorsRequest(input *ListDelegatedA // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -9541,7 +9545,7 @@ func (c *Organizations) ListDelegatedAdministratorsRequest(input *ListDelegatedA // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -9863,7 +9867,7 @@ func (c *Organizations) ListDelegatedServicesForAccountRequest(input *ListDelega // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -9930,7 +9934,7 @@ func (c *Organizations) ListDelegatedServicesForAccountRequest(input *ListDelega // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -12704,7 +12708,7 @@ func (c *Organizations) RegisterDelegatedAdministratorRequest(input *RegisterDel // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -12771,7 +12775,7 @@ func (c *Organizations) RegisterDelegatedAdministratorRequest(input *RegisterDel // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -13066,7 +13070,7 @@ func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccoun // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -13133,7 +13137,7 @@ func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccoun // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -13408,7 +13412,7 @@ func (c *Organizations) TagResourceRequest(input *TagResourceInput) (req *reques // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -13475,7 +13479,7 @@ func (c *Organizations) TagResourceRequest(input *TagResourceInput) (req *reques // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -13745,7 +13749,7 @@ func (c *Organizations) UntagResourceRequest(input *UntagResourceInput) (req *re // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -13812,7 +13816,7 @@ func (c *Organizations) UntagResourceRequest(input *UntagResourceInput) (req *re // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -14261,7 +14265,7 @@ func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *requ // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -14328,7 +14332,7 @@ func (c *Organizations) UpdatePolicyRequest(input *UpdatePolicyInput) (req *requ // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -15458,7 +15462,7 @@ func (s *ConcurrentModificationException) RequestID() string { // Some of the reasons in the following list might not be applicable to this // specific API or operation. // -// * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management +// * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -15525,7 +15529,7 @@ func (s *ConcurrentModificationException) RequestID() string { // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions -// in China. To create an organization, the master must have an valid business +// in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you @@ -15832,8 +15836,8 @@ type CreateAccountStatus struct { // If the request failed, a description of the reason for the failure. // - // * ACCOUNT_LIMIT_EXCEEDED: The account could not be created because you - // have reached the limit on the number of accounts in your organization. + // * ACCOUNT_LIMIT_EXCEEDED: The account couldn't be created because you + // reached the limit on the number of accounts in your organization. // // * CONCURRENT_ACCOUNT_MODIFICATION: You already submitted a request with // the same information. @@ -15859,7 +15863,8 @@ type CreateAccountStatus struct { // you provided is not valid. // // * INTERNAL_FAILURE: The account could not be created because of an internal - // failure. Try again later. If the problem persists, contact Customer Support. + // failure. Try again later. If the problem persists, contact AWS Customer + // Support. // // * MISSING_BUSINESS_VALIDATION: The AWS account that owns your organization // has not received Business Validation. @@ -15889,7 +15894,7 @@ type CreateAccountStatus struct { // The date and time that the request was made for the account creation. RequestedTimestamp *time.Time `type:"timestamp"` - // The status of the request. + // The status of the asynchronous request to create an AWS account. State *string `type:"string" enum:"CreateAccountState"` } @@ -16662,8 +16667,8 @@ type DelegatedService struct { // The date that the account became a delegated administrator for this service. DelegationEnabledDate *time.Time `type:"timestamp"` - // The name of a service that can request an operation for the specified service. - // This is typically in the form of a URL, such as: servicename.amazonaws.com. + // The name of an AWS service that can request an operation for the specified + // service. This is typically in the form of a URL, such as: servicename.amazonaws.com. ServicePrincipal *string `min:"1" type:"string"` } diff --git a/vendor/github.com/aws/aws-sdk-go/service/organizations/doc.go b/vendor/github.com/aws/aws-sdk-go/service/organizations/doc.go index 0cd7cc9..8ca6de9 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/organizations/doc.go +++ b/vendor/github.com/aws/aws-sdk-go/service/organizations/doc.go @@ -3,7 +3,53 @@ // Package organizations provides the client and types for making API // requests to AWS Organizations. // -// AWS Organizations +// AWS Organizations is a web service that enables you to consolidate your multiple +// AWS accounts into an organization and centrally manage your accounts and +// their resources. +// +// This guide provides descriptions of the Organizations operations. For more +// information about using this service, see the AWS Organizations User Guide +// (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html). +// +// Support and feedback for AWS Organizations +// +// We welcome your feedback. Send your comments to feedback-awsorganizations@amazon.com +// (mailto:feedback-awsorganizations@amazon.com) or post your feedback and questions +// in the AWS Organizations support forum (http://forums.aws.amazon.com/forum.jspa?forumID=219). +// For more information about the AWS support forums, see Forums Help (http://forums.aws.amazon.com/help.jspa). +// +// Endpoint to call When using the AWS CLI or the AWS SDK +// +// For the current release of Organizations, specify the us-east-1 region for +// all AWS API and AWS CLI calls made from the commercial AWS Regions outside +// of China. If calling from one of the AWS Regions in China, then specify cn-northwest-1. +// You can do this in the AWS CLI by using these parameters and commands: +// +// * Use the following parameter with each command to specify both the endpoint +// and its region: --endpoint-url https://organizations.us-east-1.amazonaws.com +// (from commercial AWS Regions outside of China) or --endpoint-url https://organizations.cn-northwest-1.amazonaws.com.cn +// (from AWS Regions in China) +// +// * Use the default endpoint, but configure your default region with this +// command: aws configure set default.region us-east-1 (from commercial AWS +// Regions outside of China) or aws configure set default.region cn-northwest-1 +// (from AWS Regions in China) +// +// * Use the following parameter with each command to specify the endpoint: +// --region us-east-1 (from commercial AWS Regions outside of China) or --region +// cn-northwest-1 (from AWS Regions in China) +// +// Recording API Requests +// +// AWS Organizations supports AWS CloudTrail, a service that records AWS API +// calls for your AWS account and delivers log files to an Amazon S3 bucket. +// By using information collected by AWS CloudTrail, you can determine which +// requests the Organizations service received, who made the request and when, +// and so on. For more about AWS Organizations and its support for AWS CloudTrail, +// see Logging AWS Organizations Events with AWS CloudTrail (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_incident-response.html#orgs_cloudtrail-integration) +// in the AWS Organizations User Guide. To learn more about AWS CloudTrail, +// including how to turn it on and find your log files, see the AWS CloudTrail +// User Guide (http://docs.aws.amazon.com/awscloudtrail/latest/userguide/what_is_cloud_trail_top_level.html). // // See https://docs.aws.amazon.com/goto/WebAPI/organizations-2016-11-28 for more information on this service. // diff --git a/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go b/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go index d5a932b..6380ad5 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go +++ b/vendor/github.com/aws/aws-sdk-go/service/organizations/errors.go @@ -96,7 +96,7 @@ const ( // Some of the reasons in the following list might not be applicable to this // specific API or operation. // - // * ACCOUNT_CANNOT_LEAVE_ORGANIZAION: You attempted to remove the management + // * ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management // account from the organization. You can't remove the management account. // Instead, after you remove all member accounts, delete the organization // itself. @@ -163,7 +163,7 @@ const ( // with the same marketplace. // // * MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the AWS Regions - // in China. To create an organization, the master must have an valid business + // in China. To create an organization, the master must have a valid business // license. For more information, contact customer support. // // * MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you diff --git a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go index bfc4372..17c4637 100644 --- a/vendor/github.com/aws/aws-sdk-go/service/sts/api.go +++ b/vendor/github.com/aws/aws-sdk-go/service/sts/api.go @@ -65,34 +65,6 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // -// You cannot use AWS account root user credentials to call AssumeRole. You -// must use credentials for an IAM user or an IAM role to call AssumeRole. -// -// For cross-account access, imagine that you own multiple accounts and need -// to access resources in each account. You could create long-term credentials -// in each account to access those resources. However, managing all those credentials -// and remembering which one can access which account can be time consuming. -// Instead, you can create one set of long-term credentials in one account. -// Then use temporary security credentials to access all the other accounts -// by assuming roles in those accounts. For more information about roles, see -// IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) -// in the IAM User Guide. -// -// Session Duration -// -// By default, the temporary security credentials created by AssumeRole last -// for one hour. However, you can use the optional DurationSeconds parameter -// to specify the duration of your session. You can provide a value from 900 -// seconds (15 minutes) up to the maximum session duration setting for the role. -// This setting can have a value from 1 hour to 12 hours. To learn how to view -// the maximum value for your role, see View the Maximum Session Duration Setting -// for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) -// in the IAM User Guide. The maximum session duration limit applies when you -// use the AssumeRole* API operations or the assume-role* CLI commands. However -// the limit does not apply when you use those operations to create a console -// URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) -// in the IAM User Guide. -// // Permissions // // The temporary security credentials created by AssumeRole can be used to make @@ -102,7 +74,7 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to -// use as managed session policies. The plain text that you use for both inline +// use as managed session policies. The plaintext that you use for both inline // and managed session policies can't exceed 2,048 characters. Passing policies // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and @@ -308,6 +280,15 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // URL. For more information, see Using IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) // in the IAM User Guide. // +// Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining) +// limits your AWS CLI or AWS API role session to a maximum of one hour. When +// you use the AssumeRole API operation to assume a role, you can specify the +// duration of your role session with the DurationSeconds parameter. You can +// specify a parameter value of up to 43200 seconds (12 hours), depending on +// the maximum session duration setting for your role. However, if you assume +// a role using role chaining and provide a DurationSeconds parameter value +// greater than one hour, the operation fails. +// // Permissions // // The temporary security credentials created by AssumeRoleWithSAML can be used @@ -317,7 +298,7 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to -// use as managed session policies. The plain text that you use for both inline +// use as managed session policies. The plaintext that you use for both inline // and managed session policies can't exceed 2,048 characters. Passing policies // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and @@ -346,16 +327,16 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // -// You can pass up to 50 session tags. The plain text session tag keys can’t +// You can pass up to 50 session tags. The plaintext session tag keys can’t // exceed 128 characters and the values can’t exceed 256 characters. For these // and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // // An AWS conversion compresses the passed session policies and session tags // into a packed binary format that has a separate limit. Your request can fail -// for this limit even if your plain text meets the other requirements. The -// PackedPolicySize response element indicates by percentage how close the policies -// and tags for your request are to the upper size limit. +// for this limit even if your plaintext meets the other requirements. The PackedPolicySize +// response element indicates by percentage how close the policies and tags +// for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is attached to // the role. When you do, session tags override the role's tags with the same @@ -564,7 +545,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to -// use as managed session policies. The plain text that you use for both inline +// use as managed session policies. The plaintext that you use for both inline // and managed session policies can't exceed 2,048 characters. Passing policies // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and @@ -583,16 +564,16 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // -// You can pass up to 50 session tags. The plain text session tag keys can’t +// You can pass up to 50 session tags. The plaintext session tag keys can’t // exceed 128 characters and the values can’t exceed 256 characters. For these // and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // // An AWS conversion compresses the passed session policies and session tags // into a packed binary format that has a separate limit. Your request can fail -// for this limit even if your plain text meets the other requirements. The -// PackedPolicySize response element indicates by percentage how close the policies -// and tags for your request are to the upper size limit. +// for this limit even if your plaintext meets the other requirements. The PackedPolicySize +// response element indicates by percentage how close the policies and tags +// for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is attached to // the role. When you do, the session tag overrides the role tag with the same @@ -619,7 +600,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // // Calling AssumeRoleWithWebIdentity can result in an entry in your AWS CloudTrail // logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims) -// of the provided Web Identity Token. We recommend that you avoid using any +// of the provided web identity token. We recommend that you avoid using any // personally identifiable information (PII) in this field. For example, you // could instead use a GUID or a pairwise identifier, as suggested in the OIDC // specification (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes). @@ -1108,6 +1089,70 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to +// use as managed session policies. The plaintext that you use for both inline +// and managed session policies can't exceed 2,048 characters. +// +// Though the session policy parameters are optional, if you do not pass a policy, +// then the resulting federated user session has no permissions. When you pass +// session policies, the session permissions are the intersection of the IAM +// user policies and the session policies that you pass. This gives you a way +// to further restrict the permissions for a federated user. You cannot use +// session policies to grant more permissions than those that are defined in +// the permissions policy of the IAM user. For more information, see Session +// Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// in the IAM User Guide. For information about using GetFederationToken to +// create temporary security credentials, see GetFederationToken—Federation +// Through a Custom Identity Broker (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken). +// +// You can use the credentials to access a resource that has a resource-based +// policy. If that policy specifically references the federated user session +// in the Principal element of the policy, the session has the permissions allowed +// by the policy. These permissions are granted in addition to the permissions +// granted by the session policies. +// +// Tags +// +// (Optional) You can pass tag key-value pairs to your session. These are called +// session tags. For more information about session tags, see Passing Session +// Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// in the IAM User Guide. +// +// You can create a mobile-based or browser-based app that can authenticate +// users using a web identity provider like Login with Amazon, Facebook, Google, +// or an OpenID Connect-compatible identity provider. In this case, we recommend +// that you use Amazon Cognito (http://aws.amazon.com/cognito/) or AssumeRoleWithWebIdentity. +// For more information, see Federation Through a Web-based Identity Provider +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity) +// in the IAM User Guide. +// +// You can also call GetFederationToken using the security credentials of an +// AWS account root user, but we do not recommend it. Instead, we recommend +// that you create an IAM user for the purpose of the proxy application. Then +// attach a policy to the IAM user that limits federated users to only the actions +// and resources that they need to access. For more information, see IAM Best +// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) +// in the IAM User Guide. +// +// Session duration +// +// The temporary credentials are valid for the specified duration, from 900 +// seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default +// session duration is 43,200 seconds (12 hours). Temporary credentials that +// are obtained by using AWS account root user credentials have a maximum duration +// of 3,600 seconds (1 hour). +// +// Permissions +// +// You can use the temporary credentials created by GetFederationToken in any +// AWS service except the following: +// +// * You cannot call any IAM operations using the AWS CLI or the AWS API. +// +// * You cannot call any STS operations except GetCallerIdentity. +// +// You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// to this operation. You can pass a single JSON policy document to use as an +// inline session policy. You can also specify up to 10 managed policies to // use as managed session policies. The plain text that you use for both inline // and managed session policies can't exceed 2,048 characters. // @@ -1338,14 +1383,15 @@ func (c *STS) GetSessionTokenWithContext(ctx aws.Context, input *GetSessionToken type AssumeRoleInput struct { _ struct{} `type:"structure"` - // The duration, in seconds, of the role session. The value can range from 900 - // seconds (15 minutes) up to the maximum session duration setting for the role. - // This setting can have a value from 1 hour to 12 hours. If you specify a value - // higher than this setting, the operation fails. For example, if you specify - // a session duration of 12 hours, but your administrator set the maximum session - // duration to 6 hours, your operation fails. To learn how to view the maximum - // value for your role, see View the Maximum Session Duration Setting for a - // Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) + // The duration, in seconds, of the role session. The value specified can can + // range from 900 seconds (15 minutes) up to the maximum session duration that + // is set for the role. The maximum session duration setting can have a value + // from 1 hour to 12 hours. If you specify a value higher than this setting + // or the administrator setting (whichever is lower), the operation fails. For + // example, if you specify a session duration of 12 hours, but your administrator + // set the maximum session duration to 6 hours, your operation fails. To learn + // how to view the maximum value for your role, see View the Maximum Session + // Duration Setting for a Role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) // in the IAM User Guide. // // By default, the value is set to 3600 seconds. @@ -1387,17 +1433,17 @@ type AssumeRoleInput struct { // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // - // The plain text that you use for both inline and managed session policies - // can't exceed 2,048 characters. The JSON policy characters can be any ASCII - // character from the space character to the end of the valid character list - // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), - // and carriage return (\u000D) characters. + // The plaintext that you use for both inline and managed session policies can't + // exceed 2,048 characters. The JSON policy characters can be any ASCII character + // from the space character to the end of the valid character list (\u0020 through + // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage + // return (\u000D) characters. // // An AWS conversion compresses the passed session policies and session tags // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // for this limit even if your plaintext meets the other requirements. The PackedPolicySize + // response element indicates by percentage how close the policies and tags + // for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -1405,16 +1451,16 @@ type AssumeRoleInput struct { // as the role. // // This parameter is optional. You can provide up to 10 managed policy ARNs. - // However, the plain text that you use for both inline and managed session - // policies can't exceed 2,048 characters. For more information about ARNs, - // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // However, the plaintext that you use for both inline and managed session policies + // can't exceed 2,048 characters. For more information about ARNs, see Amazon + // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // in the AWS General Reference. // // An AWS conversion compresses the passed session policies and session tags // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // for this limit even if your plaintext meets the other requirements. The PackedPolicySize + // response element indicates by percentage how close the policies and tags + // for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based @@ -1459,22 +1505,41 @@ type AssumeRoleInput struct { // also include underscores or any of the following characters: =,.@- SerialNumber *string `min:"9" type:"string"` + // The source identity specified by the principal that is calling the AssumeRole + // operation. + // + // You can require users to specify a source identity when they assume a role. + // You do this by using the sts:SourceIdentity condition key in a role trust + // policy. You can use source identity information in AWS CloudTrail logs to + // determine who took actions with a role. You can use the aws:SourceIdentity + // condition key to further control access to AWS resources based on the value + // of source identity. For more information about using source identity, see + // Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // in the IAM User Guide. + // + // The regex used to validate this parameter is a string of characters consisting + // of upper- and lower-case alphanumeric characters with no spaces. You can + // also include underscores or any of the following characters: =,.@-. You cannot + // use a value that begins with the text aws:. This prefix is reserved for AWS + // internal use. + SourceIdentity *string `min:"2" type:"string"` + // A list of session tags that you want to pass. Each session tag consists of // a key name and an associated value. For more information about session tags, // see Tagging AWS STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // - // This parameter is optional. You can pass up to 50 session tags. The plain - // text session tag keys can’t exceed 128 characters, and the values can’t - // exceed 256 characters. For these and additional limits, see IAM and STS Character + // This parameter is optional. You can pass up to 50 session tags. The plaintext + // session tag keys can’t exceed 128 characters, and the values can’t exceed + // 256 characters. For these and additional limits, see IAM and STS Character // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // // An AWS conversion compresses the passed session policies and session tags // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // for this limit even if your plaintext meets the other requirements. The PackedPolicySize + // response element indicates by percentage how close the policies and tags + // for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is already attached // to the role. When you do, session tags override a role tag with the same @@ -1495,9 +1560,10 @@ type AssumeRoleInput struct { Tags []*Tag `type:"list"` // The value provided by the MFA device, if the trust policy of the role being - // assumed requires MFA (that is, if the policy includes a condition that tests - // for MFA). If the role being assumed requires MFA and if the TokenCode value - // is missing or expired, the AssumeRole call returns an "access denied" error. + // assumed requires MFA. (In other words, if the policy includes a condition + // that tests for MFA). If the role being assumed requires MFA and if the TokenCode + // value is missing or expired, the AssumeRole call returns an "access denied" + // error. // // The format for this parameter, as described by its regex pattern, is a sequence // of six numeric digits. @@ -1554,6 +1620,9 @@ func (s *AssumeRoleInput) Validate() error { if s.SerialNumber != nil && len(*s.SerialNumber) < 9 { invalidParams.Add(request.NewErrParamMinLen("SerialNumber", 9)) } + if s.SourceIdentity != nil && len(*s.SourceIdentity) < 2 { + invalidParams.Add(request.NewErrParamMinLen("SourceIdentity", 2)) + } if s.TokenCode != nil && len(*s.TokenCode) < 6 { invalidParams.Add(request.NewErrParamMinLen("TokenCode", 6)) } @@ -1626,6 +1695,12 @@ func (s *AssumeRoleInput) SetSerialNumber(v string) *AssumeRoleInput { return s } +// SetSourceIdentity sets the SourceIdentity field's value. +func (s *AssumeRoleInput) SetSourceIdentity(v string) *AssumeRoleInput { + s.SourceIdentity = &v + return s +} + // SetTags sets the Tags field's value. func (s *AssumeRoleInput) SetTags(v []*Tag) *AssumeRoleInput { s.Tags = v @@ -1668,6 +1743,23 @@ type AssumeRoleOutput struct { // packed size is greater than 100 percent, which means the policies and tags // exceeded the allowed space. PackedPolicySize *int64 `type:"integer"` + + // The source identity specified by the principal that is calling the AssumeRole + // operation. + // + // You can require users to specify a source identity when they assume a role. + // You do this by using the sts:SourceIdentity condition key in a role trust + // policy. You can use source identity information in AWS CloudTrail logs to + // determine who took actions with a role. You can use the aws:SourceIdentity + // condition key to further control access to AWS resources based on the value + // of source identity. For more information about using source identity, see + // Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // in the IAM User Guide. + // + // The regex used to validate this parameter is a string of characters consisting + // of upper- and lower-case alphanumeric characters with no spaces. You can + // also include underscores or any of the following characters: =,.@- + SourceIdentity *string `min:"2" type:"string"` } // String returns the string representation @@ -1698,6 +1790,12 @@ func (s *AssumeRoleOutput) SetPackedPolicySize(v int64) *AssumeRoleOutput { return s } +// SetSourceIdentity sets the SourceIdentity field's value. +func (s *AssumeRoleOutput) SetSourceIdentity(v string) *AssumeRoleOutput { + s.SourceIdentity = &v + return s +} + type AssumeRoleWithSAMLInput struct { _ struct{} `type:"structure"` @@ -1736,17 +1834,17 @@ type AssumeRoleWithSAMLInput struct { // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // - // The plain text that you use for both inline and managed session policies - // can't exceed 2,048 characters. The JSON policy characters can be any ASCII - // character from the space character to the end of the valid character list - // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), - // and carriage return (\u000D) characters. + // The plaintext that you use for both inline and managed session policies can't + // exceed 2,048 characters. The JSON policy characters can be any ASCII character + // from the space character to the end of the valid character list (\u0020 through + // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage + // return (\u000D) characters. // // An AWS conversion compresses the passed session policies and session tags // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // for this limit even if your plaintext meets the other requirements. The PackedPolicySize + // response element indicates by percentage how close the policies and tags + // for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -1754,16 +1852,16 @@ type AssumeRoleWithSAMLInput struct { // as the role. // // This parameter is optional. You can provide up to 10 managed policy ARNs. - // However, the plain text that you use for both inline and managed session - // policies can't exceed 2,048 characters. For more information about ARNs, - // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // However, the plaintext that you use for both inline and managed session policies + // can't exceed 2,048 characters. For more information about ARNs, see Amazon + // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // in the AWS General Reference. // // An AWS conversion compresses the passed session policies and session tags // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // for this limit even if your plaintext meets the other requirements. The PackedPolicySize + // response element indicates by percentage how close the policies and tags + // for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based @@ -1786,7 +1884,7 @@ type AssumeRoleWithSAMLInput struct { // RoleArn is a required field RoleArn *string `min:"20" type:"string" required:"true"` - // The base-64 encoded SAML authentication response provided by the IdP. + // The base64 encoded SAML authentication response provided by the IdP. // // For more information, see Configuring a Relying Party and Adding Claims (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html) // in the IAM User Guide. @@ -1908,10 +2006,17 @@ type AssumeRoleWithSAMLOutput struct { // The value of the Issuer element of the SAML assertion. Issuer *string `type:"string"` - // A hash value based on the concatenation of the Issuer response value, the - // AWS account ID, and the friendly name (the last part of the ARN) of the SAML - // provider in IAM. The combination of NameQualifier and Subject can be used - // to uniquely identify a federated user. + // A hash value based on the concatenation of the following: + // + // * The Issuer response value. + // + // * The AWS account ID. + // + // * The friendly name (the last part of the ARN) of the SAML provider in + // IAM. + // + // The combination of NameQualifier and Subject can be used to uniquely identify + // a federated user. // // The following pseudocode shows how the hash value is calculated: // @@ -1925,6 +2030,26 @@ type AssumeRoleWithSAMLOutput struct { // exceeded the allowed space. PackedPolicySize *int64 `type:"integer"` + // The value in the SourceIdentity attribute in the SAML assertion. + // + // You can require users to set a source identity value when they assume a role. + // You do this by using the sts:SourceIdentity condition key in a role trust + // policy. That way, actions that are taken with the role are associated with + // that user. After the source identity is set, the value cannot be changed. + // It is present in the request for all actions that are taken by the role and + // persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining) + // sessions. You can configure your SAML identity provider to use an attribute + // associated with your users, like user name or email, as the source identity + // when calling AssumeRoleWithSAML. You do this by adding an attribute to the + // SAML assertion. For more information about using source identity, see Monitor + // and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // in the IAM User Guide. + // + // The regex used to validate this parameter is a string of characters consisting + // of upper- and lower-case alphanumeric characters with no spaces. You can + // also include underscores or any of the following characters: =,.@- + SourceIdentity *string `min:"2" type:"string"` + // The value of the NameID element in the Subject element of the SAML assertion. Subject *string `type:"string"` @@ -1985,6 +2110,12 @@ func (s *AssumeRoleWithSAMLOutput) SetPackedPolicySize(v int64) *AssumeRoleWithS return s } +// SetSourceIdentity sets the SourceIdentity field's value. +func (s *AssumeRoleWithSAMLOutput) SetSourceIdentity(v string) *AssumeRoleWithSAMLOutput { + s.SourceIdentity = &v + return s +} + // SetSubject sets the Subject field's value. func (s *AssumeRoleWithSAMLOutput) SetSubject(v string) *AssumeRoleWithSAMLOutput { s.Subject = &v @@ -2032,17 +2163,17 @@ type AssumeRoleWithWebIdentityInput struct { // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // - // The plain text that you use for both inline and managed session policies - // can't exceed 2,048 characters. The JSON policy characters can be any ASCII - // character from the space character to the end of the valid character list - // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), - // and carriage return (\u000D) characters. + // The plaintext that you use for both inline and managed session policies can't + // exceed 2,048 characters. The JSON policy characters can be any ASCII character + // from the space character to the end of the valid character list (\u0020 through + // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage + // return (\u000D) characters. // // An AWS conversion compresses the passed session policies and session tags // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // for this limit even if your plaintext meets the other requirements. The PackedPolicySize + // response element indicates by percentage how close the policies and tags + // for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -2050,16 +2181,16 @@ type AssumeRoleWithWebIdentityInput struct { // as the role. // // This parameter is optional. You can provide up to 10 managed policy ARNs. - // However, the plain text that you use for both inline and managed session - // policies can't exceed 2,048 characters. For more information about ARNs, - // see Amazon Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // However, the plaintext that you use for both inline and managed session policies + // can't exceed 2,048 characters. For more information about ARNs, see Amazon + // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // in the AWS General Reference. // // An AWS conversion compresses the passed session policies and session tags // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // for this limit even if your plaintext meets the other requirements. The PackedPolicySize + // response element indicates by percentage how close the policies and tags + // for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based @@ -2242,6 +2373,29 @@ type AssumeRoleWithWebIdentityOutput struct { // in the AssumeRoleWithWebIdentity request. Provider *string `type:"string"` + // The value of the source identity that is returned in the JSON web token (JWT) + // from the identity provider. + // + // You can require users to set a source identity value when they assume a role. + // You do this by using the sts:SourceIdentity condition key in a role trust + // policy. That way, actions that are taken with the role are associated with + // that user. After the source identity is set, the value cannot be changed. + // It is present in the request for all actions that are taken by the role and + // persists across chained role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining) + // sessions. You can configure your identity provider to use an attribute associated + // with your users, like user name or email, as the source identity when calling + // AssumeRoleWithWebIdentity. You do this by adding a claim to the JSON web + // token. To learn more about OIDC tokens and claims, see Using Tokens with + // User Pools (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html) + // in the Amazon Cognito Developer Guide. For more information about using source + // identity, see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // in the IAM User Guide. + // + // The regex used to validate this parameter is a string of characters consisting + // of upper- and lower-case alphanumeric characters with no spaces. You can + // also include underscores or any of the following characters: =,.@- + SourceIdentity *string `min:"2" type:"string"` + // The unique user identifier that is returned by the identity provider. This // identifier is associated with the WebIdentityToken that was submitted with // the AssumeRoleWithWebIdentity call. The identifier is typically unique to @@ -2291,6 +2445,12 @@ func (s *AssumeRoleWithWebIdentityOutput) SetProvider(v string) *AssumeRoleWithW return s } +// SetSourceIdentity sets the SourceIdentity field's value. +func (s *AssumeRoleWithWebIdentityOutput) SetSourceIdentity(v string) *AssumeRoleWithWebIdentityOutput { + s.SourceIdentity = &v + return s +} + // SetSubjectFromWebIdentityToken sets the SubjectFromWebIdentityToken field's value. func (s *AssumeRoleWithWebIdentityOutput) SetSubjectFromWebIdentityToken(v string) *AssumeRoleWithWebIdentityOutput { s.SubjectFromWebIdentityToken = &v @@ -2682,17 +2842,17 @@ type GetFederationTokenInput struct { // by the policy. These permissions are granted in addition to the permissions // that are granted by the session policies. // - // The plain text that you use for both inline and managed session policies - // can't exceed 2,048 characters. The JSON policy characters can be any ASCII - // character from the space character to the end of the valid character list - // (\u0020 through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), - // and carriage return (\u000D) characters. + // The plaintext that you use for both inline and managed session policies can't + // exceed 2,048 characters. The JSON policy characters can be any ASCII character + // from the space character to the end of the valid character list (\u0020 through + // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage + // return (\u000D) characters. // // An AWS conversion compresses the passed session policies and session tags // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // for this limit even if your plaintext meets the other requirements. The PackedPolicySize + // response element indicates by percentage how close the policies and tags + // for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -2702,7 +2862,7 @@ type GetFederationTokenInput struct { // You must pass an inline or managed session policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to - // use as managed session policies. The plain text that you use for both inline + // use as managed session policies. The plaintext that you use for both inline // and managed session policies can't exceed 2,048 characters. You can provide // up to 10 managed policy ARNs. For more information about ARNs, see Amazon // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) @@ -2727,9 +2887,9 @@ type GetFederationTokenInput struct { // // An AWS conversion compresses the passed session policies and session tags // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // for this limit even if your plaintext meets the other requirements. The PackedPolicySize + // response element indicates by percentage how close the policies and tags + // for your request are to the upper size limit. PolicyArns []*PolicyDescriptorType `type:"list"` // A list of session tags. Each session tag consists of a key name and an associated @@ -2737,17 +2897,17 @@ type GetFederationTokenInput struct { // in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // - // This parameter is optional. You can pass up to 50 session tags. The plain - // text session tag keys can’t exceed 128 characters and the values can’t - // exceed 256 characters. For these and additional limits, see IAM and STS Character + // This parameter is optional. You can pass up to 50 session tags. The plaintext + // session tag keys can’t exceed 128 characters and the values can’t exceed + // 256 characters. For these and additional limits, see IAM and STS Character // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // // An AWS conversion compresses the passed session policies and session tags // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plain text meets the other requirements. The - // PackedPolicySize response element indicates by percentage how close the policies - // and tags for your request are to the upper size limit. + // for this limit even if your plaintext meets the other requirements. The PackedPolicySize + // response element indicates by percentage how close the policies and tags + // for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is already attached // to the user you are federating. When you do, session tags override a user diff --git a/vendor/modules.txt b/vendor/modules.txt index 49e5c88..6a632c7 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,7 +1,7 @@ # github.com/alecthomas/kong v0.2.16 ## explicit github.com/alecthomas/kong -# github.com/aws/aws-sdk-go v1.38.14 +# github.com/aws/aws-sdk-go v1.38.30 ## explicit github.com/aws/aws-sdk-go/aws github.com/aws/aws-sdk-go/aws/arn