Skip to content

Commit

Permalink
Update generated code (#1800)
Browse files Browse the repository at this point in the history
update generated code
  • Loading branch information
async-aws-bot authored Nov 15, 2024
1 parent 80c2e57 commit 205db3e
Show file tree
Hide file tree
Showing 6 changed files with 72 additions and 46 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@

- use strict comparison `null !==` instead of `!`
- Fix CS
- AWS enhancement: Documentation updates.

## 1.22.1

Expand Down
2 changes: 1 addition & 1 deletion src/Sts/Exception/RegionDisabledException.php
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
/**
* STS is not activated in the requested region for the account that is being asked to generate credentials. The account
* administrator must use the IAM console to activate STS in that region. For more information, see Activating and
* Deactivating Amazon Web Services STS in an Amazon Web Services Region [^1] in the *IAM User Guide*.
* Deactivating STS in an Amazon Web Services Region [^1] in the *IAM User Guide*.
*
* [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
*/
Expand Down
30 changes: 21 additions & 9 deletions src/Sts/Input/AssumeRoleRequest.php
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,16 @@ final class AssumeRoleRequest extends Input
* subsequent cross-account API requests that use the temporary security credentials will expose the role session name
* to the external account in their CloudTrail logs.
*
* For security purposes, administrators can view this field in CloudTrail logs [^1] to help identify who performed an
* action in Amazon Web Services. Your administrator might require that you specify your user name as the session name
* when you assume the role. For more information, see `sts:RoleSessionName` [^2].
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric
* characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
* [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#cloudtrail-integration_signin-tempcreds
* [^2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname
*
* @required
*
* @var string|null
Expand Down Expand Up @@ -83,7 +90,10 @@ final class AssumeRoleRequest extends Input
* > plaintext meets the other requirements. The `PackedPolicySize` response element indicates by percentage how close
* > the policies and tags for your request are to the upper size limit.
*
* For more information about role session permissions, see Session policies [^2].
*
* [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
* [^2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
*
* @var string|null
*/
Expand All @@ -101,7 +111,7 @@ final class AssumeRoleRequest extends Input
* the `DurationSeconds` parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on
* the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a
* `DurationSeconds` parameter value greater than one hour, the operation fails. To learn how to view the maximum value
* for your role, see View the Maximum Session Duration Setting for a Role [^1] in the *IAM User Guide*.
* for your role, see Update the maximum session duration for a role [^1].
*
* By default, the value is set to `3600` seconds.
*
Expand All @@ -110,7 +120,7 @@ final class AssumeRoleRequest extends Input
* > parameter that specifies the maximum length of the console session. For more information, see Creating a URL that
* > Enables Federated Users to Access the Amazon Web Services Management Console [^2] in the *IAM User Guide*.
*
* [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session
* [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration
* [^2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
*
* @var int|null
Expand Down Expand Up @@ -156,8 +166,7 @@ final class AssumeRoleRequest extends Input
* corresponding key and value passes to subsequent sessions in a role chain. For more information, see Chaining Roles
* with Session Tags [^1] in the *IAM User Guide*.
*
* This parameter is optional. When you set session tags as transitive, the session policy and session tags packed
* binary limit is not affected.
* This parameter is optional. The transitive status of a session tag does not impact its packed binary size.
*
* If you choose not to specify a transitive tag key, then no tags are passed from this session to any subsequent
* sessions.
Expand Down Expand Up @@ -211,19 +220,22 @@ final class AssumeRoleRequest extends Input
private $tokenCode;

/**
* The source identity specified by the principal that is calling the `AssumeRole` operation.
* The source identity specified by the principal that is calling the `AssumeRole` operation. The source identity value
* persists across chained role [^1] sessions.
*
* You can require users to specify a source identity when they assume a role. You do this by using the
* `sts:SourceIdentity` condition key in a role trust policy. You can use source identity information in CloudTrail logs
* to determine who took actions with a role. You can use the `aws:SourceIdentity` condition key to further control
* `sts:SourceIdentity` [^2] condition key in a role trust policy. You can use source identity information in CloudTrail
* logs to determine who took actions with a role. You can use the `aws:SourceIdentity` condition key to further control
* access to Amazon Web Services resources based on the value of source identity. For more information about using
* source identity, see Monitor and control actions taken with assumed roles [^1] in the *IAM User Guide*.
* source identity, see Monitor and control actions taken with assumed roles [^3] in the *IAM User Guide*.
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric
* characters with no spaces. You can also include underscores or any of the following characters: =,.@-. You cannot use
* a value that begins with the text `aws:`. This prefix is reserved for Amazon Web Services internal use.
*
* [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
* [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-role-chaining
* [^2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceidentity
* [^3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
*
* @var string|null
*/
Expand Down
23 changes: 22 additions & 1 deletion src/Sts/Input/AssumeRoleWithWebIdentityRequest.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,16 @@ final class AssumeRoleWithWebIdentityRequest extends Input
/**
* The Amazon Resource Name (ARN) of the role that the caller is assuming.
*
* > Additional considerations apply to Amazon Cognito identity pools that assume cross-account IAM roles [^1]. The
* > trust policies of these roles must accept the `cognito-identity.amazonaws.com` service principal and must contain
* > the `cognito-identity.amazonaws.com:aud` condition key to restrict role assumption to users from your intended
* > identity pools. A policy that trusts Amazon Cognito identity pools without this condition creates a risk that a
* > user from an unintended identity pool can assume the role. For more information, see Trust policies for IAM roles
* > in Basic (Classic) authentication [^2] in the *Amazon Cognito Developer Guide*.
*
* [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html
* [^2]: https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html#trust-policies
*
* @required
*
* @var string|null
Expand All @@ -25,9 +35,16 @@ final class AssumeRoleWithWebIdentityRequest extends Input
* associated with that user. This session name is included as part of the ARN and assumed role ID in the
* `AssumedRoleUser` response element.
*
* For security purposes, administrators can view this field in CloudTrail logs [^1] to help identify who performed an
* action in Amazon Web Services. Your administrator might require that you specify your user name as the session name
* when you assume the role. For more information, see `sts:RoleSessionName` [^2].
*
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric
* characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
* [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#cloudtrail-integration_signin-tempcreds
* [^2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname
*
* @required
*
* @var string|null
Expand All @@ -37,7 +54,8 @@ final class AssumeRoleWithWebIdentityRequest extends Input
/**
* The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application
* must get this token by authenticating the user who is using your application with a web identity provider before the
* application makes an `AssumeRoleWithWebIdentity` call. Only tokens with RSA algorithms (RS256) are supported.
* application makes an `AssumeRoleWithWebIdentity` call. Timestamps in the token must be formatted as either an integer
* or a long integer. Only tokens with RSA algorithms (RS256) are supported.
*
* @required
*
Expand Down Expand Up @@ -97,12 +115,15 @@ final class AssumeRoleWithWebIdentityRequest extends Input
* policy characters can be any ASCII character from the space character to the end of the valid character list (\u0020
* through \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage return (\u000D) characters.
*
* For more information about role session permissions, see Session policies [^2].
*
* > An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs, and session
* > tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your
* > plaintext meets the other requirements. The `PackedPolicySize` response element indicates by percentage how close
* > the policies and tags for your request are to the upper size limit.
*
* [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
* [^2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
*
* @var string|null
*/
Expand Down
2 changes: 1 addition & 1 deletion src/Sts/Result/AssumeRoleWithWebIdentityResponse.php
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ class AssumeRoleWithWebIdentityResponse extends Result
* The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric
* characters with no spaces. You can also include underscores or any of the following characters: =,.@-
*
* [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining
* [^1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#id_roles_terms-and-concepts
* [^2]: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html
* [^3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html
*
Expand Down
Loading

0 comments on commit 205db3e

Please sign in to comment.