ISTSAssumeRoleWithWebIdentityRequest
Interface in AWS.STS
Interface for AssumeRoleWithWebIdentity requests.
Ancestors
Properties
RoleArn
property RoleArn: TARN
The Amazon Resource Name (ARN) of the role to assume.
RoleSessionName
property RoleSessionName: string
An identifier for the assumed role session.
WebIdentityToken
property WebIdentityToken: string
The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider.
DurationSeconds
property DurationSeconds: TOptional<Integer>
The duration in seconds of the role session.
Valid range is from 900 seconds (15 minutes) to the maximum session duration for the role. Maximum session durations can range from 1 hour to 12 hours.
Policy
property Policy: string
A JSON string containing an inline IAM session policy.
If Policy is set, the permissions granted to the resulting credentials is an intersection of the role's policy and the policy provided. You cannot use this to grant permissions greater than those allowed by the role identity.
PolicyArns
property PolicyArns: TList<TARN>
List of Amazon Resource Names (ARNs) of IAM managed policies that you want to use as session policies.
PolicyArns are optional. Up to 10 managed policy ARNs can be provided.
ProviderId
property ProviderId: string
The fully qualified host component of the domain name of the identity provider.
Only required for OAuth 2.0 access tokens. Currently, the only supported identity providers are www.amazon.com and graph.facebook.com. Do not include URL schemes and port numbers. Do not specify this value for OpenID Connect ID tokens.