/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include namespace Aws { namespace STS { namespace Model { /** */ class AWS_STS_API AssumeRoleRequest : public STSRequest { public: AssumeRoleRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "AssumeRole"; } Aws::String SerializePayload() const override; protected: void DumpBodyToUrl(Aws::Http::URI& uri ) const override; public: /** *

The Amazon Resource Name (ARN) of the role to assume.

*/ inline const Aws::String& GetRoleArn() const{ return m_roleArn; } /** *

The Amazon Resource Name (ARN) of the role to assume.

*/ inline bool RoleArnHasBeenSet() const { return m_roleArnHasBeenSet; } /** *

The Amazon Resource Name (ARN) of the role to assume.

*/ inline void SetRoleArn(const Aws::String& value) { m_roleArnHasBeenSet = true; m_roleArn = value; } /** *

The Amazon Resource Name (ARN) of the role to assume.

*/ inline void SetRoleArn(Aws::String&& value) { m_roleArnHasBeenSet = true; m_roleArn = std::move(value); } /** *

The Amazon Resource Name (ARN) of the role to assume.

*/ inline void SetRoleArn(const char* value) { m_roleArnHasBeenSet = true; m_roleArn.assign(value); } /** *

The Amazon Resource Name (ARN) of the role to assume.

*/ inline AssumeRoleRequest& WithRoleArn(const Aws::String& value) { SetRoleArn(value); return *this;} /** *

The Amazon Resource Name (ARN) of the role to assume.

*/ inline AssumeRoleRequest& WithRoleArn(Aws::String&& value) { SetRoleArn(std::move(value)); return *this;} /** *

The Amazon Resource Name (ARN) of the role to assume.

*/ inline AssumeRoleRequest& WithRoleArn(const char* value) { SetRoleArn(value); return *this;} /** *

An identifier for the assumed role session.

Use the role session name * to uniquely identify a session when the same role is assumed by different * principals or for different reasons. In cross-account scenarios, the role * session name is visible to, and can be logged by the account that owns the role. * The role session name is also used in the ARN of the assumed role principal. * This means that subsequent cross-account API requests that use the temporary * security credentials will expose the role session name to the external account * in their AWS CloudTrail logs.

The regex used to validate this parameter * is a string of characters consisting of upper- and lower-case alphanumeric * characters with no spaces. You can also include underscores or any of the * following characters: =,.@-

*/ inline const Aws::String& GetRoleSessionName() const{ return m_roleSessionName; } /** *

An identifier for the assumed role session.

Use the role session name * to uniquely identify a session when the same role is assumed by different * principals or for different reasons. In cross-account scenarios, the role * session name is visible to, and can be logged by the account that owns the role. * The role session name is also used in the ARN of the assumed role principal. * This means that subsequent cross-account API requests that use the temporary * security credentials will expose the role session name to the external account * in their AWS CloudTrail logs.

The regex used to validate this parameter * is a string of characters consisting of upper- and lower-case alphanumeric * characters with no spaces. You can also include underscores or any of the * following characters: =,.@-

*/ inline bool RoleSessionNameHasBeenSet() const { return m_roleSessionNameHasBeenSet; } /** *

An identifier for the assumed role session.

Use the role session name * to uniquely identify a session when the same role is assumed by different * principals or for different reasons. In cross-account scenarios, the role * session name is visible to, and can be logged by the account that owns the role. * The role session name is also used in the ARN of the assumed role principal. * This means that subsequent cross-account API requests that use the temporary * security credentials will expose the role session name to the external account * in their AWS CloudTrail logs.

The regex used to validate this parameter * is a string of characters consisting of upper- and lower-case alphanumeric * characters with no spaces. You can also include underscores or any of the * following characters: =,.@-

*/ inline void SetRoleSessionName(const Aws::String& value) { m_roleSessionNameHasBeenSet = true; m_roleSessionName = value; } /** *

An identifier for the assumed role session.

Use the role session name * to uniquely identify a session when the same role is assumed by different * principals or for different reasons. In cross-account scenarios, the role * session name is visible to, and can be logged by the account that owns the role. * The role session name is also used in the ARN of the assumed role principal. * This means that subsequent cross-account API requests that use the temporary * security credentials will expose the role session name to the external account * in their AWS CloudTrail logs.

The regex used to validate this parameter * is a string of characters consisting of upper- and lower-case alphanumeric * characters with no spaces. You can also include underscores or any of the * following characters: =,.@-

*/ inline void SetRoleSessionName(Aws::String&& value) { m_roleSessionNameHasBeenSet = true; m_roleSessionName = std::move(value); } /** *

An identifier for the assumed role session.

Use the role session name * to uniquely identify a session when the same role is assumed by different * principals or for different reasons. In cross-account scenarios, the role * session name is visible to, and can be logged by the account that owns the role. * The role session name is also used in the ARN of the assumed role principal. * This means that subsequent cross-account API requests that use the temporary * security credentials will expose the role session name to the external account * in their AWS CloudTrail logs.

The regex used to validate this parameter * is a string of characters consisting of upper- and lower-case alphanumeric * characters with no spaces. You can also include underscores or any of the * following characters: =,.@-

*/ inline void SetRoleSessionName(const char* value) { m_roleSessionNameHasBeenSet = true; m_roleSessionName.assign(value); } /** *

An identifier for the assumed role session.

Use the role session name * to uniquely identify a session when the same role is assumed by different * principals or for different reasons. In cross-account scenarios, the role * session name is visible to, and can be logged by the account that owns the role. * The role session name is also used in the ARN of the assumed role principal. * This means that subsequent cross-account API requests that use the temporary * security credentials will expose the role session name to the external account * in their AWS CloudTrail logs.

The regex used to validate this parameter * is a string of characters consisting of upper- and lower-case alphanumeric * characters with no spaces. You can also include underscores or any of the * following characters: =,.@-

*/ inline AssumeRoleRequest& WithRoleSessionName(const Aws::String& value) { SetRoleSessionName(value); return *this;} /** *

An identifier for the assumed role session.

Use the role session name * to uniquely identify a session when the same role is assumed by different * principals or for different reasons. In cross-account scenarios, the role * session name is visible to, and can be logged by the account that owns the role. * The role session name is also used in the ARN of the assumed role principal. * This means that subsequent cross-account API requests that use the temporary * security credentials will expose the role session name to the external account * in their AWS CloudTrail logs.

The regex used to validate this parameter * is a string of characters consisting of upper- and lower-case alphanumeric * characters with no spaces. You can also include underscores or any of the * following characters: =,.@-

*/ inline AssumeRoleRequest& WithRoleSessionName(Aws::String&& value) { SetRoleSessionName(std::move(value)); return *this;} /** *

An identifier for the assumed role session.

Use the role session name * to uniquely identify a session when the same role is assumed by different * principals or for different reasons. In cross-account scenarios, the role * session name is visible to, and can be logged by the account that owns the role. * The role session name is also used in the ARN of the assumed role principal. * This means that subsequent cross-account API requests that use the temporary * security credentials will expose the role session name to the external account * in their AWS CloudTrail logs.

The regex used to validate this parameter * is a string of characters consisting of upper- and lower-case alphanumeric * characters with no spaces. You can also include underscores or any of the * following characters: =,.@-

*/ inline AssumeRoleRequest& WithRoleSessionName(const char* value) { SetRoleSessionName(value); return *this;} /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plain text that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and AWS Service Namespaces in the AWS General * Reference.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

Passing policies to this operation returns new * temporary credentials. The resulting session's permissions are the intersection * of the role's identity-based policy and the session policies. You can use the * role's temporary credentials in subsequent AWS API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline const Aws::Vector& GetPolicyArns() const{ return m_policyArns; } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plain text that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and AWS Service Namespaces in the AWS General * Reference.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

Passing policies to this operation returns new * temporary credentials. The resulting session's permissions are the intersection * of the role's identity-based policy and the session policies. You can use the * role's temporary credentials in subsequent AWS API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline bool PolicyArnsHasBeenSet() const { return m_policyArnsHasBeenSet; } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plain text that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and AWS Service Namespaces in the AWS General * Reference.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

Passing policies to this operation returns new * temporary credentials. The resulting session's permissions are the intersection * of the role's identity-based policy and the session policies. You can use the * role's temporary credentials in subsequent AWS API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline void SetPolicyArns(const Aws::Vector& value) { m_policyArnsHasBeenSet = true; m_policyArns = value; } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plain text that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and AWS Service Namespaces in the AWS General * Reference.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

Passing policies to this operation returns new * temporary credentials. The resulting session's permissions are the intersection * of the role's identity-based policy and the session policies. You can use the * role's temporary credentials in subsequent AWS API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline void SetPolicyArns(Aws::Vector&& value) { m_policyArnsHasBeenSet = true; m_policyArns = std::move(value); } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plain text that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and AWS Service Namespaces in the AWS General * Reference.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

Passing policies to this operation returns new * temporary credentials. The resulting session's permissions are the intersection * of the role's identity-based policy and the session policies. You can use the * role's temporary credentials in subsequent AWS API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline AssumeRoleRequest& WithPolicyArns(const Aws::Vector& value) { SetPolicyArns(value); return *this;} /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plain text that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and AWS Service Namespaces in the AWS General * Reference.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

Passing policies to this operation returns new * temporary credentials. The resulting session's permissions are the intersection * of the role's identity-based policy and the session policies. You can use the * role's temporary credentials in subsequent AWS API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline AssumeRoleRequest& WithPolicyArns(Aws::Vector&& value) { SetPolicyArns(std::move(value)); return *this;} /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plain text that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and AWS Service Namespaces in the AWS General * Reference.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

Passing policies to this operation returns new * temporary credentials. The resulting session's permissions are the intersection * of the role's identity-based policy and the session policies. You can use the * role's temporary credentials in subsequent AWS API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline AssumeRoleRequest& AddPolicyArns(const PolicyDescriptorType& value) { m_policyArnsHasBeenSet = true; m_policyArns.push_back(value); return *this; } /** *

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to * use as managed session policies. The policies must exist in the same account as * the role.

This parameter is optional. You can provide up to 10 managed * policy ARNs. However, the plain text that you use for both inline and managed * session policies can't exceed 2,048 characters. For more information about ARNs, * see Amazon * Resource Names (ARNs) and AWS Service Namespaces in the AWS General * Reference.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

Passing policies to this operation returns new * temporary credentials. The resulting session's permissions are the intersection * of the role's identity-based policy and the session policies. You can use the * role's temporary credentials in subsequent AWS API calls to access resources in * the account that owns the role. You cannot use session policies to grant more * permissions than those allowed by the identity-based policy of the role that is * being assumed. For more information, see Session * Policies in the IAM User Guide.

*/ inline AssumeRoleRequest& AddPolicyArns(PolicyDescriptorType&& value) { m_policyArnsHasBeenSet = true; m_policyArns.push_back(std::move(value)); return *this; } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent AWS API calls to access * resources in the account that owns the role. You cannot use session policies to * grant more permissions than those allowed by the identity-based policy of the * role that is being assumed. For more information, see Session * Policies in the IAM User Guide.

The plain text that you use * for both inline and managed session policies can't exceed 2,048 characters. The * JSON policy characters can be any ASCII character from the space character to * the end of the valid character list (\u0020 through \u00FF). It can also include * the tab (\u0009), linefeed (\u000A), and carriage return (\u000D) * characters.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

*/ inline const Aws::String& GetPolicy() const{ return m_policy; } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent AWS API calls to access * resources in the account that owns the role. You cannot use session policies to * grant more permissions than those allowed by the identity-based policy of the * role that is being assumed. For more information, see Session * Policies in the IAM User Guide.

The plain text that you use * for both inline and managed session policies can't exceed 2,048 characters. The * JSON policy characters can be any ASCII character from the space character to * the end of the valid character list (\u0020 through \u00FF). It can also include * the tab (\u0009), linefeed (\u000A), and carriage return (\u000D) * characters.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

*/ inline bool PolicyHasBeenSet() const { return m_policyHasBeenSet; } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent AWS API calls to access * resources in the account that owns the role. You cannot use session policies to * grant more permissions than those allowed by the identity-based policy of the * role that is being assumed. For more information, see Session * Policies in the IAM User Guide.

The plain text that you use * for both inline and managed session policies can't exceed 2,048 characters. The * JSON policy characters can be any ASCII character from the space character to * the end of the valid character list (\u0020 through \u00FF). It can also include * the tab (\u0009), linefeed (\u000A), and carriage return (\u000D) * characters.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

*/ inline void SetPolicy(const Aws::String& value) { m_policyHasBeenSet = true; m_policy = value; } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent AWS API calls to access * resources in the account that owns the role. You cannot use session policies to * grant more permissions than those allowed by the identity-based policy of the * role that is being assumed. For more information, see Session * Policies in the IAM User Guide.

The plain text that you use * for both inline and managed session policies can't exceed 2,048 characters. The * JSON policy characters can be any ASCII character from the space character to * the end of the valid character list (\u0020 through \u00FF). It can also include * the tab (\u0009), linefeed (\u000A), and carriage return (\u000D) * characters.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

*/ inline void SetPolicy(Aws::String&& value) { m_policyHasBeenSet = true; m_policy = std::move(value); } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent AWS API calls to access * resources in the account that owns the role. You cannot use session policies to * grant more permissions than those allowed by the identity-based policy of the * role that is being assumed. For more information, see Session * Policies in the IAM User Guide.

The plain text that you use * for both inline and managed session policies can't exceed 2,048 characters. The * JSON policy characters can be any ASCII character from the space character to * the end of the valid character list (\u0020 through \u00FF). It can also include * the tab (\u0009), linefeed (\u000A), and carriage return (\u000D) * characters.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

*/ inline void SetPolicy(const char* value) { m_policyHasBeenSet = true; m_policy.assign(value); } /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent AWS API calls to access * resources in the account that owns the role. You cannot use session policies to * grant more permissions than those allowed by the identity-based policy of the * role that is being assumed. For more information, see Session * Policies in the IAM User Guide.

The plain text that you use * for both inline and managed session policies can't exceed 2,048 characters. The * JSON policy characters can be any ASCII character from the space character to * the end of the valid character list (\u0020 through \u00FF). It can also include * the tab (\u0009), linefeed (\u000A), and carriage return (\u000D) * characters.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

*/ inline AssumeRoleRequest& WithPolicy(const Aws::String& value) { SetPolicy(value); return *this;} /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent AWS API calls to access * resources in the account that owns the role. You cannot use session policies to * grant more permissions than those allowed by the identity-based policy of the * role that is being assumed. For more information, see Session * Policies in the IAM User Guide.

The plain text that you use * for both inline and managed session policies can't exceed 2,048 characters. The * JSON policy characters can be any ASCII character from the space character to * the end of the valid character list (\u0020 through \u00FF). It can also include * the tab (\u0009), linefeed (\u000A), and carriage return (\u000D) * characters.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

*/ inline AssumeRoleRequest& WithPolicy(Aws::String&& value) { SetPolicy(std::move(value)); return *this;} /** *

An IAM policy in JSON format that you want to use as an inline session * policy.

This parameter is optional. Passing policies to this operation * returns new temporary credentials. The resulting session's permissions are the * intersection of the role's identity-based policy and the session policies. You * can use the role's temporary credentials in subsequent AWS API calls to access * resources in the account that owns the role. You cannot use session policies to * grant more permissions than those allowed by the identity-based policy of the * role that is being assumed. For more information, see Session * Policies in the IAM User Guide.

The plain text that you use * for both inline and managed session policies can't exceed 2,048 characters. The * JSON policy characters can be any ASCII character from the space character to * the end of the valid character list (\u0020 through \u00FF). It can also include * the tab (\u0009), linefeed (\u000A), and carriage return (\u000D) * characters.

An AWS conversion compresses the passed session * policies and session tags into a packed binary format that has a separate limit. * Your request can fail for this limit even if your plain text meets the other * requirements. The PackedPolicySize response element indicates by * percentage how close the policies and tags for your request are to the upper * size limit.

*/ inline AssumeRoleRequest& WithPolicy(const char* value) { SetPolicy(value); return *this;} /** *

The duration, in seconds, of the role session. The value can range from 900 * seconds (15 minutes) up to the maximum session duration setting for the role. * This setting can have a value from 1 hour to 12 hours. If you specify a value * higher than this setting, the operation fails. For example, if you specify a * session duration of 12 hours, but your administrator set the maximum session * duration to 6 hours, your operation fails. To learn how to view the maximum * value for your role, see View * the Maximum Session Duration Setting for a Role in the IAM User * Guide.

By default, the value is set to 3600 seconds. *

The DurationSeconds parameter is separate from the * duration of a console session that you might request using the returned * credentials. The request to the federation endpoint for a console sign-in token * takes a SessionDuration parameter that specifies the maximum length * of the console session. For more information, see Creating * a URL that Enables Federated Users to Access the AWS Management Console in * the IAM User Guide.

*/ inline int GetDurationSeconds() const{ return m_durationSeconds; } /** *

The duration, in seconds, of the role session. The value can range from 900 * seconds (15 minutes) up to the maximum session duration setting for the role. * This setting can have a value from 1 hour to 12 hours. If you specify a value * higher than this setting, the operation fails. For example, if you specify a * session duration of 12 hours, but your administrator set the maximum session * duration to 6 hours, your operation fails. To learn how to view the maximum * value for your role, see View * the Maximum Session Duration Setting for a Role in the IAM User * Guide.

By default, the value is set to 3600 seconds. *

The DurationSeconds parameter is separate from the * duration of a console session that you might request using the returned * credentials. The request to the federation endpoint for a console sign-in token * takes a SessionDuration parameter that specifies the maximum length * of the console session. For more information, see Creating * a URL that Enables Federated Users to Access the AWS Management Console in * the IAM User Guide.

*/ inline bool DurationSecondsHasBeenSet() const { return m_durationSecondsHasBeenSet; } /** *

The duration, in seconds, of the role session. The value can range from 900 * seconds (15 minutes) up to the maximum session duration setting for the role. * This setting can have a value from 1 hour to 12 hours. If you specify a value * higher than this setting, the operation fails. For example, if you specify a * session duration of 12 hours, but your administrator set the maximum session * duration to 6 hours, your operation fails. To learn how to view the maximum * value for your role, see View * the Maximum Session Duration Setting for a Role in the IAM User * Guide.

By default, the value is set to 3600 seconds. *

The DurationSeconds parameter is separate from the * duration of a console session that you might request using the returned * credentials. The request to the federation endpoint for a console sign-in token * takes a SessionDuration parameter that specifies the maximum length * of the console session. For more information, see Creating * a URL that Enables Federated Users to Access the AWS Management Console in * the IAM User Guide.

*/ inline void SetDurationSeconds(int value) { m_durationSecondsHasBeenSet = true; m_durationSeconds = value; } /** *

The duration, in seconds, of the role session. The value can range from 900 * seconds (15 minutes) up to the maximum session duration setting for the role. * This setting can have a value from 1 hour to 12 hours. If you specify a value * higher than this setting, the operation fails. For example, if you specify a * session duration of 12 hours, but your administrator set the maximum session * duration to 6 hours, your operation fails. To learn how to view the maximum * value for your role, see View * the Maximum Session Duration Setting for a Role in the IAM User * Guide.

By default, the value is set to 3600 seconds. *

The DurationSeconds parameter is separate from the * duration of a console session that you might request using the returned * credentials. The request to the federation endpoint for a console sign-in token * takes a SessionDuration parameter that specifies the maximum length * of the console session. For more information, see Creating * a URL that Enables Federated Users to Access the AWS Management Console in * the IAM User Guide.

*/ inline AssumeRoleRequest& WithDurationSeconds(int value) { SetDurationSeconds(value); return *this;} /** *

A list of session tags that you want to pass. Each session tag consists of a * key name and an associated value. For more information about session tags, see * Tagging * AWS STS Sessions in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plain text session tag keys * can’t exceed 128 characters, and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An AWS * conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit * even if your plain text meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the role. When you do, session tags override a role tag with the * same key.

Tag key–value pairs are not case sensitive, but case is * preserved. This means that you cannot have separate Department and * department tag keys. Assume that the role has the * Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

Additionally, if you used temporary credentials to perform this * operation, the new session inherits any transitive session tags from the calling * session. If you pass a session tag with the same key as an inherited tag, the * operation fails. To view the inherited tags for a session, see the AWS * CloudTrail logs. For more information, see Viewing * Session Tags in CloudTrail in the IAM User Guide.

*/ inline const Aws::Vector& GetTags() const{ return m_tags; } /** *

A list of session tags that you want to pass. Each session tag consists of a * key name and an associated value. For more information about session tags, see * Tagging * AWS STS Sessions in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plain text session tag keys * can’t exceed 128 characters, and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An AWS * conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit * even if your plain text meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the role. When you do, session tags override a role tag with the * same key.

Tag key–value pairs are not case sensitive, but case is * preserved. This means that you cannot have separate Department and * department tag keys. Assume that the role has the * Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

Additionally, if you used temporary credentials to perform this * operation, the new session inherits any transitive session tags from the calling * session. If you pass a session tag with the same key as an inherited tag, the * operation fails. To view the inherited tags for a session, see the AWS * CloudTrail logs. For more information, see Viewing * Session Tags in CloudTrail in the IAM User Guide.

*/ inline bool TagsHasBeenSet() const { return m_tagsHasBeenSet; } /** *

A list of session tags that you want to pass. Each session tag consists of a * key name and an associated value. For more information about session tags, see * Tagging * AWS STS Sessions in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plain text session tag keys * can’t exceed 128 characters, and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An AWS * conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit * even if your plain text meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the role. When you do, session tags override a role tag with the * same key.

Tag key–value pairs are not case sensitive, but case is * preserved. This means that you cannot have separate Department and * department tag keys. Assume that the role has the * Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

Additionally, if you used temporary credentials to perform this * operation, the new session inherits any transitive session tags from the calling * session. If you pass a session tag with the same key as an inherited tag, the * operation fails. To view the inherited tags for a session, see the AWS * CloudTrail logs. For more information, see Viewing * Session Tags in CloudTrail in the IAM User Guide.

*/ inline void SetTags(const Aws::Vector& value) { m_tagsHasBeenSet = true; m_tags = value; } /** *

A list of session tags that you want to pass. Each session tag consists of a * key name and an associated value. For more information about session tags, see * Tagging * AWS STS Sessions in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plain text session tag keys * can’t exceed 128 characters, and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An AWS * conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit * even if your plain text meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the role. When you do, session tags override a role tag with the * same key.

Tag key–value pairs are not case sensitive, but case is * preserved. This means that you cannot have separate Department and * department tag keys. Assume that the role has the * Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

Additionally, if you used temporary credentials to perform this * operation, the new session inherits any transitive session tags from the calling * session. If you pass a session tag with the same key as an inherited tag, the * operation fails. To view the inherited tags for a session, see the AWS * CloudTrail logs. For more information, see Viewing * Session Tags in CloudTrail in the IAM User Guide.

*/ inline void SetTags(Aws::Vector&& value) { m_tagsHasBeenSet = true; m_tags = std::move(value); } /** *

A list of session tags that you want to pass. Each session tag consists of a * key name and an associated value. For more information about session tags, see * Tagging * AWS STS Sessions in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plain text session tag keys * can’t exceed 128 characters, and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An AWS * conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit * even if your plain text meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the role. When you do, session tags override a role tag with the * same key.

Tag key–value pairs are not case sensitive, but case is * preserved. This means that you cannot have separate Department and * department tag keys. Assume that the role has the * Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

Additionally, if you used temporary credentials to perform this * operation, the new session inherits any transitive session tags from the calling * session. If you pass a session tag with the same key as an inherited tag, the * operation fails. To view the inherited tags for a session, see the AWS * CloudTrail logs. For more information, see Viewing * Session Tags in CloudTrail in the IAM User Guide.

*/ inline AssumeRoleRequest& WithTags(const Aws::Vector& value) { SetTags(value); return *this;} /** *

A list of session tags that you want to pass. Each session tag consists of a * key name and an associated value. For more information about session tags, see * Tagging * AWS STS Sessions in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plain text session tag keys * can’t exceed 128 characters, and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An AWS * conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit * even if your plain text meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the role. When you do, session tags override a role tag with the * same key.

Tag key–value pairs are not case sensitive, but case is * preserved. This means that you cannot have separate Department and * department tag keys. Assume that the role has the * Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

Additionally, if you used temporary credentials to perform this * operation, the new session inherits any transitive session tags from the calling * session. If you pass a session tag with the same key as an inherited tag, the * operation fails. To view the inherited tags for a session, see the AWS * CloudTrail logs. For more information, see Viewing * Session Tags in CloudTrail in the IAM User Guide.

*/ inline AssumeRoleRequest& WithTags(Aws::Vector&& value) { SetTags(std::move(value)); return *this;} /** *

A list of session tags that you want to pass. Each session tag consists of a * key name and an associated value. For more information about session tags, see * Tagging * AWS STS Sessions in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plain text session tag keys * can’t exceed 128 characters, and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An AWS * conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit * even if your plain text meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the role. When you do, session tags override a role tag with the * same key.

Tag key–value pairs are not case sensitive, but case is * preserved. This means that you cannot have separate Department and * department tag keys. Assume that the role has the * Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

Additionally, if you used temporary credentials to perform this * operation, the new session inherits any transitive session tags from the calling * session. If you pass a session tag with the same key as an inherited tag, the * operation fails. To view the inherited tags for a session, see the AWS * CloudTrail logs. For more information, see Viewing * Session Tags in CloudTrail in the IAM User Guide.

*/ inline AssumeRoleRequest& AddTags(const Tag& value) { m_tagsHasBeenSet = true; m_tags.push_back(value); return *this; } /** *

A list of session tags that you want to pass. Each session tag consists of a * key name and an associated value. For more information about session tags, see * Tagging * AWS STS Sessions in the IAM User Guide.

This parameter is * optional. You can pass up to 50 session tags. The plain text session tag keys * can’t exceed 128 characters, and the values can’t exceed 256 characters. For * these and additional limits, see IAM * and STS Character Limits in the IAM User Guide.

An AWS * conversion compresses the passed session policies and session tags into a packed * binary format that has a separate limit. Your request can fail for this limit * even if your plain text meets the other requirements. The * PackedPolicySize response element indicates by percentage how close * the policies and tags for your request are to the upper size limit.

*

You can pass a session tag with the same key as a tag that is already * attached to the role. When you do, session tags override a role tag with the * same key.

Tag key–value pairs are not case sensitive, but case is * preserved. This means that you cannot have separate Department and * department tag keys. Assume that the role has the * Department=Marketing tag and you pass the * department=engineering session tag. * Department and department are not saved as separate * tags, and the session tag passed in the request takes precedence over the role * tag.

Additionally, if you used temporary credentials to perform this * operation, the new session inherits any transitive session tags from the calling * session. If you pass a session tag with the same key as an inherited tag, the * operation fails. To view the inherited tags for a session, see the AWS * CloudTrail logs. For more information, see Viewing * Session Tags in CloudTrail in the IAM User Guide.

*/ inline AssumeRoleRequest& AddTags(Tag&& value) { m_tagsHasBeenSet = true; m_tags.push_back(std::move(value)); return *this; } /** *

A list of keys for session tags that you want to set as transitive. If you * set a tag key as transitive, the corresponding key and value passes to * subsequent sessions in a role chain. For more information, see Chaining * Roles with Session Tags in the IAM User Guide.

This parameter * is optional. When you set session tags as transitive, the session policy and * session tags packed binary limit is not affected.

If you choose not to * specify a transitive tag key, then no tags are passed from this session to any * subsequent sessions.

*/ inline const Aws::Vector& GetTransitiveTagKeys() const{ return m_transitiveTagKeys; } /** *

A list of keys for session tags that you want to set as transitive. If you * set a tag key as transitive, the corresponding key and value passes to * subsequent sessions in a role chain. For more information, see Chaining * Roles with Session Tags in the IAM User Guide.

This parameter * is optional. When you set session tags as transitive, the session policy and * session tags packed binary limit is not affected.

If you choose not to * specify a transitive tag key, then no tags are passed from this session to any * subsequent sessions.

*/ inline bool TransitiveTagKeysHasBeenSet() const { return m_transitiveTagKeysHasBeenSet; } /** *

A list of keys for session tags that you want to set as transitive. If you * set a tag key as transitive, the corresponding key and value passes to * subsequent sessions in a role chain. For more information, see Chaining * Roles with Session Tags in the IAM User Guide.

This parameter * is optional. When you set session tags as transitive, the session policy and * session tags packed binary limit is not affected.

If you choose not to * specify a transitive tag key, then no tags are passed from this session to any * subsequent sessions.

*/ inline void SetTransitiveTagKeys(const Aws::Vector& value) { m_transitiveTagKeysHasBeenSet = true; m_transitiveTagKeys = value; } /** *

A list of keys for session tags that you want to set as transitive. If you * set a tag key as transitive, the corresponding key and value passes to * subsequent sessions in a role chain. For more information, see Chaining * Roles with Session Tags in the IAM User Guide.

This parameter * is optional. When you set session tags as transitive, the session policy and * session tags packed binary limit is not affected.

If you choose not to * specify a transitive tag key, then no tags are passed from this session to any * subsequent sessions.

*/ inline void SetTransitiveTagKeys(Aws::Vector&& value) { m_transitiveTagKeysHasBeenSet = true; m_transitiveTagKeys = std::move(value); } /** *

A list of keys for session tags that you want to set as transitive. If you * set a tag key as transitive, the corresponding key and value passes to * subsequent sessions in a role chain. For more information, see Chaining * Roles with Session Tags in the IAM User Guide.

This parameter * is optional. When you set session tags as transitive, the session policy and * session tags packed binary limit is not affected.

If you choose not to * specify a transitive tag key, then no tags are passed from this session to any * subsequent sessions.

*/ inline AssumeRoleRequest& WithTransitiveTagKeys(const Aws::Vector& value) { SetTransitiveTagKeys(value); return *this;} /** *

A list of keys for session tags that you want to set as transitive. If you * set a tag key as transitive, the corresponding key and value passes to * subsequent sessions in a role chain. For more information, see Chaining * Roles with Session Tags in the IAM User Guide.

This parameter * is optional. When you set session tags as transitive, the session policy and * session tags packed binary limit is not affected.

If you choose not to * specify a transitive tag key, then no tags are passed from this session to any * subsequent sessions.

*/ inline AssumeRoleRequest& WithTransitiveTagKeys(Aws::Vector&& value) { SetTransitiveTagKeys(std::move(value)); return *this;} /** *

A list of keys for session tags that you want to set as transitive. If you * set a tag key as transitive, the corresponding key and value passes to * subsequent sessions in a role chain. For more information, see Chaining * Roles with Session Tags in the IAM User Guide.

This parameter * is optional. When you set session tags as transitive, the session policy and * session tags packed binary limit is not affected.

If you choose not to * specify a transitive tag key, then no tags are passed from this session to any * subsequent sessions.

*/ inline AssumeRoleRequest& AddTransitiveTagKeys(const Aws::String& value) { m_transitiveTagKeysHasBeenSet = true; m_transitiveTagKeys.push_back(value); return *this; } /** *

A list of keys for session tags that you want to set as transitive. If you * set a tag key as transitive, the corresponding key and value passes to * subsequent sessions in a role chain. For more information, see Chaining * Roles with Session Tags in the IAM User Guide.

This parameter * is optional. When you set session tags as transitive, the session policy and * session tags packed binary limit is not affected.

If you choose not to * specify a transitive tag key, then no tags are passed from this session to any * subsequent sessions.

*/ inline AssumeRoleRequest& AddTransitiveTagKeys(Aws::String&& value) { m_transitiveTagKeysHasBeenSet = true; m_transitiveTagKeys.push_back(std::move(value)); return *this; } /** *

A list of keys for session tags that you want to set as transitive. If you * set a tag key as transitive, the corresponding key and value passes to * subsequent sessions in a role chain. For more information, see Chaining * Roles with Session Tags in the IAM User Guide.

This parameter * is optional. When you set session tags as transitive, the session policy and * session tags packed binary limit is not affected.

If you choose not to * specify a transitive tag key, then no tags are passed from this session to any * subsequent sessions.

*/ inline AssumeRoleRequest& AddTransitiveTagKeys(const char* value) { m_transitiveTagKeysHasBeenSet = true; m_transitiveTagKeys.push_back(value); return *this; } /** *

A unique identifier that might be required when you assume a role in another * account. If the administrator of the account to which the role belongs provided * you with an external ID, then provide that value in the ExternalId * parameter. This value can be any string, such as a passphrase or account number. * A cross-account role is usually set up to trust everyone in an account. * Therefore, the administrator of the trusting account might send an external ID * to the administrator of the trusted account. That way, only someone with the ID * can assume the role, rather than everyone in the account. For more information * about the external ID, see How * to Use an External ID When Granting Access to Your AWS Resources to a Third * Party in the IAM User Guide.

The regex used to validate this * parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any * of the following characters: =,.@:/-

*/ inline const Aws::String& GetExternalId() const{ return m_externalId; } /** *

A unique identifier that might be required when you assume a role in another * account. If the administrator of the account to which the role belongs provided * you with an external ID, then provide that value in the ExternalId * parameter. This value can be any string, such as a passphrase or account number. * A cross-account role is usually set up to trust everyone in an account. * Therefore, the administrator of the trusting account might send an external ID * to the administrator of the trusted account. That way, only someone with the ID * can assume the role, rather than everyone in the account. For more information * about the external ID, see How * to Use an External ID When Granting Access to Your AWS Resources to a Third * Party in the IAM User Guide.

The regex used to validate this * parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any * of the following characters: =,.@:/-

*/ inline bool ExternalIdHasBeenSet() const { return m_externalIdHasBeenSet; } /** *

A unique identifier that might be required when you assume a role in another * account. If the administrator of the account to which the role belongs provided * you with an external ID, then provide that value in the ExternalId * parameter. This value can be any string, such as a passphrase or account number. * A cross-account role is usually set up to trust everyone in an account. * Therefore, the administrator of the trusting account might send an external ID * to the administrator of the trusted account. That way, only someone with the ID * can assume the role, rather than everyone in the account. For more information * about the external ID, see How * to Use an External ID When Granting Access to Your AWS Resources to a Third * Party in the IAM User Guide.

The regex used to validate this * parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any * of the following characters: =,.@:/-

*/ inline void SetExternalId(const Aws::String& value) { m_externalIdHasBeenSet = true; m_externalId = value; } /** *

A unique identifier that might be required when you assume a role in another * account. If the administrator of the account to which the role belongs provided * you with an external ID, then provide that value in the ExternalId * parameter. This value can be any string, such as a passphrase or account number. * A cross-account role is usually set up to trust everyone in an account. * Therefore, the administrator of the trusting account might send an external ID * to the administrator of the trusted account. That way, only someone with the ID * can assume the role, rather than everyone in the account. For more information * about the external ID, see How * to Use an External ID When Granting Access to Your AWS Resources to a Third * Party in the IAM User Guide.

The regex used to validate this * parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any * of the following characters: =,.@:/-

*/ inline void SetExternalId(Aws::String&& value) { m_externalIdHasBeenSet = true; m_externalId = std::move(value); } /** *

A unique identifier that might be required when you assume a role in another * account. If the administrator of the account to which the role belongs provided * you with an external ID, then provide that value in the ExternalId * parameter. This value can be any string, such as a passphrase or account number. * A cross-account role is usually set up to trust everyone in an account. * Therefore, the administrator of the trusting account might send an external ID * to the administrator of the trusted account. That way, only someone with the ID * can assume the role, rather than everyone in the account. For more information * about the external ID, see How * to Use an External ID When Granting Access to Your AWS Resources to a Third * Party in the IAM User Guide.

The regex used to validate this * parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any * of the following characters: =,.@:/-

*/ inline void SetExternalId(const char* value) { m_externalIdHasBeenSet = true; m_externalId.assign(value); } /** *

A unique identifier that might be required when you assume a role in another * account. If the administrator of the account to which the role belongs provided * you with an external ID, then provide that value in the ExternalId * parameter. This value can be any string, such as a passphrase or account number. * A cross-account role is usually set up to trust everyone in an account. * Therefore, the administrator of the trusting account might send an external ID * to the administrator of the trusted account. That way, only someone with the ID * can assume the role, rather than everyone in the account. For more information * about the external ID, see How * to Use an External ID When Granting Access to Your AWS Resources to a Third * Party in the IAM User Guide.

The regex used to validate this * parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any * of the following characters: =,.@:/-

*/ inline AssumeRoleRequest& WithExternalId(const Aws::String& value) { SetExternalId(value); return *this;} /** *

A unique identifier that might be required when you assume a role in another * account. If the administrator of the account to which the role belongs provided * you with an external ID, then provide that value in the ExternalId * parameter. This value can be any string, such as a passphrase or account number. * A cross-account role is usually set up to trust everyone in an account. * Therefore, the administrator of the trusting account might send an external ID * to the administrator of the trusted account. That way, only someone with the ID * can assume the role, rather than everyone in the account. For more information * about the external ID, see How * to Use an External ID When Granting Access to Your AWS Resources to a Third * Party in the IAM User Guide.

The regex used to validate this * parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any * of the following characters: =,.@:/-

*/ inline AssumeRoleRequest& WithExternalId(Aws::String&& value) { SetExternalId(std::move(value)); return *this;} /** *

A unique identifier that might be required when you assume a role in another * account. If the administrator of the account to which the role belongs provided * you with an external ID, then provide that value in the ExternalId * parameter. This value can be any string, such as a passphrase or account number. * A cross-account role is usually set up to trust everyone in an account. * Therefore, the administrator of the trusting account might send an external ID * to the administrator of the trusted account. That way, only someone with the ID * can assume the role, rather than everyone in the account. For more information * about the external ID, see How * to Use an External ID When Granting Access to Your AWS Resources to a Third * Party in the IAM User Guide.

The regex used to validate this * parameter is a string of characters consisting of upper- and lower-case * alphanumeric characters with no spaces. You can also include underscores or any * of the following characters: =,.@:/-

*/ inline AssumeRoleRequest& WithExternalId(const char* value) { SetExternalId(value); return *this;} /** *

The identification number of the MFA device that is associated with the user * who is making the AssumeRole call. Specify this value if the trust * policy of the role being assumed includes a condition that requires MFA * authentication. The value is either the serial number for a hardware device * (such as GAHT12345678) or an Amazon Resource Name (ARN) for a * virtual device (such as arn:aws:iam::123456789012:mfa/user).

*

The regex used to validate this parameter is a string of characters * consisting of upper- and lower-case alphanumeric characters with no spaces. You * can also include underscores or any of the following characters: =,.@-

*/ inline const Aws::String& GetSerialNumber() const{ return m_serialNumber; } /** *

The identification number of the MFA device that is associated with the user * who is making the AssumeRole call. Specify this value if the trust * policy of the role being assumed includes a condition that requires MFA * authentication. The value is either the serial number for a hardware device * (such as GAHT12345678) or an Amazon Resource Name (ARN) for a * virtual device (such as arn:aws:iam::123456789012:mfa/user).

*

The regex used to validate this parameter is a string of characters * consisting of upper- and lower-case alphanumeric characters with no spaces. You * can also include underscores or any of the following characters: =,.@-

*/ inline bool SerialNumberHasBeenSet() const { return m_serialNumberHasBeenSet; } /** *

The identification number of the MFA device that is associated with the user * who is making the AssumeRole call. Specify this value if the trust * policy of the role being assumed includes a condition that requires MFA * authentication. The value is either the serial number for a hardware device * (such as GAHT12345678) or an Amazon Resource Name (ARN) for a * virtual device (such as arn:aws:iam::123456789012:mfa/user).

*

The regex used to validate this parameter is a string of characters * consisting of upper- and lower-case alphanumeric characters with no spaces. You * can also include underscores or any of the following characters: =,.@-

*/ inline void SetSerialNumber(const Aws::String& value) { m_serialNumberHasBeenSet = true; m_serialNumber = value; } /** *

The identification number of the MFA device that is associated with the user * who is making the AssumeRole call. Specify this value if the trust * policy of the role being assumed includes a condition that requires MFA * authentication. The value is either the serial number for a hardware device * (such as GAHT12345678) or an Amazon Resource Name (ARN) for a * virtual device (such as arn:aws:iam::123456789012:mfa/user).

*

The regex used to validate this parameter is a string of characters * consisting of upper- and lower-case alphanumeric characters with no spaces. You * can also include underscores or any of the following characters: =,.@-

*/ inline void SetSerialNumber(Aws::String&& value) { m_serialNumberHasBeenSet = true; m_serialNumber = std::move(value); } /** *

The identification number of the MFA device that is associated with the user * who is making the AssumeRole call. Specify this value if the trust * policy of the role being assumed includes a condition that requires MFA * authentication. The value is either the serial number for a hardware device * (such as GAHT12345678) or an Amazon Resource Name (ARN) for a * virtual device (such as arn:aws:iam::123456789012:mfa/user).

*

The regex used to validate this parameter is a string of characters * consisting of upper- and lower-case alphanumeric characters with no spaces. You * can also include underscores or any of the following characters: =,.@-

*/ inline void SetSerialNumber(const char* value) { m_serialNumberHasBeenSet = true; m_serialNumber.assign(value); } /** *

The identification number of the MFA device that is associated with the user * who is making the AssumeRole call. Specify this value if the trust * policy of the role being assumed includes a condition that requires MFA * authentication. The value is either the serial number for a hardware device * (such as GAHT12345678) or an Amazon Resource Name (ARN) for a * virtual device (such as arn:aws:iam::123456789012:mfa/user).

*

The regex used to validate this parameter is a string of characters * consisting of upper- and lower-case alphanumeric characters with no spaces. You * can also include underscores or any of the following characters: =,.@-

*/ inline AssumeRoleRequest& WithSerialNumber(const Aws::String& value) { SetSerialNumber(value); return *this;} /** *

The identification number of the MFA device that is associated with the user * who is making the AssumeRole call. Specify this value if the trust * policy of the role being assumed includes a condition that requires MFA * authentication. The value is either the serial number for a hardware device * (such as GAHT12345678) or an Amazon Resource Name (ARN) for a * virtual device (such as arn:aws:iam::123456789012:mfa/user).

*

The regex used to validate this parameter is a string of characters * consisting of upper- and lower-case alphanumeric characters with no spaces. You * can also include underscores or any of the following characters: =,.@-

*/ inline AssumeRoleRequest& WithSerialNumber(Aws::String&& value) { SetSerialNumber(std::move(value)); return *this;} /** *

The identification number of the MFA device that is associated with the user * who is making the AssumeRole call. Specify this value if the trust * policy of the role being assumed includes a condition that requires MFA * authentication. The value is either the serial number for a hardware device * (such as GAHT12345678) or an Amazon Resource Name (ARN) for a * virtual device (such as arn:aws:iam::123456789012:mfa/user).

*

The regex used to validate this parameter is a string of characters * consisting of upper- and lower-case alphanumeric characters with no spaces. You * can also include underscores or any of the following characters: =,.@-

*/ inline AssumeRoleRequest& WithSerialNumber(const char* value) { SetSerialNumber(value); return *this;} /** *

The value provided by the MFA device, if the trust policy of the role being * assumed requires MFA (that is, if the policy includes a condition that tests for * MFA). If the role being assumed requires MFA and if the TokenCode * value is missing or expired, the AssumeRole call returns an "access * denied" error.

The format for this parameter, as described by its regex * pattern, is a sequence of six numeric digits.

*/ inline const Aws::String& GetTokenCode() const{ return m_tokenCode; } /** *

The value provided by the MFA device, if the trust policy of the role being * assumed requires MFA (that is, if the policy includes a condition that tests for * MFA). If the role being assumed requires MFA and if the TokenCode * value is missing or expired, the AssumeRole call returns an "access * denied" error.

The format for this parameter, as described by its regex * pattern, is a sequence of six numeric digits.

*/ inline bool TokenCodeHasBeenSet() const { return m_tokenCodeHasBeenSet; } /** *

The value provided by the MFA device, if the trust policy of the role being * assumed requires MFA (that is, if the policy includes a condition that tests for * MFA). If the role being assumed requires MFA and if the TokenCode * value is missing or expired, the AssumeRole call returns an "access * denied" error.

The format for this parameter, as described by its regex * pattern, is a sequence of six numeric digits.

*/ inline void SetTokenCode(const Aws::String& value) { m_tokenCodeHasBeenSet = true; m_tokenCode = value; } /** *

The value provided by the MFA device, if the trust policy of the role being * assumed requires MFA (that is, if the policy includes a condition that tests for * MFA). If the role being assumed requires MFA and if the TokenCode * value is missing or expired, the AssumeRole call returns an "access * denied" error.

The format for this parameter, as described by its regex * pattern, is a sequence of six numeric digits.

*/ inline void SetTokenCode(Aws::String&& value) { m_tokenCodeHasBeenSet = true; m_tokenCode = std::move(value); } /** *

The value provided by the MFA device, if the trust policy of the role being * assumed requires MFA (that is, if the policy includes a condition that tests for * MFA). If the role being assumed requires MFA and if the TokenCode * value is missing or expired, the AssumeRole call returns an "access * denied" error.

The format for this parameter, as described by its regex * pattern, is a sequence of six numeric digits.

*/ inline void SetTokenCode(const char* value) { m_tokenCodeHasBeenSet = true; m_tokenCode.assign(value); } /** *

The value provided by the MFA device, if the trust policy of the role being * assumed requires MFA (that is, if the policy includes a condition that tests for * MFA). If the role being assumed requires MFA and if the TokenCode * value is missing or expired, the AssumeRole call returns an "access * denied" error.

The format for this parameter, as described by its regex * pattern, is a sequence of six numeric digits.

*/ inline AssumeRoleRequest& WithTokenCode(const Aws::String& value) { SetTokenCode(value); return *this;} /** *

The value provided by the MFA device, if the trust policy of the role being * assumed requires MFA (that is, if the policy includes a condition that tests for * MFA). If the role being assumed requires MFA and if the TokenCode * value is missing or expired, the AssumeRole call returns an "access * denied" error.

The format for this parameter, as described by its regex * pattern, is a sequence of six numeric digits.

*/ inline AssumeRoleRequest& WithTokenCode(Aws::String&& value) { SetTokenCode(std::move(value)); return *this;} /** *

The value provided by the MFA device, if the trust policy of the role being * assumed requires MFA (that is, if the policy includes a condition that tests for * MFA). If the role being assumed requires MFA and if the TokenCode * value is missing or expired, the AssumeRole call returns an "access * denied" error.

The format for this parameter, as described by its regex * pattern, is a sequence of six numeric digits.

*/ inline AssumeRoleRequest& WithTokenCode(const char* value) { SetTokenCode(value); return *this;} private: Aws::String m_roleArn; bool m_roleArnHasBeenSet; Aws::String m_roleSessionName; bool m_roleSessionNameHasBeenSet; Aws::Vector m_policyArns; bool m_policyArnsHasBeenSet; Aws::String m_policy; bool m_policyHasBeenSet; int m_durationSeconds; bool m_durationSecondsHasBeenSet; Aws::Vector m_tags; bool m_tagsHasBeenSet; Aws::Vector m_transitiveTagKeys; bool m_transitiveTagKeysHasBeenSet; Aws::String m_externalId; bool m_externalIdHasBeenSet; Aws::String m_serialNumber; bool m_serialNumberHasBeenSet; Aws::String m_tokenCode; bool m_tokenCodeHasBeenSet; }; } // namespace Model } // namespace STS } // namespace Aws