com.amazonaws.services.securitytoken.model

Class GetSessionTokenRequest

java.lang.Object

com.amazonaws.AmazonWebServiceRequest

com.amazonaws.services.securitytoken.model.GetSessionTokenRequest

All Implemented Interfaces:

Serializable

public class GetSessionTokenRequest
extends AmazonWebServiceRequest
implements Serializable

Container for the parameters to the GetSessionToken operation.

Returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use GetSessionToken if you want use MFA to protect programmatic calls to specific AWS APIs like Amazon EC2 StopInstances . MFA-enabled IAM users would need to call GetSessionToken and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that are returned from the call, IAM users can then make programmatic calls to APIs that require MFA authentication.

The GetSessionToken action must be called by using the long-term AWS security credentials of the AWS account or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify, between 900 seconds (15 minutes) and 129600 seconds (36 hours); credentials that are created by using account credentials have a maximum duration of 3600 seconds (1 hour).

Optionally, you can pass an AWS IAM access policy to this operation. The temporary security credentials that are returned by the operation have the permissions that are associated with the entity that is making the GetSessionToken call, except for any permissions explicitly denied by the policy you pass. This gives you a way to further restrict the permissions for the federated user. These policies and any applicable resource-based policies are evaluated when calls to AWS are made using the temporary security credentials.

For more information about using GetSessionToken to create temporary credentials, go to Creating Temporary Credentials to Enable Access for IAM Users in Using IAM .

See Also:

AWSSecurityTokenService.getSessionToken(GetSessionTokenRequest), Serialized Form

Constructor Summary

Constructors

Constructor and Description
GetSessionTokenRequest() Default constructor for a new GetSessionTokenRequest object.

Method Summary

Methods

Modifier and Type	Method and Description
boolean	equals(Object obj)
Integer	getDurationSeconds() The duration, in seconds, that the credentials should remain valid.
String	getSerialNumber() The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call.
String	getTokenCode() The value provided by the MFA device, if MFA is required.
int	hashCode()
void	setDurationSeconds(Integer durationSeconds) The duration, in seconds, that the credentials should remain valid.
void	setSerialNumber(String serialNumber) The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call.
void	setTokenCode(String tokenCode) The value provided by the MFA device, if MFA is required.
String	toString() Returns a string representation of this object; useful for testing and debugging.
GetSessionTokenRequest	withDurationSeconds(Integer durationSeconds) The duration, in seconds, that the credentials should remain valid.
GetSessionTokenRequest	withSerialNumber(String serialNumber) The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call.
GetSessionTokenRequest	withTokenCode(String tokenCode) The value provided by the MFA device, if MFA is required.

Methods inherited from class com.amazonaws.AmazonWebServiceRequest

copyPrivateRequestParameters, getRequestClientOptions, getRequestCredentials, getRequestMetricCollector, setRequestCredentials, setRequestMetricCollector, withRequestMetricCollector

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

GetSessionTokenRequest

public GetSessionTokenRequest()

Default constructor for a new GetSessionTokenRequest object. Callers should use the setter or fluent setter (with...) methods to initialize this object after creating it.

Method Detail

getDurationSeconds

public Integer getDurationSeconds()

The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129600 seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.

Constraints:
Range: 900 - 129600

Returns:

The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129600 seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.

setDurationSeconds

public void setDurationSeconds(Integer durationSeconds)

The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129600 seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.

Constraints:
Range: 900 - 129600

Parameters:

durationSeconds - The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129600 seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.

withDurationSeconds

public GetSessionTokenRequest withDurationSeconds(Integer durationSeconds)

The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129600 seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Range: 900 - 129600

Parameters:

durationSeconds - The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129600 seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.

Returns:

A reference to this updated object so that method calls can be chained together.

getSerialNumber

public String getSerialNumber()

The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find the device for an IAM user by going to the AWS Management Console and viewing the user's security credentials.

Constraints:
Length: 9 - 256
Pattern: [\w+=/:,.@-]*

Returns:

The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find the device for an IAM user by going to the AWS Management Console and viewing the user's security credentials.

setSerialNumber

public void setSerialNumber(String serialNumber)

The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find the device for an IAM user by going to the AWS Management Console and viewing the user's security credentials.

Constraints:
Length: 9 - 256
Pattern: [\w+=/:,.@-]*

Parameters:

serialNumber - The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find the device for an IAM user by going to the AWS Management Console and viewing the user's security credentials.

withSerialNumber

public GetSessionTokenRequest withSerialNumber(String serialNumber)

The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find the device for an IAM user by going to the AWS Management Console and viewing the user's security credentials.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 9 - 256
Pattern: [\w+=/:,.@-]*

Parameters:

serialNumber - The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find the device for an IAM user by going to the AWS Management Console and viewing the user's security credentials.

Returns:

A reference to this updated object so that method calls can be chained together.

getTokenCode

public String getTokenCode()

The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, and the user does not provide a code when requesting a set of temporary security credentials, the user will receive an "access denied" response when requesting resources that require MFA authentication.

Constraints:
Length: 6 - 6
Pattern: [\d]*

Returns:

The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, and the user does not provide a code when requesting a set of temporary security credentials, the user will receive an "access denied" response when requesting resources that require MFA authentication.

setTokenCode

public void setTokenCode(String tokenCode)

The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, and the user does not provide a code when requesting a set of temporary security credentials, the user will receive an "access denied" response when requesting resources that require MFA authentication.

Constraints:
Length: 6 - 6
Pattern: [\d]*

Parameters:

tokenCode - The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, and the user does not provide a code when requesting a set of temporary security credentials, the user will receive an "access denied" response when requesting resources that require MFA authentication.

withTokenCode

public GetSessionTokenRequest withTokenCode(String tokenCode)

The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, and the user does not provide a code when requesting a set of temporary security credentials, the user will receive an "access denied" response when requesting resources that require MFA authentication.

Returns a reference to this object so that method calls can be chained together.

Constraints:
Length: 6 - 6
Pattern: [\d]*

Parameters:

tokenCode - The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, and the user does not provide a code when requesting a set of temporary security credentials, the user will receive an "access denied" response when requesting resources that require MFA authentication.

Returns:

A reference to this updated object so that method calls can be chained together.

toString

public String toString()

Returns a string representation of this object; useful for testing and debugging.

Overrides:

toString in class Object

Returns:

A string representation of this object.

See Also:

Object.toString()

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object