public object Execute(ExecutorContext context) { var cmdletContext = context as CmdletContext; // create request var request = new Amazon.SecurityToken.Model.GetFederationTokenRequest(); if (cmdletContext.DurationInSeconds != null) { request.DurationSeconds = cmdletContext.DurationInSeconds.Value; } if (cmdletContext.Name != null) { request.Name = cmdletContext.Name; } if (cmdletContext.Policy != null) { request.Policy = cmdletContext.Policy; } if (cmdletContext.PolicyArn != null) { request.PolicyArns = cmdletContext.PolicyArn; } if (cmdletContext.Tag != null) { request.Tags = cmdletContext.Tag; } CmdletOutput output; // issue call var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint); try { var response = CallAWSServiceOperation(client, request); object pipelineOutput = null; pipelineOutput = cmdletContext.Select(response, this); output = new CmdletOutput { PipelineOutput = pipelineOutput, ServiceResponse = response }; } catch (Exception e) { output = new CmdletOutput { ErrorResponse = e }; } return(output); }
/// <summary> /// Initiates the asynchronous execution of the GetFederationToken operation. /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the GetFederationToken operation on AmazonSecurityTokenServiceClient.</param> /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param> /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> /// /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking EndGetFederationToken /// operation.</returns> public IAsyncResult BeginGetFederationToken(GetFederationTokenRequest request, AsyncCallback callback, object state) { var marshaller = new GetFederationTokenRequestMarshaller(); var unmarshaller = GetFederationTokenResponseUnmarshaller.Instance; return BeginInvoke<GetFederationTokenRequest>(request, marshaller, unmarshaller, callback, state); }
/// <summary> /// Returns a set of temporary security credentials (consisting of an access key ID, a /// secret access key, and a security token) for a federated user. A typical use is in /// a proxy application that gets temporary security credentials on behalf of distributed /// applications inside a corporate network. Because you must call the <code>GetFederationToken</code> /// action using the long-term security credentials of an IAM user, this call is appropriate /// in contexts where those credentials can be safely stored, usually in a server-based /// application. /// /// <note> /// <para> /// If you are creating a mobile-based or browser-based app that can authenticate users /// using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID /// Connect-compatible identity provider, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon /// Cognito</a> or <code>AssumeRoleWithWebIdentity</code>. For more information, see <a /// href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation /// Through a Web-based Identity Provider</a>. /// </para> /// </note> /// <para> /// The <code>GetFederationToken</code> action must be called by using the long-term AWS /// security credentials of an IAM user. You can also call <code>GetFederationToken</code> /// using the security credentials of an AWS account (root), but this is not recommended. /// Instead, we recommend that you create an IAM user for the purpose of the proxy application /// and then attach a policy to the IAM user that limits federated users to only the actions /// and resources they need access to. For more information, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html">IAM /// Best Practices</a> in the <i>Using IAM</i>. /// </para> /// /// <para> /// The temporary security credentials that are obtained by using the long-term credentials /// of an IAM user are valid for the specified duration, between 900 seconds (15 minutes) /// and 129600 seconds (36 hours). Temporary credentials that are obtained by using AWS /// account (root) credentials have a maximum duration of 3600 seconds (1 hour) /// </para> /// /// <para> /// <b>Permissions</b> /// </para> /// /// <para> /// The permissions for the temporary security credentials returned by <code>GetFederationToken</code> /// are determined by a combination of the following: /// </para> /// <ul> <li>The policy or policies that are attached to the IAM user whose credentials /// are used to call <code>GetFederationToken</code>.</li> <li>The policy that is passed /// as a parameter in the call.</li> </ul> /// <para> /// The passed policy is attached to the temporary security credentials that result from /// the <code>GetFederationToken</code> API call--that is, to the <i>federated user</i>. /// When the federated user makes an AWS request, AWS evaluates the policy attached to /// the federated user in combination with the policy or policies attached to the IAM /// user whose credentials were used to call <code>GetFederationToken</code>. AWS allows /// the federated user's request only when both the federated user <i><b>and</b></i> the /// IAM user are explicitly allowed to perform the requested action. The passed policy /// cannot grant more permissions than those that are defined in the IAM user policy. /// </para> /// /// <para> /// A typical use case is that the permissions of the IAM user whose credentials are used /// to call <code>GetFederationToken</code> are designed to allow access to all the actions /// and resources that any federated user will need. Then, for individual users, you pass /// a policy to the operation that scopes down the permissions to a level that's appropriate /// to that individual user, using a policy that allows only a subset of permissions that /// are granted to the IAM user. /// </para> /// /// <para> /// If you do not pass a policy, the resulting temporary security credentials have no /// effective permissions. The only exception is when the temporary security credentials /// are used to access a resource that has a resource-based policy that specifically allows /// the federated user to access the resource. /// </para> /// /// <para> /// For more information about how permissions work, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getfederationtoken.html">Permissions /// for GetFederationToken</a>. For information about using <code>GetFederationToken</code> /// to create temporary security credentials, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken">GetFederationToken—Federation /// Through a Custom Identity Broker</a>. /// </para> /// </summary> /// <param name="request">Container for the necessary parameters to execute the GetFederationToken service method.</param> /// /// <returns>The response from the GetFederationToken service method, as returned by SecurityTokenService.</returns> /// <exception cref="Amazon.SecurityToken.Model.MalformedPolicyDocumentException"> /// The request was rejected because the policy document was malformed. The error message /// describes the specific error. /// </exception> /// <exception cref="Amazon.SecurityToken.Model.PackedPolicyTooLargeException"> /// The request was rejected because the policy document was too large. The error message /// describes how big the policy document is, in packed form, as a percentage of what /// the API allows. /// </exception> public GetFederationTokenResponse GetFederationToken(GetFederationTokenRequest request) { var marshaller = new GetFederationTokenRequestMarshaller(); var unmarshaller = GetFederationTokenResponseUnmarshaller.Instance; return Invoke<GetFederationTokenRequest,GetFederationTokenResponse>(request, marshaller, unmarshaller); }
IAsyncResult invokeGetFederationToken(GetFederationTokenRequest getFederationTokenRequest, AsyncCallback callback, object state, bool synchronized) { IRequest irequest = new GetFederationTokenRequestMarshaller().Marshall(getFederationTokenRequest); var unmarshaller = GetFederationTokenResponseUnmarshaller.GetInstance(); AsyncResult result = new AsyncResult(irequest, callback, state, synchronized, signer, unmarshaller); Invoke(result); return result; }
/// <summary> /// <para>The GetFederationToken action returns a set of temporary credentials for a federated user with the user name and policy specified in /// the request. The credentials consist of an Access Key ID, a Secret Access Key, and a security token. The credentials are valid for the /// specified duration, between one and 36 hours.</para> <para>The federated user who holds these credentials has any permissions allowed by the /// intersection of the specified policy and any resource or user policies that apply to the caller of the GetFederationToken API, and any /// resource policies that apply to the federated user's Amazon Resource Name (ARN). For more information about how token permissions work, see /// Controlling Permissions in Temporary Credentials in <i>Using AWS Identity and Access Management</i> . For information about using /// GetFederationToken to create temporary credentials, see Creating Temporary Credentials to Enable Access for Federated Users in <i>Using AWS /// Identity and Access Management</i> .</para> /// </summary> /// /// <param name="getFederationTokenRequest">Container for the necessary parameters to execute the GetFederationToken service method on /// AmazonSecurityTokenService.</param> /// /// <returns>The response from the GetFederationToken service method, as returned by AmazonSecurityTokenService.</returns> /// /// <exception cref="PackedPolicyTooLargeException"/> /// <exception cref="MalformedPolicyDocumentException"/> public GetFederationTokenResponse GetFederationToken(GetFederationTokenRequest getFederationTokenRequest) { IAsyncResult asyncResult = invokeGetFederationToken(getFederationTokenRequest, null, null, true); return EndGetFederationToken(asyncResult); }
/// <summary> /// Initiates the asynchronous execution of the GetFederationToken operation. /// <seealso cref="Amazon.SecurityToken.AmazonSecurityTokenService.GetFederationToken"/> /// </summary> /// /// <param name="getFederationTokenRequest">Container for the necessary parameters to execute the GetFederationToken operation on /// AmazonSecurityTokenService.</param> /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param> /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> /// /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking /// EndGetFederationToken operation.</returns> public IAsyncResult BeginGetFederationToken(GetFederationTokenRequest getFederationTokenRequest, AsyncCallback callback, object state) { return invokeGetFederationToken(getFederationTokenRequest, callback, state, false); }
/// <summary> /// Initiates the asynchronous execution of the GetFederationToken operation. /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the GetFederationToken operation.</param> /// <param name="cancellationToken"> /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// </param> /// <returns>The task object representing the asynchronous operation.</returns> public Task<GetFederationTokenResponse> GetFederationTokenAsync(GetFederationTokenRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken)) { var marshaller = new GetFederationTokenRequestMarshaller(); var unmarshaller = GetFederationTokenResponseUnmarshaller.Instance; return InvokeAsync<GetFederationTokenRequest,GetFederationTokenResponse>(request, marshaller, unmarshaller, cancellationToken); }
/// <summary> /// Initiates the asynchronous execution of the GetFederationToken operation. /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the GetFederationToken operation on AmazonSecurityTokenServiceClient.</param> /// <param name="callback">An Action delegate that is invoked when the operation completes.</param> /// <param name="options">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> public void GetFederationTokenAsync(GetFederationTokenRequest request, AmazonServiceCallback<GetFederationTokenRequest, GetFederationTokenResponse> callback, AsyncOptions options = null) { options = options == null?new AsyncOptions():options; var marshaller = new GetFederationTokenRequestMarshaller(); var unmarshaller = GetFederationTokenResponseUnmarshaller.Instance; Action<AmazonWebServiceRequest, AmazonWebServiceResponse, Exception, AsyncOptions> callbackHelper = null; if(callback !=null ) callbackHelper = (AmazonWebServiceRequest req, AmazonWebServiceResponse res, Exception ex, AsyncOptions ao) => { AmazonServiceResult<GetFederationTokenRequest,GetFederationTokenResponse> responseObject = new AmazonServiceResult<GetFederationTokenRequest,GetFederationTokenResponse>((GetFederationTokenRequest)req, (GetFederationTokenResponse)res, ex , ao.State); callback(responseObject); }; BeginInvoke<GetFederationTokenRequest>(request, marshaller, unmarshaller, options, callbackHelper); }
private Amazon.SecurityToken.Model.GetFederationTokenResponse CallAWSServiceOperation(IAmazonSecurityTokenService client, Amazon.SecurityToken.Model.GetFederationTokenRequest request) { Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Security Token Service (STS)", "GetFederationToken"); try { #if DESKTOP return(client.GetFederationToken(request)); #elif CORECLR return(client.GetFederationTokenAsync(request).GetAwaiter().GetResult()); #else #error "Unknown build edition" #endif } catch (AmazonServiceException exc) { var webException = exc.InnerException as System.Net.WebException; if (webException != null) { throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException); } throw; } }
IAsyncResult invokeGetFederationToken(GetFederationTokenRequest request, AsyncCallback callback, object state, bool synchronized) { var marshaller = new GetFederationTokenRequestMarshaller(); var unmarshaller = GetFederationTokenResponseUnmarshaller.Instance; return Invoke(request, callback, state, synchronized, marshaller, unmarshaller, signer); }
/// <summary> /// <para> Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a /// federated user. A typical use is in a proxy application that is getting temporary security credentials on behalf of distributed applications /// inside a corporate network. Because you must call the <c>GetFederationToken</c> action using the long-term security credentials of an IAM /// user, this call is appropriate in contexts where those credentials can be safely stored, usually in a server-based application. </para> /// <para> <b>Note:</b> Do not use this call in mobile applications or client-based web applications that directly get temporary security /// credentials. For those types of applications, use <c>AssumeRoleWithWebIdentity</c> . </para> <para>The <c>GetFederationToken</c> action must /// be called by using the long-term AWS security credentials of the AWS account or an IAM user. Credentials that are created by IAM users are /// valid for the specified duration, between 900 seconds (15 minutes) and 129600 seconds (36 hours); credentials that are created by using /// account credentials have a maximum duration of 3600 seconds (1 hour). </para> <para>Optionally, you can pass an AWS IAM access policy to /// this operation. The temporary security credentials that are returned by the operation have the permissions that are associated with the /// entity that is making the <c>GetFederationToken</c> call, except for any permissions explicitly denied by the policy you pass. This gives /// you a way to further restrict the permissions for the federated user. These policies and any applicable resource-based policies are /// evaluated when calls to AWS are made using the temporary security credentials. </para> <para> For more information about how permissions /// work, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/TokenPermissions.html">Controlling Permissions in Temporary /// Credentials</a> in <i>Using Temporary Security Credentials</i> . For information about using <c>GetFederationToken</c> to create temporary /// security credentials, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/CreatingFedTokens.html">Creating Temporary Credentials /// to Enable Access for Federated Users</a> in <i>Using Temporary Security Credentials</i> . </para> /// </summary> /// /// <param name="getFederationTokenRequest">Container for the necessary parameters to execute the GetFederationToken service method on /// AmazonSecurityTokenService.</param> /// /// <returns>The response from the GetFederationToken service method, as returned by AmazonSecurityTokenService.</returns> /// /// <exception cref="T:Amazon.SecurityToken.Model.PackedPolicyTooLargeException" /> /// <exception cref="T:Amazon.SecurityToken.Model.MalformedPolicyDocumentException" /> /// <param name="cancellationToken"> /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// </param> public Task<GetFederationTokenResponse> GetFederationTokenAsync(GetFederationTokenRequest getFederationTokenRequest, CancellationToken cancellationToken = default(CancellationToken)) { var marshaller = new GetFederationTokenRequestMarshaller(); var unmarshaller = GetFederationTokenResponseUnmarshaller.GetInstance(); return Invoke<IRequest, GetFederationTokenRequest, GetFederationTokenResponse>(getFederationTokenRequest, marshaller, unmarshaller, signer, cancellationToken); }
internal GetFederationTokenResponse GetFederationToken(GetFederationTokenRequest request) { var task = GetFederationTokenAsync(request); try { return task.Result; } catch(AggregateException e) { throw e.InnerException; } }
internal GetFederationTokenResponse GetFederationToken(GetFederationTokenRequest request) { var task = GetFederationTokenAsync(request); try { return task.Result; } catch(AggregateException e) { ExceptionDispatchInfo.Capture(e.InnerException).Throw(); return null; } }
/// <summary> /// Initiates the asynchronous execution of the GetFederationToken operation. /// <seealso cref="Amazon.SecurityToken.IAmazonSecurityTokenService.GetFederationToken"/> /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the GetFederationToken operation.</param> /// <param name="cancellationToken"> /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// </param> /// <returns>The task object representing the asynchronous operation.</returns> public async Task<GetFederationTokenResponse> GetFederationTokenAsync(GetFederationTokenRequest request, CancellationToken cancellationToken = default(CancellationToken)) { var marshaller = new GetFederationTokenRequestMarshaller(); var unmarshaller = GetFederationTokenResponseUnmarshaller.GetInstance(); var response = await Invoke<IRequest, GetFederationTokenRequest, GetFederationTokenResponse>(request, marshaller, unmarshaller, signer, cancellationToken) .ConfigureAwait(continueOnCapturedContext: false); return response; }
/// <summary> /// </summary> /// /// <param name="getFederationTokenRequest">Container for the necessary parameters to execute the GetFederationToken service method on /// AmazonSecurityTokenService.</param> /// /// <returns>The response from the GetFederationToken service method, as returned by AmazonSecurityTokenService.</returns> /// /// <exception cref="PackedPolicyTooLargeException"/> /// <exception cref="MalformedPolicyDocumentException"/> public GetFederationTokenResponse GetFederationToken(GetFederationTokenRequest getFederationTokenRequest) { IRequest<GetFederationTokenRequest> request = new GetFederationTokenRequestMarshaller().Marshall(getFederationTokenRequest); GetFederationTokenResponse response = Invoke<GetFederationTokenRequest, GetFederationTokenResponse> (request, this.signer, GetFederationTokenResponseUnmarshaller.GetInstance()); return response; }