Overview  Package   Class  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.amazonaws.services.securitytoken
Interface AWSSecurityTokenService

All Known Subinterfaces:
AWSSecurityTokenServiceAsync
All Known Implementing Classes:
AWSSecurityTokenServiceAsyncClient, AWSSecurityTokenServiceClient
public interface AWSSecurityTokenService

Interface for accessing AWSSecurityTokenService. AWS Security Token Service

The AWS Security Token Service is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the AWS Security Token Service API.

For more detailed information about using this service, go to Using Temporary Security Credentials .

For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference . For general information about the Query API, go to Making Query Requests in Using IAM . For information about using security tokens with other AWS products, go to Using Temporary Security Credentials to Access AWS in Using Temporary Security Credentials .

If you're new to AWS and need additional technical information about a specific AWS product, you can find the product's technical documentation at http://aws.amazon.com/documentation/ .

We will refer to Amazon Identity and Access Management using the abbreviated form IAM. All copyrights and legal protections still apply.

Method Summary
 ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)
          Returns additional metadata for a previously executed successful request, typically used for debugging issues where a service isn't acting as expected.
 GetFederationTokenResult getFederationToken(GetFederationTokenRequest getFederationTokenRequest)
           The GetFederationToken action returns a set of temporary credentials for a federated user with the user name and policy specified in the request.
 GetSessionTokenResult getSessionToken()
           The GetSessionToken action returns a set of temporary credentials for an AWS account or IAM user.
 GetSessionTokenResult getSessionToken(GetSessionTokenRequest getSessionTokenRequest)
           The GetSessionToken action returns a set of temporary credentials for an AWS account or IAM user.
 void setEndpoint(String endpoint)
          Overrides the default endpoint for this client ("https://sts.amazonaws.com").
 void shutdown()
          Shuts down this client object, releasing any resources that might be held open.
 

Method Detail

setEndpoint

void setEndpoint(String endpoint)
                 throws IllegalArgumentException
Overrides the default endpoint for this client ("https://sts.amazonaws.com"). Callers can use this method to control which AWS region they want to work with.

Callers can pass in just the endpoint (ex: "sts.amazonaws.com") or a full URL, including the protocol (ex: "https://sts.amazonaws.com"). If the protocol is not specified here, the default protocol from this client's ClientConfiguration will be used, which by default is HTTPS.

For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available endpoints for all AWS services, see: http://developer.amazonwebservices.com/connect/entry.jspa?externalID=3912

Parameters:
endpoint - The endpoint (ex: "sts.amazonaws.com") or a full URL, including the protocol (ex: "https://sts.amazonaws.com") of the region specific AWS endpoint this client will communicate with.
Throws:
IllegalArgumentException - If any problems are detected with the specified endpoint.

getSessionToken

GetSessionTokenResult getSessionToken(GetSessionTokenRequest getSessionTokenRequest)
                                      throws AmazonServiceException,
                                             AmazonClientException

The GetSessionToken action returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an Access Key ID, a Secret Access Key, and a security token. These credentials are valid for the specified duration only. The session duration for IAM users can be between one and 36 hours, with a default of 12 hours. The session duration for AWS account owners is restricted to one hour. Providing the AWS Multi-Factor Authentication (MFA) device serial number and the token code is optional.

For more information about using GetSessionToken to create temporary credentials, go to Creating Temporary Credentials to Enable Access for IAM Users in Using IAM .

Parameters:
getSessionTokenRequest - Container for the necessary parameters to execute the GetSessionToken service method on AWSSecurityTokenService.
Returns:
The response from the GetSessionToken service method, as returned by AWSSecurityTokenService.
Throws:
AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.
AmazonServiceException - If an error response is returned by AWSSecurityTokenService indicating either a problem with the data in the request, or a server side issue.

getFederationToken

GetFederationTokenResult getFederationToken(GetFederationTokenRequest getFederationTokenRequest)
                                            throws AmazonServiceException,
                                                   AmazonClientException

The GetFederationToken action returns a set of temporary credentials for a federated user with the user name and policy specified in the request. The credentials consist of an Access Key ID, a Secret Access Key, and a security token. Credentials created by IAM users are valid for the specified duration, between one and 36 hours; credentials created using account credentials last one hour.

The federated user who holds these credentials has any permissions allowed by the intersection of the specified policy and any resource or user policies that apply to the caller of the GetFederationToken API, and any resource policies that apply to the federated user's Amazon Resource Name (ARN). For more information about how token permissions work, see Controlling Permissions in Temporary Credentials in Using AWS Identity and Access Management . For information about using GetFederationToken to create temporary credentials, see Creating Temporary Credentials to Enable Access for Federated Users in Using AWS Identity and Access Management .

Parameters:
getFederationTokenRequest - Container for the necessary parameters to execute the GetFederationToken service method on AWSSecurityTokenService.
Returns:
The response from the GetFederationToken service method, as returned by AWSSecurityTokenService.
Throws:
PackedPolicyTooLargeException
MalformedPolicyDocumentException
AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.
AmazonServiceException - If an error response is returned by AWSSecurityTokenService indicating either a problem with the data in the request, or a server side issue.

getSessionToken

GetSessionTokenResult getSessionToken()
                                      throws AmazonServiceException,
                                             AmazonClientException

The GetSessionToken action returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an Access Key ID, a Secret Access Key, and a security token. These credentials are valid for the specified duration only. The session duration for IAM users can be between one and 36 hours, with a default of 12 hours. The session duration for AWS account owners is restricted to one hour. Providing the AWS Multi-Factor Authentication (MFA) device serial number and the token code is optional.

For more information about using GetSessionToken to create temporary credentials, go to Creating Temporary Credentials to Enable Access for IAM Users in Using IAM .

Returns:
The response from the GetSessionToken service method, as returned by AWSSecurityTokenService.
Throws:
AmazonClientException - If any internal errors are encountered inside the client while attempting to make the request or handle the response. For example if a network connection is not available.
AmazonServiceException - If an error response is returned by AWSSecurityTokenService indicating either a problem with the data in the request, or a server side issue.

shutdown

void shutdown()
Shuts down this client object, releasing any resources that might be held open. This is an optional method, and callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client has been shutdown, it should not be used to make any more requests.

getCachedResponseMetadata

ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)
Returns additional metadata for a previously executed successful request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.

Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing a request.

Parameters:
request - The originally executed request.
Returns:
The response metadata for the specified request, or null if none is available.
Overview  Package   Class  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2010 Amazon Web Services, Inc. All Rights Reserved.