C# Class Amazon.SecurityToken.AmazonSecurityTokenServiceClient

Implementation for accessing SecurityTokenService AWS Security Token Service

The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the STS API. For more detailed information about using this service, go to Using Temporary Security Credentials.

As an alternative to using the API, you can use one of the AWS SDKs, which consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .NET, iOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to STS. For example, the SDKs take care of cryptographically signing requests, managing errors, and retrying requests automatically. For information about the AWS SDKs, including how to download and install them, see the Tools for Amazon Web Services page.

For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in the AWS General Reference. For general information about the Query API, go to Making Query Requests in Using IAM. For information about using security tokens with other AWS products, go to Using Temporary Security Credentials to Access AWS in Using Temporary Security Credentials.

If you're new to AWS and need additional technical information about a specific AWS product, you can find the product's technical documentation at http://aws.amazon.com/documentation/.

Endpoints

The AWS Security Token Service (STS) has a default endpoint of https://sts.amazonaws.com that maps to the US East (N. Virginia) region. Additional regions are available, but must first be activated in the AWS Management Console before you can use a different region's endpoint. For more information about activating a region for STS see Activating STS in a New Region in the Using Temporary Security Credentials guide.

For information about STS endpoints, see Regions and Endpoints in the AWS General Reference.

Recording API requests

STS supports AWS CloudTrail, which is a service that records AWS calls for your AWS account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine what requests were successfully made to STS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide.

Inheritance: AmazonUnityServiceClient, IAmazonSecurityTokenService
Show file Open project: aws/aws-sdk-net Class Usage Examples

Public Methods

Method Description
AmazonSecurityTokenServiceClient ( ) : System

Constructs AmazonSecurityTokenServiceClient with the credentials loaded from the application's default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. Example App.config with credentials set. <?xml version="1.0" encoding="utf-8" ?> <configuration> <appSettings> <add key="AWSProfileName" value="AWS Default"/> </appSettings> </configuration>

AmazonSecurityTokenServiceClient ( AWSCredentials credentials ) : System

Constructs AmazonSecurityTokenServiceClient with AWS Credentials

AmazonSecurityTokenServiceClient ( AWSCredentials credentials, AmazonSecurityTokenServiceConfig clientConfig ) : System

Constructs AmazonSecurityTokenServiceClient with AWS Credentials and an AmazonSecurityTokenServiceClient Configuration object.

AmazonSecurityTokenServiceClient ( AWSCredentials credentials, RegionEndpoint region ) : System

Constructs AmazonSecurityTokenServiceClient with AWS Credentials

AmazonSecurityTokenServiceClient ( AmazonSecurityTokenServiceConfig config ) : System

Constructs AmazonSecurityTokenServiceClient with the credentials loaded from the application's default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. Example App.config with credentials set. <?xml version="1.0" encoding="utf-8" ?> <configuration> <appSettings> <add key="AWSProfileName" value="AWS Default"/> </appSettings> </configuration>

AmazonSecurityTokenServiceClient ( RegionEndpoint region ) : System

Constructs AmazonSecurityTokenServiceClient with the credentials loaded from the application's default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. Example App.config with credentials set. <?xml version="1.0" encoding="utf-8" ?> <configuration> <appSettings> <add key="AWSProfileName" value="AWS Default"/> </appSettings> </configuration>

AmazonSecurityTokenServiceClient ( string awsAccessKeyId, string awsSecretAccessKey ) : System

Constructs AmazonSecurityTokenServiceClient with AWS Access Key ID and AWS Secret Key

AmazonSecurityTokenServiceClient ( string awsAccessKeyId, string awsSecretAccessKey, AmazonSecurityTokenServiceConfig clientConfig ) : System

Constructs AmazonSecurityTokenServiceClient with AWS Access Key ID, AWS Secret Key and an AmazonSecurityTokenServiceClient Configuration object.

AmazonSecurityTokenServiceClient ( string awsAccessKeyId, string awsSecretAccessKey, RegionEndpoint region ) : System

Constructs AmazonSecurityTokenServiceClient with AWS Access Key ID and AWS Secret Key

AmazonSecurityTokenServiceClient ( string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken ) : System

Constructs AmazonSecurityTokenServiceClient with AWS Access Key ID and AWS Secret Key

AmazonSecurityTokenServiceClient ( string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, AmazonSecurityTokenServiceConfig clientConfig ) : System

Constructs AmazonSecurityTokenServiceClient with AWS Access Key ID, AWS Secret Key and an AmazonSecurityTokenServiceClient Configuration object.

AmazonSecurityTokenServiceClient ( string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, RegionEndpoint region ) : System

Constructs AmazonSecurityTokenServiceClient with AWS Access Key ID and AWS Secret Key

AssumeRoleAsync ( AssumeRoleRequest request, System cancellationToken = default(CancellationToken) ) : Task

Initiates the asynchronous execution of the AssumeRole operation.

AssumeRoleAsync ( AssumeRoleRequest request, AssumeRoleResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void

Initiates the asynchronous execution of the AssumeRole operation.

AssumeRoleWithSAMLAsync ( AssumeRoleWithSAMLRequest request, System cancellationToken = default(CancellationToken) ) : Task

Initiates the asynchronous execution of the AssumeRoleWithSAML operation.

AssumeRoleWithSAMLAsync ( AssumeRoleWithSAMLRequest request, AssumeRoleWithSAMLResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void

Initiates the asynchronous execution of the AssumeRoleWithSAML operation.

AssumeRoleWithWebIdentityAsync ( AssumeRoleWithWebIdentityRequest request, System cancellationToken = default(CancellationToken) ) : Task

Initiates the asynchronous execution of the AssumeRoleWithWebIdentity operation.

AssumeRoleWithWebIdentityAsync ( AssumeRoleWithWebIdentityRequest request, AssumeRoleWithWebIdentityResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void

Initiates the asynchronous execution of the AssumeRoleWithWebIdentity operation.

BeginAssumeRole ( AssumeRoleRequest request, AsyncCallback callback, object state ) : IAsyncResult

Initiates the asynchronous execution of the AssumeRole operation.

BeginAssumeRoleWithSAML ( AssumeRoleWithSAMLRequest request, AsyncCallback callback, object state ) : IAsyncResult

Initiates the asynchronous execution of the AssumeRoleWithSAML operation.

BeginAssumeRoleWithWebIdentity ( AssumeRoleWithWebIdentityRequest request, AsyncCallback callback, object state ) : IAsyncResult

Initiates the asynchronous execution of the AssumeRoleWithWebIdentity operation.

BeginDecodeAuthorizationMessage ( DecodeAuthorizationMessageRequest request, AsyncCallback callback, object state ) : IAsyncResult

Initiates the asynchronous execution of the DecodeAuthorizationMessage operation.

BeginGetCallerIdentity ( GetCallerIdentityRequest request, AsyncCallback callback, object state ) : IAsyncResult

Initiates the asynchronous execution of the GetCallerIdentity operation.

BeginGetFederationToken ( GetFederationTokenRequest request, AsyncCallback callback, object state ) : IAsyncResult

Initiates the asynchronous execution of the GetFederationToken operation.

BeginGetSessionToken ( GetSessionTokenRequest request, AsyncCallback callback, object state ) : IAsyncResult

Initiates the asynchronous execution of the GetSessionToken operation.

DecodeAuthorizationMessageAsync ( DecodeAuthorizationMessageRequest request, System cancellationToken = default(CancellationToken) ) : Task

Initiates the asynchronous execution of the DecodeAuthorizationMessage operation.

DecodeAuthorizationMessageAsync ( DecodeAuthorizationMessageRequest request, DecodeAuthorizationMessageResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void

Initiates the asynchronous execution of the DecodeAuthorizationMessage operation.

EndAssumeRole ( IAsyncResult asyncResult ) : AssumeRoleResponse

Finishes the asynchronous execution of the AssumeRole operation.

EndAssumeRoleWithSAML ( IAsyncResult asyncResult ) : AssumeRoleWithSAMLResponse

Finishes the asynchronous execution of the AssumeRoleWithSAML operation.

EndAssumeRoleWithWebIdentity ( IAsyncResult asyncResult ) : AssumeRoleWithWebIdentityResponse

Finishes the asynchronous execution of the AssumeRoleWithWebIdentity operation.

EndDecodeAuthorizationMessage ( IAsyncResult asyncResult ) : DecodeAuthorizationMessageResponse

Finishes the asynchronous execution of the DecodeAuthorizationMessage operation.

EndGetCallerIdentity ( IAsyncResult asyncResult ) : GetCallerIdentityResponse

Finishes the asynchronous execution of the GetCallerIdentity operation.

EndGetFederationToken ( IAsyncResult asyncResult ) : GetFederationTokenResponse

Finishes the asynchronous execution of the GetFederationToken operation.

EndGetSessionToken ( IAsyncResult asyncResult ) : GetSessionTokenResponse

Finishes the asynchronous execution of the GetSessionToken operation.

GetCallerIdentityAsync ( GetCallerIdentityRequest request, System cancellationToken = default(CancellationToken) ) : Task

Initiates the asynchronous execution of the GetCallerIdentity operation.

GetCallerIdentityAsync ( GetCallerIdentityRequest request, GetCallerIdentityResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void

Initiates the asynchronous execution of the GetCallerIdentity operation.

GetFederationTokenAsync ( GetFederationTokenRequest request, System cancellationToken = default(CancellationToken) ) : Task

Initiates the asynchronous execution of the GetFederationToken operation.

GetFederationTokenAsync ( GetFederationTokenRequest request, GetFederationTokenResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void

Initiates the asynchronous execution of the GetFederationToken operation.

GetSessionTokenAsync ( GetSessionTokenRequest request, System cancellationToken = default(CancellationToken) ) : Task

Initiates the asynchronous execution of the GetSessionToken operation.

GetSessionTokenAsync ( System cancellationToken = default(CancellationToken) ) : Task

Returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use GetSessionToken if you want to use MFA to protect programmatic calls to specific AWS APIs like Amazon EC2 StopInstances. MFA-enabled IAM users would need to call GetSessionToken and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that are returned from the call, IAM users can then make programmatic calls to APIs that require MFA authentication. If you do not supply a correct MFA code, then the API returns an access denied error. For a comparison of GetSessionToken with the other APIs that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS APIs in the IAM User Guide.

The GetSessionToken action must be called by using the long-term AWS security credentials of the AWS account or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify, from 900 seconds (15 minutes) up to a maximum of 129600 seconds (36 hours), with a default of 43200 seconds (12 hours); credentials that are created by using account credentials can range from 900 seconds (15 minutes) up to a maximum of 3600 seconds (1 hour), with a default of 1 hour.

The temporary security credentials created by GetSessionToken can be used to make API calls to any AWS service with the following exceptions:

  • You cannot call any IAM APIs unless MFA authentication information is included in the request.

  • You cannot call any STS API except AssumeRole or GetCallerIdentity.

We recommend that you do not call GetSessionToken with root account credentials. Instead, follow our best practices by creating one or more IAM users, giving them the necessary permissions, and using IAM users for everyday interaction with AWS.

The permissions associated with the temporary security credentials returned by GetSessionToken are based on the permissions associated with account or IAM user whose credentials are used to call the action. If GetSessionToken is called using root account credentials, the temporary credentials have root account permissions. Similarly, if GetSessionToken is called using the credentials of an IAM user, the temporary credentials have the same permissions as the IAM user.

For more information about using GetSessionToken to create temporary credentials, go to Temporary Credentials for Users in Untrusted Environments in the IAM User Guide.

GetSessionTokenAsync ( GetSessionTokenResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void
GetSessionTokenAsync ( GetSessionTokenRequest request, GetSessionTokenResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void

Initiates the asynchronous execution of the GetSessionToken operation.

Protected Methods

Method Description
CreateSigner ( ) : AbstractAWSSigner

Creates the signer for the service.

Dispose ( bool disposing ) : void

Disposes the service client.

Private Methods

Method Description
AssumeRole ( AssumeRoleRequest request ) : AssumeRoleResponse
AssumeRoleWithSAML ( AssumeRoleWithSAMLRequest request ) : AssumeRoleWithSAMLResponse
AssumeRoleWithWebIdentity ( AssumeRoleWithWebIdentityRequest request ) : AssumeRoleWithWebIdentityResponse
DecodeAuthorizationMessage ( DecodeAuthorizationMessageRequest request ) : DecodeAuthorizationMessageResponse
GetCallerIdentity ( GetCallerIdentityRequest request ) : GetCallerIdentityResponse
GetFederationToken ( GetFederationTokenRequest request ) : GetFederationTokenResponse
GetSessionToken ( ) : GetSessionTokenResponse
GetSessionToken ( GetSessionTokenRequest request ) : GetSessionTokenResponse
ICoreAmazonSTS ( string endpoint, string authenticationType, string roleARN, System.TimeSpan credentialDuration, ICredentials userCredential ) : SAMLImmutableCredentials

Method Details

AmazonSecurityTokenServiceClient() public method

Constructs AmazonSecurityTokenServiceClient with the credentials loaded from the application's default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. Example App.config with credentials set. <?xml version="1.0" encoding="utf-8" ?> <configuration> <appSettings> <add key="AWSProfileName" value="AWS Default"/> </appSettings> </configuration>
public AmazonSecurityTokenServiceClient ( ) : System
return System

AmazonSecurityTokenServiceClient() public method

Constructs AmazonSecurityTokenServiceClient with AWS Credentials
public AmazonSecurityTokenServiceClient ( AWSCredentials credentials ) : System
credentials Amazon.Runtime.AWSCredentials AWS Credentials
return System

AmazonSecurityTokenServiceClient() public method

Constructs AmazonSecurityTokenServiceClient with AWS Credentials and an AmazonSecurityTokenServiceClient Configuration object.
public AmazonSecurityTokenServiceClient ( AWSCredentials credentials, AmazonSecurityTokenServiceConfig clientConfig ) : System
credentials Amazon.Runtime.AWSCredentials AWS Credentials
clientConfig AmazonSecurityTokenServiceConfig The AmazonSecurityTokenServiceClient Configuration Object
return System

AmazonSecurityTokenServiceClient() public method

Constructs AmazonSecurityTokenServiceClient with AWS Credentials
public AmazonSecurityTokenServiceClient ( AWSCredentials credentials, RegionEndpoint region ) : System
credentials Amazon.Runtime.AWSCredentials AWS Credentials
region RegionEndpoint The region to connect.
return System

AmazonSecurityTokenServiceClient() public method

Constructs AmazonSecurityTokenServiceClient with the credentials loaded from the application's default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. Example App.config with credentials set. <?xml version="1.0" encoding="utf-8" ?> <configuration> <appSettings> <add key="AWSProfileName" value="AWS Default"/> </appSettings> </configuration>
public AmazonSecurityTokenServiceClient ( AmazonSecurityTokenServiceConfig config ) : System
config AmazonSecurityTokenServiceConfig The AmazonSecurityTokenServiceClient Configuration Object
return System

AmazonSecurityTokenServiceClient() public method

Constructs AmazonSecurityTokenServiceClient with the credentials loaded from the application's default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. Example App.config with credentials set. <?xml version="1.0" encoding="utf-8" ?> <configuration> <appSettings> <add key="AWSProfileName" value="AWS Default"/> </appSettings> </configuration>
public AmazonSecurityTokenServiceClient ( RegionEndpoint region ) : System
region RegionEndpoint The region to connect.
return System

AmazonSecurityTokenServiceClient() public method

Constructs AmazonSecurityTokenServiceClient with AWS Access Key ID and AWS Secret Key
public AmazonSecurityTokenServiceClient ( string awsAccessKeyId, string awsSecretAccessKey ) : System
awsAccessKeyId string AWS Access Key ID
awsSecretAccessKey string AWS Secret Access Key
return System

AmazonSecurityTokenServiceClient() public method

Constructs AmazonSecurityTokenServiceClient with AWS Access Key ID, AWS Secret Key and an AmazonSecurityTokenServiceClient Configuration object.
public AmazonSecurityTokenServiceClient ( string awsAccessKeyId, string awsSecretAccessKey, AmazonSecurityTokenServiceConfig clientConfig ) : System
awsAccessKeyId string AWS Access Key ID
awsSecretAccessKey string AWS Secret Access Key
clientConfig AmazonSecurityTokenServiceConfig The AmazonSecurityTokenServiceClient Configuration Object
return System

AmazonSecurityTokenServiceClient() public method

Constructs AmazonSecurityTokenServiceClient with AWS Access Key ID and AWS Secret Key
public AmazonSecurityTokenServiceClient ( string awsAccessKeyId, string awsSecretAccessKey, RegionEndpoint region ) : System
awsAccessKeyId string AWS Access Key ID
awsSecretAccessKey string AWS Secret Access Key
region RegionEndpoint The region to connect.
return System

AmazonSecurityTokenServiceClient() public method

Constructs AmazonSecurityTokenServiceClient with AWS Access Key ID and AWS Secret Key
public AmazonSecurityTokenServiceClient ( string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken ) : System
awsAccessKeyId string AWS Access Key ID
awsSecretAccessKey string AWS Secret Access Key
awsSessionToken string AWS Session Token
return System

AmazonSecurityTokenServiceClient() public method

Constructs AmazonSecurityTokenServiceClient with AWS Access Key ID, AWS Secret Key and an AmazonSecurityTokenServiceClient Configuration object.
public AmazonSecurityTokenServiceClient ( string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, AmazonSecurityTokenServiceConfig clientConfig ) : System
awsAccessKeyId string AWS Access Key ID
awsSecretAccessKey string AWS Secret Access Key
awsSessionToken string AWS Session Token
clientConfig AmazonSecurityTokenServiceConfig The AmazonSecurityTokenServiceClient Configuration Object
return System

AmazonSecurityTokenServiceClient() public method

Constructs AmazonSecurityTokenServiceClient with AWS Access Key ID and AWS Secret Key
public AmazonSecurityTokenServiceClient ( string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, RegionEndpoint region ) : System
awsAccessKeyId string AWS Access Key ID
awsSecretAccessKey string AWS Secret Access Key
awsSessionToken string AWS Session Token
region RegionEndpoint The region to connect.
return System

AssumeRoleAsync() public method

Initiates the asynchronous execution of the AssumeRole operation.
public AssumeRoleAsync ( AssumeRoleRequest request, System cancellationToken = default(CancellationToken) ) : Task
request Amazon.SecurityToken.Model.AssumeRoleRequest Container for the necessary parameters to execute the AssumeRole operation.
cancellationToken System /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. ///
return Task

AssumeRoleAsync() public method

Initiates the asynchronous execution of the AssumeRole operation.
public AssumeRoleAsync ( AssumeRoleRequest request, AssumeRoleResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void
request Amazon.SecurityToken.Model.AssumeRoleRequest Container for the necessary parameters to execute the AssumeRole operation on AmazonSecurityTokenServiceClient.
callback AssumeRoleResponse>.AmazonServiceCallback An Action delegate that is invoked when the operation completes.
options Amazon.Runtime.AsyncOptions A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return void

AssumeRoleWithSAMLAsync() public method

Initiates the asynchronous execution of the AssumeRoleWithSAML operation.
public AssumeRoleWithSAMLAsync ( AssumeRoleWithSAMLRequest request, System cancellationToken = default(CancellationToken) ) : Task
request Amazon.SecurityToken.Model.AssumeRoleWithSAMLRequest Container for the necessary parameters to execute the AssumeRoleWithSAML operation.
cancellationToken System /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. ///
return Task

AssumeRoleWithSAMLAsync() public method

Initiates the asynchronous execution of the AssumeRoleWithSAML operation.
public AssumeRoleWithSAMLAsync ( AssumeRoleWithSAMLRequest request, AssumeRoleWithSAMLResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void
request Amazon.SecurityToken.Model.AssumeRoleWithSAMLRequest Container for the necessary parameters to execute the AssumeRoleWithSAML operation on AmazonSecurityTokenServiceClient.
callback AssumeRoleWithSAMLResponse>.AmazonServiceCallback An Action delegate that is invoked when the operation completes.
options Amazon.Runtime.AsyncOptions A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return void

AssumeRoleWithWebIdentityAsync() public method

Initiates the asynchronous execution of the AssumeRoleWithWebIdentity operation.
public AssumeRoleWithWebIdentityAsync ( AssumeRoleWithWebIdentityRequest request, System cancellationToken = default(CancellationToken) ) : Task
request Amazon.SecurityToken.Model.AssumeRoleWithWebIdentityRequest Container for the necessary parameters to execute the AssumeRoleWithWebIdentity operation.
cancellationToken System /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. ///
return Task

AssumeRoleWithWebIdentityAsync() public method

Initiates the asynchronous execution of the AssumeRoleWithWebIdentity operation.
public AssumeRoleWithWebIdentityAsync ( AssumeRoleWithWebIdentityRequest request, AssumeRoleWithWebIdentityResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void
request Amazon.SecurityToken.Model.AssumeRoleWithWebIdentityRequest Container for the necessary parameters to execute the AssumeRoleWithWebIdentity operation on AmazonSecurityTokenServiceClient.
callback AssumeRoleWithWebIdentityResponse>.AmazonServiceCallback An Action delegate that is invoked when the operation completes.
options Amazon.Runtime.AsyncOptions A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return void

BeginAssumeRole() public method

Initiates the asynchronous execution of the AssumeRole operation.
public BeginAssumeRole ( AssumeRoleRequest request, AsyncCallback callback, object state ) : IAsyncResult
request Amazon.SecurityToken.Model.AssumeRoleRequest Container for the necessary parameters to execute the AssumeRole operation on AmazonSecurityTokenServiceClient.
callback AsyncCallback An AsyncCallback delegate that is invoked when the operation completes.
state object A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return IAsyncResult

BeginAssumeRoleWithSAML() public method

Initiates the asynchronous execution of the AssumeRoleWithSAML operation.
public BeginAssumeRoleWithSAML ( AssumeRoleWithSAMLRequest request, AsyncCallback callback, object state ) : IAsyncResult
request Amazon.SecurityToken.Model.AssumeRoleWithSAMLRequest Container for the necessary parameters to execute the AssumeRoleWithSAML operation on AmazonSecurityTokenServiceClient.
callback AsyncCallback An AsyncCallback delegate that is invoked when the operation completes.
state object A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return IAsyncResult

BeginAssumeRoleWithWebIdentity() public method

Initiates the asynchronous execution of the AssumeRoleWithWebIdentity operation.
public BeginAssumeRoleWithWebIdentity ( AssumeRoleWithWebIdentityRequest request, AsyncCallback callback, object state ) : IAsyncResult
request Amazon.SecurityToken.Model.AssumeRoleWithWebIdentityRequest Container for the necessary parameters to execute the AssumeRoleWithWebIdentity operation on AmazonSecurityTokenServiceClient.
callback AsyncCallback An AsyncCallback delegate that is invoked when the operation completes.
state object A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return IAsyncResult

BeginDecodeAuthorizationMessage() public method

Initiates the asynchronous execution of the DecodeAuthorizationMessage operation.
public BeginDecodeAuthorizationMessage ( DecodeAuthorizationMessageRequest request, AsyncCallback callback, object state ) : IAsyncResult
request Amazon.SecurityToken.Model.DecodeAuthorizationMessageRequest Container for the necessary parameters to execute the DecodeAuthorizationMessage operation on AmazonSecurityTokenServiceClient.
callback AsyncCallback An AsyncCallback delegate that is invoked when the operation completes.
state object A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return IAsyncResult

BeginGetCallerIdentity() public method

Initiates the asynchronous execution of the GetCallerIdentity operation.
public BeginGetCallerIdentity ( GetCallerIdentityRequest request, AsyncCallback callback, object state ) : IAsyncResult
request GetCallerIdentityRequest Container for the necessary parameters to execute the GetCallerIdentity operation on AmazonSecurityTokenServiceClient.
callback AsyncCallback An AsyncCallback delegate that is invoked when the operation completes.
state object A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return IAsyncResult

BeginGetFederationToken() public method

Initiates the asynchronous execution of the GetFederationToken operation.
public BeginGetFederationToken ( GetFederationTokenRequest request, AsyncCallback callback, object state ) : IAsyncResult
request Amazon.SecurityToken.Model.GetFederationTokenRequest Container for the necessary parameters to execute the GetFederationToken operation on AmazonSecurityTokenServiceClient.
callback AsyncCallback An AsyncCallback delegate that is invoked when the operation completes.
state object A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return IAsyncResult

BeginGetSessionToken() public method

Initiates the asynchronous execution of the GetSessionToken operation.
public BeginGetSessionToken ( GetSessionTokenRequest request, AsyncCallback callback, object state ) : IAsyncResult
request Amazon.SecurityToken.Model.GetSessionTokenRequest Container for the necessary parameters to execute the GetSessionToken operation on AmazonSecurityTokenServiceClient.
callback AsyncCallback An AsyncCallback delegate that is invoked when the operation completes.
state object A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return IAsyncResult

CreateSigner() protected method

Creates the signer for the service.
protected CreateSigner ( ) : AbstractAWSSigner
return Amazon.Runtime.Internal.Auth.AbstractAWSSigner

DecodeAuthorizationMessageAsync() public method

Initiates the asynchronous execution of the DecodeAuthorizationMessage operation.
public DecodeAuthorizationMessageAsync ( DecodeAuthorizationMessageRequest request, System cancellationToken = default(CancellationToken) ) : Task
request Amazon.SecurityToken.Model.DecodeAuthorizationMessageRequest Container for the necessary parameters to execute the DecodeAuthorizationMessage operation.
cancellationToken System /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. ///
return Task

DecodeAuthorizationMessageAsync() public method

Initiates the asynchronous execution of the DecodeAuthorizationMessage operation.
public DecodeAuthorizationMessageAsync ( DecodeAuthorizationMessageRequest request, DecodeAuthorizationMessageResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void
request Amazon.SecurityToken.Model.DecodeAuthorizationMessageRequest Container for the necessary parameters to execute the DecodeAuthorizationMessage operation on AmazonSecurityTokenServiceClient.
callback DecodeAuthorizationMessageResponse>.AmazonServiceCallback An Action delegate that is invoked when the operation completes.
options Amazon.Runtime.AsyncOptions A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return void

Dispose() protected method

Disposes the service client.
protected Dispose ( bool disposing ) : void
disposing bool
return void

EndAssumeRole() public method

Finishes the asynchronous execution of the AssumeRole operation.
public EndAssumeRole ( IAsyncResult asyncResult ) : AssumeRoleResponse
asyncResult IAsyncResult The IAsyncResult returned by the call to BeginAssumeRole.
return Amazon.SecurityToken.Model.AssumeRoleResponse

EndAssumeRoleWithSAML() public method

Finishes the asynchronous execution of the AssumeRoleWithSAML operation.
public EndAssumeRoleWithSAML ( IAsyncResult asyncResult ) : AssumeRoleWithSAMLResponse
asyncResult IAsyncResult The IAsyncResult returned by the call to BeginAssumeRoleWithSAML.
return Amazon.SecurityToken.Model.AssumeRoleWithSAMLResponse

EndAssumeRoleWithWebIdentity() public method

Finishes the asynchronous execution of the AssumeRoleWithWebIdentity operation.
public EndAssumeRoleWithWebIdentity ( IAsyncResult asyncResult ) : AssumeRoleWithWebIdentityResponse
asyncResult IAsyncResult The IAsyncResult returned by the call to BeginAssumeRoleWithWebIdentity.
return Amazon.SecurityToken.Model.AssumeRoleWithWebIdentityResponse

EndDecodeAuthorizationMessage() public method

Finishes the asynchronous execution of the DecodeAuthorizationMessage operation.
public EndDecodeAuthorizationMessage ( IAsyncResult asyncResult ) : DecodeAuthorizationMessageResponse
asyncResult IAsyncResult The IAsyncResult returned by the call to BeginDecodeAuthorizationMessage.
return Amazon.SecurityToken.Model.DecodeAuthorizationMessageResponse

EndGetCallerIdentity() public method

Finishes the asynchronous execution of the GetCallerIdentity operation.
public EndGetCallerIdentity ( IAsyncResult asyncResult ) : GetCallerIdentityResponse
asyncResult IAsyncResult The IAsyncResult returned by the call to BeginGetCallerIdentity.
return Amazon.SecurityToken.Model.GetCallerIdentityResponse

EndGetFederationToken() public method

Finishes the asynchronous execution of the GetFederationToken operation.
public EndGetFederationToken ( IAsyncResult asyncResult ) : GetFederationTokenResponse
asyncResult IAsyncResult The IAsyncResult returned by the call to BeginGetFederationToken.
return Amazon.SecurityToken.Model.GetFederationTokenResponse

EndGetSessionToken() public method

Finishes the asynchronous execution of the GetSessionToken operation.
public EndGetSessionToken ( IAsyncResult asyncResult ) : GetSessionTokenResponse
asyncResult IAsyncResult The IAsyncResult returned by the call to BeginGetSessionToken.
return Amazon.SecurityToken.Model.GetSessionTokenResponse

GetCallerIdentityAsync() public method

Initiates the asynchronous execution of the GetCallerIdentity operation.
public GetCallerIdentityAsync ( GetCallerIdentityRequest request, System cancellationToken = default(CancellationToken) ) : Task
request GetCallerIdentityRequest Container for the necessary parameters to execute the GetCallerIdentity operation.
cancellationToken System /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. ///
return Task

GetCallerIdentityAsync() public method

Initiates the asynchronous execution of the GetCallerIdentity operation.
public GetCallerIdentityAsync ( GetCallerIdentityRequest request, GetCallerIdentityResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void
request GetCallerIdentityRequest Container for the necessary parameters to execute the GetCallerIdentity operation on AmazonSecurityTokenServiceClient.
callback GetCallerIdentityResponse>.AmazonServiceCallback An Action delegate that is invoked when the operation completes.
options Amazon.Runtime.AsyncOptions A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return void

GetFederationTokenAsync() public method

Initiates the asynchronous execution of the GetFederationToken operation.
public GetFederationTokenAsync ( GetFederationTokenRequest request, System cancellationToken = default(CancellationToken) ) : Task
request Amazon.SecurityToken.Model.GetFederationTokenRequest Container for the necessary parameters to execute the GetFederationToken operation.
cancellationToken System /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. ///
return Task

GetFederationTokenAsync() public method

Initiates the asynchronous execution of the GetFederationToken operation.
public GetFederationTokenAsync ( GetFederationTokenRequest request, GetFederationTokenResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void
request Amazon.SecurityToken.Model.GetFederationTokenRequest Container for the necessary parameters to execute the GetFederationToken operation on AmazonSecurityTokenServiceClient.
callback GetFederationTokenResponse>.AmazonServiceCallback An Action delegate that is invoked when the operation completes.
options Amazon.Runtime.AsyncOptions A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return void

GetSessionTokenAsync() public method

Initiates the asynchronous execution of the GetSessionToken operation.
public GetSessionTokenAsync ( GetSessionTokenRequest request, System cancellationToken = default(CancellationToken) ) : Task
request Amazon.SecurityToken.Model.GetSessionTokenRequest Container for the necessary parameters to execute the GetSessionToken operation.
cancellationToken System /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. ///
return Task

GetSessionTokenAsync() public method

Returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use GetSessionToken if you want to use MFA to protect programmatic calls to specific AWS APIs like Amazon EC2 StopInstances. MFA-enabled IAM users would need to call GetSessionToken and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that are returned from the call, IAM users can then make programmatic calls to APIs that require MFA authentication. If you do not supply a correct MFA code, then the API returns an access denied error. For a comparison of GetSessionToken with the other APIs that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS APIs in the IAM User Guide.

The GetSessionToken action must be called by using the long-term AWS security credentials of the AWS account or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify, from 900 seconds (15 minutes) up to a maximum of 129600 seconds (36 hours), with a default of 43200 seconds (12 hours); credentials that are created by using account credentials can range from 900 seconds (15 minutes) up to a maximum of 3600 seconds (1 hour), with a default of 1 hour.

The temporary security credentials created by GetSessionToken can be used to make API calls to any AWS service with the following exceptions:

  • You cannot call any IAM APIs unless MFA authentication information is included in the request.

  • You cannot call any STS API except AssumeRole or GetCallerIdentity.

We recommend that you do not call GetSessionToken with root account credentials. Instead, follow our best practices by creating one or more IAM users, giving them the necessary permissions, and using IAM users for everyday interaction with AWS.

The permissions associated with the temporary security credentials returned by GetSessionToken are based on the permissions associated with account or IAM user whose credentials are used to call the action. If GetSessionToken is called using root account credentials, the temporary credentials have root account permissions. Similarly, if GetSessionToken is called using the credentials of an IAM user, the temporary credentials have the same permissions as the IAM user.

For more information about using GetSessionToken to create temporary credentials, go to Temporary Credentials for Users in Untrusted Environments in the IAM User Guide.

/// STS is not activated in the requested region for the account that is being asked to /// generate credentials. The account administrator must use the IAM console to activate /// STS in that region. For more information, see Activating /// and Deactivating AWS STS in an AWS Region in the IAM User Guide. ///
public GetSessionTokenAsync ( System cancellationToken = default(CancellationToken) ) : Task
cancellationToken System /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. ///
return Task

GetSessionTokenAsync() public method

/// STS is not activated in the requested region for the account that is being asked to /// generate credentials. The account administrator must use the IAM console to activate /// STS in that region. For more information, see Activating /// and Deactivating AWS STS in an AWS Region in the IAM User Guide. ///
public GetSessionTokenAsync ( GetSessionTokenResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void
callback GetSessionTokenResponse>.AmazonServiceCallback
options Amazon.Runtime.AsyncOptions /// A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property. ///
return void

GetSessionTokenAsync() public method

Initiates the asynchronous execution of the GetSessionToken operation.
public GetSessionTokenAsync ( GetSessionTokenRequest request, GetSessionTokenResponse>.AmazonServiceCallback callback, AsyncOptions options = null ) : void
request Amazon.SecurityToken.Model.GetSessionTokenRequest Container for the necessary parameters to execute the GetSessionToken operation on AmazonSecurityTokenServiceClient.
callback GetSessionTokenResponse>.AmazonServiceCallback An Action delegate that is invoked when the operation completes.
options Amazon.Runtime.AsyncOptions A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.
return void