aws_sdk_sts/operation/assume_root/builders.rs
1// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
2pub use crate::operation::assume_root::_assume_root_output::AssumeRootOutputBuilder;
3
4pub use crate::operation::assume_root::_assume_root_input::AssumeRootInputBuilder;
5
6impl crate::operation::assume_root::builders::AssumeRootInputBuilder {
7 /// Sends a request with this input using the given client.
8 pub async fn send_with(
9 self,
10 client: &crate::Client,
11 ) -> ::std::result::Result<
12 crate::operation::assume_root::AssumeRootOutput,
13 ::aws_smithy_runtime_api::client::result::SdkError<
14 crate::operation::assume_root::AssumeRootError,
15 ::aws_smithy_runtime_api::client::orchestrator::HttpResponse,
16 >,
17 > {
18 let mut fluent_builder = client.assume_root();
19 fluent_builder.inner = self;
20 fluent_builder.send().await
21 }
22}
23/// Fluent builder constructing a request to `AssumeRoot`.
24///
25/// <p>Returns a set of short term credentials you can use to perform privileged tasks on a member account in your organization. You must use credentials from an Organizations management account or a delegated administrator account for IAM to call <code>AssumeRoot</code>. You cannot use root user credentials to make this call.</p>
26/// <p>Before you can launch a privileged session, you must have centralized root access in your organization. For steps to enable this feature, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html">Centralize root access for member accounts</a> in the <i>IAM User Guide</i>.</p><note>
27/// <p>The STS global endpoint is not supported for AssumeRoot. You must send this request to a Regional STS endpoint. For more information, see <a href="https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html#sts-endpoints">Endpoints</a>.</p>
28/// </note>
29/// <p>You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a session. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html">Track privileged tasks in CloudTrail</a> in the <i>IAM User Guide</i>.</p>
30/// <p>When granting access to privileged tasks you should only grant the necessary permissions required to perform that task. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html">Security best practices in IAM</a>. In addition, you can use <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html">service control policies</a> (SCPs) to manage and limit permissions in your organization. See <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html">General examples</a> in the <i>Organizations User Guide</i> for more information on SCPs.</p>
31#[derive(::std::clone::Clone, ::std::fmt::Debug)]
32pub struct AssumeRootFluentBuilder {
33 handle: ::std::sync::Arc<crate::client::Handle>,
34 inner: crate::operation::assume_root::builders::AssumeRootInputBuilder,
35 config_override: ::std::option::Option<crate::config::Builder>,
36}
37impl
38 crate::client::customize::internal::CustomizableSend<
39 crate::operation::assume_root::AssumeRootOutput,
40 crate::operation::assume_root::AssumeRootError,
41 > for AssumeRootFluentBuilder
42{
43 fn send(
44 self,
45 config_override: crate::config::Builder,
46 ) -> crate::client::customize::internal::BoxFuture<
47 crate::client::customize::internal::SendResult<
48 crate::operation::assume_root::AssumeRootOutput,
49 crate::operation::assume_root::AssumeRootError,
50 >,
51 > {
52 ::std::boxed::Box::pin(async move { self.config_override(config_override).send().await })
53 }
54}
55impl AssumeRootFluentBuilder {
56 /// Creates a new `AssumeRootFluentBuilder`.
57 pub(crate) fn new(handle: ::std::sync::Arc<crate::client::Handle>) -> Self {
58 Self {
59 handle,
60 inner: ::std::default::Default::default(),
61 config_override: ::std::option::Option::None,
62 }
63 }
64 /// Access the AssumeRoot as a reference.
65 pub fn as_input(&self) -> &crate::operation::assume_root::builders::AssumeRootInputBuilder {
66 &self.inner
67 }
68 /// Sends the request and returns the response.
69 ///
70 /// If an error occurs, an `SdkError` will be returned with additional details that
71 /// can be matched against.
72 ///
73 /// By default, any retryable failures will be retried twice. Retry behavior
74 /// is configurable with the [RetryConfig](aws_smithy_types::retry::RetryConfig), which can be
75 /// set when configuring the client.
76 pub async fn send(
77 self,
78 ) -> ::std::result::Result<
79 crate::operation::assume_root::AssumeRootOutput,
80 ::aws_smithy_runtime_api::client::result::SdkError<
81 crate::operation::assume_root::AssumeRootError,
82 ::aws_smithy_runtime_api::client::orchestrator::HttpResponse,
83 >,
84 > {
85 let input = self
86 .inner
87 .build()
88 .map_err(::aws_smithy_runtime_api::client::result::SdkError::construction_failure)?;
89 let runtime_plugins = crate::operation::assume_root::AssumeRoot::operation_runtime_plugins(
90 self.handle.runtime_plugins.clone(),
91 &self.handle.conf,
92 self.config_override,
93 );
94 crate::operation::assume_root::AssumeRoot::orchestrate(&runtime_plugins, input).await
95 }
96
97 /// Consumes this builder, creating a customizable operation that can be modified before being sent.
98 pub fn customize(
99 self,
100 ) -> crate::client::customize::CustomizableOperation<
101 crate::operation::assume_root::AssumeRootOutput,
102 crate::operation::assume_root::AssumeRootError,
103 Self,
104 > {
105 crate::client::customize::CustomizableOperation::new(self)
106 }
107 pub(crate) fn config_override(mut self, config_override: impl ::std::convert::Into<crate::config::Builder>) -> Self {
108 self.set_config_override(::std::option::Option::Some(config_override.into()));
109 self
110 }
111
112 pub(crate) fn set_config_override(&mut self, config_override: ::std::option::Option<crate::config::Builder>) -> &mut Self {
113 self.config_override = config_override;
114 self
115 }
116 /// <p>The member account principal ARN or account ID.</p>
117 pub fn target_principal(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
118 self.inner = self.inner.target_principal(input.into());
119 self
120 }
121 /// <p>The member account principal ARN or account ID.</p>
122 pub fn set_target_principal(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
123 self.inner = self.inner.set_target_principal(input);
124 self
125 }
126 /// <p>The member account principal ARN or account ID.</p>
127 pub fn get_target_principal(&self) -> &::std::option::Option<::std::string::String> {
128 self.inner.get_target_principal()
129 }
130 /// <p>The identity based policy that scopes the session to the privileged tasks that can be performed. You must use one of following Amazon Web Services managed policies to scope root session actions:</p>
131 /// <ul>
132 /// <li>
133 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials">IAMAuditRootUserCredentials</a></p></li>
134 /// <li>
135 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword">IAMCreateRootUserPassword</a></p></li>
136 /// <li>
137 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials">IAMDeleteRootUserCredentials</a></p></li>
138 /// <li>
139 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy">S3UnlockBucketPolicy</a></p></li>
140 /// <li>
141 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy">SQSUnlockQueuePolicy</a></p></li>
142 /// </ul>
143 pub fn task_policy_arn(mut self, input: crate::types::PolicyDescriptorType) -> Self {
144 self.inner = self.inner.task_policy_arn(input);
145 self
146 }
147 /// <p>The identity based policy that scopes the session to the privileged tasks that can be performed. You must use one of following Amazon Web Services managed policies to scope root session actions:</p>
148 /// <ul>
149 /// <li>
150 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials">IAMAuditRootUserCredentials</a></p></li>
151 /// <li>
152 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword">IAMCreateRootUserPassword</a></p></li>
153 /// <li>
154 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials">IAMDeleteRootUserCredentials</a></p></li>
155 /// <li>
156 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy">S3UnlockBucketPolicy</a></p></li>
157 /// <li>
158 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy">SQSUnlockQueuePolicy</a></p></li>
159 /// </ul>
160 pub fn set_task_policy_arn(mut self, input: ::std::option::Option<crate::types::PolicyDescriptorType>) -> Self {
161 self.inner = self.inner.set_task_policy_arn(input);
162 self
163 }
164 /// <p>The identity based policy that scopes the session to the privileged tasks that can be performed. You must use one of following Amazon Web Services managed policies to scope root session actions:</p>
165 /// <ul>
166 /// <li>
167 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials">IAMAuditRootUserCredentials</a></p></li>
168 /// <li>
169 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword">IAMCreateRootUserPassword</a></p></li>
170 /// <li>
171 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials">IAMDeleteRootUserCredentials</a></p></li>
172 /// <li>
173 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy">S3UnlockBucketPolicy</a></p></li>
174 /// <li>
175 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy">SQSUnlockQueuePolicy</a></p></li>
176 /// </ul>
177 pub fn get_task_policy_arn(&self) -> &::std::option::Option<crate::types::PolicyDescriptorType> {
178 self.inner.get_task_policy_arn()
179 }
180 /// <p>The duration, in seconds, of the privileged session. The value can range from 0 seconds up to the maximum session duration of 900 seconds (15 minutes). If you specify a value higher than this setting, the operation fails.</p>
181 /// <p>By default, the value is set to <code>900</code> seconds.</p>
182 pub fn duration_seconds(mut self, input: i32) -> Self {
183 self.inner = self.inner.duration_seconds(input);
184 self
185 }
186 /// <p>The duration, in seconds, of the privileged session. The value can range from 0 seconds up to the maximum session duration of 900 seconds (15 minutes). If you specify a value higher than this setting, the operation fails.</p>
187 /// <p>By default, the value is set to <code>900</code> seconds.</p>
188 pub fn set_duration_seconds(mut self, input: ::std::option::Option<i32>) -> Self {
189 self.inner = self.inner.set_duration_seconds(input);
190 self
191 }
192 /// <p>The duration, in seconds, of the privileged session. The value can range from 0 seconds up to the maximum session duration of 900 seconds (15 minutes). If you specify a value higher than this setting, the operation fails.</p>
193 /// <p>By default, the value is set to <code>900</code> seconds.</p>
194 pub fn get_duration_seconds(&self) -> &::std::option::Option<i32> {
195 self.inner.get_duration_seconds()
196 }
197}