aws_sdk_sts/operation/assume_root/builders.rs
1// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
2pub use crate::operation::assume_root::_assume_root_output::AssumeRootOutputBuilder;
3
4pub use crate::operation::assume_root::_assume_root_input::AssumeRootInputBuilder;
5
6impl crate::operation::assume_root::builders::AssumeRootInputBuilder {
7 /// Sends a request with this input using the given client.
8 pub async fn send_with(
9 self,
10 client: &crate::Client,
11 ) -> ::std::result::Result<
12 crate::operation::assume_root::AssumeRootOutput,
13 ::aws_smithy_runtime_api::client::result::SdkError<
14 crate::operation::assume_root::AssumeRootError,
15 ::aws_smithy_runtime_api::client::orchestrator::HttpResponse,
16 >,
17 > {
18 let mut fluent_builder = client.assume_root();
19 fluent_builder.inner = self;
20 fluent_builder.send().await
21 }
22}
23/// Fluent builder constructing a request to `AssumeRoot`.
24///
25/// <p>Returns a set of short term credentials you can use to perform privileged tasks on a member account in your organization.</p>
26/// <p>Before you can launch a privileged session, you must have centralized root access in your organization. For steps to enable this feature, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html">Centralize root access for member accounts</a> in the <i>IAM User Guide</i>.</p><note>
27/// <p>The STS global endpoint is not supported for AssumeRoot. You must send this request to a Regional STS endpoint. For more information, see <a href="https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html#sts-endpoints">Endpoints</a>.</p>
28/// </note>
29/// <p>You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a session. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html">Track privileged tasks in CloudTrail</a> in the <i>IAM User Guide</i>.</p>
30#[derive(::std::clone::Clone, ::std::fmt::Debug)]
31pub struct AssumeRootFluentBuilder {
32 handle: ::std::sync::Arc<crate::client::Handle>,
33 inner: crate::operation::assume_root::builders::AssumeRootInputBuilder,
34 config_override: ::std::option::Option<crate::config::Builder>,
35}
36impl
37 crate::client::customize::internal::CustomizableSend<
38 crate::operation::assume_root::AssumeRootOutput,
39 crate::operation::assume_root::AssumeRootError,
40 > for AssumeRootFluentBuilder
41{
42 fn send(
43 self,
44 config_override: crate::config::Builder,
45 ) -> crate::client::customize::internal::BoxFuture<
46 crate::client::customize::internal::SendResult<
47 crate::operation::assume_root::AssumeRootOutput,
48 crate::operation::assume_root::AssumeRootError,
49 >,
50 > {
51 ::std::boxed::Box::pin(async move { self.config_override(config_override).send().await })
52 }
53}
54impl AssumeRootFluentBuilder {
55 /// Creates a new `AssumeRootFluentBuilder`.
56 pub(crate) fn new(handle: ::std::sync::Arc<crate::client::Handle>) -> Self {
57 Self {
58 handle,
59 inner: ::std::default::Default::default(),
60 config_override: ::std::option::Option::None,
61 }
62 }
63 /// Access the AssumeRoot as a reference.
64 pub fn as_input(&self) -> &crate::operation::assume_root::builders::AssumeRootInputBuilder {
65 &self.inner
66 }
67 /// Sends the request and returns the response.
68 ///
69 /// If an error occurs, an `SdkError` will be returned with additional details that
70 /// can be matched against.
71 ///
72 /// By default, any retryable failures will be retried twice. Retry behavior
73 /// is configurable with the [RetryConfig](aws_smithy_types::retry::RetryConfig), which can be
74 /// set when configuring the client.
75 pub async fn send(
76 self,
77 ) -> ::std::result::Result<
78 crate::operation::assume_root::AssumeRootOutput,
79 ::aws_smithy_runtime_api::client::result::SdkError<
80 crate::operation::assume_root::AssumeRootError,
81 ::aws_smithy_runtime_api::client::orchestrator::HttpResponse,
82 >,
83 > {
84 let input = self
85 .inner
86 .build()
87 .map_err(::aws_smithy_runtime_api::client::result::SdkError::construction_failure)?;
88 let runtime_plugins = crate::operation::assume_root::AssumeRoot::operation_runtime_plugins(
89 self.handle.runtime_plugins.clone(),
90 &self.handle.conf,
91 self.config_override,
92 );
93 crate::operation::assume_root::AssumeRoot::orchestrate(&runtime_plugins, input).await
94 }
95
96 /// Consumes this builder, creating a customizable operation that can be modified before being sent.
97 pub fn customize(
98 self,
99 ) -> crate::client::customize::CustomizableOperation<
100 crate::operation::assume_root::AssumeRootOutput,
101 crate::operation::assume_root::AssumeRootError,
102 Self,
103 > {
104 crate::client::customize::CustomizableOperation::new(self)
105 }
106 pub(crate) fn config_override(mut self, config_override: impl ::std::convert::Into<crate::config::Builder>) -> Self {
107 self.set_config_override(::std::option::Option::Some(config_override.into()));
108 self
109 }
110
111 pub(crate) fn set_config_override(&mut self, config_override: ::std::option::Option<crate::config::Builder>) -> &mut Self {
112 self.config_override = config_override;
113 self
114 }
115 /// <p>The member account principal ARN or account ID.</p>
116 pub fn target_principal(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
117 self.inner = self.inner.target_principal(input.into());
118 self
119 }
120 /// <p>The member account principal ARN or account ID.</p>
121 pub fn set_target_principal(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
122 self.inner = self.inner.set_target_principal(input);
123 self
124 }
125 /// <p>The member account principal ARN or account ID.</p>
126 pub fn get_target_principal(&self) -> &::std::option::Option<::std::string::String> {
127 self.inner.get_target_principal()
128 }
129 /// <p>The identity based policy that scopes the session to the privileged tasks that can be performed. You can use one of following Amazon Web Services managed policies to scope root session actions.</p>
130 /// <ul>
131 /// <li>
132 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials">IAMAuditRootUserCredentials</a></p></li>
133 /// <li>
134 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword">IAMCreateRootUserPassword</a></p></li>
135 /// <li>
136 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials">IAMDeleteRootUserCredentials</a></p></li>
137 /// <li>
138 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy">S3UnlockBucketPolicy</a></p></li>
139 /// <li>
140 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy">SQSUnlockQueuePolicy</a></p></li>
141 /// </ul>
142 pub fn task_policy_arn(mut self, input: crate::types::PolicyDescriptorType) -> Self {
143 self.inner = self.inner.task_policy_arn(input);
144 self
145 }
146 /// <p>The identity based policy that scopes the session to the privileged tasks that can be performed. You can use one of following Amazon Web Services managed policies to scope root session actions.</p>
147 /// <ul>
148 /// <li>
149 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials">IAMAuditRootUserCredentials</a></p></li>
150 /// <li>
151 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword">IAMCreateRootUserPassword</a></p></li>
152 /// <li>
153 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials">IAMDeleteRootUserCredentials</a></p></li>
154 /// <li>
155 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy">S3UnlockBucketPolicy</a></p></li>
156 /// <li>
157 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy">SQSUnlockQueuePolicy</a></p></li>
158 /// </ul>
159 pub fn set_task_policy_arn(mut self, input: ::std::option::Option<crate::types::PolicyDescriptorType>) -> Self {
160 self.inner = self.inner.set_task_policy_arn(input);
161 self
162 }
163 /// <p>The identity based policy that scopes the session to the privileged tasks that can be performed. You can use one of following Amazon Web Services managed policies to scope root session actions.</p>
164 /// <ul>
165 /// <li>
166 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials">IAMAuditRootUserCredentials</a></p></li>
167 /// <li>
168 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword">IAMCreateRootUserPassword</a></p></li>
169 /// <li>
170 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials">IAMDeleteRootUserCredentials</a></p></li>
171 /// <li>
172 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy">S3UnlockBucketPolicy</a></p></li>
173 /// <li>
174 /// <p><a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy">SQSUnlockQueuePolicy</a></p></li>
175 /// </ul>
176 pub fn get_task_policy_arn(&self) -> &::std::option::Option<crate::types::PolicyDescriptorType> {
177 self.inner.get_task_policy_arn()
178 }
179 /// <p>The duration, in seconds, of the privileged session. The value can range from 0 seconds up to the maximum session duration of 900 seconds (15 minutes). If you specify a value higher than this setting, the operation fails.</p>
180 /// <p>By default, the value is set to <code>900</code> seconds.</p>
181 pub fn duration_seconds(mut self, input: i32) -> Self {
182 self.inner = self.inner.duration_seconds(input);
183 self
184 }
185 /// <p>The duration, in seconds, of the privileged session. The value can range from 0 seconds up to the maximum session duration of 900 seconds (15 minutes). If you specify a value higher than this setting, the operation fails.</p>
186 /// <p>By default, the value is set to <code>900</code> seconds.</p>
187 pub fn set_duration_seconds(mut self, input: ::std::option::Option<i32>) -> Self {
188 self.inner = self.inner.set_duration_seconds(input);
189 self
190 }
191 /// <p>The duration, in seconds, of the privileged session. The value can range from 0 seconds up to the maximum session duration of 900 seconds (15 minutes). If you specify a value higher than this setting, the operation fails.</p>
192 /// <p>By default, the value is set to <code>900</code> seconds.</p>
193 pub fn get_duration_seconds(&self) -> &::std::option::Option<i32> {
194 self.inner.get_duration_seconds()
195 }
196}