Qodex.ai

Assume Role With Web Identity

GET {{aws_security_token_service_aws_sts_base_url}}/?DurationSeconds&Policy&PolicyArns.member.N&ProviderId&RoleArn&RoleSessionName&WebIdentityToken&Version=2011-06-15

Request Params

KeyDatatypeRequiredDescription
DurationSecondsnullThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.
PolicynullAn IAM policy in JSON format that you want to use as an inline session policy.
PolicyArns.member.NnullThe Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.
ProviderIdnullThe fully qualified host component of the domain name of the identity provider.
RoleArnnullThe Amazon Resource Name (ARN) of the role that the caller is assuming.
RoleSessionNamenullAn identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.
WebIdentityTokennullThe OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.
VersionstringThe version of the API.