GetSessionTokenRequest Class

.NET Framework 3.5
 
 
 
Did this page help you?  Yes  No   Tell us about it...
Container for the parameters to the GetSessionToken operation.

Returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use GetSessionToken if you want use MFA to protect programmatic calls to specific AWS APIs like Amazon EC2 StopInstances . MFA-enabled IAM users would need to call GetSessionToken and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that are returned from the call, IAM users can then make programmatic calls to APIs that require MFA authentication.

The GetSessionToken action must be called by using the long-term AWS security credentials of the AWS account or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify, between 900 seconds (15 minutes) and 129600 seconds (36 hours); credentials that are created by using account credentials have a maximum duration of 3600 seconds (1 hour).

The permissions that are granted to the federated user are the intersection of the policy that is passed with the GetSessionToken request and policies that are associated with of the entity making the GetSessionToken call.

For more information about using GetSessionToken to create temporary credentials, go to Creating Temporary Credentials to Enable Access for IAM Users in Using IAM .

Inheritance Hierarchy

System.Object
  Amazon.Runtime.AmazonWebServiceRequest
    Amazon.SecurityToken.Model.GetSessionTokenRequest

Namespace: Amazon.SecurityToken.Model
Assembly: AWSSDK.dll
Version: 2.0.0.3

Syntax

C# 
public class GetSessionTokenRequest : AmazonWebServiceRequest
         IRequestEvents

The GetSessionTokenRequest type exposes the following members

Constructors

  Name Description
Public Method GetSessionTokenRequest()

Properties

  Name Description
Public Property DurationSeconds The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129600 seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.

Constraints:Range900 - 129600
Public Property SerialNumber The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find the device for an IAM user by going to the AWS Management Console and viewing the user's security credentials.

Constraints:Length9 - 256Pattern[\w+=/:,.@-]*
Public Property TokenCode The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, and the user does not provide a code when requesting a set of temporary security credentials, the user will receive an "access denied" response when requesting resources that require MFA authentication.

Constraints:Length6 - 6Pattern[\d]*

Version Information

.NET Framework:
Supported in: 4.5, 4.0, 3.5

.NET for Windows Store apps:
Supported in: Windows 8

.NET for Windows Phone:
Supported in: Window Phone 8