Open omus opened 3 years ago
mattBrzezinski
commented
3 years ago I'm not seeing what is missing here? The description taken from aws sts get-session-token help is the same as sts.jl?
The formatting doesn't match up, but the content is there.
omus
commented
3 years ago The formatting doesn't match up, but the content is there.
This issue is specifically about the formatting
CLI:
Returns a set of temporary credentials for an AWS account or IAM user.
The credentials consist of an access key ID, a secret access key, and a
security token. Typically, you use GetSessionToken if you want to use
MFA to protect programmatic calls to specific AWS API operations like
Amazon EC2 StopInstances . MFA-enabled IAM users would need to call
GetSessionToken and submit an MFA code that is associated with their
MFA device. Using the temporary security credentials that are returned
from the call, IAM users can then make programmatic calls to API opera-
tions that require MFA authentication. If you do not supply a correct
MFA code, then the API returns an access denied error. For a comparison
of GetSessionToken with the other API operations that produce temporary
credentials, see Requesting Temporary Security Credentials and
Comparing the AWS STS API operations in the IAM User Guide .
Session Duration
The GetSessionToken operation must be called by using the long-term AWS
security credentials of the AWS account root user or an IAM user. Cre-
dentials that are created by IAM users are valid for the duration that
you specify. This duration can range from 900 seconds (15 minutes) up
to a maximum of 129,600 seconds (36 hours), with a default of 43,200
seconds (12 hours). Credentials based on account credentials can range
from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a
default of 1 hour.
Permissions
The temporary security credentials created by GetSessionToken can be
used to make API calls to any AWS service with the following excep-
tions:
o You cannot call any IAM API operations unless MFA authentication
information is included in the request.
o You cannot call any STS API except AssumeRole or GetCallerIdentity .
NOTE:
We recommend that you do not call GetSessionToken with AWS account
root user credentials. Instead, follow our best practices by creat-
ing one or more IAM users, giving them the necessary permissions,
and using IAM users for everyday interaction with AWS.
The credentials that are returned by GetSessionToken are based on per-
missions associated with the user whose credentials were used to call
the operation. If GetSessionToken is called using AWS account root user
credentials, the temporary credentials have root user permissions. Sim-
ilarly, if GetSessionToken is called using the credentials of an IAM
user, the temporary credentials have the same permissions as the IAM
user.
For more information about using GetSessionToken to create temporary
credentials, go to Temporary Credentials for Users in Untrusted Envi-
ronments in the IAM User Guide .vs docstring:
Returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token.
Typically, you use GetSessionToken if you want to use MFA to protect programmatic calls to specific AWS API operations like Amazon EC2 StopInstances.
MFA-enabled IAM users would need to call GetSessionToken and submit an MFA code that is associated with their MFA device. Using the temporary security
credentials that are returned from the call, IAM users can then make programmatic calls to API operations that require MFA authentication. If you do not
supply a correct MFA code, then the API returns an access denied error. For a comparison of GetSessionToken with the other API operations that produce
temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS API operations in the IAM User Guide. Session Duration The
GetSessionToken operation must be called by using the long-term AWS security credentials of the AWS account root user or an IAM user. Credentials that are
created by IAM users are valid for the duration that you specify. This duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
hours), with a default of 43,200 seconds (12 hours). Credentials based on account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds (1
hour), with a default of 1 hour. Permissions The temporary security credentials created by GetSessionToken can be used to make API calls to any AWS service
with the following exceptions: You cannot call any IAM API operations unless MFA authentication information is included in the request. You cannot call any
STS API except AssumeRole or GetCallerIdentity. We recommend that you do not call GetSessionToken with AWS account root user credentials. Instead, follow our
best practices by creating one or more IAM users, giving them the necessary permissions, and using IAM users for everyday interaction with AWS. The
credentials that are returned by GetSessionToken are based on permissions associated with the user whose credentials were used to call the operation. If
GetSessionToken is called using AWS account root user credentials, the temporary credentials have root user permissions. Similarly, if GetSessionToken is
called using the credentials of an IAM user, the temporary credentials have the same permissions as the IAM user. For more information about using
GetSessionToken to create temporary credentials, go to Temporary Credentials for Users in Untrusted Environments in the IAM User Guide.Mainly I was thinking that the paragraph breaks, bullet points, and note sections go a long way for readability. There also is some bolding, underlying, and possibly some links included
omus
commented
3 years ago I haven't looked at the the data from which we're extracting the documentation but I expect these details are included
The formatting for the service function docstrings seems to be stripped at some point. I specifically was comparing
aws sts get-session-token helptoSTS.get_session_token