{ "Name" : "sts", "Actions" : [ { "Name" : "AssumeRole", "ActionConditionKeys" : [ "accounts.google.com:aud", "accounts.google.com:sub", "aws:RequestTag/${TagKey}", "aws:TagKeys", "cognito-identity.amazonaws.com:amr", "cognito-identity.amazonaws.com:aud", "cognito-identity.amazonaws.com:sub", "graph.facebook.com:app_id", "graph.facebook.com:id", "iam:ResourceTag/${TagKey}", "saml:namequalifier", "saml:sub", "saml:sub_type", "sts:ExternalId", "sts:RoleSessionName", "sts:SourceIdentity", "sts:TransitiveTagKeys", "www.amazon.com:app_id", "www.amazon.com:user_id" ], "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : true } }, "Resources" : [ { "Name" : "role" } ], "SupportedBy" : { "IAM Access Analyzer Policy Generation" : true, "IAM Action Last Accessed" : true } }, { "Name" : "AssumeRoleWithSAML", "ActionConditionKeys" : [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "saml:aud", "saml:cn", "saml:commonName", "saml:doc", "saml:eduorghomepageuri", "saml:eduorgidentityauthnpolicyuri", "saml:eduorglegalname", "saml:eduorgsuperioruri", "saml:eduorgwhitepagesuri", "saml:edupersonaffiliation", "saml:edupersonassurance", "saml:edupersonentitlement", "saml:edupersonnickname", "saml:edupersonorgdn", "saml:edupersonorgunitdn", "saml:edupersonprimaryaffiliation", "saml:edupersonprimaryorgunitdn", "saml:edupersonprincipalname", "saml:edupersonscopedaffiliation", "saml:edupersontargetedid", "saml:givenName", "saml:iss", "saml:mail", "saml:name", "saml:namequalifier", "saml:organizationStatus", "saml:primaryGroupSID", "saml:sub", "saml:sub_type", "saml:surname", "saml:uid", "saml:x500UniqueIdentifier", "sts:RoleSessionName", "sts:SourceIdentity", "sts:TransitiveTagKeys" ], "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : true } }, "Resources" : [ { "Name" : "role" } ], "SupportedBy" : { "IAM Access Analyzer Policy Generation" : true, "IAM Action Last Accessed" : true } }, { "Name" : "AssumeRoleWithWebIdentity", "ActionConditionKeys" : [ "accounts.google.com:aud", "accounts.google.com:oaud", "accounts.google.com:sub", "aws:RequestTag/${TagKey}", "aws:TagKeys", "cognito-identity.amazonaws.com:amr", "cognito-identity.amazonaws.com:aud", "cognito-identity.amazonaws.com:sub", "graph.facebook.com:app_id", "graph.facebook.com:id", "sts:RoleSessionName", "sts:SourceIdentity", "sts:TransitiveTagKeys", "www.amazon.com:app_id", "www.amazon.com:user_id" ], "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : true } }, "Resources" : [ { "Name" : "role" } ], "SupportedBy" : { "IAM Access Analyzer Policy Generation" : true, "IAM Action Last Accessed" : true } }, { "Name" : "AssumeRoot", "ActionConditionKeys" : [ "sts:TaskPolicyArn" ], "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : true } }, "Resources" : [ { "Name" : "root-user" } ], "SupportedBy" : { "IAM Access Analyzer Policy Generation" : false, "IAM Action Last Accessed" : false } }, { "Name" : "DecodeAuthorizationMessage", "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : true } }, "SupportedBy" : { "IAM Access Analyzer Policy Generation" : true, "IAM Action Last Accessed" : true } }, { "Name" : "GetAccessKeyInfo", "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : false } }, "SupportedBy" : { "IAM Access Analyzer Policy Generation" : true, "IAM Action Last Accessed" : true } }, { "Name" : "GetCallerIdentity", "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : false } }, "SupportedBy" : { "IAM Access Analyzer Policy Generation" : true, "IAM Action Last Accessed" : true } }, { "Name" : "GetDelegatedAccessToken", "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : true } }, "SupportedBy" : { "IAM Access Analyzer Policy Generation" : false, "IAM Action Last Accessed" : false } }, { "Name" : "GetFederationToken", "ActionConditionKeys" : [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : false } }, "Resources" : [ { "Name" : "federated-user" } ], "SupportedBy" : { "IAM Access Analyzer Policy Generation" : true, "IAM Action Last Accessed" : true } }, { "Name" : "GetServiceBearerToken", "ActionConditionKeys" : [ "sts:AWSServiceName", "sts:DurationSeconds" ], "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : false } }, "SupportedBy" : { "IAM Access Analyzer Policy Generation" : false, "IAM Action Last Accessed" : false } }, { "Name" : "GetSessionToken", "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : false } }, "SupportedBy" : { "IAM Access Analyzer Policy Generation" : true, "IAM Action Last Accessed" : true } }, { "Name" : "GetWebIdentityToken", "ActionConditionKeys" : [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "sts:DurationSeconds", "sts:IdentityTokenAudience", "sts:SigningAlgorithm" ], "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : true } }, "SupportedBy" : { "IAM Access Analyzer Policy Generation" : true, "IAM Action Last Accessed" : true } }, { "Name" : "SetContext", "ActionConditionKeys" : [ "sts:RequestContext/${ContextKey}", "sts:RequestContextProviders" ], "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : true } }, "Resources" : [ { "Name" : "role" }, { "Name" : "self-session" } ], "SupportedBy" : { "IAM Access Analyzer Policy Generation" : true, "IAM Action Last Accessed" : false } }, { "Name" : "SetSourceIdentity", "ActionConditionKeys" : [ "sts:SourceIdentity" ], "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : false, "IsWrite" : true } }, "Resources" : [ { "Name" : "role" } ], "SupportedBy" : { "IAM Access Analyzer Policy Generation" : false, "IAM Action Last Accessed" : false } }, { "Name" : "TagGetWebIdentityToken", "ActionConditionKeys" : [ "aws:RequestTag/${TagKey}", "aws:TagKeys" ], "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : true, "IsWrite" : true } }, "SupportedBy" : { "IAM Access Analyzer Policy Generation" : false, "IAM Action Last Accessed" : false } }, { "Name" : "TagSession", "ActionConditionKeys" : [ "aws:RequestTag/${TagKey}", "aws:TagKeys", "saml:aud", "sts:TransitiveTagKeys" ], "Annotations" : { "Properties" : { "IsList" : false, "IsPermissionManagement" : false, "IsTaggingOnly" : true, "IsWrite" : true } }, "Resources" : [ { "Name" : "role" } ], "SupportedBy" : { "IAM Access Analyzer Policy Generation" : false, "IAM Action Last Accessed" : false } } ], "ConditionKeys" : [ { "Name" : "accounts.google.com:aud", "Types" : [ "String" ] }, { "Name" : "accounts.google.com:oaud", "Types" : [ "String" ] }, { "Name" : "accounts.google.com:sub", "Types" : [ "String" ] }, { "Name" : "aws:RequestTag/${TagKey}", "Types" : [ "String" ] }, { "Name" : "aws:ResourceTag/${TagKey}", "Types" : [ "String" ] }, { "Name" : "aws:TagKeys", "Types" : [ "ArrayOfString" ] }, { "Name" : "cognito-identity.amazonaws.com:amr", "Types" : [ "String" ] }, { "Name" : "cognito-identity.amazonaws.com:aud", "Types" : [ "String" ] }, { "Name" : "cognito-identity.amazonaws.com:sub", "Types" : [ "String" ] }, { "Name" : "graph.facebook.com:app_id", "Types" : [ "String" ] }, { "Name" : "graph.facebook.com:id", "Types" : [ "String" ] }, { "Name" : "iam:ResourceTag/${TagKey}", "Types" : [ "String" ] }, { "Name" : "saml:aud", "Types" : [ "String" ] }, { "Name" : "saml:cn", "Types" : [ "ArrayOfString" ] }, { "Name" : "saml:commonName", "Types" : [ "String" ] }, { "Name" : "saml:doc", "Types" : [ "String" ] }, { "Name" : "saml:eduorghomepageuri", "Types" : [ "ArrayOfString" ] }, { "Name" : "saml:eduorgidentityauthnpolicyuri", "Types" : [ "ArrayOfString" ] }, { "Name" : "saml:eduorglegalname", "Types" : [ "ArrayOfString" ] }, { "Name" : "saml:eduorgsuperioruri", "Types" : [ "ArrayOfString" ] }, { "Name" : "saml:eduorgwhitepagesuri", "Types" : [ "ArrayOfString" ] }, { "Name" : "saml:edupersonaffiliation", "Types" : [ "ArrayOfString" ] }, { "Name" : "saml:edupersonassurance", "Types" : [ "ArrayOfString" ] }, { "Name" : "saml:edupersonentitlement", "Types" : [ "ArrayOfString" ] }, { "Name" : "saml:edupersonnickname", "Types" : [ "ArrayOfString" ] }, { "Name" : "saml:edupersonorgdn", "Types" : [ "String" ] }, { "Name" : "saml:edupersonorgunitdn", "Types" : [ "ArrayOfString" ] }, { "Name" : "saml:edupersonprimaryaffiliation", "Types" : [ "String" ] }, { "Name" : "saml:edupersonprimaryorgunitdn", "Types" : [ "String" ] }, { "Name" : "saml:edupersonprincipalname", "Types" : [ "String" ] }, { "Name" : "saml:edupersonscopedaffiliation", "Types" : [ "ArrayOfString" ] }, { "Name" : "saml:edupersontargetedid", "Types" : [ "ArrayOfString" ] }, { "Name" : "saml:givenName", "Types" : [ "String" ] }, { "Name" : "saml:iss", "Types" : [ "String" ] }, { "Name" : "saml:mail", "Types" : [ "String" ] }, { "Name" : "saml:name", "Types" : [ "String" ] }, { "Name" : "saml:namequalifier", "Types" : [ "String" ] }, { "Name" : "saml:organizationStatus", "Types" : [ "String" ] }, { "Name" : "saml:primaryGroupSID", "Types" : [ "String" ] }, { "Name" : "saml:sub", "Types" : [ "String" ] }, { "Name" : "saml:sub_type", "Types" : [ "String" ] }, { "Name" : "saml:surname", "Types" : [ "String" ] }, { "Name" : "saml:uid", "Types" : [ "String" ] }, { "Name" : "saml:x500UniqueIdentifier", "Types" : [ "String" ] }, { "Name" : "sts:AWSServiceName", "Types" : [ "String" ] }, { "Name" : "sts:DurationSeconds", "Types" : [ "Numeric" ] }, { "Name" : "sts:ExternalId", "Types" : [ "String" ] }, { "Name" : "sts:IdentityTokenAudience", "Types" : [ "ArrayOfString" ] }, { "Name" : "sts:RequestContext/${ContextKey}", "Types" : [ "String" ] }, { "Name" : "sts:RequestContextProviders", "Types" : [ "ArrayOfARN" ] }, { "Name" : "sts:RoleSessionName", "Types" : [ "String" ] }, { "Name" : "sts:SigningAlgorithm", "Types" : [ "String" ] }, { "Name" : "sts:SourceIdentity", "Types" : [ "String" ] }, { "Name" : "sts:TaskPolicyArn", "Types" : [ "ARN" ] }, { "Name" : "sts:TransitiveTagKeys", "Types" : [ "ArrayOfString" ] }, { "Name" : "www.amazon.com:app_id", "Types" : [ "String" ] }, { "Name" : "www.amazon.com:user_id", "Types" : [ "String" ] } ], "Operations" : [ { "Name" : "AssumeRole", "AuthorizedActions" : [ { "Name" : "AssumeRole", "Service" : "sts" }, { "Name" : "SetContext", "Service" : "sts" }, { "Name" : "SetSourceIdentity", "Service" : "sts" }, { "Name" : "TagSession", "Service" : "sts" } ], "SDK" : [ { "Name" : "sts", "Method" : "assume_role", "Package" : "Boto3" } ] }, { "Name" : "AssumeRoleWithSAML", "SDK" : [ { "Name" : "sts", "Method" : "assume_role_with_saml", "Package" : "Boto3" } ] }, { "Name" : "AssumeRoleWithWebIdentity", "SDK" : [ { "Name" : "sts", "Method" : "assume_role_with_web_identity", "Package" : "Boto3" } ] }, { "Name" : "AssumeRoot", "AuthorizedActions" : [ { "Name" : "AssumeRoot", "Service" : "sts" } ], "SDK" : [ { "Name" : "sts", "Method" : "assume_root", "Package" : "Boto3" } ] }, { "Name" : "DecodeAuthorizationMessage", "AuthorizedActions" : [ { "Name" : "DecodeAuthorizationMessage", "Service" : "sts" } ], "SDK" : [ { "Name" : "sts", "Method" : "decode_authorization_message", "Package" : "Boto3" } ] }, { "Name" : "GetAccessKeyInfo", "AuthorizedActions" : [ { "Name" : "GetAccessKeyInfo", "Service" : "sts" } ], "SDK" : [ { "Name" : "sts", "Method" : "get_access_key_info", "Package" : "Boto3" } ] }, { "Name" : "GetCallerIdentity", "AuthorizedActions" : [ { "Name" : "GetCallerIdentity", "Service" : "sts" } ], "SDK" : [ { "Name" : "sts", "Method" : "get_caller_identity", "Package" : "Boto3" } ] }, { "Name" : "GetDelegatedAccessToken", "AuthorizedActions" : [ { "Name" : "GetDelegatedAccessToken", "Service" : "sts" } ], "SDK" : [ { "Name" : "sts", "Method" : "get_delegated_access_token", "Package" : "Boto3" } ] }, { "Name" : "GetFederationToken", "AuthorizedActions" : [ { "Name" : "GetFederationToken", "Service" : "sts" }, { "Name" : "TagSession", "Service" : "sts" } ], "SDK" : [ { "Name" : "sts", "Method" : "get_federation_token", "Package" : "Boto3" } ] }, { "Name" : "GetSessionToken", "AuthorizedActions" : [ { "Name" : "GetSessionToken", "Service" : "sts" } ], "SDK" : [ { "Name" : "sts", "Method" : "get_session_token", "Package" : "Boto3" } ] }, { "Name" : "GetWebIdentityToken", "AuthorizedActions" : [ { "Name" : "GetWebIdentityToken", "Service" : "sts" }, { "Name" : "TagGetWebIdentityToken", "Service" : "sts" } ], "SDK" : [ { "Name" : "sts", "Method" : "get_web_identity_token", "Package" : "Boto3" } ] } ], "Resources" : [ { "Name" : "context-provider", "ARNFormats" : [ "arn:${Partition}:iam::aws:contextProvider/${ContextProviderName}" ] }, { "Name" : "federated-user", "ARNFormats" : [ "arn:${Partition}:sts::${Account}:federated-user/${FederatedUserName}" ] }, { "Name" : "role", "ARNFormats" : [ "arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}" ], "ConditionKeys" : [ "aws:ResourceTag/${TagKey}", "iam:ResourceTag/${TagKey}" ] }, { "Name" : "root-user", "ARNFormats" : [ "arn:${Partition}:iam::${Account}:root" ] }, { "Name" : "self-session", "ARNFormats" : [ "arn:${Partition}:sts::${Account}:self" ] } ], "Version" : "v1.4" }