Guides

STS

Suggest Edits
docs.aws.amazon.com
AWS documentation

AssumeRole

valid {
    input.Body.RoleArn == STRING
    input.Body.RoleSessionName == STRING
    input.Body.PolicyArns[_].arn == STRING
    input.Body.Policy == STRING
    input.Body.DurationSeconds == INTEGER
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.Body.TransitiveTagKeys[_] == STRING
    input.Body.ExternalId == STRING
    input.Body.SerialNumber == STRING
    input.Body.TokenCode == STRING
    input.Body.SourceIdentity == STRING
    input.Body.ProvidedContexts[_].ProviderArn == STRING
    input.Body.ProvidedContexts[_].ContextAssertion == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssumeRoleWithSAML

valid {
    input.Body.RoleArn == STRING
    input.Body.PrincipalArn == STRING
    input.Body.SAMLAssertion == STRING
    input.Body.PolicyArns[_].arn == STRING
    input.Body.Policy == STRING
    input.Body.DurationSeconds == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssumeRoleWithWebIdentity

valid {
    input.Body.RoleArn == STRING
    input.Body.RoleSessionName == STRING
    input.Body.WebIdentityToken == STRING
    input.Body.ProviderId == STRING
    input.Body.PolicyArns[_].arn == STRING
    input.Body.Policy == STRING
    input.Body.DurationSeconds == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssumeRoot

valid {
    input.Body.TargetPrincipal == STRING
    input.Body.TaskPolicyArn.arn == STRING
    input.Body.DurationSeconds == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DecodeAuthorizationMessage

valid {
    input.Body.EncodedMessage == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetAccessKeyInfo

valid {
    input.Body.AccessKeyId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetCallerIdentity

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetFederationToken

valid {
    input.Body.Name == STRING
    input.Body.Policy == STRING
    input.Body.PolicyArns[_].arn == STRING
    input.Body.DurationSeconds == INTEGER
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetSessionToken

valid {
    input.Body.DurationSeconds == INTEGER
    input.Body.SerialNumber == STRING
    input.Body.TokenCode == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

Updated 1 day ago