@@ -121,16 +121,16 @@ public interface AWSSecurityTokenService {
121121 * "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session"
122122 * >session policies</a> to this operation. You can pass a single JSON
123123 * policy document to use as an inline session policy. You can also specify
124- * up to 10 managed policies to use as managed session policies. The
125- * plaintext that you use for both inline and managed session policies can't
126- * exceed 2,048 characters. Passing policies to this operation returns new
127- * temporary credentials. The resulting session's permissions are the
128- * intersection of the role's identity-based policy and the session
129- * policies. You can use the role's temporary credentials in subsequent
130- * Amazon Web Services API calls to access resources in the account that
131- * owns the role. You cannot use session policies to grant more permissions
132- * than those allowed by the identity-based policy of the role that is being
133- * assumed. For more information, see <a href=
124+ * up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
125+ * session policies. The plaintext that you use for both inline and managed
126+ * session policies can't exceed 2,048 characters. Passing policies to this
127+ * operation returns new temporary credentials. The resulting session's
128+ * permissions are the intersection of the role's identity-based policy and
129+ * the session policies. You can use the role's temporary credentials in
130+ * subsequent Amazon Web Services API calls to access resources in the
131+ * account that owns the role. You cannot use session policies to grant more
132+ * permissions than those allowed by the identity-based policy of the role
133+ * that is being assumed. For more information, see <a href=
134134 * "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session"
135135 * >Session Policies</a> in the <i>IAM User Guide</i>.
136136 * </p>
@@ -328,16 +328,16 @@ AssumeRoleResult assumeRole(AssumeRoleRequest assumeRoleRequest) throws AmazonCl
328328 * "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session"
329329 * >session policies</a> to this operation. You can pass a single JSON
330330 * policy document to use as an inline session policy. You can also specify
331- * up to 10 managed policies to use as managed session policies. The
332- * plaintext that you use for both inline and managed session policies can't
333- * exceed 2,048 characters. Passing policies to this operation returns new
334- * temporary credentials. The resulting session's permissions are the
335- * intersection of the role's identity-based policy and the session
336- * policies. You can use the role's temporary credentials in subsequent
337- * Amazon Web Services API calls to access resources in the account that
338- * owns the role. You cannot use session policies to grant more permissions
339- * than those allowed by the identity-based policy of the role that is being
340- * assumed. For more information, see <a href=
331+ * up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
332+ * session policies. The plaintext that you use for both inline and managed
333+ * session policies can't exceed 2,048 characters. Passing policies to this
334+ * operation returns new temporary credentials. The resulting session's
335+ * permissions are the intersection of the role's identity-based policy and
336+ * the session policies. You can use the role's temporary credentials in
337+ * subsequent Amazon Web Services API calls to access resources in the
338+ * account that owns the role. You cannot use session policies to grant more
339+ * permissions than those allowed by the identity-based policy of the role
340+ * that is being assumed. For more information, see <a href=
341341 * "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session"
342342 * >Session Policies</a> in the <i>IAM User Guide</i>.
343343 * </p>
@@ -377,12 +377,13 @@ AssumeRoleResult assumeRole(AssumeRoleRequest assumeRoleRequest) throws AmazonCl
377377 * </p>
378378 * <note>
379379 * <p>
380- * An Amazon Web Services conversion compresses the passed session policies
381- * and session tags into a packed binary format that has a separate limit.
382- * Your request can fail for this limit even if your plaintext meets the
383- * other requirements. The <code>PackedPolicySize</code> response element
384- * indicates by percentage how close the policies and tags for your request
385- * are to the upper size limit.
380+ * An Amazon Web Services conversion compresses the passed inline session
381+ * policy, managed policy ARNs, and session tags into a packed binary format
382+ * that has a separate limit. Your request can fail for this limit even if
383+ * your plaintext meets the other requirements. The
384+ * <code>PackedPolicySize</code> response element indicates by percentage
385+ * how close the policies and tags for your request are to the upper size
386+ * limit.
386387 * </p>
387388 * </note>
388389 * <p>
@@ -561,16 +562,16 @@ AssumeRoleWithSAMLResult assumeRoleWithSAML(AssumeRoleWithSAMLRequest assumeRole
561562 * "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session"
562563 * >session policies</a> to this operation. You can pass a single JSON
563564 * policy document to use as an inline session policy. You can also specify
564- * up to 10 managed policies to use as managed session policies. The
565- * plaintext that you use for both inline and managed session policies can't
566- * exceed 2,048 characters. Passing policies to this operation returns new
567- * temporary credentials. The resulting session's permissions are the
568- * intersection of the role's identity-based policy and the session
569- * policies. You can use the role's temporary credentials in subsequent
570- * Amazon Web Services API calls to access resources in the account that
571- * owns the role. You cannot use session policies to grant more permissions
572- * than those allowed by the identity-based policy of the role that is being
573- * assumed. For more information, see <a href=
565+ * up to 10 managed policy Amazon Resource Names (ARNs) to use as managed
566+ * session policies. The plaintext that you use for both inline and managed
567+ * session policies can't exceed 2,048 characters. Passing policies to this
568+ * operation returns new temporary credentials. The resulting session's
569+ * permissions are the intersection of the role's identity-based policy and
570+ * the session policies. You can use the role's temporary credentials in
571+ * subsequent Amazon Web Services API calls to access resources in the
572+ * account that owns the role. You cannot use session policies to grant more
573+ * permissions than those allowed by the identity-based policy of the role
574+ * that is being assumed. For more information, see <a href=
574575 * "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session"
575576 * >Session Policies</a> in the <i>IAM User Guide</i>.
576577 * </p>
@@ -594,12 +595,13 @@ AssumeRoleWithSAMLResult assumeRoleWithSAML(AssumeRoleWithSAMLRequest assumeRole
594595 * </p>
595596 * <note>
596597 * <p>
597- * An Amazon Web Services conversion compresses the passed session policies
598- * and session tags into a packed binary format that has a separate limit.
599- * Your request can fail for this limit even if your plaintext meets the
600- * other requirements. The <code>PackedPolicySize</code> response element
601- * indicates by percentage how close the policies and tags for your request
602- * are to the upper size limit.
598+ * An Amazon Web Services conversion compresses the passed inline session
599+ * policy, managed policy ARNs, and session tags into a packed binary format
600+ * that has a separate limit. Your request can fail for this limit even if
601+ * your plaintext meets the other requirements. The
602+ * <code>PackedPolicySize</code> response element indicates by percentage
603+ * how close the policies and tags for your request are to the upper size
604+ * limit.
603605 * </p>
604606 * </note>
605607 * <p>
@@ -957,9 +959,9 @@ GetCallerIdentityResult getCallerIdentity(GetCallerIdentityRequest getCallerIden
957959 * "https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session"
958960 * >session policy</a> to this operation. You can pass a single JSON policy
959961 * document to use as an inline session policy. You can also specify up to
960- * 10 managed policies to use as managed session policies. The plaintext
961- * that you use for both inline and managed session policies can't exceed
962- * 2,048 characters.
962+ * 10 managed policy Amazon Resource Names (ARNs) to use as managed session
963+ * policies. The plaintext that you use for both inline and managed session
964+ * policies can't exceed 2,048 characters.
963965 * </p>
964966 * <p>
965967 * Though the session policy parameters are optional, if you do not pass a
0 commit comments