IAM Roles Anywhere Update: This release relaxes constraints on the durationSeconds request parameter for the *Profile APIs that support it. This parameter can now take on values that go up to 43200.

AWS · AWS · commit 03598f1982da · 2024-03-22T18:08:24.000Z
diff --git a/.changes/next-release/feature-IAMRolesAnywhere-cadb7d3.json b/.changes/next-release/feature-IAMRolesAnywhere-cadb7d3.json
@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "IAM Roles Anywhere",
+    "contributor": "",
+    "description": "This release relaxes constraints on the durationSeconds request parameter for the *Profile APIs that support it. This parameter can now take on values that go up to 43200."
+}
diff --git a/services/rolesanywhere/src/main/resources/codegen-resources/endpoint-rule-set.json b/services/rolesanywhere/src/main/resources/codegen-resources/endpoint-rule-set.json
@@ -40,7 +40,6 @@
                     ]
                 }
             ],
-            "type": "tree",
             "rules": [
                 {
                     "conditions": [
@@ -83,7 +82,8 @@
                     },
                     "type": "endpoint"
                 }
-            ]
+            ],
+            "type": "tree"
         },
         {
             "conditions": [
@@ -96,7 +96,6 @@
                     ]
                 }
             ],
-            "type": "tree",
             "rules": [
                 {
                     "conditions": [
@@ -110,7 +109,6 @@
                             "assign": "PartitionResult"
                         }
                     ],
-                    "type": "tree",
                     "rules": [
                         {
                             "conditions": [
@@ -133,7 +131,6 @@
                                     ]
                                 }
                             ],
-                            "type": "tree",
                             "rules": [
                                 {
                                     "conditions": [
@@ -168,7 +165,6 @@
                                             ]
                                         }
                                     ],
-                                    "type": "tree",
                                     "rules": [
                                         {
                                             "conditions": [],
@@ -179,14 +175,16 @@
                                             },
                                             "type": "endpoint"
                                         }
-                                    ]
+                                    ],
+                                    "type": "tree"
                                 },
                                 {
                                     "conditions": [],
                                     "error": "FIPS and DualStack are enabled, but this partition does not support one or both",
                                     "type": "error"
                                 }
-                            ]
+                            ],
+                            "type": "tree"
                         },
                         {
                             "conditions": [
@@ -200,14 +198,12 @@
                                     ]
                                 }
                             ],
-                            "type": "tree",
                             "rules": [
                                 {
                                     "conditions": [
                                         {
                                             "fn": "booleanEquals",
                                             "argv": [
-                                                true,
                                                 {
                                                     "fn": "getAttr",
                                                     "argv": [
@@ -216,11 +212,11 @@
                                                         },
                                                         "supportsFIPS"
                                                     ]
-                                                }
+                                                },
+                                                true
                                             ]
                                         }
                                     ],
-                                    "type": "tree",
                                     "rules": [
                                         {
                                             "conditions": [],
@@ -231,14 +227,16 @@
                                             },
                                             "type": "endpoint"
                                         }
-                                    ]
+                                    ],
+                                    "type": "tree"
                                 },
                                 {
                                     "conditions": [],
                                     "error": "FIPS is enabled but this partition does not support FIPS",
                                     "type": "error"
                                 }
-                            ]
+                            ],
+                            "type": "tree"
                         },
                         {
                             "conditions": [
@@ -252,7 +250,6 @@
                                     ]
                                 }
                             ],
-                            "type": "tree",
                             "rules": [
                                 {
                                     "conditions": [
@@ -272,7 +269,6 @@
                                             ]
                                         }
                                     ],
-                                    "type": "tree",
                                     "rules": [
                                         {
                                             "conditions": [],
@@ -283,14 +279,16 @@
                                             },
                                             "type": "endpoint"
                                         }
-                                    ]
+                                    ],
+                                    "type": "tree"
                                 },
                                 {
                                     "conditions": [],
                                     "error": "DualStack is enabled but this partition does not support DualStack",
                                     "type": "error"
                                 }
-                            ]
+                            ],
+                            "type": "tree"
                         },
                         {
                             "conditions": [],
@@ -301,9 +299,11 @@
                             },
                             "type": "endpoint"
                         }
-                    ]
+                    ],
+                    "type": "tree"
                 }
-            ]
+            ],
+            "type": "tree"
         },
         {
             "conditions": [],
diff --git a/services/rolesanywhere/src/main/resources/codegen-resources/service-2.json b/services/rolesanywhere/src/main/resources/codegen-resources/service-2.json
@@ -253,7 +253,7 @@
         {"shape":"ValidationException"},
         {"shape":"AccessDeniedException"}
       ],
-      "documentation":"<p>Imports the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the CRL before issuing credentials. </p> <p> <b>Required permissions: </b> <code>rolesanywhere:ImportCrl</code>. </p>"
+      "documentation":"<p>Imports the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA).In order to be properly imported, a CRL must be in PEM format. IAM Roles Anywhere validates against the CRL before issuing credentials. </p> <p> <b>Required permissions: </b> <code>rolesanywhere:ImportCrl</code>. </p>"
     },
     "ListCrls":{
       "name":"ListCrls",
@@ -479,7 +479,7 @@
       "members":{
         "durationSeconds":{
           "shape":"CreateProfileRequestDurationSecondsInteger",
-          "documentation":"<p> The number of seconds the vended session credentials are valid for. </p>"
+          "documentation":"<p> Used to determine how long sessions vended using this profile are valid for. See the <code>Expiration</code> section of the <a href=\"https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html#credentials-object\">CreateSession API documentation</a> page for more details. </p>"
         },
         "enabled":{
           "shape":"Boolean",
@@ -514,7 +514,7 @@
     "CreateProfileRequestDurationSecondsInteger":{
       "type":"integer",
       "box":true,
-      "max":3600,
+      "max":43200,
       "min":900
     },
     "CreateTrustAnchorRequest":{
@@ -952,7 +952,7 @@
         },
         "durationSeconds":{
           "shape":"Integer",
-          "documentation":"<p> The number of seconds the vended session credentials are valid for. </p>"
+          "documentation":"<p> Used to determine how long sessions vended using this profile are valid for. See the <code>Expiration</code> section of the <a href=\"https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html#credentials-object\">CreateSession API documentation</a> page for more details. </p>"
         },
         "enabled":{
           "shape":"Boolean",
@@ -1457,7 +1457,7 @@
       "members":{
         "durationSeconds":{
           "shape":"UpdateProfileRequestDurationSecondsInteger",
-          "documentation":"<p> The number of seconds the vended session credentials are valid for. </p>"
+          "documentation":"<p> Used to determine how long sessions vended using this profile are valid for. See the <code>Expiration</code> section of the <a href=\"https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html#credentials-object\">CreateSession API documentation</a> page for more details. </p>"
         },
         "managedPolicyArns":{
           "shape":"ManagedPolicyList",
@@ -1486,7 +1486,7 @@
     "UpdateProfileRequestDurationSecondsInteger":{
       "type":"integer",
       "box":true,
-      "max":3600,
+      "max":43200,
       "min":900
     },
     "UpdateProfileRequestSessionPolicyString":{

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,6 @@`
`40`	`40`	`]`
`41`	`41`	`}`
`42`	`42`	`],`
`43`		`- "type": "tree",`
`44`	`43`	`"rules": [`
`45`	`44`	`{`
`46`	`45`	`"conditions": [`
`@@ -83,7 +82,8 @@`
`83`	`82`	`},`
`84`	`83`	`"type": "endpoint"`
`85`	`84`	`}`
`86`		`- ]`
	`85`	`+ ],`
	`86`	`+ "type": "tree"`
`87`	`87`	`},`
`88`	`88`	`{`
`89`	`89`	`"conditions": [`
`@@ -96,7 +96,6 @@`
`96`	`96`	`]`
`97`	`97`	`}`
`98`	`98`	`],`
`99`		`- "type": "tree",`
`100`	`99`	`"rules": [`
`101`	`100`	`{`
`102`	`101`	`"conditions": [`
`@@ -110,7 +109,6 @@`
`110`	`109`	`"assign": "PartitionResult"`
`111`	`110`	`}`
`112`	`111`	`],`
`113`		`- "type": "tree",`
`114`	`112`	`"rules": [`
`115`	`113`	`{`
`116`	`114`	`"conditions": [`
`@@ -133,7 +131,6 @@`
`133`	`131`	`]`
`134`	`132`	`}`
`135`	`133`	`],`
`136`		`- "type": "tree",`
`137`	`134`	`"rules": [`
`138`	`135`	`{`
`139`	`136`	`"conditions": [`
`@@ -168,7 +165,6 @@`
`168`	`165`	`]`
`169`	`166`	`}`
`170`	`167`	`],`
`171`		`- "type": "tree",`
`172`	`168`	`"rules": [`
`173`	`169`	`{`
`174`	`170`	`"conditions": [],`
`@@ -179,14 +175,16 @@`
`179`	`175`	`},`
`180`	`176`	`"type": "endpoint"`
`181`	`177`	`}`
`182`		`- ]`
	`178`	`+ ],`
	`179`	`+ "type": "tree"`
`183`	`180`	`},`
`184`	`181`	`{`
`185`	`182`	`"conditions": [],`
`186`	`183`	`"error": "FIPS and DualStack are enabled, but this partition does not support one or both",`
`187`	`184`	`"type": "error"`
`188`	`185`	`}`
`189`		`- ]`
	`186`	`+ ],`
	`187`	`+ "type": "tree"`
`190`	`188`	`},`
`191`	`189`	`{`
`192`	`190`	`"conditions": [`
`@@ -200,14 +198,12 @@`
`200`	`198`	`]`
`201`	`199`	`}`
`202`	`200`	`],`
`203`		`- "type": "tree",`
`204`	`201`	`"rules": [`
`205`	`202`	`{`
`206`	`203`	`"conditions": [`
`207`	`204`	`{`
`208`	`205`	`"fn": "booleanEquals",`
`209`	`206`	`"argv": [`
`210`		`- true,`
`211`	`207`	`{`
`212`	`208`	`"fn": "getAttr",`
`213`	`209`	`"argv": [`
`@@ -216,11 +212,11 @@`
`216`	`212`	`},`
`217`	`213`	`"supportsFIPS"`
`218`	`214`	`]`
`219`		`- }`
	`215`	`+ },`
	`216`	`+ true`
`220`	`217`	`]`
`221`	`218`	`}`
`222`	`219`	`],`
`223`		`- "type": "tree",`
`224`	`220`	`"rules": [`
`225`	`221`	`{`
`226`	`222`	`"conditions": [],`
`@@ -231,14 +227,16 @@`
`231`	`227`	`},`
`232`	`228`	`"type": "endpoint"`
`233`	`229`	`}`
`234`		`- ]`
	`230`	`+ ],`
	`231`	`+ "type": "tree"`
`235`	`232`	`},`
`236`	`233`	`{`
`237`	`234`	`"conditions": [],`
`238`	`235`	`"error": "FIPS is enabled but this partition does not support FIPS",`
`239`	`236`	`"type": "error"`
`240`	`237`	`}`
`241`		`- ]`
	`238`	`+ ],`
	`239`	`+ "type": "tree"`
`242`	`240`	`},`
`243`	`241`	`{`
`244`	`242`	`"conditions": [`
`@@ -252,7 +250,6 @@`
`252`	`250`	`]`
`253`	`251`	`}`
`254`	`252`	`],`
`255`		`- "type": "tree",`
`256`	`253`	`"rules": [`
`257`	`254`	`{`
`258`	`255`	`"conditions": [`
`@@ -272,7 +269,6 @@`
`272`	`269`	`]`
`273`	`270`	`}`
`274`	`271`	`],`
`275`		`- "type": "tree",`
`276`	`272`	`"rules": [`
`277`	`273`	`{`
`278`	`274`	`"conditions": [],`
`@@ -283,14 +279,16 @@`
`283`	`279`	`},`
`284`	`280`	`"type": "endpoint"`
`285`	`281`	`}`
`286`		`- ]`
	`282`	`+ ],`
	`283`	`+ "type": "tree"`
`287`	`284`	`},`
`288`	`285`	`{`
`289`	`286`	`"conditions": [],`
`290`	`287`	`"error": "DualStack is enabled but this partition does not support DualStack",`
`291`	`288`	`"type": "error"`
`292`	`289`	`}`
`293`		`- ]`
	`290`	`+ ],`
	`291`	`+ "type": "tree"`
`294`	`292`	`},`
`295`	`293`	`{`
`296`	`294`	`"conditions": [],`
`@@ -301,9 +299,11 @@`
`301`	`299`	`},`
`302`	`300`	`"type": "endpoint"`
`303`	`301`	`}`
`304`		`- ]`
	`302`	`+ ],`
	`303`	`+ "type": "tree"`
`305`	`304`	`}`
`306`		`- ]`
	`305`	`+ ],`
	`306`	`+ "type": "tree"`
`307`	`307`	`},`
`308`	`308`	`{`
`309`	`309`	`"conditions": [],`