feat(client-rolesanywhere): IAM RolesAnywhere now supports custom role session name on the CreateSession. This release adds the acceptRoleSessionName option to a profile to control whether a role session name will be accepted in a session request with a given profile.

Author: awstools

clients/client-rolesanywhere/src/commands/CreateProfileCommand.ts

@@ -61,6 +61,7 @@ export interface CreateProfileCommandOutput extends ProfileDetailResponse, __Met
  *       value: "STRING_VALUE", // required
  *     },
  *   ],
+ *   acceptRoleSessionName: true || false,
  * };
  * const command = new CreateProfileCommand(input);
  * const response = await client.send(command);
@@ -82,6 +83,7 @@ export interface CreateProfileCommandOutput extends ProfileDetailResponse, __Met
  * //     createdAt: new Date("TIMESTAMP"),
  * //     updatedAt: new Date("TIMESTAMP"),
  * //     durationSeconds: Number("int"),
+ * //     acceptRoleSessionName: true || false,
  * //     attributeMappings: [ // AttributeMappings
  * //       { // AttributeMapping
  * //         certificateField: "STRING_VALUE",

clients/client-rolesanywhere/src/commands/DeleteAttributeMappingCommand.ts

@@ -62,6 +62,7 @@ export interface DeleteAttributeMappingCommandOutput extends DeleteAttributeMapp
  * //     createdAt: new Date("TIMESTAMP"),
  * //     updatedAt: new Date("TIMESTAMP"),
  * //     durationSeconds: Number("int"),
+ * //     acceptRoleSessionName: true || false,
  * //     attributeMappings: [ // AttributeMappings
  * //       { // AttributeMapping
  * //         certificateField: "STRING_VALUE",

clients/client-rolesanywhere/src/commands/DeleteProfileCommand.ts

@@ -62,6 +62,7 @@ export interface DeleteProfileCommandOutput extends ProfileDetailResponse, __Met
  * //     createdAt: new Date("TIMESTAMP"),
  * //     updatedAt: new Date("TIMESTAMP"),
  * //     durationSeconds: Number("int"),
+ * //     acceptRoleSessionName: true || false,
  * //     attributeMappings: [ // AttributeMappings
  * //       { // AttributeMapping
  * //         certificateField: "STRING_VALUE",

clients/client-rolesanywhere/src/commands/DisableProfileCommand.ts

@@ -62,6 +62,7 @@ export interface DisableProfileCommandOutput extends ProfileDetailResponse, __Me
  * //     createdAt: new Date("TIMESTAMP"),
  * //     updatedAt: new Date("TIMESTAMP"),
  * //     durationSeconds: Number("int"),
+ * //     acceptRoleSessionName: true || false,
  * //     attributeMappings: [ // AttributeMappings
  * //       { // AttributeMapping
  * //         certificateField: "STRING_VALUE",

clients/client-rolesanywhere/src/commands/EnableProfileCommand.ts

@@ -62,6 +62,7 @@ export interface EnableProfileCommandOutput extends ProfileDetailResponse, __Met
  * //     createdAt: new Date("TIMESTAMP"),
  * //     updatedAt: new Date("TIMESTAMP"),
  * //     durationSeconds: Number("int"),
+ * //     acceptRoleSessionName: true || false,
  * //     attributeMappings: [ // AttributeMappings
  * //       { // AttributeMapping
  * //         certificateField: "STRING_VALUE",

clients/client-rolesanywhere/src/commands/GetProfileCommand.ts

@@ -62,6 +62,7 @@ export interface GetProfileCommandOutput extends ProfileDetailResponse, __Metada
  * //     createdAt: new Date("TIMESTAMP"),
  * //     updatedAt: new Date("TIMESTAMP"),
  * //     durationSeconds: Number("int"),
+ * //     acceptRoleSessionName: true || false,
  * //     attributeMappings: [ // AttributeMappings
  * //       { // AttributeMapping
  * //         certificateField: "STRING_VALUE",

clients/client-rolesanywhere/src/commands/ListProfilesCommand.ts

@@ -65,6 +65,7 @@ export interface ListProfilesCommandOutput extends ListProfilesResponse, __Metad
  * //       createdAt: new Date("TIMESTAMP"),
  * //       updatedAt: new Date("TIMESTAMP"),
  * //       durationSeconds: Number("int"),
+ * //       acceptRoleSessionName: true || false,
  * //       attributeMappings: [ // AttributeMappings
  * //         { // AttributeMapping
  * //           certificateField: "STRING_VALUE",

clients/client-rolesanywhere/src/commands/PutAttributeMappingCommand.ts

@@ -65,6 +65,7 @@ export interface PutAttributeMappingCommandOutput extends PutAttributeMappingRes
  * //     createdAt: new Date("TIMESTAMP"),
  * //     updatedAt: new Date("TIMESTAMP"),
  * //     durationSeconds: Number("int"),
+ * //     acceptRoleSessionName: true || false,
  * //     attributeMappings: [ // AttributeMappings
  * //       { // AttributeMapping
  * //         certificateField: "STRING_VALUE",

clients/client-rolesanywhere/src/commands/UpdateProfileCommand.ts

@@ -52,6 +52,7 @@ export interface UpdateProfileCommandOutput extends ProfileDetailResponse, __Met
  *     "STRING_VALUE",
  *   ],
  *   durationSeconds: Number("int"),
+ *   acceptRoleSessionName: true || false,
  * };
  * const command = new UpdateProfileCommand(input);
  * const response = await client.send(command);
@@ -73,6 +74,7 @@ export interface UpdateProfileCommandOutput extends ProfileDetailResponse, __Met
  * //     createdAt: new Date("TIMESTAMP"),
  * //     updatedAt: new Date("TIMESTAMP"),
  * //     durationSeconds: Number("int"),
+ * //     acceptRoleSessionName: true || false,
  * //     attributeMappings: [ // AttributeMappings
  * //       { // AttributeMapping
  * //         certificateField: "STRING_VALUE",

clients/client-rolesanywhere/src/models/models_0.ts

@@ -139,6 +139,12 @@ export interface CreateProfileRequest {
    * @public
    */
   tags?: Tag[];
+
+  /**
+   * <p>Used to determine if a custom role session name will be accepted in a temporary credential request.</p>
+   * @public
+   */
+  acceptRoleSessionName?: boolean;
 }
 
 /**
@@ -220,6 +226,12 @@ export interface ProfileDetail {
    */
   durationSeconds?: number;
 
+  /**
+   * <p>Used to determine if a custom role session name will be accepted in a temporary credential request.</p>
+   * @public
+   */
+  acceptRoleSessionName?: boolean;
+
   /**
    * <p>A mapping applied to the authenticating end-entity certificate.</p>
    * @public
@@ -1164,6 +1176,12 @@ export interface UpdateProfileRequest {
    * @public
    */
   durationSeconds?: number;
+
+  /**
+   * <p>Used to determine if a custom role session name will be accepted in a temporary credential request.</p>
+   * @public
+   */
+  acceptRoleSessionName?: boolean;
 }
 
 /**

clients/client-rolesanywhere/src/protocols/Aws_restJson1.ts

@@ -105,6 +105,7 @@ export const se_CreateProfileCommand = async (
   let body: any;
   body = JSON.stringify(
     take(input, {
+      acceptRoleSessionName: [],
       durationSeconds: [],
       enabled: [],
       managedPolicyArns: (_) => _json(_),
@@ -646,6 +647,7 @@ export const se_UpdateProfileCommand = async (
   let body: any;
   body = JSON.stringify(
     take(input, {
+      acceptRoleSessionName: [],
       durationSeconds: [],
       managedPolicyArns: (_) => _json(_),
       name: [],
@@ -1541,6 +1543,7 @@ const de_InstanceProperty = (output: any, context: __SerdeContext): InstanceProp
  */
 const de_ProfileDetail = (output: any, context: __SerdeContext): ProfileDetail => {
   return take(output, {
+    acceptRoleSessionName: __expectBoolean,
     attributeMappings: _json,
     createdAt: (_: any) => __expectNonNull(__parseRfc3339DateTimeWithOffset(_)),
     createdBy: __expectString,

codegen/sdk-codegen/aws-models/rolesanywhere.json

@@ -149,6 +149,12 @@
           "traits": {
             "smithy.api#documentation": "<p>The tags to attach to the profile.</p>"
           }
+        },
+        "acceptRoleSessionName": {
+          "target": "smithy.api#Boolean",
+          "traits": {
+            "smithy.api#documentation": "<p>Used to determine if a custom role session name will be accepted in a temporary credential request.</p>"
+          }
         }
       }
     },
@@ -403,6 +409,7 @@
             },
             "output": {
               "profile": {
+                "acceptRoleSessionName": false,
                 "attributeMappings": [
                   {
                     "mappingRules": [
@@ -1529,6 +1536,12 @@
             "smithy.api#documentation": "<p> Used to determine how long sessions vended using this profile are valid for. See the <code>Expiration</code> section of the \n<a href=\"https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html#credentials-object\">CreateSession API documentation</a>\npage for more details. In requests, if this value is not provided, the default value will be 3600. </p>"
           }
         },
+        "acceptRoleSessionName": {
+          "target": "smithy.api#Boolean",
+          "traits": {
+            "smithy.api#documentation": "<p>Used to determine if a custom role session name will be accepted in a temporary credential request.</p>"
+          }
+        },
         "attributeMappings": {
           "target": "com.amazonaws.rolesanywhere#AttributeMappings",
           "traits": {
@@ -1592,6 +1605,7 @@
             },
             "output": {
               "profile": {
+                "acceptRoleSessionName": false,
                 "attributeMappings": [
                   {
                     "mappingRules": [
@@ -3554,6 +3568,12 @@
               "max": 43200
             }
           }
+        },
+        "acceptRoleSessionName": {
+          "target": "smithy.api#Boolean",
+          "traits": {
+            "smithy.api#documentation": "<p>Used to determine if a custom role session name will be accepted in a temporary credential request.</p>"
+          }
         }
       }
     },