pub struct CreateSessionFluentBuilder { /* private fields */ }
Expand description
Fluent builder constructing a request to CreateSession
.
Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint APIs on directory buckets. For more information about Zonal endpoint APIs that include the Availability Zone in the request endpoint, see S3 Express One Zone APIs in the Amazon S3 User Guide.
To make Zonal endpoint API requests on a directory bucket, use the CreateSession
API operation. Specifically, you grant s3express:CreateSession
permission to a bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials to make the CreateSession
API request on the bucket, which returns temporary security credentials that include the access key ID, secret access key, session token, and expiration. These credentials have associated permissions to access the Zonal endpoint APIs. After the session is created, you don’t need to use other policies to grant permissions to each Zonal endpoint API individually. Instead, in your Zonal endpoint API requests, you sign your requests by applying the temporary security credentials of the session to the request headers and following the SigV4 protocol for authentication. You also apply the session token to the x-amz-s3session-token
request header for authorization. Temporary security credentials are scoped to the bucket and expire after 5 minutes. After the expiration time, any calls that you make with those credentials will fail. You must use IAM credentials again to make a CreateSession
API request that generates a new set of temporary credentials for use. Temporary credentials cannot be extended or refreshed beyond the original specified interval.
If you use Amazon Web Services SDKs, SDKs handle the session token refreshes automatically to avoid service interruptions when a session expires. We recommend that you use the Amazon Web Services SDKs to initiate and manage requests to the CreateSession API. For more information, see Performance guidelines and design patterns in the Amazon S3 User Guide.
-
You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format
https://bucket_name.s3express-az_id.region.amazonaws.com
. Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the Amazon S3 User Guide. -
CopyObject
API operation - Unlike other Zonal endpoint APIs, theCopyObject
API operation doesn't use the temporary security credentials returned from theCreateSession
API operation for authentication and authorization. For information about authentication and authorization of theCopyObject
API operation on directory buckets, see CopyObject. -
HeadBucket
API operation - Unlike other Zonal endpoint APIs, theHeadBucket
API operation doesn't use the temporary security credentials returned from theCreateSession
API operation for authentication and authorization. For information about authentication and authorization of theHeadBucket
API operation on directory buckets, see HeadBucket.
- Permissions
-
To obtain temporary security credentials, you must create a bucket policy or an IAM identity-based policy that grants
s3express:CreateSession
permission to the bucket. In a policy, you can have thes3express:SessionMode
condition key to control who can create aReadWrite
orReadOnly
session. For more information aboutReadWrite
orReadOnly
sessions, seex-amz-create-session-mode
. For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.To grant cross-account access to Zonal endpoint APIs, the bucket policy should also grant both accounts the
s3express:CreateSession
permission. - HTTP Host header syntax
-
Directory buckets - The HTTP Host header syntax is
Bucket_name.s3express-az_id.region.amazonaws.com
.
Implementations§
source§impl CreateSessionFluentBuilder
impl CreateSessionFluentBuilder
sourcepub fn as_input(&self) -> &CreateSessionInputBuilder
pub fn as_input(&self) -> &CreateSessionInputBuilder
Access the CreateSession as a reference.
sourcepub async fn send(
self,
) -> Result<CreateSessionOutput, SdkError<CreateSessionError, HttpResponse>>
pub async fn send( self, ) -> Result<CreateSessionOutput, SdkError<CreateSessionError, HttpResponse>>
Sends the request and returns the response.
If an error occurs, an SdkError
will be returned with additional details that
can be matched against.
By default, any retryable failures will be retried twice. Retry behavior is configurable with the RetryConfig, which can be set when configuring the client.
sourcepub fn customize(
self,
) -> CustomizableOperation<CreateSessionOutput, CreateSessionError, Self>
pub fn customize( self, ) -> CustomizableOperation<CreateSessionOutput, CreateSessionError, Self>
Consumes this builder, creating a customizable operation that can be modified before being sent.
sourcepub fn session_mode(self, input: SessionMode) -> Self
pub fn session_mode(self, input: SessionMode) -> Self
Specifies the mode of the session that will be created, either ReadWrite
or ReadOnly
. By default, a ReadWrite
session is created. A ReadWrite
session is capable of executing all the Zonal endpoint APIs on a directory bucket. A ReadOnly
session is constrained to execute the following Zonal endpoint APIs: GetObject
, HeadObject
, ListObjectsV2
, GetObjectAttributes
, ListParts
, and ListMultipartUploads
.
sourcepub fn set_session_mode(self, input: Option<SessionMode>) -> Self
pub fn set_session_mode(self, input: Option<SessionMode>) -> Self
Specifies the mode of the session that will be created, either ReadWrite
or ReadOnly
. By default, a ReadWrite
session is created. A ReadWrite
session is capable of executing all the Zonal endpoint APIs on a directory bucket. A ReadOnly
session is constrained to execute the following Zonal endpoint APIs: GetObject
, HeadObject
, ListObjectsV2
, GetObjectAttributes
, ListParts
, and ListMultipartUploads
.
sourcepub fn get_session_mode(&self) -> &Option<SessionMode>
pub fn get_session_mode(&self) -> &Option<SessionMode>
Specifies the mode of the session that will be created, either ReadWrite
or ReadOnly
. By default, a ReadWrite
session is created. A ReadWrite
session is capable of executing all the Zonal endpoint APIs on a directory bucket. A ReadOnly
session is constrained to execute the following Zonal endpoint APIs: GetObject
, HeadObject
, ListObjectsV2
, GetObjectAttributes
, ListParts
, and ListMultipartUploads
.
sourcepub fn bucket(self, input: impl Into<String>) -> Self
pub fn bucket(self, input: impl Into<String>) -> Self
The name of the bucket that you create a session for.
sourcepub fn set_bucket(self, input: Option<String>) -> Self
pub fn set_bucket(self, input: Option<String>) -> Self
The name of the bucket that you create a session for.
sourcepub fn get_bucket(&self) -> &Option<String>
pub fn get_bucket(&self) -> &Option<String>
The name of the bucket that you create a session for.
Trait Implementations§
source§impl Clone for CreateSessionFluentBuilder
impl Clone for CreateSessionFluentBuilder
source§fn clone(&self) -> CreateSessionFluentBuilder
fn clone(&self) -> CreateSessionFluentBuilder
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moreAuto Trait Implementations§
impl Freeze for CreateSessionFluentBuilder
impl !RefUnwindSafe for CreateSessionFluentBuilder
impl Send for CreateSessionFluentBuilder
impl Sync for CreateSessionFluentBuilder
impl Unpin for CreateSessionFluentBuilder
impl !UnwindSafe for CreateSessionFluentBuilder
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§default unsafe fn clone_to_uninit(&self, dst: *mut T)
default unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)