aws_sdk_s3/operation/create_session/builders.rs
1// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
2pub use crate::operation::create_session::_create_session_output::CreateSessionOutputBuilder;
3
4pub use crate::operation::create_session::_create_session_input::CreateSessionInputBuilder;
5
6impl crate::operation::create_session::builders::CreateSessionInputBuilder {
7 /// Sends a request with this input using the given client.
8 pub async fn send_with(
9 self,
10 client: &crate::Client,
11 ) -> ::std::result::Result<
12 crate::operation::create_session::CreateSessionOutput,
13 ::aws_smithy_runtime_api::client::result::SdkError<
14 crate::operation::create_session::CreateSessionError,
15 ::aws_smithy_runtime_api::client::orchestrator::HttpResponse,
16 >,
17 > {
18 let mut fluent_builder = client.create_session();
19 fluent_builder.inner = self;
20 fluent_builder.send().await
21 }
22}
23/// Fluent builder constructing a request to `CreateSession`.
24///
25/// <p>Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint APIs on directory buckets. For more information about Zonal endpoint APIs that include the Availability Zone in the request endpoint, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html">S3 Express One Zone APIs</a> in the <i>Amazon S3 User Guide</i>.</p>
26/// <p>To make Zonal endpoint API requests on a directory bucket, use the <code>CreateSession</code> API operation. Specifically, you grant <code>s3express:CreateSession</code> permission to a bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials to make the <code>CreateSession</code> API request on the bucket, which returns temporary security credentials that include the access key ID, secret access key, session token, and expiration. These credentials have associated permissions to access the Zonal endpoint APIs. After the session is created, you don’t need to use other policies to grant permissions to each Zonal endpoint API individually. Instead, in your Zonal endpoint API requests, you sign your requests by applying the temporary security credentials of the session to the request headers and following the SigV4 protocol for authentication. You also apply the session token to the <code>x-amz-s3session-token</code> request header for authorization. Temporary security credentials are scoped to the bucket and expire after 5 minutes. After the expiration time, any calls that you make with those credentials will fail. You must use IAM credentials again to make a <code>CreateSession</code> API request that generates a new set of temporary credentials for use. Temporary credentials cannot be extended or refreshed beyond the original specified interval.</p>
27/// <p>If you use Amazon Web Services SDKs, SDKs handle the session token refreshes automatically to avoid service interruptions when a session expires. We recommend that you use the Amazon Web Services SDKs to initiate and manage requests to the CreateSession API. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-optimizing-performance-guidelines-design-patterns.html#s3-express-optimizing-performance-session-authentication">Performance guidelines and design patterns</a> in the <i>Amazon S3 User Guide</i>.</p><note>
28/// <ul>
29/// <li>
30/// <p>You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format <code>https://<i>bucket_name</i>.s3express-<i>az_id</i>.<i>region</i>.amazonaws.com</code>. Path-style requests are not supported. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html">Regional and Zonal endpoints</a> in the <i>Amazon S3 User Guide</i>.</p></li>
31/// <li>
32/// <p><b> <code>CopyObject</code> API operation</b> - Unlike other Zonal endpoint APIs, the <code>CopyObject</code> API operation doesn't use the temporary security credentials returned from the <code>CreateSession</code> API operation for authentication and authorization. For information about authentication and authorization of the <code>CopyObject</code> API operation on directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html">CopyObject</a>.</p></li>
33/// <li>
34/// <p><b> <code>HeadBucket</code> API operation</b> - Unlike other Zonal endpoint APIs, the <code>HeadBucket</code> API operation doesn't use the temporary security credentials returned from the <code>CreateSession</code> API operation for authentication and authorization. For information about authentication and authorization of the <code>HeadBucket</code> API operation on directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html">HeadBucket</a>.</p></li>
35/// </ul>
36/// </note>
37/// <dl>
38/// <dt>
39/// Permissions
40/// </dt>
41/// <dd>
42/// <p>To obtain temporary security credentials, you must create a bucket policy or an IAM identity-based policy that grants <code>s3express:CreateSession</code> permission to the bucket. In a policy, you can have the <code>s3express:SessionMode</code> condition key to control who can create a <code>ReadWrite</code> or <code>ReadOnly</code> session. For more information about <code>ReadWrite</code> or <code>ReadOnly</code> sessions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters"> <code>x-amz-create-session-mode</code> </a>. For example policies, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html">Example bucket policies for S3 Express One Zone</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html">Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone</a> in the <i>Amazon S3 User Guide</i>.</p>
43/// <p>To grant cross-account access to Zonal endpoint APIs, the bucket policy should also grant both accounts the <code>s3express:CreateSession</code> permission.</p>
44/// </dd>
45/// <dt>
46/// HTTP Host header syntax
47/// </dt>
48/// <dd>
49/// <p><b>Directory buckets </b> - The HTTP Host header syntax is <code> <i>Bucket_name</i>.s3express-<i>az_id</i>.<i>region</i>.amazonaws.com</code>.</p>
50/// </dd>
51/// </dl>
52#[derive(::std::clone::Clone, ::std::fmt::Debug)]
53pub struct CreateSessionFluentBuilder {
54 handle: ::std::sync::Arc<crate::client::Handle>,
55 inner: crate::operation::create_session::builders::CreateSessionInputBuilder,
56 config_override: ::std::option::Option<crate::config::Builder>,
57}
58impl
59 crate::client::customize::internal::CustomizableSend<
60 crate::operation::create_session::CreateSessionOutput,
61 crate::operation::create_session::CreateSessionError,
62 > for CreateSessionFluentBuilder
63{
64 fn send(
65 self,
66 config_override: crate::config::Builder,
67 ) -> crate::client::customize::internal::BoxFuture<
68 crate::client::customize::internal::SendResult<
69 crate::operation::create_session::CreateSessionOutput,
70 crate::operation::create_session::CreateSessionError,
71 >,
72 > {
73 ::std::boxed::Box::pin(async move { self.config_override(config_override).send().await })
74 }
75}
76impl CreateSessionFluentBuilder {
77 /// Creates a new `CreateSessionFluentBuilder`.
78 pub(crate) fn new(handle: ::std::sync::Arc<crate::client::Handle>) -> Self {
79 Self {
80 handle,
81 inner: ::std::default::Default::default(),
82 config_override: ::std::option::Option::None,
83 }
84 }
85 /// Access the CreateSession as a reference.
86 pub fn as_input(&self) -> &crate::operation::create_session::builders::CreateSessionInputBuilder {
87 &self.inner
88 }
89 /// Sends the request and returns the response.
90 ///
91 /// If an error occurs, an `SdkError` will be returned with additional details that
92 /// can be matched against.
93 ///
94 /// By default, any retryable failures will be retried twice. Retry behavior
95 /// is configurable with the [RetryConfig](aws_smithy_types::retry::RetryConfig), which can be
96 /// set when configuring the client.
97 pub async fn send(
98 self,
99 ) -> ::std::result::Result<
100 crate::operation::create_session::CreateSessionOutput,
101 ::aws_smithy_runtime_api::client::result::SdkError<
102 crate::operation::create_session::CreateSessionError,
103 ::aws_smithy_runtime_api::client::orchestrator::HttpResponse,
104 >,
105 > {
106 let input = self
107 .inner
108 .build()
109 .map_err(::aws_smithy_runtime_api::client::result::SdkError::construction_failure)?;
110 let runtime_plugins = crate::operation::create_session::CreateSession::operation_runtime_plugins(
111 self.handle.runtime_plugins.clone(),
112 &self.handle.conf,
113 self.config_override,
114 );
115 crate::operation::create_session::CreateSession::orchestrate(&runtime_plugins, input).await
116 }
117
118 /// Consumes this builder, creating a customizable operation that can be modified before being sent.
119 pub fn customize(
120 self,
121 ) -> crate::client::customize::CustomizableOperation<
122 crate::operation::create_session::CreateSessionOutput,
123 crate::operation::create_session::CreateSessionError,
124 Self,
125 > {
126 crate::client::customize::CustomizableOperation::new(self)
127 }
128 pub(crate) fn config_override(mut self, config_override: impl ::std::convert::Into<crate::config::Builder>) -> Self {
129 self.set_config_override(::std::option::Option::Some(config_override.into()));
130 self
131 }
132
133 pub(crate) fn set_config_override(&mut self, config_override: ::std::option::Option<crate::config::Builder>) -> &mut Self {
134 self.config_override = config_override;
135 self
136 }
137 /// <p>Specifies the mode of the session that will be created, either <code>ReadWrite</code> or <code>ReadOnly</code>. By default, a <code>ReadWrite</code> session is created. A <code>ReadWrite</code> session is capable of executing all the Zonal endpoint APIs on a directory bucket. A <code>ReadOnly</code> session is constrained to execute the following Zonal endpoint APIs: <code>GetObject</code>, <code>HeadObject</code>, <code>ListObjectsV2</code>, <code>GetObjectAttributes</code>, <code>ListParts</code>, and <code>ListMultipartUploads</code>.</p>
138 pub fn session_mode(mut self, input: crate::types::SessionMode) -> Self {
139 self.inner = self.inner.session_mode(input);
140 self
141 }
142 /// <p>Specifies the mode of the session that will be created, either <code>ReadWrite</code> or <code>ReadOnly</code>. By default, a <code>ReadWrite</code> session is created. A <code>ReadWrite</code> session is capable of executing all the Zonal endpoint APIs on a directory bucket. A <code>ReadOnly</code> session is constrained to execute the following Zonal endpoint APIs: <code>GetObject</code>, <code>HeadObject</code>, <code>ListObjectsV2</code>, <code>GetObjectAttributes</code>, <code>ListParts</code>, and <code>ListMultipartUploads</code>.</p>
143 pub fn set_session_mode(mut self, input: ::std::option::Option<crate::types::SessionMode>) -> Self {
144 self.inner = self.inner.set_session_mode(input);
145 self
146 }
147 /// <p>Specifies the mode of the session that will be created, either <code>ReadWrite</code> or <code>ReadOnly</code>. By default, a <code>ReadWrite</code> session is created. A <code>ReadWrite</code> session is capable of executing all the Zonal endpoint APIs on a directory bucket. A <code>ReadOnly</code> session is constrained to execute the following Zonal endpoint APIs: <code>GetObject</code>, <code>HeadObject</code>, <code>ListObjectsV2</code>, <code>GetObjectAttributes</code>, <code>ListParts</code>, and <code>ListMultipartUploads</code>.</p>
148 pub fn get_session_mode(&self) -> &::std::option::Option<crate::types::SessionMode> {
149 self.inner.get_session_mode()
150 }
151 /// <p>The name of the bucket that you create a session for.</p>
152 pub fn bucket(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
153 self.inner = self.inner.bucket(input.into());
154 self
155 }
156 /// <p>The name of the bucket that you create a session for.</p>
157 pub fn set_bucket(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
158 self.inner = self.inner.set_bucket(input);
159 self
160 }
161 /// <p>The name of the bucket that you create a session for.</p>
162 pub fn get_bucket(&self) -> &::std::option::Option<::std::string::String> {
163 self.inner.get_bucket()
164 }
165}