aws_sdk_s3/operation/create_session/
builders.rs

1// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
2pub use crate::operation::create_session::_create_session_output::CreateSessionOutputBuilder;
3
4pub use crate::operation::create_session::_create_session_input::CreateSessionInputBuilder;
5
6impl crate::operation::create_session::builders::CreateSessionInputBuilder {
7    /// Sends a request with this input using the given client.
8    pub async fn send_with(
9        self,
10        client: &crate::Client,
11    ) -> ::std::result::Result<
12        crate::operation::create_session::CreateSessionOutput,
13        ::aws_smithy_runtime_api::client::result::SdkError<
14            crate::operation::create_session::CreateSessionError,
15            ::aws_smithy_runtime_api::client::orchestrator::HttpResponse,
16        >,
17    > {
18        let mut fluent_builder = client.create_session();
19        fluent_builder.inner = self;
20        fluent_builder.send().await
21    }
22}
23/// Fluent builder constructing a request to `CreateSession`.
24///
25/// <p>Creates a session that establishes temporary security credentials to support fast authentication and authorization for the Zonal endpoint APIs on directory buckets. For more information about Zonal endpoint APIs that include the Availability Zone in the request endpoint, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-APIs.html">S3 Express One Zone APIs</a> in the <i>Amazon S3 User Guide</i>.</p>
26/// <p>To make Zonal endpoint API requests on a directory bucket, use the <code>CreateSession</code> API operation. Specifically, you grant <code>s3express:CreateSession</code> permission to a bucket in a bucket policy or an IAM identity-based policy. Then, you use IAM credentials to make the <code>CreateSession</code> API request on the bucket, which returns temporary security credentials that include the access key ID, secret access key, session token, and expiration. These credentials have associated permissions to access the Zonal endpoint APIs. After the session is created, you don’t need to use other policies to grant permissions to each Zonal endpoint API individually. Instead, in your Zonal endpoint API requests, you sign your requests by applying the temporary security credentials of the session to the request headers and following the SigV4 protocol for authentication. You also apply the session token to the <code>x-amz-s3session-token</code> request header for authorization. Temporary security credentials are scoped to the bucket and expire after 5 minutes. After the expiration time, any calls that you make with those credentials will fail. You must use IAM credentials again to make a <code>CreateSession</code> API request that generates a new set of temporary credentials for use. Temporary credentials cannot be extended or refreshed beyond the original specified interval.</p>
27/// <p>If you use Amazon Web Services SDKs, SDKs handle the session token refreshes automatically to avoid service interruptions when a session expires. We recommend that you use the Amazon Web Services SDKs to initiate and manage requests to the CreateSession API. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-optimizing-performance-guidelines-design-patterns.html#s3-express-optimizing-performance-session-authentication">Performance guidelines and design patterns</a> in the <i>Amazon S3 User Guide</i>.</p><note>
28/// <ul>
29/// <li>
30/// <p>You must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format <code>https://<i>bucket_name</i>.s3express-<i>az_id</i>.<i>region</i>.amazonaws.com</code>. Path-style requests are not supported. For more information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-Regions-and-Zones.html">Regional and Zonal endpoints</a> in the <i>Amazon S3 User Guide</i>.</p></li>
31/// <li>
32/// <p><b> <code>CopyObject</code> API operation</b> - Unlike other Zonal endpoint APIs, the <code>CopyObject</code> API operation doesn't use the temporary security credentials returned from the <code>CreateSession</code> API operation for authentication and authorization. For information about authentication and authorization of the <code>CopyObject</code> API operation on directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html">CopyObject</a>.</p></li>
33/// <li>
34/// <p><b> <code>HeadBucket</code> API operation</b> - Unlike other Zonal endpoint APIs, the <code>HeadBucket</code> API operation doesn't use the temporary security credentials returned from the <code>CreateSession</code> API operation for authentication and authorization. For information about authentication and authorization of the <code>HeadBucket</code> API operation on directory buckets, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_HeadBucket.html">HeadBucket</a>.</p></li>
35/// </ul>
36/// </note>
37/// <dl>
38/// <dt>
39/// Permissions
40/// </dt>
41/// <dd>
42/// <p>To obtain temporary security credentials, you must create a bucket policy or an IAM identity-based policy that grants <code>s3express:CreateSession</code> permission to the bucket. In a policy, you can have the <code>s3express:SessionMode</code> condition key to control who can create a <code>ReadWrite</code> or <code>ReadOnly</code> session. For more information about <code>ReadWrite</code> or <code>ReadOnly</code> sessions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateSession.html#API_CreateSession_RequestParameters"> <code>x-amz-create-session-mode</code> </a>. For example policies, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-example-bucket-policies.html">Example bucket policies for S3 Express One Zone</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam-identity-policies.html">Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone</a> in the <i>Amazon S3 User Guide</i>.</p>
43/// <p>To grant cross-account access to Zonal endpoint APIs, the bucket policy should also grant both accounts the <code>s3express:CreateSession</code> permission.</p>
44/// </dd>
45/// <dt>
46/// HTTP Host header syntax
47/// </dt>
48/// <dd>
49/// <p><b>Directory buckets </b> - The HTTP Host header syntax is <code> <i>Bucket_name</i>.s3express-<i>az_id</i>.<i>region</i>.amazonaws.com</code>.</p>
50/// </dd>
51/// </dl>
52#[derive(::std::clone::Clone, ::std::fmt::Debug)]
53pub struct CreateSessionFluentBuilder {
54    handle: ::std::sync::Arc<crate::client::Handle>,
55    inner: crate::operation::create_session::builders::CreateSessionInputBuilder,
56    config_override: ::std::option::Option<crate::config::Builder>,
57}
58impl
59    crate::client::customize::internal::CustomizableSend<
60        crate::operation::create_session::CreateSessionOutput,
61        crate::operation::create_session::CreateSessionError,
62    > for CreateSessionFluentBuilder
63{
64    fn send(
65        self,
66        config_override: crate::config::Builder,
67    ) -> crate::client::customize::internal::BoxFuture<
68        crate::client::customize::internal::SendResult<
69            crate::operation::create_session::CreateSessionOutput,
70            crate::operation::create_session::CreateSessionError,
71        >,
72    > {
73        ::std::boxed::Box::pin(async move { self.config_override(config_override).send().await })
74    }
75}
76impl CreateSessionFluentBuilder {
77    /// Creates a new `CreateSessionFluentBuilder`.
78    pub(crate) fn new(handle: ::std::sync::Arc<crate::client::Handle>) -> Self {
79        Self {
80            handle,
81            inner: ::std::default::Default::default(),
82            config_override: ::std::option::Option::None,
83        }
84    }
85    /// Access the CreateSession as a reference.
86    pub fn as_input(&self) -> &crate::operation::create_session::builders::CreateSessionInputBuilder {
87        &self.inner
88    }
89    /// Sends the request and returns the response.
90    ///
91    /// If an error occurs, an `SdkError` will be returned with additional details that
92    /// can be matched against.
93    ///
94    /// By default, any retryable failures will be retried twice. Retry behavior
95    /// is configurable with the [RetryConfig](aws_smithy_types::retry::RetryConfig), which can be
96    /// set when configuring the client.
97    pub async fn send(
98        self,
99    ) -> ::std::result::Result<
100        crate::operation::create_session::CreateSessionOutput,
101        ::aws_smithy_runtime_api::client::result::SdkError<
102            crate::operation::create_session::CreateSessionError,
103            ::aws_smithy_runtime_api::client::orchestrator::HttpResponse,
104        >,
105    > {
106        let input = self
107            .inner
108            .build()
109            .map_err(::aws_smithy_runtime_api::client::result::SdkError::construction_failure)?;
110        let runtime_plugins = crate::operation::create_session::CreateSession::operation_runtime_plugins(
111            self.handle.runtime_plugins.clone(),
112            &self.handle.conf,
113            self.config_override,
114        );
115        crate::operation::create_session::CreateSession::orchestrate(&runtime_plugins, input).await
116    }
117
118    /// Consumes this builder, creating a customizable operation that can be modified before being sent.
119    pub fn customize(
120        self,
121    ) -> crate::client::customize::CustomizableOperation<
122        crate::operation::create_session::CreateSessionOutput,
123        crate::operation::create_session::CreateSessionError,
124        Self,
125    > {
126        crate::client::customize::CustomizableOperation::new(self)
127    }
128    pub(crate) fn config_override(mut self, config_override: impl ::std::convert::Into<crate::config::Builder>) -> Self {
129        self.set_config_override(::std::option::Option::Some(config_override.into()));
130        self
131    }
132
133    pub(crate) fn set_config_override(&mut self, config_override: ::std::option::Option<crate::config::Builder>) -> &mut Self {
134        self.config_override = config_override;
135        self
136    }
137    /// <p>Specifies the mode of the session that will be created, either <code>ReadWrite</code> or <code>ReadOnly</code>. By default, a <code>ReadWrite</code> session is created. A <code>ReadWrite</code> session is capable of executing all the Zonal endpoint APIs on a directory bucket. A <code>ReadOnly</code> session is constrained to execute the following Zonal endpoint APIs: <code>GetObject</code>, <code>HeadObject</code>, <code>ListObjectsV2</code>, <code>GetObjectAttributes</code>, <code>ListParts</code>, and <code>ListMultipartUploads</code>.</p>
138    pub fn session_mode(mut self, input: crate::types::SessionMode) -> Self {
139        self.inner = self.inner.session_mode(input);
140        self
141    }
142    /// <p>Specifies the mode of the session that will be created, either <code>ReadWrite</code> or <code>ReadOnly</code>. By default, a <code>ReadWrite</code> session is created. A <code>ReadWrite</code> session is capable of executing all the Zonal endpoint APIs on a directory bucket. A <code>ReadOnly</code> session is constrained to execute the following Zonal endpoint APIs: <code>GetObject</code>, <code>HeadObject</code>, <code>ListObjectsV2</code>, <code>GetObjectAttributes</code>, <code>ListParts</code>, and <code>ListMultipartUploads</code>.</p>
143    pub fn set_session_mode(mut self, input: ::std::option::Option<crate::types::SessionMode>) -> Self {
144        self.inner = self.inner.set_session_mode(input);
145        self
146    }
147    /// <p>Specifies the mode of the session that will be created, either <code>ReadWrite</code> or <code>ReadOnly</code>. By default, a <code>ReadWrite</code> session is created. A <code>ReadWrite</code> session is capable of executing all the Zonal endpoint APIs on a directory bucket. A <code>ReadOnly</code> session is constrained to execute the following Zonal endpoint APIs: <code>GetObject</code>, <code>HeadObject</code>, <code>ListObjectsV2</code>, <code>GetObjectAttributes</code>, <code>ListParts</code>, and <code>ListMultipartUploads</code>.</p>
148    pub fn get_session_mode(&self) -> &::std::option::Option<crate::types::SessionMode> {
149        self.inner.get_session_mode()
150    }
151    /// <p>The name of the bucket that you create a session for.</p>
152    pub fn bucket(mut self, input: impl ::std::convert::Into<::std::string::String>) -> Self {
153        self.inner = self.inner.bucket(input.into());
154        self
155    }
156    /// <p>The name of the bucket that you create a session for.</p>
157    pub fn set_bucket(mut self, input: ::std::option::Option<::std::string::String>) -> Self {
158        self.inner = self.inner.set_bucket(input);
159        self
160    }
161    /// <p>The name of the bucket that you create a session for.</p>
162    pub fn get_bucket(&self) -> &::std::option::Option<::std::string::String> {
163        self.inner.get_bucket()
164    }
165}