STS (sts)

Primary Models

Primary models are models that you can act on directly. They are the models that represent resources in the AWS service, and are acted on by the managers.

pydantic model botocraft.services.sts.AssumeRole

Bases: ReadonlyPrimaryBoto3Model

Contains the response to a successful AssumeRole request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.

Show JSON schema

{
   "title": "AssumeRole",
   "description": "Contains the response to a successful AssumeRole request, including temporary Amazon\nWeb Services credentials that can be used to make Amazon Web Services requests.",
   "type": "object",
   "properties": {
      "session": {
         "anyOf": [
            {},
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Session"
      },
      "Credentials": {
         "anyOf": [
            {
               "$ref": "#/$defs/STSCredentials"
            },
            {
               "type": "null"
            }
         ],
         "default": null
      },
      "AssumedRoleUser": {
         "anyOf": [
            {
               "$ref": "#/$defs/STSAssumedRoleUser"
            },
            {
               "type": "null"
            }
         ],
         "default": null
      },
      "PackedPolicySize": {
         "anyOf": [
            {
               "type": "integer"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Packedpolicysize"
      },
      "SourceIdentity": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Sourceidentity"
      },
      "Subject": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Subject"
      },
      "SubjectType": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Subjecttype"
      },
      "Issuer": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Issuer"
      },
      "Provider": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Provider"
      },
      "Audience": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Audience"
      },
      "NameQualifier": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Namequalifier"
      },
      "SubjectFromWebIdentityToken": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Subjectfromwebidentitytoken"
      }
   },
   "$defs": {
      "STSAssumedRoleUser": {
         "description": "The identifiers for the temporary security credentials that the operation returns.",
         "properties": {
            "session": {
               "anyOf": [
                  {},
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "title": "Session"
            },
            "AssumedRoleId": {
               "title": "Assumedroleid",
               "type": "string"
            },
            "Arn": {
               "title": "Arn",
               "type": "string"
            }
         },
         "required": [
            "AssumedRoleId",
            "Arn"
         ],
         "title": "STSAssumedRoleUser",
         "type": "object"
      },
      "STSCredentials": {
         "description": "Amazon Web Services credentials for API authentication.",
         "properties": {
            "session": {
               "anyOf": [
                  {},
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "title": "Session"
            },
            "AccessKeyId": {
               "title": "Accesskeyid",
               "type": "string"
            },
            "SecretAccessKey": {
               "title": "Secretaccesskey",
               "type": "string"
            },
            "SessionToken": {
               "title": "Sessiontoken",
               "type": "string"
            },
            "Expiration": {
               "format": "date-time",
               "title": "Expiration",
               "type": "string"
            }
         },
         "required": [
            "AccessKeyId",
            "SecretAccessKey",
            "SessionToken",
            "Expiration"
         ],
         "title": "STSCredentials",
         "type": "object"
      }
   },
   "additionalProperties": true
}

Config:

• validate_assignment: bool = True

• arbitrary_types_allowed: bool = True

• frozen: bool = True

• extra: str = allow

Fields:

• AssumedRoleUser (botocraft.services.sts.STSAssumedRoleUser | None)

• Audience (str | None)

• Credentials (botocraft.services.sts.STSCredentials | None)

• Issuer (str | None)

• NameQualifier (str | None)

• PackedPolicySize (int | None)

• Provider (str | None)

• SourceIdentity (str | None)

• Subject (str | None)

• SubjectFromWebIdentityToken (str | None)

• SubjectType (str | None)

• session (Any | None)

field AssumedRoleUser: STSAssumedRoleUser | None = None

The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers that you can use to refer to the resulting temporary security credentials.

For example, you can reference these credentials as a principal in a resource-based policy by using the ARN or assumed role ID. The ARN and ID include the RoleSessionName that you specified when you called AssumeRole.

field Audience: str | None = None

The audience of the assumed role (SAML Only).

field Credentials: STSCredentials | None = None

The temporary security credentials, which include an access key ID, a secret access key, and a security (or session) token.

field Issuer: str | None = None

The issuer of the assumed role (SAML Only).

field NameQualifier: str | None = None

The name qualifier of the assumed role (SAML Only).

field PackedPolicySize: int | None = None

A percentage value that indicates the packed size of the session policies and session tags combined passed in the request.

The request fails if the packed size is greater than 100 percent, which means the policies and tags exceeded the allowed space.

field Provider: str | None = None

The provider of the assumed role (Web Identity Only).

field SourceIdentity: str | None = None

The source identity specified by the principal that is calling the AssumeRole operation.

field Subject: str | None = None

The subject of the assumed role.

field SubjectFromWebIdentityToken: str | None = None

The subject from the web identity token (Web Identity Only).

field SubjectType: str | None = None

The type of the subject of the assumed role (SAML only).

field session: Any | None = None

The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use Any here because we pydantic complains vociferously if we use boto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.

manager_class

alias of AssumeRoleManager

delete()

Delete the model.

classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) → Self

Creates a new instance of the Model class with validated data.

Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.

!!! note

model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.

Parameters:

• _fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.

• values – Trusted or pre-validated data dictionary.

Returns:

A new instance of the Model class with validated data.

classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) → Self

Validate the given object with string data against the Pydantic model.

Parameters:

• obj – The object containing string data to validate.

• strict – Whether to enforce types strictly.

• context – Extra variables to pass to the validator.

• by_alias – Whether to use the field’s alias when validating against the provided input data.

• by_name – Whether to use the field’s name when validating against the provided input data.

Returns:

The validated Pydantic model.

save(**kwargs)

Save the model.

set_session(session: Session) → None

Set the boto3 session for this model.

Parameters:

session – The boto3 session to use.

Returns:

The model instance.

transform(attribute: str, transformer: str | None) → Any

Transform an attribute using a regular expression into something else before it is returned.

Important

This only makes sense for attributes that are strings.

transformer is a regular expression that will be used to transform the value of the attribute.

• If the attribute is None, it will be returned verbatim.

• If transformer is None, the attribute will be returned verbatim.

• If transformer has no named groups, the attribute will be replaced with the value of the first group.

• If transformer has named groups, the attribute will be replaced with a dictionary of the named groups.

Raises:

• ValueError – If the attribute does not exist on the model.

• RuntimeError – If the transformer fails to match the attribute value.

Parameters:

• attribute – The attribute to transform.

• transformer – The regular expression to use to transform the attribute.

Returns:

The transformed attribute.

property arn: str | None

Return the ARN of the model. This is the value of the AssumedRoleUser.Arn attribute.

Returns:

The ARN of the model instance.

property name: str | None

Get the name of the model instance.

Returns:

The name of the model instance.

Raises:

ValueError – If the model has no name identity field.

objects: ClassVar[classproperty] = <botocraft.services.sts.AssumeRoleManager object>

Get the manager for this model, and set it as a class property

property pk: str | None

Return the primary key of the model. This is the value of the Credentials.AccessKeyId attribute.

Returns:

The primary key of the model instance.

pydantic model botocraft.services.sts.CallerIdentity

Bases: ReadonlyPrimaryBoto3Model

Contains the response to a successful GetCallerIdentity request, including information about the entity making the request.

Show JSON schema

{
   "title": "CallerIdentity",
   "description": "Contains the response to a successful GetCallerIdentity request, including\ninformation about the entity making the request.",
   "type": "object",
   "properties": {
      "session": {
         "anyOf": [
            {},
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Session"
      },
      "UserId": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Userid"
      },
      "Account": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Account"
      },
      "Arn": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Arn"
      }
   },
   "additionalProperties": true
}

Config:

• validate_assignment: bool = True

• arbitrary_types_allowed: bool = True

• frozen: bool = True

• extra: str = allow

Fields:

• Account (str | None)

• Arn (str | None)

• UserId (str | None)

• session (Any | None)

field Account: str | None = None

The Amazon Web Services account ID number of the account that owns or contains the calling entity.

field Arn: str | None = None

The Amazon Web Services ARN associated with the calling entity.

field UserId: str | None = None

The unique identifier of the calling entity.

The exact value depends on the type of entity that is making the call. The values returned are those listed in the aws:userid column in the Principal table found on the Policy Variables reference page in the IAM User Guide.

field session: Any | None = None

The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use Any here because we pydantic complains vociferously if we use boto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.

manager_class

alias of CallerIdentityManager

delete()

Delete the model.

classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) → Self

Creates a new instance of the Model class with validated data.

Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.

!!! note

model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.

Parameters:

• _fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.

• values – Trusted or pre-validated data dictionary.

Returns:

A new instance of the Model class with validated data.

classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) → Self

Validate the given object with string data against the Pydantic model.

Parameters:

• obj – The object containing string data to validate.

• strict – Whether to enforce types strictly.

• context – Extra variables to pass to the validator.

• by_alias – Whether to use the field’s alias when validating against the provided input data.

• by_name – Whether to use the field’s name when validating against the provided input data.

Returns:

The validated Pydantic model.

save(**kwargs)

Save the model.

set_session(session: Session) → None

Set the boto3 session for this model.

Parameters:

session – The boto3 session to use.

Returns:

The model instance.

transform(attribute: str, transformer: str | None) → Any

Transform an attribute using a regular expression into something else before it is returned.

Important

This only makes sense for attributes that are strings.

transformer is a regular expression that will be used to transform the value of the attribute.

• If the attribute is None, it will be returned verbatim.

• If transformer is None, the attribute will be returned verbatim.

• If transformer has no named groups, the attribute will be replaced with the value of the first group.

• If transformer has named groups, the attribute will be replaced with a dictionary of the named groups.

Raises:

• ValueError – If the attribute does not exist on the model.

• RuntimeError – If the transformer fails to match the attribute value.

Parameters:

• attribute – The attribute to transform.

• transformer – The regular expression to use to transform the attribute.

Returns:

The transformed attribute.

property arn: str | None

Return the ARN of the model. This is the value of the Arn attribute.

Returns:

The ARN of the model instance.

property name: str | None

Return the name of the model. This is the value of the UserId attribute.

Returns:

The name of the model instance.

objects: ClassVar[classproperty] = <botocraft.services.sts.CallerIdentityManager object>

Get the manager for this model, and set it as a class property

property pk: str | None

Return the primary key of the model. This is the value of the Account attribute.

Returns:

The primary key of the model instance.

Managers

Managers work with the primary models to provide a high-level interface to the AWS service. They are responsible for creating, updating, and deleting the resources in the service, as well as any additional operations that are available for those models.

class botocraft.services.sts.AssumeRoleManager

Bases: Boto3ModelManager

assume(RoleArn: str, RoleSessionName: str, *, PolicyArns: list[botocraft.services.sts.STSPolicyDescriptorType] | None = None, Policy: str | None = None, DurationSeconds: int | None = None, Tags: list[botocraft.services.common.Tag] | None = None, TransitiveTagKeys: list[str] | None = None, ExternalId: str | None = None, SerialNumber: str | None = None, TokenCode: str | None = None, SourceIdentity: str | None = None, ProvidedContexts: list[botocraft.services.sts.STSProvidedContext] | None = None) → AssumeRole

Returns a set of temporary security credentials that you can use to access Amazon Web Services resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access. For a comparison of AssumeRole with other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Compare STS credentials in the IAM User Guide.

Parameters:

• RoleArn – The Amazon Resource Name (ARN) of the role to assume.

• RoleSessionName – An identifier for the assumed role session.

Keyword Arguments:

• PolicyArns – The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

• Policy – An IAM policy in JSON format that you want to use as an inline session policy.

• DurationSeconds – The duration, in seconds, of the role session. The value specified can range from 900 seconds (15 minutes) up to the maximum session duration set for the role. The maximum session duration setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting or the administrator setting (whichever is lower), the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails.

• Tags – A list of session tags that you want to pass. Each session tag consists of a key name and an associated value. For more information about session tags, see Tagging Amazon Web Services STS Sessions in the IAM User Guide.

• TransitiveTagKeys – A list of keys for session tags that you want to set as transitive. If you set a tag key as transitive, the corresponding key and value passes to subsequent sessions in a role chain. For more information, see Chaining Roles with Session Tags in the IAM User Guide.

• ExternalId – A unique identifier that might be required when you assume a role in another account. If the administrator of the account to which the role belongs provided you with an external ID, then provide that value in the ExternalId parameter. This value can be any string, such as a passphrase or account number. A cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the trusting account might send an external ID to the administrator of the trusted account. That way, only someone with the ID can assume the role, rather than everyone in the account. For more information about the external ID, see How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party in the IAM User Guide.

• SerialNumber – The identification number of the MFA device that is associated with the user who is making the AssumeRole call. Specify this value if the trust policy of the role being assumed includes a condition that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).

• TokenCode – The value provided by the MFA device, if the trust policy of the role being assumed requires MFA. (In other words, if the policy includes a condition that tests for MFA). If the role being assumed requires MFA and if the TokenCode value is missing or expired, the AssumeRole call returns an “access denied” error.

• SourceIdentity – The source identity specified by the principal that is calling the AssumeRole operation. The source identity value persists across chained role sessions.

• ProvidedContexts – A list of previously acquired trusted context assertions in the format of a JSON array. The trusted context assertion is signed and encrypted by Amazon Web Services STS.

assume_with_saml(RoleArn: str, PrincipalArn: str, SAMLAssertion: str, *, PolicyArns: list[botocraft.services.sts.STSPolicyDescriptorType] | None = None, Policy: str | None = None, DurationSeconds: int | None = None) → AssumeRole | None

Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based Amazon Web Services access without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Compare STS credentials in the IAM User Guide.

Parameters:

• RoleArn – The Amazon Resource Name (ARN) of the role that the caller is assuming.

• PrincipalArn – The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the IdP.

• SAMLAssertion – The base64 encoded SAML authentication response provided by the IdP.

Keyword Arguments:

• PolicyArns – The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

• Policy – An IAM policy in JSON format that you want to use as an inline session policy.

• DurationSeconds – The duration, in seconds, of the role session. Your role session lasts for the duration that you specify for the DurationSeconds parameter, or until the time specified in the SAML authentication response’s SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

assume_with_web_identity(RoleArn: str, RoleSessionName: str, WebIdentityToken: str, *, ProviderId: str | None = None, PolicyArns: list[botocraft.services.sts.STSPolicyDescriptorType] | None = None, Policy: str | None = None, DurationSeconds: int | None = None) → AssumeRole | None

Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider. Example providers include the OAuth 2.0 providers Login with Amazon and Facebook, or any OpenID Connect-compatible identity provider such as Google or Amazon Cognito federated identities.

Parameters:

• RoleArn – The Amazon Resource Name (ARN) of the role that the caller is assuming.

• RoleSessionName – An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

• WebIdentityToken – The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call. Timestamps in the token must be formatted as either an integer or a long integer. Tokens must be signed using either RSA keys (RS256, RS384, or RS512) or ECDSA keys (ES256, ES384, or ES512).

Keyword Arguments:

• ProviderId – The fully qualified host component of the domain name of the OAuth 2.0 identity provider. Do not specify this value for an OpenID Connect identity provider.

• PolicyArns – The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

• Policy – An IAM policy in JSON format that you want to use as an inline session policy.

• DurationSeconds –

  The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

service_name: str = 'sts'

ec2, s3, etc.

Type:

The name of the boto3 service. Example

class botocraft.services.sts.CallerIdentityManager

Bases: Boto3ModelManager

get() → CallerIdentity | None

Returns details about the IAM user or role whose credentials are used to call the operation.

service_name: str = 'sts'

ec2, s3, etc.

Type:

The name of the boto3 service. Example

Secondary Models

Secondary models are models that are used by the primary models to organize their data. They are not acted on directly, but are used to describe the structure of the fields in the primary models or other secondary models.

pydantic model botocraft.services.sts.STSAssumedRoleUser

Bases: Boto3Model

The identifiers for the temporary security credentials that the operation returns.

Show JSON schema

{
   "title": "STSAssumedRoleUser",
   "description": "The identifiers for the temporary security credentials that the operation returns.",
   "type": "object",
   "properties": {
      "session": {
         "anyOf": [
            {},
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Session"
      },
      "AssumedRoleId": {
         "title": "Assumedroleid",
         "type": "string"
      },
      "Arn": {
         "title": "Arn",
         "type": "string"
      }
   },
   "required": [
      "AssumedRoleId",
      "Arn"
   ]
}

Config:

• validate_assignment: bool = True

• arbitrary_types_allowed: bool = True

Fields:

• Arn (str)

• AssumedRoleId (str)

• session (Any | None)

field Arn: str [Required]

The ARN of the temporary security credentials that are returned from the AssumeRole action.

For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide.

field AssumedRoleId: str [Required]

A unique identifier that contains the role ID and the role session name of the role that is being assumed.

The role ID is generated by Amazon Web Services when the role is created.

field session: Any | None = None

The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use Any here because we pydantic complains vociferously if we use boto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.

classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) → Self

Creates a new instance of the Model class with validated data.

Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.

!!! note

model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.

Parameters:

• _fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.

• values – Trusted or pre-validated data dictionary.

Returns:

A new instance of the Model class with validated data.

classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) → Self

Validate the given object with string data against the Pydantic model.

Parameters:

• obj – The object containing string data to validate.

• strict – Whether to enforce types strictly.

• context – Extra variables to pass to the validator.

• by_alias – Whether to use the field’s alias when validating against the provided input data.

• by_name – Whether to use the field’s name when validating against the provided input data.

Returns:

The validated Pydantic model.

set_session(session: Session) → None

Set the boto3 session for this model.

Parameters:

session – The boto3 session to use.

Returns:

The model instance.

transform(attribute: str, transformer: str | None) → Any

Transform an attribute using a regular expression into something else before it is returned.

Important

This only makes sense for attributes that are strings.

transformer is a regular expression that will be used to transform the value of the attribute.

• If the attribute is None, it will be returned verbatim.

• If transformer is None, the attribute will be returned verbatim.

• If transformer has no named groups, the attribute will be replaced with the value of the first group.

• If transformer has named groups, the attribute will be replaced with a dictionary of the named groups.

Raises:

• ValueError – If the attribute does not exist on the model.

• RuntimeError – If the transformer fails to match the attribute value.

Parameters:

• attribute – The attribute to transform.

• transformer – The regular expression to use to transform the attribute.

Returns:

The transformed attribute.

pydantic model botocraft.services.sts.STSCredentials

Bases: Boto3Model

Amazon Web Services credentials for API authentication.

Show JSON schema

{
   "title": "STSCredentials",
   "description": "Amazon Web Services credentials for API authentication.",
   "type": "object",
   "properties": {
      "session": {
         "anyOf": [
            {},
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Session"
      },
      "AccessKeyId": {
         "title": "Accesskeyid",
         "type": "string"
      },
      "SecretAccessKey": {
         "title": "Secretaccesskey",
         "type": "string"
      },
      "SessionToken": {
         "title": "Sessiontoken",
         "type": "string"
      },
      "Expiration": {
         "format": "date-time",
         "title": "Expiration",
         "type": "string"
      }
   },
   "required": [
      "AccessKeyId",
      "SecretAccessKey",
      "SessionToken",
      "Expiration"
   ]
}

Config:

• validate_assignment: bool = True

• arbitrary_types_allowed: bool = True

Fields:

• AccessKeyId (str)

• Expiration (datetime.datetime)

• SecretAccessKey (str)

• SessionToken (str)

• session (Any | None)

field AccessKeyId: str [Required]

The access key ID that identifies the temporary security credentials.

field Expiration: datetime [Required]

The date on which the current credentials expire.

field SecretAccessKey: str [Required]

The secret access key that can be used to sign requests.

field SessionToken: str [Required]

The token that users must pass to the service API to use the temporary credentials.

field session: Any | None = None

The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use Any here because we pydantic complains vociferously if we use boto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.

classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) → Self

Creates a new instance of the Model class with validated data.

Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.

!!! note

model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.

Parameters:

• _fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.

• values – Trusted or pre-validated data dictionary.

Returns:

A new instance of the Model class with validated data.

classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) → Self

Validate the given object with string data against the Pydantic model.

Parameters:

• obj – The object containing string data to validate.

• strict – Whether to enforce types strictly.

• context – Extra variables to pass to the validator.

• by_alias – Whether to use the field’s alias when validating against the provided input data.

• by_name – Whether to use the field’s name when validating against the provided input data.

Returns:

The validated Pydantic model.

set_session(session: Session) → None

Set the boto3 session for this model.

Parameters:

session – The boto3 session to use.

Returns:

The model instance.

transform(attribute: str, transformer: str | None) → Any

Transform an attribute using a regular expression into something else before it is returned.

Important

This only makes sense for attributes that are strings.

transformer is a regular expression that will be used to transform the value of the attribute.

• If the attribute is None, it will be returned verbatim.

• If transformer is None, the attribute will be returned verbatim.

• If transformer has no named groups, the attribute will be replaced with the value of the first group.

• If transformer has named groups, the attribute will be replaced with a dictionary of the named groups.

Raises:

• ValueError – If the attribute does not exist on the model.

• RuntimeError – If the transformer fails to match the attribute value.

Parameters:

• attribute – The attribute to transform.

• transformer – The regular expression to use to transform the attribute.

Returns:

The transformed attribute.

Request/Response Models

Request/response models are models that are used to describe the structure of the data that is sent to and received from the AWS service. They are used by the managers to send requests to the service and to parse the responses that are received.

You will not often use them directly – typically they are used by the managers internally to send requests and parse responses – but they are included here for completeness, and because occasionally we return them directly to you because they have some useful additional information.

pydantic model botocraft.services.sts.AssumeRoleWithSAMLResponse

Bases: Boto3Model

Contains the response to a successful AssumeRoleWithSAML request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.

Show JSON schema

{
   "title": "AssumeRoleWithSAMLResponse",
   "description": "Contains the response to a successful AssumeRoleWithSAML request, including\ntemporary Amazon Web Services credentials that can be used to make Amazon Web\nServices requests.",
   "type": "object",
   "properties": {
      "session": {
         "anyOf": [
            {},
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Session"
      },
      "Credentials": {
         "anyOf": [
            {
               "$ref": "#/$defs/STSCredentials"
            },
            {
               "type": "null"
            }
         ],
         "default": null
      },
      "AssumedRoleUser": {
         "anyOf": [
            {
               "$ref": "#/$defs/STSAssumedRoleUser"
            },
            {
               "type": "null"
            }
         ],
         "default": null
      },
      "PackedPolicySize": {
         "anyOf": [
            {
               "type": "integer"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Packedpolicysize"
      },
      "Subject": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Subject"
      },
      "SubjectType": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Subjecttype"
      },
      "Issuer": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Issuer"
      },
      "Audience": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Audience"
      },
      "NameQualifier": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Namequalifier"
      },
      "SourceIdentity": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Sourceidentity"
      }
   },
   "$defs": {
      "STSAssumedRoleUser": {
         "description": "The identifiers for the temporary security credentials that the operation returns.",
         "properties": {
            "session": {
               "anyOf": [
                  {},
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "title": "Session"
            },
            "AssumedRoleId": {
               "title": "Assumedroleid",
               "type": "string"
            },
            "Arn": {
               "title": "Arn",
               "type": "string"
            }
         },
         "required": [
            "AssumedRoleId",
            "Arn"
         ],
         "title": "STSAssumedRoleUser",
         "type": "object"
      },
      "STSCredentials": {
         "description": "Amazon Web Services credentials for API authentication.",
         "properties": {
            "session": {
               "anyOf": [
                  {},
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "title": "Session"
            },
            "AccessKeyId": {
               "title": "Accesskeyid",
               "type": "string"
            },
            "SecretAccessKey": {
               "title": "Secretaccesskey",
               "type": "string"
            },
            "SessionToken": {
               "title": "Sessiontoken",
               "type": "string"
            },
            "Expiration": {
               "format": "date-time",
               "title": "Expiration",
               "type": "string"
            }
         },
         "required": [
            "AccessKeyId",
            "SecretAccessKey",
            "SessionToken",
            "Expiration"
         ],
         "title": "STSCredentials",
         "type": "object"
      }
   }
}

Config:

• validate_assignment: bool = True

• arbitrary_types_allowed: bool = True

Fields:

• AssumedRoleUser (botocraft.services.sts.STSAssumedRoleUser | None)

• Audience (str | None)

• Credentials (botocraft.services.sts.STSCredentials | None)

• Issuer (str | None)

• NameQualifier (str | None)

• PackedPolicySize (int | None)

• SourceIdentity (str | None)

• Subject (str | None)

• SubjectType (str | None)

• session (Any | None)

field AssumedRoleUser: STSAssumedRoleUser | None = None

The identifiers for the temporary security credentials that the operation returns.

field Audience: str | None = None

The value of the Recipient attribute of the SubjectConfirmationData element of the SAML assertion.

field Credentials: STSCredentials | None = None

The temporary security credentials, which include an access key ID, a secret access key, and a security (or session) token.

field Issuer: str | None = None

The value of the Issuer element of the SAML assertion.

field NameQualifier: str | None = None

A hash value based on the concatenation of the following:

field PackedPolicySize: int | None = None

A percentage value that indicates the packed size of the session policies and session tags combined passed in the request.

The request fails if the packed size is greater than 100 percent, which means the policies and tags exceeded the allowed space.

field SourceIdentity: str | None = None

The value in the SourceIdentity attribute in the SAML assertion.

The source identity value persists across chained role sessions.

field Subject: str | None = None

The value of the NameID element in the Subject element of the SAML assertion.

field SubjectType: str | None = None

The format of the name ID, as defined by the Format attribute in the NameID element of the SAML assertion.

Typical examples of the format are transient or persistent.

field session: Any | None = None

The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use Any here because we pydantic complains vociferously if we use boto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.

classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) → Self

Creates a new instance of the Model class with validated data.

Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.

!!! note

model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.

Parameters:

• _fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.

• values – Trusted or pre-validated data dictionary.

Returns:

A new instance of the Model class with validated data.

classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) → Self

Validate the given object with string data against the Pydantic model.

Parameters:

• obj – The object containing string data to validate.

• strict – Whether to enforce types strictly.

• context – Extra variables to pass to the validator.

• by_alias – Whether to use the field’s alias when validating against the provided input data.

• by_name – Whether to use the field’s name when validating against the provided input data.

Returns:

The validated Pydantic model.

set_session(session: Session) → None

Set the boto3 session for this model.

Parameters:

session – The boto3 session to use.

Returns:

The model instance.

transform(attribute: str, transformer: str | None) → Any

Transform an attribute using a regular expression into something else before it is returned.

Important

This only makes sense for attributes that are strings.

transformer is a regular expression that will be used to transform the value of the attribute.

• If the attribute is None, it will be returned verbatim.

• If transformer is None, the attribute will be returned verbatim.

• If transformer has no named groups, the attribute will be replaced with the value of the first group.

• If transformer has named groups, the attribute will be replaced with a dictionary of the named groups.

Raises:

• ValueError – If the attribute does not exist on the model.

• RuntimeError – If the transformer fails to match the attribute value.

Parameters:

• attribute – The attribute to transform.

• transformer – The regular expression to use to transform the attribute.

Returns:

The transformed attribute.

pydantic model botocraft.services.sts.AssumeRoleWithWebIdentityResponse

Bases: Boto3Model

Contains the response to a successful AssumeRoleWithWebIdentity request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.

Show JSON schema

{
   "title": "AssumeRoleWithWebIdentityResponse",
   "description": "Contains the response to a successful AssumeRoleWithWebIdentity request, including\ntemporary Amazon Web Services credentials that can be used to make Amazon Web\nServices requests.",
   "type": "object",
   "properties": {
      "session": {
         "anyOf": [
            {},
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Session"
      },
      "Credentials": {
         "anyOf": [
            {
               "$ref": "#/$defs/STSCredentials"
            },
            {
               "type": "null"
            }
         ],
         "default": null
      },
      "SubjectFromWebIdentityToken": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Subjectfromwebidentitytoken"
      },
      "AssumedRoleUser": {
         "anyOf": [
            {
               "$ref": "#/$defs/STSAssumedRoleUser"
            },
            {
               "type": "null"
            }
         ],
         "default": null
      },
      "PackedPolicySize": {
         "anyOf": [
            {
               "type": "integer"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Packedpolicysize"
      },
      "Provider": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Provider"
      },
      "Audience": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Audience"
      },
      "SourceIdentity": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Sourceidentity"
      }
   },
   "$defs": {
      "STSAssumedRoleUser": {
         "description": "The identifiers for the temporary security credentials that the operation returns.",
         "properties": {
            "session": {
               "anyOf": [
                  {},
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "title": "Session"
            },
            "AssumedRoleId": {
               "title": "Assumedroleid",
               "type": "string"
            },
            "Arn": {
               "title": "Arn",
               "type": "string"
            }
         },
         "required": [
            "AssumedRoleId",
            "Arn"
         ],
         "title": "STSAssumedRoleUser",
         "type": "object"
      },
      "STSCredentials": {
         "description": "Amazon Web Services credentials for API authentication.",
         "properties": {
            "session": {
               "anyOf": [
                  {},
                  {
                     "type": "null"
                  }
               ],
               "default": null,
               "title": "Session"
            },
            "AccessKeyId": {
               "title": "Accesskeyid",
               "type": "string"
            },
            "SecretAccessKey": {
               "title": "Secretaccesskey",
               "type": "string"
            },
            "SessionToken": {
               "title": "Sessiontoken",
               "type": "string"
            },
            "Expiration": {
               "format": "date-time",
               "title": "Expiration",
               "type": "string"
            }
         },
         "required": [
            "AccessKeyId",
            "SecretAccessKey",
            "SessionToken",
            "Expiration"
         ],
         "title": "STSCredentials",
         "type": "object"
      }
   }
}

Config:

• validate_assignment: bool = True

• arbitrary_types_allowed: bool = True

Fields:

• AssumedRoleUser (botocraft.services.sts.STSAssumedRoleUser | None)

• Audience (str | None)

• Credentials (botocraft.services.sts.STSCredentials | None)

• PackedPolicySize (int | None)

• Provider (str | None)

• SourceIdentity (str | None)

• SubjectFromWebIdentityToken (str | None)

• session (Any | None)

field AssumedRoleUser: STSAssumedRoleUser | None = None

The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers that you can use to refer to the resulting temporary security credentials.

For example, you can reference these credentials as a principal in a resource-based policy by using the ARN or assumed role ID. The ARN and ID include the RoleSessionName that you specified when you called AssumeRole.

field Audience: str | None = None

The intended audience (also known as client ID) of the web identity token.

This is traditionally the client identifier issued to the application that requested the web identity token.

field Credentials: STSCredentials | None = None

The temporary security credentials, which include an access key ID, a secret access key, and a security token.

field PackedPolicySize: int | None = None

A percentage value that indicates the packed size of the session policies and session tags combined passed in the request.

The request fails if the packed size is greater than 100 percent, which means the policies and tags exceeded the allowed space.

field Provider: str | None = None

The issuing authority of the web identity token presented.

For OpenID Connect ID tokens, this contains the value of the iss field. For OAuth 2.0 access tokens, this contains the value of the ProviderId parameter that was passed in the AssumeRoleWithWebIdentity request.

field SourceIdentity: str | None = None

The value of the source identity that is returned in the JSON web token (JWT) from the identity provider.

field SubjectFromWebIdentityToken: str | None = None

The unique user identifier that is returned by the identity provider.

This identifier is associated with the WebIdentityToken that was submitted with the AssumeRoleWithWebIdentity call. The identifier is typically unique to the user and the application that acquired the WebIdentityToken (pairwise identifier). For OpenID Connect ID tokens, this field contains the value returned by the identity provider as the token’s sub (Subject) claim.

field session: Any | None = None

The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use Any here because we pydantic complains vociferously if we use boto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.

classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) → Self

Creates a new instance of the Model class with validated data.

Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.

!!! note

model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.

Parameters:

• _fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.

• values – Trusted or pre-validated data dictionary.

Returns:

A new instance of the Model class with validated data.

classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) → Self

Validate the given object with string data against the Pydantic model.

Parameters:

• obj – The object containing string data to validate.

• strict – Whether to enforce types strictly.

• context – Extra variables to pass to the validator.

• by_alias – Whether to use the field’s alias when validating against the provided input data.

• by_name – Whether to use the field’s name when validating against the provided input data.

Returns:

The validated Pydantic model.

set_session(session: Session) → None

Set the boto3 session for this model.

Parameters:

session – The boto3 session to use.

Returns:

The model instance.

transform(attribute: str, transformer: str | None) → Any

Transform an attribute using a regular expression into something else before it is returned.

Important

This only makes sense for attributes that are strings.

transformer is a regular expression that will be used to transform the value of the attribute.

• If the attribute is None, it will be returned verbatim.

• If transformer is None, the attribute will be returned verbatim.

• If transformer has no named groups, the attribute will be replaced with the value of the first group.

• If transformer has named groups, the attribute will be replaced with a dictionary of the named groups.

Raises:

• ValueError – If the attribute does not exist on the model.

• RuntimeError – If the transformer fails to match the attribute value.

Parameters:

• attribute – The attribute to transform.

• transformer – The regular expression to use to transform the attribute.

Returns:

The transformed attribute.

pydantic model botocraft.services.sts.STSPolicyDescriptorType

Bases: Boto3Model

A reference to the IAM managed policy that is passed as a session policy for a role session or a federated user session.

Show JSON schema

{
   "title": "STSPolicyDescriptorType",
   "description": "A reference to the IAM managed policy that is passed as a session policy for a role\nsession or a federated user session.",
   "type": "object",
   "properties": {
      "session": {
         "anyOf": [
            {},
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Session"
      },
      "arn": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Arn"
      }
   }
}

Config:

• validate_assignment: bool = True

• arbitrary_types_allowed: bool = True

Fields:

• arn (str | None)

• session (Any | None)

field arn: str | None = None

The Amazon Resource Name (ARN) of the IAM managed policy to use as a session policy for the role.

For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

field session: Any | None = None

The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use Any here because we pydantic complains vociferously if we use boto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.

classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) → Self

Creates a new instance of the Model class with validated data.

Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.

!!! note

model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.

Parameters:

• _fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.

• values – Trusted or pre-validated data dictionary.

Returns:

A new instance of the Model class with validated data.

classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) → Self

Validate the given object with string data against the Pydantic model.

Parameters:

• obj – The object containing string data to validate.

• strict – Whether to enforce types strictly.

• context – Extra variables to pass to the validator.

• by_alias – Whether to use the field’s alias when validating against the provided input data.

• by_name – Whether to use the field’s name when validating against the provided input data.

Returns:

The validated Pydantic model.

set_session(session: Session) → None

Set the boto3 session for this model.

Parameters:

session – The boto3 session to use.

Returns:

The model instance.

transform(attribute: str, transformer: str | None) → Any

Transform an attribute using a regular expression into something else before it is returned.

Important

This only makes sense for attributes that are strings.

transformer is a regular expression that will be used to transform the value of the attribute.

• If the attribute is None, it will be returned verbatim.

• If transformer is None, the attribute will be returned verbatim.

• If transformer has no named groups, the attribute will be replaced with the value of the first group.

• If transformer has named groups, the attribute will be replaced with a dictionary of the named groups.

Raises:

• ValueError – If the attribute does not exist on the model.

• RuntimeError – If the transformer fails to match the attribute value.

Parameters:

• attribute – The attribute to transform.

• transformer – The regular expression to use to transform the attribute.

Returns:

The transformed attribute.

pydantic model botocraft.services.sts.STSProvidedContext

Bases: Boto3Model

Contains information about the provided context.

This includes the signed and encrypted trusted context assertion and the context provider ARN from which the trusted context assertion was generated.

Show JSON schema

{
   "title": "STSProvidedContext",
   "description": "Contains information about the provided context.\n\nThis includes the signed and encrypted trusted context assertion and the context\nprovider ARN from which the trusted context assertion was generated.",
   "type": "object",
   "properties": {
      "session": {
         "anyOf": [
            {},
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Session"
      },
      "ProviderArn": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Providerarn"
      },
      "ContextAssertion": {
         "anyOf": [
            {
               "type": "string"
            },
            {
               "type": "null"
            }
         ],
         "default": null,
         "title": "Contextassertion"
      }
   }
}

Config:

• validate_assignment: bool = True

• arbitrary_types_allowed: bool = True

Fields:

• ContextAssertion (str | None)

• ProviderArn (str | None)

• session (Any | None)

field ContextAssertion: str | None = None

The signed and encrypted trusted context assertion generated by the context provider.

The trusted context assertion is signed and encrypted by Amazon Web Services STS.

field ProviderArn: str | None = None

The context provider ARN from which the trusted context assertion was generated.

field session: Any | None = None

The boto3 session to use for this model. This is set by the manager, and is used in relationships. We have to use Any here because we pydantic complains vociferously if we use boto3.session.Session. We exclude it from the model dump because it’s not something that should be serialized.

classmethod model_construct(_fields_set: set[str] | None = None, **values: Any) → Self

Creates a new instance of the Model class with validated data.

Creates a new model setting __dict__ and __pydantic_fields_set__ from trusted or pre-validated data. Default values are respected, but no other validation is performed.

!!! note

model_construct() generally respects the model_config.extra setting on the provided model. That is, if model_config.extra == ‘allow’, then all extra passed values are added to the model instance’s __dict__ and __pydantic_extra__ fields. If model_config.extra == ‘ignore’ (the default), then all extra passed values are ignored. Because no validation is performed with a call to model_construct(), having model_config.extra == ‘forbid’ does not result in an error if extra values are passed, but they will be ignored.

Parameters:

• _fields_set – A set of field names that were originally explicitly set during instantiation. If provided, this is directly used for the [model_fields_set][pydantic.BaseModel.model_fields_set] attribute. Otherwise, the field names from the values argument will be used.

• values – Trusted or pre-validated data dictionary.

Returns:

A new instance of the Model class with validated data.

classmethod model_validate_strings(obj: Any, *, strict: bool | None = None, context: Any | None = None, by_alias: bool | None = None, by_name: bool | None = None) → Self

Validate the given object with string data against the Pydantic model.

Parameters:

• obj – The object containing string data to validate.

• strict – Whether to enforce types strictly.

• context – Extra variables to pass to the validator.

• by_alias – Whether to use the field’s alias when validating against the provided input data.

• by_name – Whether to use the field’s name when validating against the provided input data.

Returns:

The validated Pydantic model.

set_session(session: Session) → None

Set the boto3 session for this model.

Parameters:

session – The boto3 session to use.

Returns:

The model instance.

transform(attribute: str, transformer: str | None) → Any

Transform an attribute using a regular expression into something else before it is returned.

Important

This only makes sense for attributes that are strings.

transformer is a regular expression that will be used to transform the value of the attribute.

• If the attribute is None, it will be returned verbatim.

• If transformer is None, the attribute will be returned verbatim.

• If transformer has no named groups, the attribute will be replaced with the value of the first group.

• If transformer has named groups, the attribute will be replaced with a dictionary of the named groups.

Raises:

• ValueError – If the attribute does not exist on the model.

• RuntimeError – If the transformer fails to match the attribute value.

Parameters:

• attribute – The attribute to transform.

• transformer – The regular expression to use to transform the attribute.

Returns:

The transformed attribute.