GetRoleCredentials
Returns the STS short-term credentials for a given role name that is assigned to the user.
Request Syntax
GET /federation/credentials?account_id=accountId
&role_name=roleName
HTTP/1.1
x-amz-sso_bearer_token: accessToken
URI Request Parameters
The request uses the following URI parameters.
- accessToken
-
The token issued by the
CreateToken
API call. For more information, see CreateToken in the IAM Identity Center OIDC API Reference Guide.Required: Yes
- accountId
-
The identifier for the AWS account that is assigned to the user.
Required: Yes
- roleName
-
The friendly name of the role that is assigned to the user.
Required: Yes
Request Body
The request does not have a request body.
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"roleCredentials": {
"accessKeyId": "string",
"expiration": number,
"secretAccessKey": "string",
"sessionToken": "string"
}
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- roleCredentials
-
The credentials for the role that is assigned to the user.
Type: RoleCredentials object
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidRequestException
-
Indicates that a problem occurred with the input to the request. For example, a required parameter might be missing or out of range.
HTTP Status Code: 400
- ResourceNotFoundException
-
The specified resource doesn't exist.
HTTP Status Code: 404
- TooManyRequestsException
-
Indicates that the request is being made too frequently and is more than what the server can handle.
HTTP Status Code: 429
- UnauthorizedException
-
Indicates that the request is not authorized. This can happen due to an invalid access token in the request.
HTTP Status Code: 401
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: