Revokes the current client access token (CAT) and returns new CAT for clients to use when reconnecting to secure tunneling to access the same tunnel.
Requires permission to access the RotateTunnelAccessToken action.
Note
Rotating the CAT doesn't extend the tunnel duration. For example, say the tunnel duration is 12 hours and the tunnel has already been open for 4 hours. When you rotate the access tokens, the new tokens that are generated can only be used for the remaining 8 hours.
Request Syntax
{
"clientMode": "string",
"destinationConfig": {
"services": [ "string" ],
"thingName": "string"
},
"tunnelId": "string"
}Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- clientMode
-
The mode of the client that will use the client token, which can be either the source or destination, or both source and destination.
Type: String
Valid Values:
SOURCE | DESTINATION | ALLRequired: Yes
- destinationConfig
-
The destination configuration. You can not use
DestinationConfigwith sourceclientMode.Type: DestinationConfig object
Required: No
- tunnelId
-
The tunnel for which you want to rotate the access tokens.
Type: String
Pattern:
[a-zA-Z0-9_\-+=:]{1,128}Required: Yes
Response Syntax
{
"destinationAccessToken": "string",
"sourceAccessToken": "string",
"tunnelArn": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- destinationAccessToken
-
The client access token that the destination local proxy uses to connect to AWS IoT Secure Tunneling.
Type: String
- sourceAccessToken
-
The client access token that the source local proxy uses to connect to AWS IoT Secure Tunneling.
Type: String
- tunnelArn
-
The Amazon Resource Name for the tunnel.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1600.
Errors
- ResourceNotFoundException
-
Thrown when an operation is attempted on a resource that does not exist.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
