AWS SDK for .NET Documentation
GetSessionTokenRequest Class
AmazonAmazon.SecurityToken.ModelGetSessionTokenRequest Did this page help you?   Yes   No    Tell us about it...
Container for the parameters to the GetSessionToken operation. Returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use
CopyC#
GetSessionToken
 if you want to use MFA to protect programmatic calls to specific AWS APIs like Amazon EC2
CopyC#
StopInstances
. MFA-enabled IAM users would need to call
CopyC#
GetSessionToken
 and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that are returned from the call, IAM users can then make programmatic calls to APIs that require MFA authentication.

The

CopyC#
GetSessionToken
action must be called by using the long-term AWS security credentials of the AWS account or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify, between 900 seconds (15 minutes) and 129600 seconds (36 hours); credentials that are created by using account credentials have a maximum duration of 3600 seconds (1 hour).

Note:

We recommend that you do not call

CopyC#
GetSessionToken
with root account credentials. Instead, follow our best practices by creating one or more IAM users, giving them the necessary permissions, and using IAM users for everyday interaction with AWS.

The permissions associated with the temporary security credentials returned by

CopyC#
GetSessionToken
are based on the permissions associated with account or IAM user whose credentials are used to call the action. If
CopyC#
GetSessionToken
 is called using root account credentials, the temporary credentials have root account permissions. Similarly, if
CopyC#
GetSessionToken
 is called using the credentials of an IAM user, the temporary credentials have the same permissions as the IAM user.

For more information about using

CopyC#
GetSessionToken
to create temporary credentials, go to Creating Temporary Credentials to Enable Access for IAM Users in Using Temporary Security Credentials.

Declaration Syntax
C#
public class GetSessionTokenRequest : AmazonWebServiceRequest
Members
All MembersConstructorsMethodsProperties



IconMemberDescription
GetSessionTokenRequest()()()()
Initializes a new instance of the GetSessionTokenRequest class

DurationSeconds
Gets and sets the property DurationSeconds.

The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129600 seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.


Equals(Object)
Determines whether the specified Object is equal to the current Object.
(Inherited from Object.)
GetHashCode()()()()
Serves as a hash function for a particular type.
(Inherited from Object.)
GetType()()()()
Gets the type of the current instance.
(Inherited from Object.)
SerialNumber
Gets and sets the property SerialNumber.

The identification number of the MFA device that is associated with the IAM user who is making the

CopyC#
GetSessionToken
call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as
CopyC#
GAHT12345678
) or an Amazon Resource Name (ARN) for a virtual device (such as
CopyC#
arn:aws:iam::123456789012:mfa/user
). You can find the device for an IAM user by going to the AWS Management Console and viewing the user's security credentials.


TokenCode
Gets and sets the property TokenCode.

The value provided by the MFA device, if MFA is required. If any policy requires the IAM user to submit an MFA code, specify this value. If MFA authentication is required, and the user does not provide a code when requesting a set of temporary security credentials, the user will receive an "access denied" response when requesting resources that require MFA authentication.


ToString()()()()
Returns a string that represents the current object.
(Inherited from Object.)
WithDurationSeconds(Int32) Obsolete.
Sets the DurationSeconds property

WithSerialNumber(String) Obsolete.
Sets the SerialNumber property

WithTokenCode(String) Obsolete.
Sets the TokenCode property

Inheritance Hierarchy
Object
AmazonWebServiceRequest
 GetSessionTokenRequest

Assembly: AWSSDK (Module: AWSSDK) Version: 1.5.60.0 (1.5.60.0)