STS / Client / get_delegated_access_token
get_delegated_access_token¶
- STS.Client.get_delegated_access_token(**kwargs)¶
Exchanges a trade-in token for temporary Amazon Web Services credentials with the permissions associated with the assumed principal. This operation allows you to obtain credentials for a specific principal based on a trade-in token, enabling delegation of access to Amazon Web Services resources.
See also: AWS API Documentation
Request Syntax
response = client.get_delegated_access_token( TradeInToken='string' )
- Parameters:
TradeInToken (string) –
[REQUIRED]
The token to exchange for temporary Amazon Web Services credentials. This token must be valid and unexpired at the time of the request.
- Return type:
dict
- Returns:
Response Syntax
{ 'Credentials': { 'AccessKeyId': 'string', 'SecretAccessKey': 'string', 'SessionToken': 'string', 'Expiration': datetime(2015, 1, 1) }, 'PackedPolicySize': 123, 'AssumedPrincipal': 'string' }
Response Structure
(dict) –
Credentials (dict) –
Amazon Web Services credentials for API authentication.
AccessKeyId (string) –
The access key ID that identifies the temporary security credentials.
SecretAccessKey (string) –
The secret access key that can be used to sign requests.
SessionToken (string) –
The token that users must pass to the service API to use the temporary credentials.
Expiration (datetime) –
The date on which the current credentials expire.
PackedPolicySize (integer) –
The percentage of the maximum policy size that is used by the session policy. The policy size is calculated as the sum of all the session policies and permission boundaries attached to the session. If the packed size exceeds 100%, the request fails.
AssumedPrincipal (string) –
The Amazon Resource Name (ARN) of the principal that was assumed when obtaining the delegated access token. This ARN identifies the IAM entity whose permissions are granted by the temporary credentials.
Exceptions