AWS SDK Version 4 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Exchanges a trade-in token for temporary Amazon Web Services credentials with the permissions associated with the assumed principal. This operation allows you to obtain credentials for a specific principal based on a trade-in token, enabling delegation of access to Amazon Web Services resources.

Note:

For .NET Core this operation is only available in asynchronous form. Please refer to GetDelegatedAccessTokenAsync.

Namespace: Amazon.SecurityToken
Assembly: AWSSDK.SecurityToken.dll
Version: 3.x.y.z

Syntax

C# 
public abstract GetDelegatedAccessTokenResponse GetDelegatedAccessToken(
         GetDelegatedAccessTokenRequest request
)

Parameters

request
Type: Amazon.SecurityToken.Model.GetDelegatedAccessTokenRequest

Container for the necessary parameters to execute the GetDelegatedAccessToken service method.

Return Value


Type: GetDelegatedAccessTokenResponse
The response from the GetDelegatedAccessToken service method, as returned by SecurityTokenService.

Exceptions

ExceptionCondition
ExpiredTradeInTokenException The trade-in token provided in the request has expired and can no longer be exchanged for credentials. Request a new token and retry the operation.
PackedPolicyTooLargeException The request was rejected because the total packed size of the session policies and session tags combined was too large. An Amazon Web Services conversion compresses the session policy document, session policy ARNs, and session tags into a packed binary format that has a separate limit. The error message indicates by percentage how close the policies and tags are to the upper size limit. For more information, see Passing Session Tags in STS in the IAM User Guide. You could receive this error even though you meet other defined session policy and session tag limits. For more information, see IAM and STS Entity Character Limits in the IAM User Guide.
RegionDisabledException STS is not activated in the requested region for the account that is being asked to generate credentials. The account administrator must use the IAM console to activate STS in that region. For more information, see Activating and Deactivating STS in an Amazon Web Services Region in the IAM User Guide.

Version Information

.NET Framework:
Supported in: 4.7.2 and newer

See Also

REST API Reference for GetDelegatedAccessToken Operation