GetDelegatedAccessToken

The token to exchange for temporary Amazon credentials. This token must be valid and unexpired at the time of the request.

Type: String

Required: Yes

The Amazon Resource Name (ARN) of the principal that was assumed when obtaining the delegated access token. This ARN identifies the IAM entity whose permissions are granted by the temporary credentials.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: [\u0009\u000A\u000D\u0020-\u007E\u0085\u00A0-\uD7FF\uE000-\uFFFD\u10000-\u10FFFF]+

Amazon credentials for API authentication.

Type: Credentials object

The percentage of the maximum policy size that is used by the session policy. The policy size is calculated as the sum of all the session policies and permission boundaries attached to the session. If the packed size exceeds 100%, the request fails.

Type: Integer

Valid Range: Minimum value of 0.

The trade-in token provided in the request has expired and can no longer be exchanged for credentials. Request a new token and retry the operation.

HTTP Status Code: 400

The request was rejected because the total packed size of the session policies and session tags combined was too large. An Amazon conversion compresses the session policy document, session policy ARNs, and session tags into a packed binary format that has a separate limit. The error message indicates by percentage how close the policies and tags are to the upper size limit. For more information, see Passing Session Tags in Amazon STS in the IAM User Guide.

You could receive this error even though you meet other defined session policy and session tag limits. For more information, see IAM and Amazon STS Entity Character Limits in the IAM User Guide.

HTTP Status Code: 400