RubyGems - aws-sdk-core - Versions diffs - 3.115.0 → 3.119.0 - Mend

aws-sdk-core 3.115.0 → 3.119.0

Files changed (20) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +22 -0
data/VERSION +1 -1
data/lib/aws-sdk-core/credential_provider_chain.rb +2 -1
data/lib/aws-sdk-core/ec2_metadata.rb +24 -5
data/lib/aws-sdk-core/instance_profile_credentials.rb +39 -4
data/lib/aws-sdk-core/json/parser.rb +8 -0
data/lib/aws-sdk-core/log/param_filter.rb +9 -1
data/lib/aws-sdk-core/param_validator.rb +29 -0
data/lib/aws-sdk-core/shared_config.rb +2 -0
data/lib/aws-sdk-core/shared_credentials.rb +7 -1
data/lib/aws-sdk-core/structure.rb +10 -1
data/lib/aws-sdk-core/xml/parser/frame.rb +23 -0
data/lib/aws-sdk-sso.rb +1 -1
data/lib/aws-sdk-sso/client.rb +1 -1
data/lib/aws-sdk-sts.rb +1 -1
data/lib/aws-sdk-sts/client.rb +318 -296
data/lib/aws-sdk-sts/types.rb +167 -159
data/lib/seahorse/model/shapes.rb +25 -0
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c51427ddefb35e2594f5b19314371162a9ef641ee2347f2c569135f25c5e164e
-  data.tar.gz: ace6b55f07d11168cf425716aefcac7751ca6b1b7d30ccfc3a9a6f409055ab72
+  metadata.gz: ddf31c8c3694470609211adc4d264fe1cb30e4150506b1c509df6a5c544f5915
+  data.tar.gz: 2de3c3db20153adc6d6e558b26d467d158a584f4376fced873a34338fd1c8eb1
 SHA512:
-  metadata.gz: 362d882a36335ccbf9567673cf9c433484bdc7c7da626800e7b2cf3429662ffe2b05cdf4ba3f3a5a91cdc1122c48fe6bb1348f21937c878ac1f1a46dbedd7110
-  data.tar.gz: 754a0a0d8320723ac59aaa084cd3aee95dba74d844764bcee42a6163566aacdbde8a06793aae2e94e9f191e15849e36575f3ee27f4d0901cec4a1ee29534f40b
+  metadata.gz: f03cbc10196aae90f25910784c6b15ebff818d88a08b015a34f4c7dfb2c85c795e513f56473df82a69fb626ad54662c21bd65b02d6bc4f1ae4010b01d722e09b
+  data.tar.gz: b3e7f451f64f74fdbdc24e7891791e3b1ad6993c434321cff87d6088e663cda733513b194d7697af227e545b589257091909a624a2ad6e41c4e1e6f37882d87c

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,28 @@
 Unreleased Changes
 ------------------
+3.119.0 (2021-07-30)
+------------------
+* Feature - Support Document Types. Document types are used to carry open content. A document type value is serialized using the same format as its surroundings and requires no additional encoding or escaping.(#2523)
+3.118.0 (2021-07-28)
+------------------
+* Feature - Add support for Tagged Unions using a "sealed" classes like approach where each union member has a corresponding subclass.
+3.117.0 (2021-07-12)
+------------------
+* Feature - Support IPv6 endpoints for `Aws::InstanceProfileCredentials`. It supports two shared configuration options (`ec2_metadata_service_endpoint` & `ec2_metadata_service_endpoint_mode`), two ENV variables (`AWS_EC2_METADATA_SERVICE_ENDPOINT` & `AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE`), and two constructor options (`:endpoint` & `:endpoint_mode`).
+* Feature - Support IPv6 endpoint for `Aws::EC2Metadata` client. It can be configured with `:endpoint` or `:endpoint_mode`.
+3.116.0 (2021-07-07)
+------------------
+* Feature - Updated Aws::STS::Client with the latest API changes.
 3.115.0 (2021-06-23)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 3.~~115~~.0
1	+ 3.119.0

data/lib/aws-sdk-core/credential_provider_chain.rb CHANGED Viewed

@@ -160,10 +160,11 @@ module Aws
     end
     def instance_profile_credentials(options)
+      profile_name = determine_profile_name(options)
       if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
         ECSCredentials.new(options)
       else
-        InstanceProfileCredentials.new(options)
+        InstanceProfileCredentials.new(options.merge(profile: profile_name))
       end
     end

data/lib/aws-sdk-core/ec2_metadata.rb CHANGED Viewed

@@ -39,7 +39,11 @@ module Aws
     #   defaulting to 6 hours.
     # @option options [Integer] :retries (3) The number of retries for failed
     #   requests.
-    # @option options [String] :endpoint (169.254.169.254) The IMDS endpoint.
+    # @option options [String] :endpoint ('http://169.254.169.254') The IMDS
+    #   endpoint. This option has precedence over the :endpoint_mode.
+    # @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
+    #   the instance metadata service. This is either 'IPv4'
+    #   ('http://169.254.169.254') or 'IPv6' ('http://[fd00:ec2::254]').
     # @option options [Integer] :port (80) The IMDS endpoint port.
     # @option options [Integer] :http_open_timeout (1) The number of seconds to
     #   wait for the connection to open.
@@ -55,7 +59,8 @@ module Aws
       @retries = options[:retries] || 3
       @backoff = backoff(options[:backoff])
-      @endpoint = options[:endpoint] || '169.254.169.254'
+      endpoint_mode = options[:endpoint_mode] || 'IPv4'
+      @endpoint = resolve_endpoint(options[:endpoint], endpoint_mode)
       @port = options[:port] || 80
       @http_open_timeout = options[:http_open_timeout] || 1
@@ -76,7 +81,7 @@ module Aws
     #   ec2_metadata.get('/latest/meta-data/instance-id')
     #   => "i-023a25f10a73a0f79"
     #
-    # @Note This implementation always returns a String and will not parse any
+    # @note This implementation always returns a String and will not parse any
     #   responses. Parsable responses may include JSON objects or directory
     #   listings, which are strings separated by line feeds (ASCII 10).
     #
@@ -93,7 +98,7 @@ module Aws
     #   listing.split(10.chr)
     #   => ["ami-id", "ami-launch-index", ...]
     #
-    # @Note Unlike other services, IMDS does not have a service API model. This
+    # @note Unlike other services, IMDS does not have a service API model. This
     #   means that we cannot confidently generate code with methods and
     #   response structures. This implementation ensures that new IMDS features
     #   are always supported by being deployed to the instance and does not
@@ -116,6 +121,19 @@ module Aws
     private
+    def resolve_endpoint(endpoint, endpoint_mode)
+      return endpoint if endpoint
+      case endpoint_mode.downcase
+      when 'ipv4' then 'http://169.254.169.254'
+      when 'ipv6' then 'http://[fd00:ec2::254]'
+      else
+        raise ArgumentError,
+              ':endpoint_mode is not valid, expected IPv4 or IPv6, '\
+              "got: #{endpoint_mode}"
+      end
+    end
     def fetch_token
       open_connection do |conn|
         token_value, token_ttl = http_put(conn, @token_ttl)
@@ -163,7 +181,8 @@ module Aws
     end
     def open_connection
-      http = Net::HTTP.new(@endpoint, @port, nil)
+      uri = URI.parse(@endpoint)
+      http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
       http.open_timeout = @http_open_timeout
       http.read_timeout = @http_read_timeout
       http.set_debug_output(@http_debug_output) if @http_debug_output

data/lib/aws-sdk-core/instance_profile_credentials.rb CHANGED Viewed

@@ -5,7 +5,6 @@ require 'net/http'
 module Aws
   class InstanceProfileCredentials
     include CredentialProvider
     include RefreshingCredentials
@@ -44,7 +43,13 @@ module Aws
     # @param [Hash] options
     # @option options [Integer] :retries (1) Number of times to retry
     #   when retrieving credentials.
-    # @option options [String] :ip_address ('169.254.169.254')
+    # @option options [String] :endpoint ('http://169.254.169.254') The IMDS
+    #   endpoint. This option has precedence over the :endpoint_mode.
+    # @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
+    #   the instance metadata service. This is either 'IPv4' ('169.254.169.254')
+    #   or 'IPv6' ('[fd00:ec2::254]').
+    # @option options [String] :ip_address ('169.254.169.254') Deprecated. Use
+    #   :endpoint instead. The IP address for the endpoint.
     # @option options [Integer] :port (80)
     # @option options [Float] :http_open_timeout (1)
     # @option options [Float] :http_read_timeout (1)
@@ -60,7 +65,8 @@ module Aws
     #   to 21600 seconds
     def initialize(options = {})
       @retries = options[:retries] || 1
-      @ip_address = options[:ip_address] || '169.254.169.254'
+      endpoint_mode = resolve_endpoint_mode(options)
+      @endpoint = resolve_endpoint(options, endpoint_mode)
       @port = options[:port] || 80
       @http_open_timeout = options[:http_open_timeout] || 1
       @http_read_timeout = options[:http_read_timeout] || 1
@@ -78,6 +84,34 @@ module Aws
     private
+    def resolve_endpoint_mode(options)
+      value = options[:endpoint_mode]
+      value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE']
+      value ||= Aws.shared_config.ec2_metadata_service_endpoint_mode(
+        profile: options[:profile]
+      )
+      value || 'IPv4'
+    end
+    def resolve_endpoint(options, endpoint_mode)
+      value = options[:endpoint] || options[:ip_address]
+      value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT']
+      value ||= Aws.shared_config.ec2_metadata_service_endpoint(
+        profile: options[:profile]
+      )
+      return value if value
+      case endpoint_mode.downcase
+      when 'ipv4' then 'http://169.254.169.254'
+      when 'ipv6' then 'http://[fd00:ec2::254]'
+      else
+        raise ArgumentError,
+              ':endpoint_mode is not valid, expected IPv4 or IPv6, '\
+              "got: #{endpoint_mode}"
+      end
+    end
     def backoff(backoff)
       case backoff
       when Proc then backoff
@@ -152,7 +186,8 @@ module Aws
     end
     def open_connection
-      http = Net::HTTP.new(@ip_address, @port, nil)
+      uri = URI.parse(@endpoint)
+      http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
       http.open_timeout = @http_open_timeout
       http.read_timeout = @http_read_timeout
       http.set_debug_output(@http_debug_output) if @http_debug_output

data/lib/aws-sdk-core/json/parser.rb CHANGED Viewed

@@ -28,8 +28,16 @@ module Aws
           member_name, member_ref = shape.member_by_location_name(key)
           if member_ref
             target[member_name] = parse_ref(member_ref, value)
+          elsif shape.union
+            target[:unknown] = { 'name' => key, 'value' => value }
           end
         end
+        if shape.union
+          # convert to subclass
+          member_subclass = shape.member_subclass(target.member).new
+          member_subclass[target.member] = target.value
+          target = member_subclass
+        end
         target
       end

data/lib/aws-sdk-core/log/param_filter.rb CHANGED Viewed

@@ -26,7 +26,8 @@ module Aws
       def filter(values, type)
         case values
-        when Struct, Hash then filter_hash(values, type)
+        when Struct then filter_struct(values, type)
+        when Hash then filter_hash(values, type)
         when Array then filter_array(values, type)
         else values
         end
@@ -34,6 +35,13 @@ module Aws
       private
+      def filter_struct(values, type)
+        if values.class.include? Aws::Structure::Union
+          values = { values.member => values.value }
+        end
+        filter_hash(values, type)
+      end
       def filter_hash(values, type)
         if type.const_defined?('SENSITIVE')
           filters = type::SENSITIVE + @additional_filters

data/lib/aws-sdk-core/param_validator.rb CHANGED Viewed

@@ -70,6 +70,14 @@ module Aws
           end
         end
+        if @validate_required && shape.union
+          if values.length > 1
+            errors << "multiple values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}"
+          elsif values.length == 0
+            errors << "No values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}"
+          end
+        end
         # validate non-nil members
         values.each_pair do |name, value|
           unless value.nil?
@@ -117,11 +125,32 @@ module Aws
       end
     end
+    def document(ref, value, errors, context)
+      document_types = [Hash, Array, Numeric, String, TrueClass, FalseClass, NilClass]
+      unless document_types.any? { |t| value.is_a?(t) }
+        errors << expected_got(context, "one of #{document_types.join(', ')}", value)
+      end
+      # recursively validate types for aggregated types
+      case value
+      when Hash
+        value.each do |k, v|
+          document(ref, v, errors, context + "[#{k}]")
+        end
+      when Array
+        value.each do |v|
+          document(ref, v, errors, context)
+        end
+      end
+    end
     def shape(ref, value, errors, context)
       case ref.shape
       when StructureShape then structure(ref, value, errors, context)
       when ListShape then list(ref, value, errors, context)
       when MapShape then map(ref, value, errors, context)
+      when DocumentShape then document(ref, value, errors, context)
       when StringShape
         unless value.is_a?(String)
           errors << expected_got(context, "a String", value)

data/lib/aws-sdk-core/shared_config.rb CHANGED Viewed

@@ -163,6 +163,8 @@ module Aws
       :ca_bundle,
       :credential_process,
       :endpoint_discovery_enabled,
+      :ec2_metadata_service_endpoint,
+      :ec2_metadata_service_endpoint_mode,
       :max_attempts,
       :retry_mode,
       :adaptive_retry_wait_to_fill,

data/lib/aws-sdk-core/shared_credentials.rb CHANGED Viewed

@@ -14,11 +14,17 @@ module Aws
       'aws_session_token' => 'session_token',
     }
-    # Constructs a new SharedCredentials object. This will load AWS access
+    # Constructs a new SharedCredentials object. This will load static
+    # (access_key_id, secret_access_key and session_token) AWS access
     # credentials from an ini file, which supports profiles. The default
     # profile name is 'default'. You can specify the profile name with the
     # `ENV['AWS_PROFILE']` or with the `:profile_name` option.
     #
+    # To use credentials from the default credential resolution chain
+    # create a client without the credential option specified.
+    # You may access the resolved credentials through
+    # `client.config.credentials`.
+    #
     # @option [String] :path Path to the shared file.  Defaults
     #   to "#{Dir.home}/.aws/credentials".
     #

data/lib/aws-sdk-core/structure.rb CHANGED Viewed

@@ -70,11 +70,20 @@ module Aws
       end
     end
+    module Union
+      def member
+        self.members.select { |k| self[k] }.first
+      end
+      def value
+        self[member] if member
+      end
+    end
   end
   # @api private
   class EmptyStructure < Struct.new('AwsEmptyStructure')
     include(Aws::Structure)
   end
 end

data/lib/aws-sdk-core/xml/parser/frame.rb CHANGED Viewed

@@ -95,6 +95,8 @@ module Aws
         def child_frame(xml_name)
           if @member = @members[xml_name]
             Frame.new(xml_name, self, @member[:ref])
+          elsif @ref.shape.union
+            UnknownMemberFrame.new(xml_name, self, nil, @result)
           else
             NullFrame.new(xml_name, self)
           end
@@ -106,10 +108,24 @@ module Aws
             @result[@member[:name]][child.key.result] = child.value.result
           when FlatListFrame
             @result[@member[:name]] << child.result
+          when UnknownMemberFrame
+            @result[:unknown] = { 'name' => child.path.last, 'value' => child.result }
           when NullFrame
           else
             @result[@member[:name]] = child.result
           end
+          if @ref.shape.union
+            # a union may only have one member set
+            # convert to the union subclass
+            # The default Struct created will have defaults set for all values
+            # This also sets only one of the values leaving everything else nil
+            # as required for unions
+            set_member_name = @member ? @member[:name] : :unknown
+            member_subclass = @ref.shape.member_subclass(set_member_name).new # shape.member_subclass(target.member).new
+            member_subclass[set_member_name] = @result[set_member_name]
+            @result = member_subclass
+          end
         end
         private
@@ -242,6 +258,12 @@ module Aws
         end
       end
+      class UnknownMemberFrame < Frame
+        def result
+          @text.join
+        end
+      end
       class BlobFrame < Frame
         def result
           @text.empty? ? nil : Base64.decode64(@text.join)
@@ -302,6 +324,7 @@ module Aws
         MapShape => MapFrame,
         StringShape => StringFrame,
         StructureShape => StructureFrame,
+        UnionShape => StructureFrame,
         TimestampShape => TimestampFrame,
       }

data/lib/aws-sdk-sso.rb CHANGED Viewed

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
-  GEM_VERSION = '3.115.0'
+  GEM_VERSION = '3.119.0'
 end

data/lib/aws-sdk-sso/client.rb CHANGED Viewed

@@ -523,7 +523,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.115.0'
+      context[:gem_version] = '3.119.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-sts.rb CHANGED Viewed

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @!group service
 module Aws::STS
-  GEM_VERSION = '3.115.0'
+  GEM_VERSION = '3.119.0'
 end

data/lib/aws-sdk-sts/client.rb CHANGED Viewed

@@ -335,20 +335,21 @@ module Aws::STS
     # @!group API Operations
     # Returns a set of temporary security credentials that you can use to
-    # access AWS resources that you might not normally have access to. These
-    # temporary credentials consist of an access key ID, a secret access
-    # key, and a security token. Typically, you use `AssumeRole` within your
-    # account or for cross-account access. For a comparison of `AssumeRole`
-    # with other API operations that produce temporary credentials, see
-    # [Requesting Temporary Security Credentials][1] and [Comparing the AWS
-    # STS API operations][2] in the *IAM User Guide*.
+    # access Amazon Web Services resources that you might not normally have
+    # access to. These temporary credentials consist of an access key ID, a
+    # secret access key, and a security token. Typically, you use
+    # `AssumeRole` within your account or for cross-account access. For a
+    # comparison of `AssumeRole` with other API operations that produce
+    # temporary credentials, see [Requesting Temporary Security
+    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
+    # User Guide*.
     #
     # **Permissions**
     #
     # The temporary security credentials created by `AssumeRole` can be used
-    # to make API calls to any AWS service with the following exception: You
-    # cannot call the AWS STS `GetFederationToken` or `GetSessionToken` API
-    # operations.
+    # to make API calls to any Amazon Web Services service with the
+    # following exception: You cannot call the STS `GetFederationToken` or
+    # `GetSessionToken` API operations.
     #
     # (Optional) You can pass inline or managed [session policies][3] to
     # this operation. You can pass a single JSON policy document to use as
@@ -358,13 +359,14 @@ module Aws::STS
     # characters. Passing policies to this operation returns new temporary
     # credentials. The resulting session's permissions are the intersection
     # of the role's identity-based policy and the session policies. You can
-    # use the role's temporary credentials in subsequent AWS API calls to
-    # access resources in the account that owns the role. You cannot use
-    # session policies to grant more permissions than those allowed by the
-    # identity-based policy of the role that is being assumed. For more
-    # information, see [Session Policies][3] in the *IAM User Guide*.
+    # use the role's temporary credentials in subsequent Amazon Web
+    # Services API calls to access resources in the account that owns the
+    # role. You cannot use session policies to grant more permissions than
+    # those allowed by the identity-based policy of the role that is being
+    # assumed. For more information, see [Session Policies][3] in the *IAM
+    # User Guide*.
     #
-    # To assume a role from a different account, your AWS account must be
+    # To assume a role from a different account, your account must be
     # trusted by the role. The trust relationship is defined in the role's
     # trust policy when the role is created. That trust policy states which
     # accounts are allowed to delegate that access to users in the account.
@@ -408,12 +410,12 @@ module Aws::STS
     # (Optional) You can include multi-factor authentication (MFA)
     # information when you call `AssumeRole`. This is useful for
     # cross-account scenarios to ensure that the user that assumes the role
-    # has been authenticated with an AWS MFA device. In that scenario, the
-    # trust policy of the role being assumed includes a condition that tests
-    # for MFA authentication. If the caller does not include valid MFA
-    # information, the request to assume the role is denied. The condition
-    # in a trust policy that tests for MFA authentication might look like
-    # the following example.
+    # has been authenticated with an Amazon Web Services MFA device. In that
+    # scenario, the trust policy of the role being assumed includes a
+    # condition that tests for MFA authentication. If the caller does not
+    # include valid MFA information, the request to assume the role is
+    # denied. The condition in a trust policy that tests for MFA
+    # authentication might look like the following example.
     #
     # `"Condition": \{"Bool": \{"aws:MultiFactorAuthPresent": true\}\}`
     #
@@ -449,7 +451,7 @@ module Aws::STS
     #   also used in the ARN of the assumed role principal. This means that
     #   subsequent cross-account API requests that use the temporary security
     #   credentials will expose the role session name to the external account
-    #   in their AWS CloudTrail logs.
+    #   in their CloudTrail logs.
     #
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
@@ -464,26 +466,27 @@ module Aws::STS
     #   This parameter is optional. You can provide up to 10 managed policy
     #   ARNs. However, the plaintext that you use for both inline and managed
     #   session policies can't exceed 2,048 characters. For more information
-    #   about ARNs, see [Amazon Resource Names (ARNs) and AWS Service
-    #   Namespaces][1] in the AWS General Reference.
+    #   about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services
+    #   Service Namespaces][1] in the Amazon Web Services General Reference.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
     #   Passing policies to this operation returns new temporary credentials.
     #   The resulting session's permissions are the intersection of the
     #   role's identity-based policy and the session policies. You can use
-    #   the role's temporary credentials in subsequent AWS API calls to
-    #   access resources in the account that owns the role. You cannot use
-    #   session policies to grant more permissions than those allowed by the
-    #   identity-based policy of the role that is being assumed. For more
-    #   information, see [Session Policies][2] in the *IAM User Guide*.
+    #   the role's temporary credentials in subsequent Amazon Web Services
+    #   API calls to access resources in the account that owns the role. You
+    #   cannot use session policies to grant more permissions than those
+    #   allowed by the identity-based policy of the role that is being
+    #   assumed. For more information, see [Session Policies][2] in the *IAM
+    #   User Guide*.
     #
     #
     #
@@ -498,11 +501,11 @@ module Aws::STS
     #   new temporary credentials. The resulting session's permissions are
     #   the intersection of the role's identity-based policy and the session
     #   policies. You can use the role's temporary credentials in subsequent
-    #   AWS API calls to access resources in the account that owns the role.
-    #   You cannot use session policies to grant more permissions than those
-    #   allowed by the identity-based policy of the role that is being
-    #   assumed. For more information, see [Session Policies][1] in the *IAM
-    #   User Guide*.
+    #   Amazon Web Services API calls to access resources in the account that
+    #   owns the role. You cannot use session policies to grant more
+    #   permissions than those allowed by the identity-based policy of the
+    #   role that is being assumed. For more information, see [Session
+    #   Policies][1] in the *IAM User Guide*.
     #
     #   The plaintext that you use for both inline and managed session
     #   policies can't exceed 2,048 characters. The JSON policy characters
@@ -511,12 +514,12 @@ module Aws::STS
     #   the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)
     #   characters.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -543,8 +546,8 @@ module Aws::STS
     #   The request to the federation endpoint for a console sign-in token
     #   takes a `SessionDuration` parameter that specifies the maximum length
     #   of the console session. For more information, see [Creating a URL that
-    #   Enables Federated Users to Access the AWS Management Console][2] in
-    #   the *IAM User Guide*.
+    #   Enables Federated Users to Access the Management Console][2] in the
+    #   *IAM User Guide*.
     #
     #    </note>
     #
@@ -556,7 +559,7 @@ module Aws::STS
     # @option params [Array<Types::Tag>] :tags
     #   A list of session tags that you want to pass. Each session tag
     #   consists of a key name and an associated value. For more information
-    #   about session tags, see [Tagging AWS STS Sessions][1] in the *IAM User
+    #   about session tags, see [Tagging STS Sessions][1] in the *IAM User
     #   Guide*.
     #
     #   This parameter is optional. You can pass up to 50 session tags. The
@@ -564,12 +567,12 @@ module Aws::STS
     #   can’t exceed 256 characters. For these and additional limits, see [IAM
     #   and STS Character Limits][2] in the *IAM User Guide*.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -588,8 +591,8 @@ module Aws::STS
     #   operation, the new session inherits any transitive session tags from
     #   the calling session. If you pass a session tag with the same key as an
     #   inherited tag, the operation fails. To view the inherited tags for a
-    #   session, see the AWS CloudTrail logs. For more information, see
-    #   [Viewing Session Tags in CloudTrail][3] in the *IAM User Guide*.
+    #   session, see the CloudTrail logs. For more information, see [Viewing
+    #   Session Tags in CloudTrail][3] in the *IAM User Guide*.
     #
     #
     #
@@ -625,7 +628,8 @@ module Aws::STS
     #   trusted account. That way, only someone with the ID can assume the
     #   role, rather than everyone in the account. For more information about
     #   the external ID, see [How to Use an External ID When Granting Access
-    #   to Your AWS Resources to a Third Party][1] in the *IAM User Guide*.
+    #   to Your Amazon Web Services Resources to a Third Party][1] in the *IAM
+    #   User Guide*.
     #
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
@@ -666,18 +670,18 @@ module Aws::STS
     #
     #   You can require users to specify a source identity when they assume a
     #   role. You do this by using the `sts:SourceIdentity` condition key in a
-    #   role trust policy. You can use source identity information in AWS
+    #   role trust policy. You can use source identity information in
     #   CloudTrail logs to determine who took actions with a role. You can use
     #   the `aws:SourceIdentity` condition key to further control access to
-    #   AWS resources based on the value of source identity. For more
-    #   information about using source identity, see [Monitor and control
-    #   actions taken with assumed roles][1] in the *IAM User Guide*.
+    #   Amazon Web Services resources based on the value of source identity.
+    #   For more information about using source identity, see [Monitor and
+    #   control actions taken with assumed roles][1] in the *IAM User Guide*.
     #
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
     #   spaces. You can also include underscores or any of the following
     #   characters: =,.@-. You cannot use a value that begins with the text
-    #   `aws:`. This prefix is reserved for AWS internal use.
+    #   `aws:`. This prefix is reserved for Amazon Web Services internal use.
     #
     #
     #
@@ -781,16 +785,17 @@ module Aws::STS
     # Returns a set of temporary security credentials for users who have
     # been authenticated via a SAML authentication response. This operation
     # provides a mechanism for tying an enterprise identity store or
-    # directory to role-based AWS access without user-specific credentials
-    # or configuration. For a comparison of `AssumeRoleWithSAML` with the
-    # other API operations that produce temporary credentials, see
-    # [Requesting Temporary Security Credentials][1] and [Comparing the AWS
-    # STS API operations][2] in the *IAM User Guide*.
+    # directory to role-based Amazon Web Services access without
+    # user-specific credentials or configuration. For a comparison of
+    # `AssumeRoleWithSAML` with the other API operations that produce
+    # temporary credentials, see [Requesting Temporary Security
+    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
+    # User Guide*.
     #
     # The temporary security credentials returned by this operation consist
     # of an access key ID, a secret access key, and a security token.
     # Applications can use these temporary security credentials to sign
-    # calls to AWS services.
+    # calls to Amazon Web Services services.
     #
     # **Session Duration**
     #
@@ -810,22 +815,22 @@ module Aws::STS
     # use those operations to create a console URL. For more information,
     # see [Using IAM Roles][4] in the *IAM User Guide*.
     #
-    # <note markdown="1"> [Role chaining][5] limits your AWS CLI or AWS API role session to a
-    # maximum of one hour. When you use the `AssumeRole` API operation to
-    # assume a role, you can specify the duration of your role session with
-    # the `DurationSeconds` parameter. You can specify a parameter value of
-    # up to 43200 seconds (12 hours), depending on the maximum session
-    # duration setting for your role. However, if you assume a role using
-    # role chaining and provide a `DurationSeconds` parameter value greater
-    # than one hour, the operation fails.
+    # <note markdown="1"> [Role chaining][5] limits your CLI or Amazon Web Services API role
+    # session to a maximum of one hour. When you use the `AssumeRole` API
+    # operation to assume a role, you can specify the duration of your role
+    # session with the `DurationSeconds` parameter. You can specify a
+    # parameter value of up to 43200 seconds (12 hours), depending on the
+    # maximum session duration setting for your role. However, if you assume
+    # a role using role chaining and provide a `DurationSeconds` parameter
+    # value greater than one hour, the operation fails.
     #
     #  </note>
     #
     # **Permissions**
     #
     # The temporary security credentials created by `AssumeRoleWithSAML` can
-    # be used to make API calls to any AWS service with the following
-    # exception: you cannot call the STS `GetFederationToken` or
+    # be used to make API calls to any Amazon Web Services service with the
+    # following exception: you cannot call the STS `GetFederationToken` or
     # `GetSessionToken` API operations.
     #
     # (Optional) You can pass inline or managed [session policies][6] to
@@ -836,22 +841,23 @@ module Aws::STS
     # characters. Passing policies to this operation returns new temporary
     # credentials. The resulting session's permissions are the intersection
     # of the role's identity-based policy and the session policies. You can
-    # use the role's temporary credentials in subsequent AWS API calls to
-    # access resources in the account that owns the role. You cannot use
-    # session policies to grant more permissions than those allowed by the
-    # identity-based policy of the role that is being assumed. For more
-    # information, see [Session Policies][6] in the *IAM User Guide*.
-    #
-    # Calling `AssumeRoleWithSAML` does not require the use of AWS security
-    # credentials. The identity of the caller is validated by using keys in
-    # the metadata document that is uploaded for the SAML provider entity
-    # for your identity provider.
-    #
-    # Calling `AssumeRoleWithSAML` can result in an entry in your AWS
-    # CloudTrail logs. The entry includes the value in the `NameID` element
-    # of the SAML assertion. We recommend that you use a `NameIDType` that
-    # is not associated with any personally identifiable information (PII).
-    # For example, you could instead use the persistent identifier
+    # use the role's temporary credentials in subsequent Amazon Web
+    # Services API calls to access resources in the account that owns the
+    # role. You cannot use session policies to grant more permissions than
+    # those allowed by the identity-based policy of the role that is being
+    # assumed. For more information, see [Session Policies][6] in the *IAM
+    # User Guide*.
+    #
+    # Calling `AssumeRoleWithSAML` does not require the use of Amazon Web
+    # Services security credentials. The identity of the caller is validated
+    # by using keys in the metadata document that is uploaded for the SAML
+    # provider entity for your identity provider.
+    #
+    # Calling `AssumeRoleWithSAML` can result in an entry in your CloudTrail
+    # logs. The entry includes the value in the `NameID` element of the SAML
+    # assertion. We recommend that you use a `NameIDType` that is not
+    # associated with any personally identifiable information (PII). For
+    # example, you could instead use the persistent identifier
     # (`urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`).
     #
     # **Tags**
@@ -866,12 +872,12 @@ module Aws::STS
     # characters. For these and additional limits, see [IAM and STS
     # Character Limits][8] in the *IAM User Guide*.
     #
-    # <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    # tags into a packed binary format that has a separate limit. Your
-    # request can fail for this limit even if your plaintext meets the other
-    # requirements. The `PackedPolicySize` response element indicates by
-    # percentage how close the policies and tags for your request are to the
-    # upper size limit.
+    # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    # policies and session tags into a packed binary format that has a
+    # separate limit. Your request can fail for this limit even if your
+    # plaintext meets the other requirements. The `PackedPolicySize`
+    # response element indicates by percentage how close the policies and
+    # tags for your request are to the upper size limit.
     #
     #  </note>
     #
@@ -893,10 +899,11 @@ module Aws::STS
     #
     # Before your application can call `AssumeRoleWithSAML`, you must
     # configure your SAML identity provider (IdP) to issue the claims
-    # required by AWS. Additionally, you must use AWS Identity and Access
-    # Management (IAM) to create a SAML provider entity in your AWS account
-    # that represents your identity provider. You must also create an IAM
-    # role that specifies this SAML provider in its trust policy.
+    # required by Amazon Web Services. Additionally, you must use Identity
+    # and Access Management (IAM) to create a SAML provider entity in your
+    # Amazon Web Services account that represents your identity provider.
+    # You must also create an IAM role that specifies this SAML provider in
+    # its trust policy.
     #
     # For more information, see the following resources:
     #
@@ -953,26 +960,27 @@ module Aws::STS
     #   This parameter is optional. You can provide up to 10 managed policy
     #   ARNs. However, the plaintext that you use for both inline and managed
     #   session policies can't exceed 2,048 characters. For more information
-    #   about ARNs, see [Amazon Resource Names (ARNs) and AWS Service
-    #   Namespaces][1] in the AWS General Reference.
+    #   about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services
+    #   Service Namespaces][1] in the Amazon Web Services General Reference.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
     #   Passing policies to this operation returns new temporary credentials.
     #   The resulting session's permissions are the intersection of the
     #   role's identity-based policy and the session policies. You can use
-    #   the role's temporary credentials in subsequent AWS API calls to
-    #   access resources in the account that owns the role. You cannot use
-    #   session policies to grant more permissions than those allowed by the
-    #   identity-based policy of the role that is being assumed. For more
-    #   information, see [Session Policies][2] in the *IAM User Guide*.
+    #   the role's temporary credentials in subsequent Amazon Web Services
+    #   API calls to access resources in the account that owns the role. You
+    #   cannot use session policies to grant more permissions than those
+    #   allowed by the identity-based policy of the role that is being
+    #   assumed. For more information, see [Session Policies][2] in the *IAM
+    #   User Guide*.
     #
     #
     #
@@ -987,11 +995,11 @@ module Aws::STS
     #   new temporary credentials. The resulting session's permissions are
     #   the intersection of the role's identity-based policy and the session
     #   policies. You can use the role's temporary credentials in subsequent
-    #   AWS API calls to access resources in the account that owns the role.
-    #   You cannot use session policies to grant more permissions than those
-    #   allowed by the identity-based policy of the role that is being
-    #   assumed. For more information, see [Session Policies][1] in the *IAM
-    #   User Guide*.
+    #   Amazon Web Services API calls to access resources in the account that
+    #   owns the role. You cannot use session policies to grant more
+    #   permissions than those allowed by the identity-based policy of the
+    #   role that is being assumed. For more information, see [Session
+    #   Policies][1] in the *IAM User Guide*.
     #
     #   The plaintext that you use for both inline and managed session
     #   policies can't exceed 2,048 characters. The JSON policy characters
@@ -1000,12 +1008,12 @@ module Aws::STS
     #   the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)
     #   characters.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -1034,8 +1042,8 @@ module Aws::STS
     #   The request to the federation endpoint for a console sign-in token
     #   takes a `SessionDuration` parameter that specifies the maximum length
     #   of the console session. For more information, see [Creating a URL that
-    #   Enables Federated Users to Access the AWS Management Console][2] in
-    #   the *IAM User Guide*.
+    #   Enables Federated Users to Access the Management Console][2] in the
+    #   *IAM User Guide*.
     #
     #    </note>
     #
@@ -1132,33 +1140,36 @@ module Aws::STS
     # Facebook, Google, or any OpenID Connect-compatible identity provider.
     #
     # <note markdown="1"> For mobile applications, we recommend that you use Amazon Cognito. You
-    # can use Amazon Cognito with the [AWS SDK for iOS Developer Guide][1]
-    # and the [AWS SDK for Android Developer Guide][2] to uniquely identify
-    # a user. You can also supply the user with a consistent identity
-    # throughout the lifetime of an application.
+    # can use Amazon Cognito with the [Amazon Web Services SDK for iOS
+    # Developer Guide][1] and the [Amazon Web Services SDK for Android
+    # Developer Guide][2] to uniquely identify a user. You can also supply
+    # the user with a consistent identity throughout the lifetime of an
+    # application.
     #
     #  To learn more about Amazon Cognito, see [Amazon Cognito Overview][3]
-    # in *AWS SDK for Android Developer Guide* and [Amazon Cognito
-    # Overview][4] in the *AWS SDK for iOS Developer Guide*.
+    # in *Amazon Web Services SDK for Android Developer Guide* and [Amazon
+    # Cognito Overview][4] in the *Amazon Web Services SDK for iOS Developer
+    # Guide*.
     #
     #  </note>
     #
-    # Calling `AssumeRoleWithWebIdentity` does not require the use of AWS
-    # security credentials. Therefore, you can distribute an application
-    # (for example, on mobile devices) that requests temporary security
-    # credentials without including long-term AWS credentials in the
-    # application. You also don't need to deploy server-based proxy
-    # services that use long-term AWS credentials. Instead, the identity of
-    # the caller is validated by using a token from the web identity
-    # provider. For a comparison of `AssumeRoleWithWebIdentity` with the
-    # other API operations that produce temporary credentials, see
-    # [Requesting Temporary Security Credentials][5] and [Comparing the AWS
-    # STS API operations][6] in the *IAM User Guide*.
+    # Calling `AssumeRoleWithWebIdentity` does not require the use of Amazon
+    # Web Services security credentials. Therefore, you can distribute an
+    # application (for example, on mobile devices) that requests temporary
+    # security credentials without including long-term Amazon Web Services
+    # credentials in the application. You also don't need to deploy
+    # server-based proxy services that use long-term Amazon Web Services
+    # credentials. Instead, the identity of the caller is validated by using
+    # a token from the web identity provider. For a comparison of
+    # `AssumeRoleWithWebIdentity` with the other API operations that produce
+    # temporary credentials, see [Requesting Temporary Security
+    # Credentials][5] and [Comparing the STS API operations][6] in the *IAM
+    # User Guide*.
     #
     # The temporary security credentials returned by this API consist of an
     # access key ID, a secret access key, and a security token. Applications
-    # can use these temporary security credentials to sign calls to AWS
-    # service API operations.
+    # can use these temporary security credentials to sign calls to Amazon
+    # Web Services service API operations.
     #
     # **Session Duration**
     #
@@ -1178,9 +1189,9 @@ module Aws::STS
     # **Permissions**
     #
     # The temporary security credentials created by
-    # `AssumeRoleWithWebIdentity` can be used to make API calls to any AWS
-    # service with the following exception: you cannot call the STS
-    # `GetFederationToken` or `GetSessionToken` API operations.
+    # `AssumeRoleWithWebIdentity` can be used to make API calls to any
+    # Amazon Web Services service with the following exception: you cannot
+    # call the STS `GetFederationToken` or `GetSessionToken` API operations.
     #
     # (Optional) You can pass inline or managed [session policies][9] to
     # this operation. You can pass a single JSON policy document to use as
@@ -1190,11 +1201,12 @@ module Aws::STS
     # characters. Passing policies to this operation returns new temporary
     # credentials. The resulting session's permissions are the intersection
     # of the role's identity-based policy and the session policies. You can
-    # use the role's temporary credentials in subsequent AWS API calls to
-    # access resources in the account that owns the role. You cannot use
-    # session policies to grant more permissions than those allowed by the
-    # identity-based policy of the role that is being assumed. For more
-    # information, see [Session Policies][9] in the *IAM User Guide*.
+    # use the role's temporary credentials in subsequent Amazon Web
+    # Services API calls to access resources in the account that owns the
+    # role. You cannot use session policies to grant more permissions than
+    # those allowed by the identity-based policy of the role that is being
+    # assumed. For more information, see [Session Policies][9] in the *IAM
+    # User Guide*.
     #
     # **Tags**
     #
@@ -1208,12 +1220,12 @@ module Aws::STS
     # characters. For these and additional limits, see [IAM and STS
     # Character Limits][11] in the *IAM User Guide*.
     #
-    # <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    # tags into a packed binary format that has a separate limit. Your
-    # request can fail for this limit even if your plaintext meets the other
-    # requirements. The `PackedPolicySize` response element indicates by
-    # percentage how close the policies and tags for your request are to the
-    # upper size limit.
+    # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    # policies and session tags into a packed binary format that has a
+    # separate limit. Your request can fail for this limit even if your
+    # plaintext meets the other requirements. The `PackedPolicySize`
+    # response element indicates by percentage how close the policies and
+    # tags for your request are to the upper size limit.
     #
     #  </note>
     #
@@ -1240,7 +1252,7 @@ module Aws::STS
     # identity token. In other words, the identity provider must be
     # specified in the role's trust policy.
     #
-    # Calling `AssumeRoleWithWebIdentity` can result in an entry in your AWS
+    # Calling `AssumeRoleWithWebIdentity` can result in an entry in your
     # CloudTrail logs. The entry includes the [Subject][14] of the provided
     # web identity token. We recommend that you avoid using any personally
     # identifiable information (PII) in this field. For example, you could
@@ -1256,13 +1268,13 @@ module Aws::STS
     # * [ Web Identity Federation Playground][18]. Walk through the process
     #   of authenticating through Login with Amazon, Facebook, or Google,
     #   getting temporary security credentials, and then using those
-    #   credentials to make a request to AWS.
+    #   credentials to make a request to Amazon Web Services.
     #
-    # * [AWS SDK for iOS Developer Guide][1] and [AWS SDK for Android
-    #   Developer Guide][2]. These toolkits contain sample apps that show
-    #   how to invoke the identity providers. The toolkits then show how to
-    #   use the information from these providers to get and use temporary
-    #   security credentials.
+    # * [Amazon Web Services SDK for iOS Developer Guide][1] and [Amazon Web
+    #   Services SDK for Android Developer Guide][2]. These toolkits contain
+    #   sample apps that show how to invoke the identity providers. The
+    #   toolkits then show how to use the information from these providers
+    #   to get and use temporary security credentials.
     #
     # * [Web Identity Federation with Mobile Applications][19]. This article
     #   discusses web identity federation and shows an example of how to use
@@ -1333,26 +1345,27 @@ module Aws::STS
     #   This parameter is optional. You can provide up to 10 managed policy
     #   ARNs. However, the plaintext that you use for both inline and managed
     #   session policies can't exceed 2,048 characters. For more information
-    #   about ARNs, see [Amazon Resource Names (ARNs) and AWS Service
-    #   Namespaces][1] in the AWS General Reference.
+    #   about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services
+    #   Service Namespaces][1] in the Amazon Web Services General Reference.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
     #   Passing policies to this operation returns new temporary credentials.
     #   The resulting session's permissions are the intersection of the
     #   role's identity-based policy and the session policies. You can use
-    #   the role's temporary credentials in subsequent AWS API calls to
-    #   access resources in the account that owns the role. You cannot use
-    #   session policies to grant more permissions than those allowed by the
-    #   identity-based policy of the role that is being assumed. For more
-    #   information, see [Session Policies][2] in the *IAM User Guide*.
+    #   the role's temporary credentials in subsequent Amazon Web Services
+    #   API calls to access resources in the account that owns the role. You
+    #   cannot use session policies to grant more permissions than those
+    #   allowed by the identity-based policy of the role that is being
+    #   assumed. For more information, see [Session Policies][2] in the *IAM
+    #   User Guide*.
     #
     #
     #
@@ -1367,11 +1380,11 @@ module Aws::STS
     #   new temporary credentials. The resulting session's permissions are
     #   the intersection of the role's identity-based policy and the session
     #   policies. You can use the role's temporary credentials in subsequent
-    #   AWS API calls to access resources in the account that owns the role.
-    #   You cannot use session policies to grant more permissions than those
-    #   allowed by the identity-based policy of the role that is being
-    #   assumed. For more information, see [Session Policies][1] in the *IAM
-    #   User Guide*.
+    #   Amazon Web Services API calls to access resources in the account that
+    #   owns the role. You cannot use session policies to grant more
+    #   permissions than those allowed by the identity-based policy of the
+    #   role that is being assumed. For more information, see [Session
+    #   Policies][1] in the *IAM User Guide*.
     #
     #   The plaintext that you use for both inline and managed session
     #   policies can't exceed 2,048 characters. The JSON policy characters
@@ -1380,12 +1393,12 @@ module Aws::STS
     #   the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)
     #   characters.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -1411,8 +1424,8 @@ module Aws::STS
     #   The request to the federation endpoint for a console sign-in token
     #   takes a `SessionDuration` parameter that specifies the maximum length
     #   of the console session. For more information, see [Creating a URL that
-    #   Enables Federated Users to Access the AWS Management Console][2] in
-    #   the *IAM User Guide*.
+    #   Enables Federated Users to Access the Management Console][2] in the
+    #   *IAM User Guide*.
     #
     #    </note>
     #
@@ -1501,19 +1514,19 @@ module Aws::STS
     end
     # Decodes additional information about the authorization status of a
-    # request from an encoded message returned in response to an AWS
-    # request.
+    # request from an encoded message returned in response to an Amazon Web
+    # Services request.
     #
     # For example, if a user is not authorized to perform an operation that
     # he or she has requested, the request returns a
     # `Client.UnauthorizedOperation` response (an HTTP 403 response). Some
-    # AWS operations additionally return an encoded message that can provide
-    # details about this authorization failure.
+    # Amazon Web Services operations additionally return an encoded message
+    # that can provide details about this authorization failure.
     #
-    # <note markdown="1"> Only certain AWS operations return an encoded authorization message.
-    # The documentation for an individual operation indicates whether that
-    # operation returns an encoded message in addition to returning an HTTP
-    # code.
+    # <note markdown="1"> Only certain Amazon Web Services operations return an encoded
+    # authorization message. The documentation for an individual operation
+    # indicates whether that operation returns an encoded message in
+    # addition to returning an HTTP code.
     #
     #  </note>
     #
@@ -1589,15 +1602,16 @@ module Aws::STS
     # *IAM User Guide*.
     #
     # When you pass an access key ID to this operation, it returns the ID of
-    # the AWS account to which the keys belong. Access key IDs beginning
-    # with `AKIA` are long-term credentials for an IAM user or the AWS
-    # account root user. Access key IDs beginning with `ASIA` are temporary
-    # credentials that are created using STS operations. If the account in
-    # the response belongs to you, you can sign in as the root user and
-    # review your root user access keys. Then, you can pull a [credentials
-    # report][2] to learn which IAM user owns the keys. To learn who
-    # requested the temporary credentials for an `ASIA` access key, view the
-    # STS events in your [CloudTrail logs][3] in the *IAM User Guide*.
+    # the Amazon Web Services account to which the keys belong. Access key
+    # IDs beginning with `AKIA` are long-term credentials for an IAM user or
+    # the Amazon Web Services account root user. Access key IDs beginning
+    # with `ASIA` are temporary credentials that are created using STS
+    # operations. If the account in the response belongs to you, you can
+    # sign in as the root user and review your root user access keys. Then,
+    # you can pull a [credentials report][2] to learn which IAM user owns
+    # the keys. To learn who requested the temporary credentials for an
+    # `ASIA` access key, view the STS events in your [CloudTrail logs][3] in
+    # the *IAM User Guide*.
     #
     # This operation does not indicate the state of the access key. The key
     # might be active, inactive, or deleted. Active keys might not have
@@ -1734,8 +1748,8 @@ module Aws::STS
     # can be safely stored, usually in a server-based application. For a
     # comparison of `GetFederationToken` with the other API operations that
     # produce temporary credentials, see [Requesting Temporary Security
-    # Credentials][1] and [Comparing the AWS STS API operations][2] in the
-    # *IAM User Guide*.
+    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
+    # User Guide*.
     #
     # <note markdown="1"> You can create a mobile-based or browser-based app that can
     # authenticate users using a web identity provider like Login with
@@ -1747,27 +1761,29 @@ module Aws::STS
     #  </note>
     #
     # You can also call `GetFederationToken` using the security credentials
-    # of an AWS account root user, but we do not recommend it. Instead, we
-    # recommend that you create an IAM user for the purpose of the proxy
-    # application. Then attach a policy to the IAM user that limits
-    # federated users to only the actions and resources that they need to
-    # access. For more information, see [IAM Best Practices][5] in the *IAM
-    # User Guide*.
+    # of an Amazon Web Services account root user, but we do not recommend
+    # it. Instead, we recommend that you create an IAM user for the purpose
+    # of the proxy application. Then attach a policy to the IAM user that
+    # limits federated users to only the actions and resources that they
+    # need to access. For more information, see [IAM Best Practices][5] in
+    # the *IAM User Guide*.
     #
     # **Session duration**
     #
     # The temporary credentials are valid for the specified duration, from
     # 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
     # hours). The default session duration is 43,200 seconds (12 hours).
-    # Temporary credentials that are obtained by using AWS account root user
-    # credentials have a maximum duration of 3,600 seconds (1 hour).
+    # Temporary credentials that are obtained by using Amazon Web Services
+    # account root user credentials have a maximum duration of 3,600 seconds
+    # (1 hour).
     #
     # **Permissions**
     #
     # You can use the temporary credentials created by `GetFederationToken`
-    # in any AWS service except the following:
+    # in any Amazon Web Services service except the following:
     #
-    # * You cannot call any IAM operations using the AWS CLI or the AWS API.
+    # * You cannot call any IAM operations using the CLI or the Amazon Web
+    #   Services API.
     #
     # * You cannot call any STS operations except `GetCallerIdentity`.
     #
@@ -1813,27 +1829,29 @@ module Aws::STS
     #  </note>
     #
     # You can also call `GetFederationToken` using the security credentials
-    # of an AWS account root user, but we do not recommend it. Instead, we
-    # recommend that you create an IAM user for the purpose of the proxy
-    # application. Then attach a policy to the IAM user that limits
-    # federated users to only the actions and resources that they need to
-    # access. For more information, see [IAM Best Practices][5] in the *IAM
-    # User Guide*.
+    # of an Amazon Web Services account root user, but we do not recommend
+    # it. Instead, we recommend that you create an IAM user for the purpose
+    # of the proxy application. Then attach a policy to the IAM user that
+    # limits federated users to only the actions and resources that they
+    # need to access. For more information, see [IAM Best Practices][5] in
+    # the *IAM User Guide*.
     #
     # **Session duration**
     #
     # The temporary credentials are valid for the specified duration, from
     # 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
     # hours). The default session duration is 43,200 seconds (12 hours).
-    # Temporary credentials that are obtained by using AWS account root user
-    # credentials have a maximum duration of 3,600 seconds (1 hour).
+    # Temporary credentials that are obtained by using Amazon Web Services
+    # account root user credentials have a maximum duration of 3,600 seconds
+    # (1 hour).
     #
     # **Permissions**
     #
     # You can use the temporary credentials created by `GetFederationToken`
-    # in any AWS service except the following:
+    # in any Amazon Web Services service except the following:
     #
-    # * You cannot call any IAM operations using the AWS CLI or the AWS API.
+    # * You cannot call any IAM operations using the CLI or the Amazon Web
+    #   Services API.
     #
     # * You cannot call any STS operations except `GetCallerIdentity`.
     #
@@ -1941,12 +1959,12 @@ module Aws::STS
     #   the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)
     #   characters.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -1965,8 +1983,9 @@ module Aws::STS
     #   to use as managed session policies. The plaintext that you use for
     #   both inline and managed session policies can't exceed 2,048
     #   characters. You can provide up to 10 managed policy ARNs. For more
-    #   information about ARNs, see [Amazon Resource Names (ARNs) and AWS
-    #   Service Namespaces][2] in the AWS General Reference.
+    #   information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
+    #   Web Services Service Namespaces][2] in the Amazon Web Services General
+    #   Reference.
     #
     #   This parameter is optional. However, if you do not pass any session
     #   policies, then the resulting federated user session has no
@@ -1987,12 +2006,12 @@ module Aws::STS
     #   are granted in addition to the permissions that are granted by the
     #   session policies.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -2005,10 +2024,10 @@ module Aws::STS
     #   The duration, in seconds, that the session should last. Acceptable
     #   durations for federation sessions range from 900 seconds (15 minutes)
     #   to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the
-    #   default. Sessions obtained using AWS account root user credentials are
-    #   restricted to a maximum of 3,600 seconds (one hour). If the specified
-    #   duration is longer than one hour, the session obtained by using root
-    #   user credentials defaults to one hour.
+    #   default. Sessions obtained using Amazon Web Services account root user
+    #   credentials are restricted to a maximum of 3,600 seconds (one hour).
+    #   If the specified duration is longer than one hour, the session
+    #   obtained by using root user credentials defaults to one hour.
     #
     # @option params [Array<Types::Tag>] :tags
     #   A list of session tags. Each session tag consists of a key name and an
@@ -2020,12 +2039,12 @@ module Aws::STS
     #   can’t exceed 256 characters. For these and additional limits, see [IAM
     #   and STS Character Limits][2] in the *IAM User Guide*.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -2123,37 +2142,38 @@ module Aws::STS
       req.send_request(options)
     end
-    # Returns a set of temporary credentials for an AWS account or IAM user.
-    # The credentials consist of an access key ID, a secret access key, and
-    # a security token. Typically, you use `GetSessionToken` if you want to
-    # use MFA to protect programmatic calls to specific AWS API operations
-    # like Amazon EC2 `StopInstances`. MFA-enabled IAM users would need to
-    # call `GetSessionToken` and submit an MFA code that is associated with
-    # their MFA device. Using the temporary security credentials that are
-    # returned from the call, IAM users can then make programmatic calls to
-    # API operations that require MFA authentication. If you do not supply a
+    # Returns a set of temporary credentials for an Amazon Web Services
+    # account or IAM user. The credentials consist of an access key ID, a
+    # secret access key, and a security token. Typically, you use
+    # `GetSessionToken` if you want to use MFA to protect programmatic calls
+    # to specific Amazon Web Services API operations like Amazon EC2
+    # `StopInstances`. MFA-enabled IAM users would need to call
+    # `GetSessionToken` and submit an MFA code that is associated with their
+    # MFA device. Using the temporary security credentials that are returned
+    # from the call, IAM users can then make programmatic calls to API
+    # operations that require MFA authentication. If you do not supply a
     # correct MFA code, then the API returns an access denied error. For a
     # comparison of `GetSessionToken` with the other API operations that
     # produce temporary credentials, see [Requesting Temporary Security
-    # Credentials][1] and [Comparing the AWS STS API operations][2] in the
-    # *IAM User Guide*.
+    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
+    # User Guide*.
     #
     # **Session Duration**
     #
     # The `GetSessionToken` operation must be called by using the long-term
-    # AWS security credentials of the AWS account root user or an IAM user.
-    # Credentials that are created by IAM users are valid for the duration
-    # that you specify. This duration can range from 900 seconds (15
-    # minutes) up to a maximum of 129,600 seconds (36 hours), with a default
-    # of 43,200 seconds (12 hours). Credentials based on account credentials
-    # can range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour),
-    # with a default of 1 hour.
+    # Amazon Web Services security credentials of the Amazon Web Services
+    # account root user or an IAM user. Credentials that are created by IAM
+    # users are valid for the duration that you specify. This duration can
+    # range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds
+    # (36 hours), with a default of 43,200 seconds (12 hours). Credentials
+    # based on account credentials can range from 900 seconds (15 minutes)
+    # up to 3,600 seconds (1 hour), with a default of 1 hour.
     #
     # **Permissions**
     #
     # The temporary security credentials created by `GetSessionToken` can be
-    # used to make API calls to any AWS service with the following
-    # exceptions:
+    # used to make API calls to any Amazon Web Services service with the
+    # following exceptions:
     #
     # * You cannot call any IAM API operations unless MFA authentication
     #   information is included in the request.
@@ -2161,20 +2181,21 @@ module Aws::STS
     # * You cannot call any STS API *except* `AssumeRole` or
     #   `GetCallerIdentity`.
     #
-    # <note markdown="1"> We recommend that you do not call `GetSessionToken` with AWS account
-    # root user credentials. Instead, follow our [best practices][3] by
-    # creating one or more IAM users, giving them the necessary permissions,
-    # and using IAM users for everyday interaction with AWS.
+    # <note markdown="1"> We recommend that you do not call `GetSessionToken` with Amazon Web
+    # Services account root user credentials. Instead, follow our [best
+    # practices][3] by creating one or more IAM users, giving them the
+    # necessary permissions, and using IAM users for everyday interaction
+    # with Amazon Web Services.
     #
     #  </note>
     #
     # The credentials that are returned by `GetSessionToken` are based on
     # permissions associated with the user whose credentials were used to
-    # call the operation. If `GetSessionToken` is called using AWS account
-    # root user credentials, the temporary credentials have root user
-    # permissions. Similarly, if `GetSessionToken` is called using the
-    # credentials of an IAM user, the temporary credentials have the same
-    # permissions as the IAM user.
+    # call the operation. If `GetSessionToken` is called using Amazon Web
+    # Services account root user credentials, the temporary credentials have
+    # root user permissions. Similarly, if `GetSessionToken` is called using
+    # the credentials of an IAM user, the temporary credentials have the
+    # same permissions as the IAM user.
     #
     # For more information about using `GetSessionToken` to create temporary
     # credentials, go to [Temporary Credentials for Users in Untrusted
@@ -2191,9 +2212,10 @@ module Aws::STS
     #   The duration, in seconds, that the credentials should remain valid.
     #   Acceptable durations for IAM user sessions range from 900 seconds (15
     #   minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours)
-    #   as the default. Sessions for AWS account owners are restricted to a
-    #   maximum of 3,600 seconds (one hour). If the duration is longer than
-    #   one hour, the session for AWS account owners defaults to one hour.
+    #   as the default. Sessions for Amazon Web Services account owners are
+    #   restricted to a maximum of 3,600 seconds (one hour). If the duration
+    #   is longer than one hour, the session for Amazon Web Services account
+    #   owners defaults to one hour.
     #
     # @option params [String] :serial_number
     #   The identification number of the MFA device that is associated with
@@ -2202,8 +2224,8 @@ module Aws::STS
     #   The value is either the serial number for a hardware device (such as
     #   `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual device
     #   (such as `arn:aws:iam::123456789012:mfa/user`). You can find the
-    #   device for an IAM user by going to the AWS Management Console and
-    #   viewing the user's security credentials.
+    #   device for an IAM user by going to the Management Console and viewing
+    #   the user's security credentials.
     #
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
@@ -2281,7 +2303,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.115.0'
+      context[:gem_version] = '3.119.0'
       Seahorse::Client::Request.new(handlers, context)
     end