RubyGems - aws-sdk-core - Versions diffs - 3.115.0 → 3.119.0 - Mend

aws-sdk-core 3.115.0 → 3.119.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +22 -0
data/VERSION +1 -1
data/lib/aws-sdk-core/credential_provider_chain.rb +2 -1
data/lib/aws-sdk-core/ec2_metadata.rb +24 -5
data/lib/aws-sdk-core/instance_profile_credentials.rb +39 -4
data/lib/aws-sdk-core/json/parser.rb +8 -0
data/lib/aws-sdk-core/log/param_filter.rb +9 -1
data/lib/aws-sdk-core/param_validator.rb +29 -0
data/lib/aws-sdk-core/shared_config.rb +2 -0
data/lib/aws-sdk-core/shared_credentials.rb +7 -1
data/lib/aws-sdk-core/structure.rb +10 -1
data/lib/aws-sdk-core/xml/parser/frame.rb +23 -0
data/lib/aws-sdk-sso.rb +1 -1
data/lib/aws-sdk-sso/client.rb +1 -1
data/lib/aws-sdk-sts.rb +1 -1
data/lib/aws-sdk-sts/client.rb +318 -296
data/lib/aws-sdk-sts/types.rb +167 -159
data/lib/seahorse/model/shapes.rb +25 -0
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c51427ddefb35e2594f5b19314371162a9ef641ee2347f2c569135f25c5e164e
-  data.tar.gz: ace6b55f07d11168cf425716aefcac7751ca6b1b7d30ccfc3a9a6f409055ab72
+  metadata.gz: ddf31c8c3694470609211adc4d264fe1cb30e4150506b1c509df6a5c544f5915
+  data.tar.gz: 2de3c3db20153adc6d6e558b26d467d158a584f4376fced873a34338fd1c8eb1
 SHA512:
-  metadata.gz: 362d882a36335ccbf9567673cf9c433484bdc7c7da626800e7b2cf3429662ffe2b05cdf4ba3f3a5a91cdc1122c48fe6bb1348f21937c878ac1f1a46dbedd7110
-  data.tar.gz: 754a0a0d8320723ac59aaa084cd3aee95dba74d844764bcee42a6163566aacdbde8a06793aae2e94e9f191e15849e36575f3ee27f4d0901cec4a1ee29534f40b
+  metadata.gz: f03cbc10196aae90f25910784c6b15ebff818d88a08b015a34f4c7dfb2c85c795e513f56473df82a69fb626ad54662c21bd65b02d6bc4f1ae4010b01d722e09b
+  data.tar.gz: b3e7f451f64f74fdbdc24e7891791e3b1ad6993c434321cff87d6088e663cda733513b194d7697af227e545b589257091909a624a2ad6e41c4e1e6f37882d87c

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,28 @@
 Unreleased Changes
 ------------------
+3.119.0 (2021-07-30)
+------------------
+* Feature - Support Document Types. Document types are used to carry open content. A document type value is serialized using the same format as its surroundings and requires no additional encoding or escaping.(#2523)
+3.118.0 (2021-07-28)
+------------------
+* Feature - Add support for Tagged Unions using a "sealed" classes like approach where each union member has a corresponding subclass.
+3.117.0 (2021-07-12)
+------------------
+* Feature - Support IPv6 endpoints for `Aws::InstanceProfileCredentials`. It supports two shared configuration options (`ec2_metadata_service_endpoint` & `ec2_metadata_service_endpoint_mode`), two ENV variables (`AWS_EC2_METADATA_SERVICE_ENDPOINT` & `AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE`), and two constructor options (`:endpoint` & `:endpoint_mode`).
+* Feature - Support IPv6 endpoint for `Aws::EC2Metadata` client. It can be configured with `:endpoint` or `:endpoint_mode`.
+3.116.0 (2021-07-07)
+------------------
+* Feature - Updated Aws::STS::Client with the latest API changes.
 3.115.0 (2021-06-23)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 3.~~115~~.0
1	+ 3.119.0

data/lib/aws-sdk-core/credential_provider_chain.rb CHANGED Viewed

@@ -160,10 +160,11 @@ module Aws
     end
     def instance_profile_credentials(options)
+      profile_name = determine_profile_name(options)
       if ENV['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']
         ECSCredentials.new(options)
       else
-        InstanceProfileCredentials.new(options)
+        InstanceProfileCredentials.new(options.merge(profile: profile_name))
       end
     end

data/lib/aws-sdk-core/ec2_metadata.rb CHANGED Viewed

@@ -39,7 +39,11 @@ module Aws
     #   defaulting to 6 hours.
     # @option options [Integer] :retries (3) The number of retries for failed
     #   requests.
-    # @option options [String] :endpoint (169.254.169.254) The IMDS endpoint.
+    # @option options [String] :endpoint ('http://169.254.169.254') The IMDS
+    #   endpoint. This option has precedence over the :endpoint_mode.
+    # @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
+    #   the instance metadata service. This is either 'IPv4'
+    #   ('http://169.254.169.254') or 'IPv6' ('http://[fd00:ec2::254]').
     # @option options [Integer] :port (80) The IMDS endpoint port.
     # @option options [Integer] :http_open_timeout (1) The number of seconds to
     #   wait for the connection to open.
@@ -55,7 +59,8 @@ module Aws
       @retries = options[:retries] || 3
       @backoff = backoff(options[:backoff])
-      @endpoint = options[:endpoint] || '169.254.169.254'
+      endpoint_mode = options[:endpoint_mode] || 'IPv4'
+      @endpoint = resolve_endpoint(options[:endpoint], endpoint_mode)
       @port = options[:port] || 80
       @http_open_timeout = options[:http_open_timeout] || 1
@@ -76,7 +81,7 @@ module Aws
     #   ec2_metadata.get('/latest/meta-data/instance-id')
     #   => "i-023a25f10a73a0f79"
     #
-    # @Note This implementation always returns a String and will not parse any
+    # @note This implementation always returns a String and will not parse any
     #   responses. Parsable responses may include JSON objects or directory
     #   listings, which are strings separated by line feeds (ASCII 10).
     #
@@ -93,7 +98,7 @@ module Aws
     #   listing.split(10.chr)
     #   => ["ami-id", "ami-launch-index", ...]
     #
-    # @Note Unlike other services, IMDS does not have a service API model. This
+    # @note Unlike other services, IMDS does not have a service API model. This
     #   means that we cannot confidently generate code with methods and
     #   response structures. This implementation ensures that new IMDS features
     #   are always supported by being deployed to the instance and does not
@@ -116,6 +121,19 @@ module Aws
     private
+    def resolve_endpoint(endpoint, endpoint_mode)
+      return endpoint if endpoint
+      case endpoint_mode.downcase
+      when 'ipv4' then 'http://169.254.169.254'
+      when 'ipv6' then 'http://[fd00:ec2::254]'
+      else
+        raise ArgumentError,
+              ':endpoint_mode is not valid, expected IPv4 or IPv6, '\
+              "got: #{endpoint_mode}"
+      end
+    end
     def fetch_token
       open_connection do |conn|
         token_value, token_ttl = http_put(conn, @token_ttl)
@@ -163,7 +181,8 @@ module Aws
     end
     def open_connection
-      http = Net::HTTP.new(@endpoint, @port, nil)
+      uri = URI.parse(@endpoint)
+      http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
       http.open_timeout = @http_open_timeout
       http.read_timeout = @http_read_timeout
       http.set_debug_output(@http_debug_output) if @http_debug_output

data/lib/aws-sdk-core/instance_profile_credentials.rb CHANGED Viewed

@@ -5,7 +5,6 @@ require 'net/http'
 module Aws
   class InstanceProfileCredentials
     include CredentialProvider
     include RefreshingCredentials
@@ -44,7 +43,13 @@ module Aws
     # @param [Hash] options
     # @option options [Integer] :retries (1) Number of times to retry
     #   when retrieving credentials.
-    # @option options [String] :ip_address ('169.254.169.254')
+    # @option options [String] :endpoint ('http://169.254.169.254') The IMDS
+    #   endpoint. This option has precedence over the :endpoint_mode.
+    # @option options [String] :endpoint_mode ('IPv4') The endpoint mode for
+    #   the instance metadata service. This is either 'IPv4' ('169.254.169.254')
+    #   or 'IPv6' ('[fd00:ec2::254]').
+    # @option options [String] :ip_address ('169.254.169.254') Deprecated. Use
+    #   :endpoint instead. The IP address for the endpoint.
     # @option options [Integer] :port (80)
     # @option options [Float] :http_open_timeout (1)
     # @option options [Float] :http_read_timeout (1)
@@ -60,7 +65,8 @@ module Aws
     #   to 21600 seconds
     def initialize(options = {})
       @retries = options[:retries] || 1
-      @ip_address = options[:ip_address] || '169.254.169.254'
+      endpoint_mode = resolve_endpoint_mode(options)
+      @endpoint = resolve_endpoint(options, endpoint_mode)
       @port = options[:port] || 80
       @http_open_timeout = options[:http_open_timeout] || 1
       @http_read_timeout = options[:http_read_timeout] || 1
@@ -78,6 +84,34 @@ module Aws
     private
+    def resolve_endpoint_mode(options)
+      value = options[:endpoint_mode]
+      value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE']
+      value ||= Aws.shared_config.ec2_metadata_service_endpoint_mode(
+        profile: options[:profile]
+      )
+      value || 'IPv4'
+    end
+    def resolve_endpoint(options, endpoint_mode)
+      value = options[:endpoint] || options[:ip_address]
+      value ||= ENV['AWS_EC2_METADATA_SERVICE_ENDPOINT']
+      value ||= Aws.shared_config.ec2_metadata_service_endpoint(
+        profile: options[:profile]
+      )
+      return value if value
+      case endpoint_mode.downcase
+      when 'ipv4' then 'http://169.254.169.254'
+      when 'ipv6' then 'http://[fd00:ec2::254]'
+      else
+        raise ArgumentError,
+              ':endpoint_mode is not valid, expected IPv4 or IPv6, '\
+              "got: #{endpoint_mode}"
+      end
+    end
     def backoff(backoff)
       case backoff
       when Proc then backoff
@@ -152,7 +186,8 @@ module Aws
     end
     def open_connection
-      http = Net::HTTP.new(@ip_address, @port, nil)
+      uri = URI.parse(@endpoint)
+      http = Net::HTTP.new(uri.hostname || @endpoint, @port || uri.port)
       http.open_timeout = @http_open_timeout
       http.read_timeout = @http_read_timeout
       http.set_debug_output(@http_debug_output) if @http_debug_output

data/lib/aws-sdk-core/json/parser.rb CHANGED Viewed

@@ -28,8 +28,16 @@ module Aws
           member_name, member_ref = shape.member_by_location_name(key)
           if member_ref
             target[member_name] = parse_ref(member_ref, value)
+          elsif shape.union
+            target[:unknown] = { 'name' => key, 'value' => value }
           end
         end
+        if shape.union
+          # convert to subclass
+          member_subclass = shape.member_subclass(target.member).new
+          member_subclass[target.member] = target.value
+          target = member_subclass
+        end
         target
       end

data/lib/aws-sdk-core/log/param_filter.rb CHANGED Viewed

@@ -26,7 +26,8 @@ module Aws
       def filter(values, type)
         case values
-        when Struct, Hash then filter_hash(values, type)
+        when Struct then filter_struct(values, type)
+        when Hash then filter_hash(values, type)
         when Array then filter_array(values, type)
         else values
         end
@@ -34,6 +35,13 @@ module Aws
       private
+      def filter_struct(values, type)
+        if values.class.include? Aws::Structure::Union
+          values = { values.member => values.value }
+        end
+        filter_hash(values, type)
+      end
       def filter_hash(values, type)
         if type.const_defined?('SENSITIVE')
           filters = type::SENSITIVE + @additional_filters

data/lib/aws-sdk-core/param_validator.rb CHANGED Viewed

@@ -70,6 +70,14 @@ module Aws
           end
         end
+        if @validate_required && shape.union
+          if values.length > 1
+            errors << "multiple values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}"
+          elsif values.length == 0
+            errors << "No values provided to union at #{context} - must contain exactly one of the supported types: #{shape.member_names.join(', ')}"
+          end
+        end
         # validate non-nil members
         values.each_pair do |name, value|
           unless value.nil?
@@ -117,11 +125,32 @@ module Aws
       end
     end
+    def document(ref, value, errors, context)
+      document_types = [Hash, Array, Numeric, String, TrueClass, FalseClass, NilClass]
+      unless document_types.any? { |t| value.is_a?(t) }
+        errors << expected_got(context, "one of #{document_types.join(', ')}", value)
+      end
+      # recursively validate types for aggregated types
+      case value
+      when Hash
+        value.each do |k, v|
+          document(ref, v, errors, context + "[#{k}]")
+        end
+      when Array
+        value.each do |v|
+          document(ref, v, errors, context)
+        end
+      end
+    end
     def shape(ref, value, errors, context)
       case ref.shape
       when StructureShape then structure(ref, value, errors, context)
       when ListShape then list(ref, value, errors, context)
       when MapShape then map(ref, value, errors, context)
+      when DocumentShape then document(ref, value, errors, context)
       when StringShape
         unless value.is_a?(String)
           errors << expected_got(context, "a String", value)

data/lib/aws-sdk-core/shared_config.rb CHANGED Viewed

@@ -163,6 +163,8 @@ module Aws
       :ca_bundle,
       :credential_process,
       :endpoint_discovery_enabled,
+      :ec2_metadata_service_endpoint,
+      :ec2_metadata_service_endpoint_mode,
       :max_attempts,
       :retry_mode,
       :adaptive_retry_wait_to_fill,

data/lib/aws-sdk-core/shared_credentials.rb CHANGED Viewed

@@ -14,11 +14,17 @@ module Aws
       'aws_session_token' => 'session_token',
     }
-    # Constructs a new SharedCredentials object. This will load AWS access
+    # Constructs a new SharedCredentials object. This will load static
+    # (access_key_id, secret_access_key and session_token) AWS access
     # credentials from an ini file, which supports profiles. The default
     # profile name is 'default'. You can specify the profile name with the
     # `ENV['AWS_PROFILE']` or with the `:profile_name` option.
     #
+    # To use credentials from the default credential resolution chain
+    # create a client without the credential option specified.
+    # You may access the resolved credentials through
+    # `client.config.credentials`.
+    #
     # @option [String] :path Path to the shared file.  Defaults
     #   to "#{Dir.home}/.aws/credentials".
     #

data/lib/aws-sdk-core/structure.rb CHANGED Viewed

@@ -70,11 +70,20 @@ module Aws
       end
     end
+    module Union
+      def member
+        self.members.select { |k| self[k] }.first
+      end
+      def value
+        self[member] if member
+      end
+    end
   end
   # @api private
   class EmptyStructure < Struct.new('AwsEmptyStructure')
     include(Aws::Structure)
   end
 end

data/lib/aws-sdk-core/xml/parser/frame.rb CHANGED Viewed

@@ -95,6 +95,8 @@ module Aws
         def child_frame(xml_name)
           if @member = @members[xml_name]
             Frame.new(xml_name, self, @member[:ref])
+          elsif @ref.shape.union
+            UnknownMemberFrame.new(xml_name, self, nil, @result)
           else
             NullFrame.new(xml_name, self)
           end
@@ -106,10 +108,24 @@ module Aws
             @result[@member[:name]][child.key.result] = child.value.result
           when FlatListFrame
             @result[@member[:name]] << child.result
+          when UnknownMemberFrame
+            @result[:unknown] = { 'name' => child.path.last, 'value' => child.result }
           when NullFrame
           else
             @result[@member[:name]] = child.result
           end
+          if @ref.shape.union
+            # a union may only have one member set
+            # convert to the union subclass
+            # The default Struct created will have defaults set for all values
+            # This also sets only one of the values leaving everything else nil
+            # as required for unions
+            set_member_name = @member ? @member[:name] : :unknown
+            member_subclass = @ref.shape.member_subclass(set_member_name).new # shape.member_subclass(target.member).new
+            member_subclass[set_member_name] = @result[set_member_name]
+            @result = member_subclass
+          end
         end
         private
@@ -242,6 +258,12 @@ module Aws
         end
       end
+      class UnknownMemberFrame < Frame
+        def result
+          @text.join
+        end
+      end
       class BlobFrame < Frame
         def result
           @text.empty? ? nil : Base64.decode64(@text.join)
@@ -302,6 +324,7 @@ module Aws
         MapShape => MapFrame,
         StringShape => StringFrame,
         StructureShape => StructureFrame,
+        UnionShape => StructureFrame,
         TimestampShape => TimestampFrame,
       }

data/lib/aws-sdk-sso.rb CHANGED Viewed

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
-  GEM_VERSION = '3.115.0'
+  GEM_VERSION = '3.119.0'
 end

data/lib/aws-sdk-sso/client.rb CHANGED Viewed

@@ -523,7 +523,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.115.0'
+      context[:gem_version] = '3.119.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-sts.rb CHANGED Viewed

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @!group service
 module Aws::STS
-  GEM_VERSION = '3.115.0'
+  GEM_VERSION = '3.119.0'
 end

data/lib/aws-sdk-sts/client.rb CHANGED Viewed

@@ -335,20 +335,21 @@ module Aws::STS
     # @!group API Operations
     # Returns a set of temporary security credentials that you can use to
-    # access AWS resources that you might not normally have access to. These
-    # temporary credentials consist of an access key ID, a secret access
-    # key, and a security token. Typically, you use `AssumeRole` within your
-    # account or for cross-account access. For a comparison of `AssumeRole`
-    # with other API operations that produce temporary credentials, see
-    # [Requesting Temporary Security Credentials][1] and [Comparing the AWS
-    # STS API operations][2] in the *IAM User Guide*.
+    # access Amazon Web Services resources that you might not normally have
+    # access to. These temporary credentials consist of an access key ID, a
+    # secret access key, and a security token. Typically, you use
+    # `AssumeRole` within your account or for cross-account access. For a
+    # comparison of `AssumeRole` with other API operations that produce
+    # temporary credentials, see [Requesting Temporary Security
+    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
+    # User Guide*.
     #
     # **Permissions**
     #
     # The temporary security credentials created by `AssumeRole` can be used
-    # to make API calls to any AWS service with the following exception: You
-    # cannot call the AWS STS `GetFederationToken` or `GetSessionToken` API
-    # operations.
+    # to make API calls to any Amazon Web Services service with the
+    # following exception: You cannot call the STS `GetFederationToken` or
+    # `GetSessionToken` API operations.
     #
     # (Optional) You can pass inline or managed [session policies][3] to
     # this operation. You can pass a single JSON policy document to use as
@@ -358,13 +359,14 @@ module Aws::STS
     # characters. Passing policies to this operation returns new temporary
     # credentials. The resulting session's permissions are the intersection
     # of the role's identity-based policy and the session policies. You can
-    # use the role's temporary credentials in subsequent AWS API calls to
-    # access resources in the account that owns the role. You cannot use
-    # session policies to grant more permissions than those allowed by the
-    # identity-based policy of the role that is being assumed. For more
-    # information, see [Session Policies][3] in the *IAM User Guide*.
+    # use the role's temporary credentials in subsequent Amazon Web
+    # Services API calls to access resources in the account that owns the
+    # role. You cannot use session policies to grant more permissions than
+    # those allowed by the identity-based policy of the role that is being
+    # assumed. For more information, see [Session Policies][3] in the *IAM
+    # User Guide*.
     #
-    # To assume a role from a different account, your AWS account must be
+    # To assume a role from a different account, your account must be
     # trusted by the role. The trust relationship is defined in the role's
     # trust policy when the role is created. That trust policy states which
     # accounts are allowed to delegate that access to users in the account.
@@ -408,12 +410,12 @@ module Aws::STS
     # (Optional) You can include multi-factor authentication (MFA)
     # information when you call `AssumeRole`. This is useful for
     # cross-account scenarios to ensure that the user that assumes the role
-    # has been authenticated with an AWS MFA device. In that scenario, the
-    # trust policy of the role being assumed includes a condition that tests
-    # for MFA authentication. If the caller does not include valid MFA
-    # information, the request to assume the role is denied. The condition
-    # in a trust policy that tests for MFA authentication might look like
-    # the following example.
+    # has been authenticated with an Amazon Web Services MFA device. In that
+    # scenario, the trust policy of the role being assumed includes a
+    # condition that tests for MFA authentication. If the caller does not
+    # include valid MFA information, the request to assume the role is
+    # denied. The condition in a trust policy that tests for MFA
+    # authentication might look like the following example.
     #
     # `"Condition": \{"Bool": \{"aws:MultiFactorAuthPresent": true\}\}`
     #
@@ -449,7 +451,7 @@ module Aws::STS
     #   also used in the ARN of the assumed role principal. This means that
     #   subsequent cross-account API requests that use the temporary security
     #   credentials will expose the role session name to the external account
-    #   in their AWS CloudTrail logs.
+    #   in their CloudTrail logs.
     #
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
@@ -464,26 +466,27 @@ module Aws::STS
     #   This parameter is optional. You can provide up to 10 managed policy
     #   ARNs. However, the plaintext that you use for both inline and managed
     #   session policies can't exceed 2,048 characters. For more information
-    #   about ARNs, see [Amazon Resource Names (ARNs) and AWS Service
-    #   Namespaces][1] in the AWS General Reference.
+    #   about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services
+    #   Service Namespaces][1] in the Amazon Web Services General Reference.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
     #   Passing policies to this operation returns new temporary credentials.
     #   The resulting session's permissions are the intersection of the
     #   role's identity-based policy and the session policies. You can use
-    #   the role's temporary credentials in subsequent AWS API calls to
-    #   access resources in the account that owns the role. You cannot use
-    #   session policies to grant more permissions than those allowed by the
-    #   identity-based policy of the role that is being assumed. For more
-    #   information, see [Session Policies][2] in the *IAM User Guide*.
+    #   the role's temporary credentials in subsequent Amazon Web Services
+    #   API calls to access resources in the account that owns the role. You
+    #   cannot use session policies to grant more permissions than those
+    #   allowed by the identity-based policy of the role that is being
+    #   assumed. For more information, see [Session Policies][2] in the *IAM
+    #   User Guide*.
     #
     #
     #
@@ -498,11 +501,11 @@ module Aws::STS
     #   new temporary credentials. The resulting session's permissions are
     #   the intersection of the role's identity-based policy and the session
     #   policies. You can use the role's temporary credentials in subsequent
-    #   AWS API calls to access resources in the account that owns the role.
-    #   You cannot use session policies to grant more permissions than those
-    #   allowed by the identity-based policy of the role that is being
-    #   assumed. For more information, see [Session Policies][1] in the *IAM
-    #   User Guide*.
+    #   Amazon Web Services API calls to access resources in the account that
+    #   owns the role. You cannot use session policies to grant more
+    #   permissions than those allowed by the identity-based policy of the
+    #   role that is being assumed. For more information, see [Session
+    #   Policies][1] in the *IAM User Guide*.
     #
     #   The plaintext that you use for both inline and managed session
     #   policies can't exceed 2,048 characters. The JSON policy characters
@@ -511,12 +514,12 @@ module Aws::STS
     #   the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)
     #   characters.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -543,8 +546,8 @@ module Aws::STS
     #   The request to the federation endpoint for a console sign-in token
     #   takes a `SessionDuration` parameter that specifies the maximum length
     #   of the console session. For more information, see [Creating a URL that
-    #   Enables Federated Users to Access the AWS Management Console][2] in
-    #   the *IAM User Guide*.
+    #   Enables Federated Users to Access the Management Console][2] in the
+    #   *IAM User Guide*.
     #
     #    </note>
     #
@@ -556,7 +559,7 @@ module Aws::STS
     # @option params [Array<Types::Tag>] :tags
     #   A list of session tags that you want to pass. Each session tag
     #   consists of a key name and an associated value. For more information
-    #   about session tags, see [Tagging AWS STS Sessions][1] in the *IAM User
+    #   about session tags, see [Tagging STS Sessions][1] in the *IAM User
     #   Guide*.
     #
     #   This parameter is optional. You can pass up to 50 session tags. The
@@ -564,12 +567,12 @@ module Aws::STS
     #   can’t exceed 256 characters. For these and additional limits, see [IAM
     #   and STS Character Limits][2] in the *IAM User Guide*.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -588,8 +591,8 @@ module Aws::STS
     #   operation, the new session inherits any transitive session tags from
     #   the calling session. If you pass a session tag with the same key as an
     #   inherited tag, the operation fails. To view the inherited tags for a
-    #   session, see the AWS CloudTrail logs. For more information, see
-    #   [Viewing Session Tags in CloudTrail][3] in the *IAM User Guide*.
+    #   session, see the CloudTrail logs. For more information, see [Viewing
+    #   Session Tags in CloudTrail][3] in the *IAM User Guide*.
     #
     #
     #
@@ -625,7 +628,8 @@ module Aws::STS
     #   trusted account. That way, only someone with the ID can assume the
     #   role, rather than everyone in the account. For more information about
     #   the external ID, see [How to Use an External ID When Granting Access
-    #   to Your AWS Resources to a Third Party][1] in the *IAM User Guide*.
+    #   to Your Amazon Web Services Resources to a Third Party][1] in the *IAM
+    #   User Guide*.
     #
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
@@ -666,18 +670,18 @@ module Aws::STS
     #
     #   You can require users to specify a source identity when they assume a
     #   role. You do this by using the `sts:SourceIdentity` condition key in a
-    #   role trust policy. You can use source identity information in AWS
+    #   role trust policy. You can use source identity information in
     #   CloudTrail logs to determine who took actions with a role. You can use
     #   the `aws:SourceIdentity` condition key to further control access to
-    #   AWS resources based on the value of source identity. For more
-    #   information about using source identity, see [Monitor and control
-    #   actions taken with assumed roles][1] in the *IAM User Guide*.
+    #   Amazon Web Services resources based on the value of source identity.
+    #   For more information about using source identity, see [Monitor and
+    #   control actions taken with assumed roles][1] in the *IAM User Guide*.
     #
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
     #   spaces. You can also include underscores or any of the following
     #   characters: =,.@-. You cannot use a value that begins with the text
-    #   `aws:`. This prefix is reserved for AWS internal use.
+    #   `aws:`. This prefix is reserved for Amazon Web Services internal use.
     #
     #
     #
@@ -781,16 +785,17 @@ module Aws::STS
     # Returns a set of temporary security credentials for users who have
     # been authenticated via a SAML authentication response. This operation
     # provides a mechanism for tying an enterprise identity store or
-    # directory to role-based AWS access without user-specific credentials
-    # or configuration. For a comparison of `AssumeRoleWithSAML` with the
-    # other API operations that produce temporary credentials, see
-    # [Requesting Temporary Security Credentials][1] and [Comparing the AWS
-    # STS API operations][2] in the *IAM User Guide*.
+    # directory to role-based Amazon Web Services access without
+    # user-specific credentials or configuration. For a comparison of
+    # `AssumeRoleWithSAML` with the other API operations that produce
+    # temporary credentials, see [Requesting Temporary Security
+    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
+    # User Guide*.
     #
     # The temporary security credentials returned by this operation consist
     # of an access key ID, a secret access key, and a security token.
     # Applications can use these temporary security credentials to sign
-    # calls to AWS services.
+    # calls to Amazon Web Services services.
     #
     # **Session Duration**
     #
@@ -810,22 +815,22 @@ module Aws::STS
     # use those operations to create a console URL. For more information,
     # see [Using IAM Roles][4] in the *IAM User Guide*.
     #
-    # <note markdown="1"> [Role chaining][5] limits your AWS CLI or AWS API role session to a
-    # maximum of one hour. When you use the `AssumeRole` API operation to
-    # assume a role, you can specify the duration of your role session with
-    # the `DurationSeconds` parameter. You can specify a parameter value of
-    # up to 43200 seconds (12 hours), depending on the maximum session
-    # duration setting for your role. However, if you assume a role using
-    # role chaining and provide a `DurationSeconds` parameter value greater
-    # than one hour, the operation fails.
+    # <note markdown="1"> [Role chaining][5] limits your CLI or Amazon Web Services API role
+    # session to a maximum of one hour. When you use the `AssumeRole` API
+    # operation to assume a role, you can specify the duration of your role
+    # session with the `DurationSeconds` parameter. You can specify a
+    # parameter value of up to 43200 seconds (12 hours), depending on the
+    # maximum session duration setting for your role. However, if you assume
+    # a role using role chaining and provide a `DurationSeconds` parameter
+    # value greater than one hour, the operation fails.
     #
     #  </note>
     #
     # **Permissions**
     #
     # The temporary security credentials created by `AssumeRoleWithSAML` can
-    # be used to make API calls to any AWS service with the following
-    # exception: you cannot call the STS `GetFederationToken` or
+    # be used to make API calls to any Amazon Web Services service with the
+    # following exception: you cannot call the STS `GetFederationToken` or
     # `GetSessionToken` API operations.
     #
     # (Optional) You can pass inline or managed [session policies][6] to
@@ -836,22 +841,23 @@ module Aws::STS
     # characters. Passing policies to this operation returns new temporary
     # credentials. The resulting session's permissions are the intersection
     # of the role's identity-based policy and the session policies. You can
-    # use the role's temporary credentials in subsequent AWS API calls to
-    # access resources in the account that owns the role. You cannot use
-    # session policies to grant more permissions than those allowed by the
-    # identity-based policy of the role that is being assumed. For more
-    # information, see [Session Policies][6] in the *IAM User Guide*.
-    #
-    # Calling `AssumeRoleWithSAML` does not require the use of AWS security
-    # credentials. The identity of the caller is validated by using keys in
-    # the metadata document that is uploaded for the SAML provider entity
-    # for your identity provider.
-    #
-    # Calling `AssumeRoleWithSAML` can result in an entry in your AWS
-    # CloudTrail logs. The entry includes the value in the `NameID` element
-    # of the SAML assertion. We recommend that you use a `NameIDType` that
-    # is not associated with any personally identifiable information (PII).
-    # For example, you could instead use the persistent identifier
+    # use the role's temporary credentials in subsequent Amazon Web
+    # Services API calls to access resources in the account that owns the
+    # role. You cannot use session policies to grant more permissions than
+    # those allowed by the identity-based policy of the role that is being
+    # assumed. For more information, see [Session Policies][6] in the *IAM
+    # User Guide*.
+    #
+    # Calling `AssumeRoleWithSAML` does not require the use of Amazon Web
+    # Services security credentials. The identity of the caller is validated
+    # by using keys in the metadata document that is uploaded for the SAML
+    # provider entity for your identity provider.
+    #
+    # Calling `AssumeRoleWithSAML` can result in an entry in your CloudTrail
+    # logs. The entry includes the value in the `NameID` element of the SAML
+    # assertion. We recommend that you use a `NameIDType` that is not
+    # associated with any personally identifiable information (PII). For
+    # example, you could instead use the persistent identifier
     # (`urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`).
     #
     # **Tags**
@@ -866,12 +872,12 @@ module Aws::STS
     # characters. For these and additional limits, see [IAM and STS
     # Character Limits][8] in the *IAM User Guide*.
     #
-    # <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    # tags into a packed binary format that has a separate limit. Your
-    # request can fail for this limit even if your plaintext meets the other
-    # requirements. The `PackedPolicySize` response element indicates by
-    # percentage how close the policies and tags for your request are to the
-    # upper size limit.
+    # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    # policies and session tags into a packed binary format that has a
+    # separate limit. Your request can fail for this limit even if your
+    # plaintext meets the other requirements. The `PackedPolicySize`
+    # response element indicates by percentage how close the policies and
+    # tags for your request are to the upper size limit.
     #
     #  </note>
     #
@@ -893,10 +899,11 @@ module Aws::STS
     #
     # Before your application can call `AssumeRoleWithSAML`, you must
     # configure your SAML identity provider (IdP) to issue the claims
-    # required by AWS. Additionally, you must use AWS Identity and Access
-    # Management (IAM) to create a SAML provider entity in your AWS account
-    # that represents your identity provider. You must also create an IAM
-    # role that specifies this SAML provider in its trust policy.
+    # required by Amazon Web Services. Additionally, you must use Identity
+    # and Access Management (IAM) to create a SAML provider entity in your
+    # Amazon Web Services account that represents your identity provider.
+    # You must also create an IAM role that specifies this SAML provider in
+    # its trust policy.
     #
     # For more information, see the following resources:
     #
@@ -953,26 +960,27 @@ module Aws::STS
     #   This parameter is optional. You can provide up to 10 managed policy
     #   ARNs. However, the plaintext that you use for both inline and managed
     #   session policies can't exceed 2,048 characters. For more information
-    #   about ARNs, see [Amazon Resource Names (ARNs) and AWS Service
-    #   Namespaces][1] in the AWS General Reference.
+    #   about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services
+    #   Service Namespaces][1] in the Amazon Web Services General Reference.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
     #   Passing policies to this operation returns new temporary credentials.
     #   The resulting session's permissions are the intersection of the
     #   role's identity-based policy and the session policies. You can use
-    #   the role's temporary credentials in subsequent AWS API calls to
-    #   access resources in the account that owns the role. You cannot use
-    #   session policies to grant more permissions than those allowed by the
-    #   identity-based policy of the role that is being assumed. For more
-    #   information, see [Session Policies][2] in the *IAM User Guide*.
+    #   the role's temporary credentials in subsequent Amazon Web Services
+    #   API calls to access resources in the account that owns the role. You
+    #   cannot use session policies to grant more permissions than those
+    #   allowed by the identity-based policy of the role that is being
+    #   assumed. For more information, see [Session Policies][2] in the *IAM
+    #   User Guide*.
     #
     #
     #
@@ -987,11 +995,11 @@ module Aws::STS
     #   new temporary credentials. The resulting session's permissions are
     #   the intersection of the role's identity-based policy and the session
     #   policies. You can use the role's temporary credentials in subsequent
-    #   AWS API calls to access resources in the account that owns the role.
-    #   You cannot use session policies to grant more permissions than those
-    #   allowed by the identity-based policy of the role that is being
-    #   assumed. For more information, see [Session Policies][1] in the *IAM
-    #   User Guide*.
+    #   Amazon Web Services API calls to access resources in the account that
+    #   owns the role. You cannot use session policies to grant more
+    #   permissions than those allowed by the identity-based policy of the
+    #   role that is being assumed. For more information, see [Session
+    #   Policies][1] in the *IAM User Guide*.
     #
     #   The plaintext that you use for both inline and managed session
     #   policies can't exceed 2,048 characters. The JSON policy characters
@@ -1000,12 +1008,12 @@ module Aws::STS
     #   the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)
     #   characters.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -1034,8 +1042,8 @@ module Aws::STS
     #   The request to the federation endpoint for a console sign-in token
     #   takes a `SessionDuration` parameter that specifies the maximum length
     #   of the console session. For more information, see [Creating a URL that
-    #   Enables Federated Users to Access the AWS Management Console][2] in
-    #   the *IAM User Guide*.
+    #   Enables Federated Users to Access the Management Console][2] in the
+    #   *IAM User Guide*.
     #
     #    </note>
     #
@@ -1132,33 +1140,36 @@ module Aws::STS
     # Facebook, Google, or any OpenID Connect-compatible identity provider.
     #
     # <note markdown="1"> For mobile applications, we recommend that you use Amazon Cognito. You
-    # can use Amazon Cognito with the [AWS SDK for iOS Developer Guide][1]
-    # and the [AWS SDK for Android Developer Guide][2] to uniquely identify
-    # a user. You can also supply the user with a consistent identity
-    # throughout the lifetime of an application.
+    # can use Amazon Cognito with the [Amazon Web Services SDK for iOS
+    # Developer Guide][1] and the [Amazon Web Services SDK for Android
+    # Developer Guide][2] to uniquely identify a user. You can also supply
+    # the user with a consistent identity throughout the lifetime of an
+    # application.
     #
     #  To learn more about Amazon Cognito, see [Amazon Cognito Overview][3]
-    # in *AWS SDK for Android Developer Guide* and [Amazon Cognito
-    # Overview][4] in the *AWS SDK for iOS Developer Guide*.
+    # in *Amazon Web Services SDK for Android Developer Guide* and [Amazon
+    # Cognito Overview][4] in the *Amazon Web Services SDK for iOS Developer
+    # Guide*.
     #
     #  </note>
     #
-    # Calling `AssumeRoleWithWebIdentity` does not require the use of AWS
-    # security credentials. Therefore, you can distribute an application
-    # (for example, on mobile devices) that requests temporary security
-    # credentials without including long-term AWS credentials in the
-    # application. You also don't need to deploy server-based proxy
-    # services that use long-term AWS credentials. Instead, the identity of
-    # the caller is validated by using a token from the web identity
-    # provider. For a comparison of `AssumeRoleWithWebIdentity` with the
-    # other API operations that produce temporary credentials, see
-    # [Requesting Temporary Security Credentials][5] and [Comparing the AWS
-    # STS API operations][6] in the *IAM User Guide*.
+    # Calling `AssumeRoleWithWebIdentity` does not require the use of Amazon
+    # Web Services security credentials. Therefore, you can distribute an
+    # application (for example, on mobile devices) that requests temporary
+    # security credentials without including long-term Amazon Web Services
+    # credentials in the application. You also don't need to deploy
+    # server-based proxy services that use long-term Amazon Web Services
+    # credentials. Instead, the identity of the caller is validated by using
+    # a token from the web identity provider. For a comparison of
+    # `AssumeRoleWithWebIdentity` with the other API operations that produce
+    # temporary credentials, see [Requesting Temporary Security
+    # Credentials][5] and [Comparing the STS API operations][6] in the *IAM
+    # User Guide*.
     #
     # The temporary security credentials returned by this API consist of an
     # access key ID, a secret access key, and a security token. Applications
-    # can use these temporary security credentials to sign calls to AWS
-    # service API operations.
+    # can use these temporary security credentials to sign calls to Amazon
+    # Web Services service API operations.
     #
     # **Session Duration**
     #
@@ -1178,9 +1189,9 @@ module Aws::STS
     # **Permissions**
     #
     # The temporary security credentials created by
-    # `AssumeRoleWithWebIdentity` can be used to make API calls to any AWS
-    # service with the following exception: you cannot call the STS
-    # `GetFederationToken` or `GetSessionToken` API operations.
+    # `AssumeRoleWithWebIdentity` can be used to make API calls to any
+    # Amazon Web Services service with the following exception: you cannot
+    # call the STS `GetFederationToken` or `GetSessionToken` API operations.
     #
     # (Optional) You can pass inline or managed [session policies][9] to
     # this operation. You can pass a single JSON policy document to use as
@@ -1190,11 +1201,12 @@ module Aws::STS
     # characters. Passing policies to this operation returns new temporary
     # credentials. The resulting session's permissions are the intersection
     # of the role's identity-based policy and the session policies. You can
-    # use the role's temporary credentials in subsequent AWS API calls to
-    # access resources in the account that owns the role. You cannot use
-    # session policies to grant more permissions than those allowed by the
-    # identity-based policy of the role that is being assumed. For more
-    # information, see [Session Policies][9] in the *IAM User Guide*.
+    # use the role's temporary credentials in subsequent Amazon Web
+    # Services API calls to access resources in the account that owns the
+    # role. You cannot use session policies to grant more permissions than
+    # those allowed by the identity-based policy of the role that is being
+    # assumed. For more information, see [Session Policies][9] in the *IAM
+    # User Guide*.
     #
     # **Tags**
     #
@@ -1208,12 +1220,12 @@ module Aws::STS
     # characters. For these and additional limits, see [IAM and STS
     # Character Limits][11] in the *IAM User Guide*.
     #
-    # <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    # tags into a packed binary format that has a separate limit. Your
-    # request can fail for this limit even if your plaintext meets the other
-    # requirements. The `PackedPolicySize` response element indicates by
-    # percentage how close the policies and tags for your request are to the
-    # upper size limit.
+    # <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    # policies and session tags into a packed binary format that has a
+    # separate limit. Your request can fail for this limit even if your
+    # plaintext meets the other requirements. The `PackedPolicySize`
+    # response element indicates by percentage how close the policies and
+    # tags for your request are to the upper size limit.
     #
     #  </note>
     #
@@ -1240,7 +1252,7 @@ module Aws::STS
     # identity token. In other words, the identity provider must be
     # specified in the role's trust policy.
     #
-    # Calling `AssumeRoleWithWebIdentity` can result in an entry in your AWS
+    # Calling `AssumeRoleWithWebIdentity` can result in an entry in your
     # CloudTrail logs. The entry includes the [Subject][14] of the provided
     # web identity token. We recommend that you avoid using any personally
     # identifiable information (PII) in this field. For example, you could
@@ -1256,13 +1268,13 @@ module Aws::STS
     # * [ Web Identity Federation Playground][18]. Walk through the process
     #   of authenticating through Login with Amazon, Facebook, or Google,
     #   getting temporary security credentials, and then using those
-    #   credentials to make a request to AWS.
+    #   credentials to make a request to Amazon Web Services.
     #
-    # * [AWS SDK for iOS Developer Guide][1] and [AWS SDK for Android
-    #   Developer Guide][2]. These toolkits contain sample apps that show
-    #   how to invoke the identity providers. The toolkits then show how to
-    #   use the information from these providers to get and use temporary
-    #   security credentials.
+    # * [Amazon Web Services SDK for iOS Developer Guide][1] and [Amazon Web
+    #   Services SDK for Android Developer Guide][2]. These toolkits contain
+    #   sample apps that show how to invoke the identity providers. The
+    #   toolkits then show how to use the information from these providers
+    #   to get and use temporary security credentials.
     #
     # * [Web Identity Federation with Mobile Applications][19]. This article
     #   discusses web identity federation and shows an example of how to use
@@ -1333,26 +1345,27 @@ module Aws::STS
     #   This parameter is optional. You can provide up to 10 managed policy
     #   ARNs. However, the plaintext that you use for both inline and managed
     #   session policies can't exceed 2,048 characters. For more information
-    #   about ARNs, see [Amazon Resource Names (ARNs) and AWS Service
-    #   Namespaces][1] in the AWS General Reference.
+    #   about ARNs, see [Amazon Resource Names (ARNs) and Amazon Web Services
+    #   Service Namespaces][1] in the Amazon Web Services General Reference.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
     #   Passing policies to this operation returns new temporary credentials.
     #   The resulting session's permissions are the intersection of the
     #   role's identity-based policy and the session policies. You can use
-    #   the role's temporary credentials in subsequent AWS API calls to
-    #   access resources in the account that owns the role. You cannot use
-    #   session policies to grant more permissions than those allowed by the
-    #   identity-based policy of the role that is being assumed. For more
-    #   information, see [Session Policies][2] in the *IAM User Guide*.
+    #   the role's temporary credentials in subsequent Amazon Web Services
+    #   API calls to access resources in the account that owns the role. You
+    #   cannot use session policies to grant more permissions than those
+    #   allowed by the identity-based policy of the role that is being
+    #   assumed. For more information, see [Session Policies][2] in the *IAM
+    #   User Guide*.
     #
     #
     #
@@ -1367,11 +1380,11 @@ module Aws::STS
     #   new temporary credentials. The resulting session's permissions are
     #   the intersection of the role's identity-based policy and the session
     #   policies. You can use the role's temporary credentials in subsequent
-    #   AWS API calls to access resources in the account that owns the role.
-    #   You cannot use session policies to grant more permissions than those
-    #   allowed by the identity-based policy of the role that is being
-    #   assumed. For more information, see [Session Policies][1] in the *IAM
-    #   User Guide*.
+    #   Amazon Web Services API calls to access resources in the account that
+    #   owns the role. You cannot use session policies to grant more
+    #   permissions than those allowed by the identity-based policy of the
+    #   role that is being assumed. For more information, see [Session
+    #   Policies][1] in the *IAM User Guide*.
     #
     #   The plaintext that you use for both inline and managed session
     #   policies can't exceed 2,048 characters. The JSON policy characters
@@ -1380,12 +1393,12 @@ module Aws::STS
     #   the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)
     #   characters.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -1411,8 +1424,8 @@ module Aws::STS
     #   The request to the federation endpoint for a console sign-in token
     #   takes a `SessionDuration` parameter that specifies the maximum length
     #   of the console session. For more information, see [Creating a URL that
-    #   Enables Federated Users to Access the AWS Management Console][2] in
-    #   the *IAM User Guide*.
+    #   Enables Federated Users to Access the Management Console][2] in the
+    #   *IAM User Guide*.
     #
     #    </note>
     #
@@ -1501,19 +1514,19 @@ module Aws::STS
     end
     # Decodes additional information about the authorization status of a
-    # request from an encoded message returned in response to an AWS
-    # request.
+    # request from an encoded message returned in response to an Amazon Web
+    # Services request.
     #
     # For example, if a user is not authorized to perform an operation that
     # he or she has requested, the request returns a
     # `Client.UnauthorizedOperation` response (an HTTP 403 response). Some
-    # AWS operations additionally return an encoded message that can provide
-    # details about this authorization failure.
+    # Amazon Web Services operations additionally return an encoded message
+    # that can provide details about this authorization failure.
     #
-    # <note markdown="1"> Only certain AWS operations return an encoded authorization message.
-    # The documentation for an individual operation indicates whether that
-    # operation returns an encoded message in addition to returning an HTTP
-    # code.
+    # <note markdown="1"> Only certain Amazon Web Services operations return an encoded
+    # authorization message. The documentation for an individual operation
+    # indicates whether that operation returns an encoded message in
+    # addition to returning an HTTP code.
     #
     #  </note>
     #
@@ -1589,15 +1602,16 @@ module Aws::STS
     # *IAM User Guide*.
     #
     # When you pass an access key ID to this operation, it returns the ID of
-    # the AWS account to which the keys belong. Access key IDs beginning
-    # with `AKIA` are long-term credentials for an IAM user or the AWS
-    # account root user. Access key IDs beginning with `ASIA` are temporary
-    # credentials that are created using STS operations. If the account in
-    # the response belongs to you, you can sign in as the root user and
-    # review your root user access keys. Then, you can pull a [credentials
-    # report][2] to learn which IAM user owns the keys. To learn who
-    # requested the temporary credentials for an `ASIA` access key, view the
-    # STS events in your [CloudTrail logs][3] in the *IAM User Guide*.
+    # the Amazon Web Services account to which the keys belong. Access key
+    # IDs beginning with `AKIA` are long-term credentials for an IAM user or
+    # the Amazon Web Services account root user. Access key IDs beginning
+    # with `ASIA` are temporary credentials that are created using STS
+    # operations. If the account in the response belongs to you, you can
+    # sign in as the root user and review your root user access keys. Then,
+    # you can pull a [credentials report][2] to learn which IAM user owns
+    # the keys. To learn who requested the temporary credentials for an
+    # `ASIA` access key, view the STS events in your [CloudTrail logs][3] in
+    # the *IAM User Guide*.
     #
     # This operation does not indicate the state of the access key. The key
     # might be active, inactive, or deleted. Active keys might not have
@@ -1734,8 +1748,8 @@ module Aws::STS
     # can be safely stored, usually in a server-based application. For a
     # comparison of `GetFederationToken` with the other API operations that
     # produce temporary credentials, see [Requesting Temporary Security
-    # Credentials][1] and [Comparing the AWS STS API operations][2] in the
-    # *IAM User Guide*.
+    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
+    # User Guide*.
     #
     # <note markdown="1"> You can create a mobile-based or browser-based app that can
     # authenticate users using a web identity provider like Login with
@@ -1747,27 +1761,29 @@ module Aws::STS
     #  </note>
     #
     # You can also call `GetFederationToken` using the security credentials
-    # of an AWS account root user, but we do not recommend it. Instead, we
-    # recommend that you create an IAM user for the purpose of the proxy
-    # application. Then attach a policy to the IAM user that limits
-    # federated users to only the actions and resources that they need to
-    # access. For more information, see [IAM Best Practices][5] in the *IAM
-    # User Guide*.
+    # of an Amazon Web Services account root user, but we do not recommend
+    # it. Instead, we recommend that you create an IAM user for the purpose
+    # of the proxy application. Then attach a policy to the IAM user that
+    # limits federated users to only the actions and resources that they
+    # need to access. For more information, see [IAM Best Practices][5] in
+    # the *IAM User Guide*.
     #
     # **Session duration**
     #
     # The temporary credentials are valid for the specified duration, from
     # 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
     # hours). The default session duration is 43,200 seconds (12 hours).
-    # Temporary credentials that are obtained by using AWS account root user
-    # credentials have a maximum duration of 3,600 seconds (1 hour).
+    # Temporary credentials that are obtained by using Amazon Web Services
+    # account root user credentials have a maximum duration of 3,600 seconds
+    # (1 hour).
     #
     # **Permissions**
     #
     # You can use the temporary credentials created by `GetFederationToken`
-    # in any AWS service except the following:
+    # in any Amazon Web Services service except the following:
     #
-    # * You cannot call any IAM operations using the AWS CLI or the AWS API.
+    # * You cannot call any IAM operations using the CLI or the Amazon Web
+    #   Services API.
     #
     # * You cannot call any STS operations except `GetCallerIdentity`.
     #
@@ -1813,27 +1829,29 @@ module Aws::STS
     #  </note>
     #
     # You can also call `GetFederationToken` using the security credentials
-    # of an AWS account root user, but we do not recommend it. Instead, we
-    # recommend that you create an IAM user for the purpose of the proxy
-    # application. Then attach a policy to the IAM user that limits
-    # federated users to only the actions and resources that they need to
-    # access. For more information, see [IAM Best Practices][5] in the *IAM
-    # User Guide*.
+    # of an Amazon Web Services account root user, but we do not recommend
+    # it. Instead, we recommend that you create an IAM user for the purpose
+    # of the proxy application. Then attach a policy to the IAM user that
+    # limits federated users to only the actions and resources that they
+    # need to access. For more information, see [IAM Best Practices][5] in
+    # the *IAM User Guide*.
     #
     # **Session duration**
     #
     # The temporary credentials are valid for the specified duration, from
     # 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
     # hours). The default session duration is 43,200 seconds (12 hours).
-    # Temporary credentials that are obtained by using AWS account root user
-    # credentials have a maximum duration of 3,600 seconds (1 hour).
+    # Temporary credentials that are obtained by using Amazon Web Services
+    # account root user credentials have a maximum duration of 3,600 seconds
+    # (1 hour).
     #
     # **Permissions**
     #
     # You can use the temporary credentials created by `GetFederationToken`
-    # in any AWS service except the following:
+    # in any Amazon Web Services service except the following:
     #
-    # * You cannot call any IAM operations using the AWS CLI or the AWS API.
+    # * You cannot call any IAM operations using the CLI or the Amazon Web
+    #   Services API.
     #
     # * You cannot call any STS operations except `GetCallerIdentity`.
     #
@@ -1941,12 +1959,12 @@ module Aws::STS
     #   the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)
     #   characters.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -1965,8 +1983,9 @@ module Aws::STS
     #   to use as managed session policies. The plaintext that you use for
     #   both inline and managed session policies can't exceed 2,048
     #   characters. You can provide up to 10 managed policy ARNs. For more
-    #   information about ARNs, see [Amazon Resource Names (ARNs) and AWS
-    #   Service Namespaces][2] in the AWS General Reference.
+    #   information about ARNs, see [Amazon Resource Names (ARNs) and Amazon
+    #   Web Services Service Namespaces][2] in the Amazon Web Services General
+    #   Reference.
     #
     #   This parameter is optional. However, if you do not pass any session
     #   policies, then the resulting federated user session has no
@@ -1987,12 +2006,12 @@ module Aws::STS
     #   are granted in addition to the permissions that are granted by the
     #   session policies.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -2005,10 +2024,10 @@ module Aws::STS
     #   The duration, in seconds, that the session should last. Acceptable
     #   durations for federation sessions range from 900 seconds (15 minutes)
     #   to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the
-    #   default. Sessions obtained using AWS account root user credentials are
-    #   restricted to a maximum of 3,600 seconds (one hour). If the specified
-    #   duration is longer than one hour, the session obtained by using root
-    #   user credentials defaults to one hour.
+    #   default. Sessions obtained using Amazon Web Services account root user
+    #   credentials are restricted to a maximum of 3,600 seconds (one hour).
+    #   If the specified duration is longer than one hour, the session
+    #   obtained by using root user credentials defaults to one hour.
     #
     # @option params [Array<Types::Tag>] :tags
     #   A list of session tags. Each session tag consists of a key name and an
@@ -2020,12 +2039,12 @@ module Aws::STS
     #   can’t exceed 256 characters. For these and additional limits, see [IAM
     #   and STS Character Limits][2] in the *IAM User Guide*.
     #
-    #   <note markdown="1"> An AWS conversion compresses the passed session policies and session
-    #   tags into a packed binary format that has a separate limit. Your
-    #   request can fail for this limit even if your plaintext meets the other
-    #   requirements. The `PackedPolicySize` response element indicates by
-    #   percentage how close the policies and tags for your request are to the
-    #   upper size limit.
+    #   <note markdown="1"> An Amazon Web Services conversion compresses the passed session
+    #   policies and session tags into a packed binary format that has a
+    #   separate limit. Your request can fail for this limit even if your
+    #   plaintext meets the other requirements. The `PackedPolicySize`
+    #   response element indicates by percentage how close the policies and
+    #   tags for your request are to the upper size limit.
     #
     #    </note>
     #
@@ -2123,37 +2142,38 @@ module Aws::STS
       req.send_request(options)
     end
-    # Returns a set of temporary credentials for an AWS account or IAM user.
-    # The credentials consist of an access key ID, a secret access key, and
-    # a security token. Typically, you use `GetSessionToken` if you want to
-    # use MFA to protect programmatic calls to specific AWS API operations
-    # like Amazon EC2 `StopInstances`. MFA-enabled IAM users would need to
-    # call `GetSessionToken` and submit an MFA code that is associated with
-    # their MFA device. Using the temporary security credentials that are
-    # returned from the call, IAM users can then make programmatic calls to
-    # API operations that require MFA authentication. If you do not supply a
+    # Returns a set of temporary credentials for an Amazon Web Services
+    # account or IAM user. The credentials consist of an access key ID, a
+    # secret access key, and a security token. Typically, you use
+    # `GetSessionToken` if you want to use MFA to protect programmatic calls
+    # to specific Amazon Web Services API operations like Amazon EC2
+    # `StopInstances`. MFA-enabled IAM users would need to call
+    # `GetSessionToken` and submit an MFA code that is associated with their
+    # MFA device. Using the temporary security credentials that are returned
+    # from the call, IAM users can then make programmatic calls to API
+    # operations that require MFA authentication. If you do not supply a
     # correct MFA code, then the API returns an access denied error. For a
     # comparison of `GetSessionToken` with the other API operations that
     # produce temporary credentials, see [Requesting Temporary Security
-    # Credentials][1] and [Comparing the AWS STS API operations][2] in the
-    # *IAM User Guide*.
+    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
+    # User Guide*.
     #
     # **Session Duration**
     #
     # The `GetSessionToken` operation must be called by using the long-term
-    # AWS security credentials of the AWS account root user or an IAM user.
-    # Credentials that are created by IAM users are valid for the duration
-    # that you specify. This duration can range from 900 seconds (15
-    # minutes) up to a maximum of 129,600 seconds (36 hours), with a default
-    # of 43,200 seconds (12 hours). Credentials based on account credentials
-    # can range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour),
-    # with a default of 1 hour.
+    # Amazon Web Services security credentials of the Amazon Web Services
+    # account root user or an IAM user. Credentials that are created by IAM
+    # users are valid for the duration that you specify. This duration can
+    # range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds
+    # (36 hours), with a default of 43,200 seconds (12 hours). Credentials
+    # based on account credentials can range from 900 seconds (15 minutes)
+    # up to 3,600 seconds (1 hour), with a default of 1 hour.
     #
     # **Permissions**
     #
     # The temporary security credentials created by `GetSessionToken` can be
-    # used to make API calls to any AWS service with the following
-    # exceptions:
+    # used to make API calls to any Amazon Web Services service with the
+    # following exceptions:
     #
     # * You cannot call any IAM API operations unless MFA authentication
     #   information is included in the request.
@@ -2161,20 +2181,21 @@ module Aws::STS
     # * You cannot call any STS API *except* `AssumeRole` or
     #   `GetCallerIdentity`.
     #
-    # <note markdown="1"> We recommend that you do not call `GetSessionToken` with AWS account
-    # root user credentials. Instead, follow our [best practices][3] by
-    # creating one or more IAM users, giving them the necessary permissions,
-    # and using IAM users for everyday interaction with AWS.
+    # <note markdown="1"> We recommend that you do not call `GetSessionToken` with Amazon Web
+    # Services account root user credentials. Instead, follow our [best
+    # practices][3] by creating one or more IAM users, giving them the
+    # necessary permissions, and using IAM users for everyday interaction
+    # with Amazon Web Services.
     #
     #  </note>
     #
     # The credentials that are returned by `GetSessionToken` are based on
     # permissions associated with the user whose credentials were used to
-    # call the operation. If `GetSessionToken` is called using AWS account
-    # root user credentials, the temporary credentials have root user
-    # permissions. Similarly, if `GetSessionToken` is called using the
-    # credentials of an IAM user, the temporary credentials have the same
-    # permissions as the IAM user.
+    # call the operation. If `GetSessionToken` is called using Amazon Web
+    # Services account root user credentials, the temporary credentials have
+    # root user permissions. Similarly, if `GetSessionToken` is called using
+    # the credentials of an IAM user, the temporary credentials have the
+    # same permissions as the IAM user.
     #
     # For more information about using `GetSessionToken` to create temporary
     # credentials, go to [Temporary Credentials for Users in Untrusted
@@ -2191,9 +2212,10 @@ module Aws::STS
     #   The duration, in seconds, that the credentials should remain valid.
     #   Acceptable durations for IAM user sessions range from 900 seconds (15
     #   minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours)
-    #   as the default. Sessions for AWS account owners are restricted to a
-    #   maximum of 3,600 seconds (one hour). If the duration is longer than
-    #   one hour, the session for AWS account owners defaults to one hour.
+    #   as the default. Sessions for Amazon Web Services account owners are
+    #   restricted to a maximum of 3,600 seconds (one hour). If the duration
+    #   is longer than one hour, the session for Amazon Web Services account
+    #   owners defaults to one hour.
     #
     # @option params [String] :serial_number
     #   The identification number of the MFA device that is associated with
@@ -2202,8 +2224,8 @@ module Aws::STS
     #   The value is either the serial number for a hardware device (such as
     #   `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual device
     #   (such as `arn:aws:iam::123456789012:mfa/user`). You can find the
-    #   device for an IAM user by going to the AWS Management Console and
-    #   viewing the user's security credentials.
+    #   device for an IAM user by going to the Management Console and viewing
+    #   the user's security credentials.
     #
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
@@ -2281,7 +2303,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.115.0'
+      context[:gem_version] = '3.119.0'
       Seahorse::Client::Request.new(handlers, context)
     end