aws-sdk-core 3.121.6 → 3.124.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2d1e4fbf8c98bc0d54f4f6ec16a185ed87bb223549e5766fc8a1b62e63f601d7
-  data.tar.gz: 6664442786370782a056f504b193210b21b0ee5fe174c68fbd962bf37aec9407
+  metadata.gz: 2e6d1b5c90cf269b88901ee018179a1355f080b486a9d68954d73e2f7aa43c08
+  data.tar.gz: f5f92dc12397b5de01bb5a363d56f1ea03e9e7e827ed5d9d342d74619dbca086
 SHA512:
-  metadata.gz: 512190e5152cf45e7adc39ea601302174297aee06d6c9cba16bbb91392265390e3afa300f5c3f0e0acd5f6006bac73d45344b25a0f843a22cbffdec115035eee
-  data.tar.gz: bda1e426b67de3c684269c9bd1027ce059263b45b89c907019a26dd856421fc93f8558c3d3b3e77f6caa3d8c0a807e1d407d4d16b28e98d5fc40e547cc8c7ca1
+  metadata.gz: 139b9278f19e6ee1789a4223e8d8f71a6f71347b5ff22c36108372ce16f892e9d428924ea78d0356cd26067b852db4a1be6b1e9c2c915b687a4cbe575630d634
+  data.tar.gz: e5a4242fe69db060d531265e4b7811e8b6e76bf5de477a51d4f8fe1c4b5c3d857d0cf0801a9381e69d68a395e802b7eb84f1e815f5ef3aef2f5e65922cddf300

data/CHANGELOG.md

@@ -1,6 +1,36 @@
 Unreleased Changes
 ------------------
 
+3.124.0 (2021-11-30)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.123.0 (2021-11-23)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.122.1 (2021-11-09)
+------------------
+
+* Issue - Correctly serialize/deserialize header lists.
+
+3.122.0 (2021-11-04)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Fix parsing of ISO8601 timestamps with millisecond precision in headers.
+
+* Feature - Support modeled dualstack endpoints. It can be configured with shared configuration (`use_dualstack_endpoint`), an ENV variable (`AWS_USE_DUALSTACK_ENDPOINT`), and a constructor option (`:use_dualstack_endpoint`). Requests made to services without a dualstack endpoint will fail.
+
+* Feature - Support modeled fips endpoints. It can be configured with shared configuration (`use_fips_endpoint`), an ENV variable (`AWS_USE_FIPS_ENDPOINT`), and a constructor option (`:use_fips_endpoint`). Requests made to services without a fips endpoint will fail.
+
 3.121.6 (2021-11-02)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.121.6
+3.124.0

data/lib/aws-sdk-core/plugins/credentials_configuration.rb

@@ -64,7 +64,9 @@ locations will be searched for credentials:
 * EC2/ECS IMDS instance profile - When used by default, the timeouts
   are very aggressive. Construct and pass an instance of
   `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
-  enable retries and extended timeouts.
+  enable retries and extended timeouts. Instance profile credential
+  fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
+  to true.
         DOCS
       ) do |config|
         CredentialProviderChain.new(config).resolve

data/lib/aws-sdk-core/plugins/regional_endpoint.rb

@@ -24,6 +24,25 @@ a default `:region` is searched for in the following locations:
         resolve_region(cfg)
       end
 
+      option(:use_dualstack_endpoint,
+        doc_type: 'Boolean',
+        docstring: <<-DOCS) do |cfg|
+When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
+will be used if available.
+        DOCS
+        resolve_use_dualstack_endpoint(cfg)
+      end
+
+      option(:use_fips_endpoint,
+        doc_type: 'Boolean',
+        docstring: <<-DOCS) do |cfg|
+When set to `true`, fips compatible endpoints will be used if available.
+When a `fips` region is used, the region is normalized and this config
+is set to `true`.
+        DOCS
+        resolve_use_fips_endpoint(cfg)
+      end
+
       option(:regional_endpoint, false)
 
       option(:endpoint, doc_type: String, docstring: <<-DOCS) do |cfg|
@@ -42,10 +61,23 @@ to test or custom endpoints. This should be a valid HTTP(S) URI.
             raise Errors::InvalidRegionError
           end
 
+          region = cfg.region
+          new_region = region.gsub('fips-', '').gsub('-fips', '')
+          if region != new_region
+            warn("Legacy region #{region} was transformed to #{new_region}."\
+                 '`use_fips_endpoint` config was set to true.')
+            cfg.override_config(:use_fips_endpoint, true)
+            cfg.override_config(:region, new_region)
+          end
+
           Aws::Partitions::EndpointProvider.resolve(
             cfg.region,
             endpoint_prefix,
-            sts_regional
+            sts_regional,
+            {
+              dualstack: cfg.use_dualstack_endpoint,
+              fips: cfg.use_fips_endpoint
+            }
           )
         end
       end
@@ -66,6 +98,20 @@ to test or custom endpoints. This should be a valid HTTP(S) URI.
           cfg_region = Aws.shared_config.region(profile: cfg.profile)
           env_region || cfg_region
         end
+
+        def resolve_use_dualstack_endpoint(cfg)
+          value = ENV['AWS_USE_DUALSTACK_ENDPOINT']
+          value ||= Aws.shared_config.use_dualstack_endpoint(
+            profile: cfg.profile
+          )
+          Aws::Util.str_2_bool(value) || false
+        end
+
+        def resolve_use_fips_endpoint(cfg)
+          value = ENV['AWS_USE_FIPS_ENDPOINT']
+          value ||= Aws.shared_config.use_fips_endpoint(profile: cfg.profile)
+          Aws::Util.str_2_bool(value) || false
+        end
       end
     end
   end

data/lib/aws-sdk-core/rest/request/headers.rb

@@ -35,6 +35,7 @@ module Aws
           headers[ref.location_name] =
             case ref.shape
             when TimestampShape then timestamp(ref, value)
+            when ListShape then list(ref, value)
             else value.to_s
             end
         end
@@ -49,6 +50,10 @@ module Aws
           end
         end
 
+        def list(_ref, value)
+          value.compact.join(",")
+        end
+
         def apply_header_map(headers, ref, values)
           prefix = ref.location_name || ''
           values.each_pair do |name, value|
@@ -57,7 +62,7 @@ module Aws
         end
 
         # With complex headers value in json syntax,
-        # base64 encodes value to aviod weird characters
+        # base64 encodes value to avoid weird characters
         # causing potential issues in headers
         def apply_json_trait(value)
           Base64.strict_encode64(value)

data/lib/aws-sdk-core/rest/response/headers.rb

@@ -40,8 +40,10 @@ module Aws
           when IntegerShape then value.to_i
           when FloatShape then value.to_f
           when BooleanShape then value == 'true'
+          when ListShape then
+            value.split(",").map { |v| cast_value(ref.shape.member, v) }
           when TimestampShape
-            if value =~ /\d+(\.\d*)/
+            if value =~ /^\d+(\.\d*)/
               Time.at(value.to_f)
             elsif value =~ /^\d+$/
               Time.at(value.to_i)

data/lib/aws-sdk-core/shared_config.rb

@@ -163,6 +163,8 @@ module Aws
       :ca_bundle,
       :credential_process,
       :endpoint_discovery_enabled,
+      :use_dualstack_endpoint,
+      :use_fips_endpoint,
       :ec2_metadata_service_endpoint,
       :ec2_metadata_service_endpoint_mode,
       :max_attempts,

data/lib/aws-sdk-core.rb

@@ -88,6 +88,9 @@ require_relative 'aws-sdk-core/arn'
 require_relative 'aws-sdk-core/arn_parser'
 require_relative 'aws-sdk-core/ec2_metadata'
 
+# plugins
+# loaded through building STS or SSO ..
+
 # aws-sdk-sts is included to support Aws::AssumeRoleCredentials
 require_relative 'aws-sdk-sts'
 

data/lib/aws-sdk-sso/client.rb

@@ -119,7 +119,9 @@ module Aws::SSO
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts.
+    #       enable retries and extended timeouts. Instance profile credential
+    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
+    #       to true.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -275,6 +277,15 @@ module Aws::SSO
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Boolean] :use_dualstack_endpoint
+    #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
+    #     will be used if available.
+    #
+    #   @option options [Boolean] :use_fips_endpoint
+    #     When set to `true`, fips compatible endpoints will be used if available.
+    #     When a `fips` region is used, the region is normalized and this config
+    #     is set to `true`.
+    #
     #   @option options [Boolean] :validate_params (true)
     #     When `true`, request parameters are validated before
     #     sending the request.
@@ -521,7 +532,7 @@ module Aws::SSO
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.121.6'
+      context[:gem_version] = '3.124.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso.rb

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sso/customizations'
 # @!group service
 module Aws::SSO
 
-  GEM_VERSION = '3.121.6'
+  GEM_VERSION = '3.124.0'
 
 end

data/lib/aws-sdk-sts/client.rb

@@ -121,7 +121,9 @@ module Aws::STS
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts.
+    #       enable retries and extended timeouts. Instance profile credential
+    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
+    #       to true.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -282,6 +284,15 @@ module Aws::STS
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Boolean] :use_dualstack_endpoint
+    #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
+    #     will be used if available.
+    #
+    #   @option options [Boolean] :use_fips_endpoint
+    #     When set to `true`, fips compatible endpoints will be used if available.
+    #     When a `fips` region is used, the region is normalized and this config
+    #     is set to `true`.
+    #
     #   @option options [Boolean] :validate_params (true)
     #     When `true`, request parameters are validated before
     #     sending the request.
@@ -341,15 +352,15 @@ module Aws::STS
     # `AssumeRole` within your account or for cross-account access. For a
     # comparison of `AssumeRole` with other API operations that produce
     # temporary credentials, see [Requesting Temporary Security
-    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
-    # User Guide*.
+    # Credentials][1] and [Comparing the Amazon Web Services STS API
+    # operations][2] in the *IAM User Guide*.
     #
     # **Permissions**
     #
     # The temporary security credentials created by `AssumeRole` can be used
     # to make API calls to any Amazon Web Services service with the
-    # following exception: You cannot call the STS `GetFederationToken` or
-    # `GetSessionToken` API operations.
+    # following exception: You cannot call the Amazon Web Services STS
+    # `GetFederationToken` or `GetSessionToken` API operations.
     #
     # (Optional) You can pass inline or managed [session policies][3] to
     # this operation. You can pass a single JSON policy document to use as
@@ -366,28 +377,37 @@ module Aws::STS
     # assumed. For more information, see [Session Policies][3] in the *IAM
     # User Guide*.
     #
-    # To assume a role from a different account, your account must be
-    # trusted by the role. The trust relationship is defined in the role's
-    # trust policy when the role is created. That trust policy states which
-    # accounts are allowed to delegate that access to users in the account.
+    # When you create a role, you create two policies: A role trust policy
+    # that specifies *who* can assume the role and a permissions policy that
+    # specifies *what* can be done with the role. You specify the trusted
+    # principal who is allowed to assume the role in the role trust policy.
+    #
+    # To assume a role from a different account, your Amazon Web Services
+    # account must be trusted by the role. The trust relationship is defined
+    # in the role's trust policy when the role is created. That trust
+    # policy states which accounts are allowed to delegate that access to
+    # users in the account.
     #
     # A user who wants to access a role in a different account must also
     # have permissions that are delegated from the user account
     # administrator. The administrator must attach a policy that allows the
     # user to call `AssumeRole` for the ARN of the role in the other
-    # account. If the user is in the same account as the role, then you can
-    # do either of the following:
+    # account.
+    #
+    # To allow a user to assume a role in the same account, you can do
+    # either of the following:
     #
-    # * Attach a policy to the user (identical to the previous user in a
-    #   different account).
+    # * Attach a policy to the user that allows the user to call
+    #   `AssumeRole` (as long as the role's trust policy trusts the
+    #   account).
     #
     # * Add the user as a principal directly in the role's trust policy.
     #
-    # In this case, the trust policy acts as an IAM resource-based policy.
-    # Users in the same account as the role do not need explicit permission
-    # to assume the role. For more information about trust policies and
-    # resource-based policies, see [IAM Policies][4] in the *IAM User
-    # Guide*.
+    # You can do either because the role’s trust policy acts as an IAM
+    # resource-based policy. When a resource-based policy grants access to a
+    # principal in the same account, no additional identity-based policy is
+    # required. For more information about trust policies and resource-based
+    # policies, see [IAM Policies][4] in the *IAM User Guide*.
     #
     # **Tags**
     #
@@ -529,15 +549,25 @@ module Aws::STS
     #
     # @option params [Integer] :duration_seconds
     #   The duration, in seconds, of the role session. The value specified can
-    #   can range from 900 seconds (15 minutes) up to the maximum session
-    #   duration that is set for the role. The maximum session duration
-    #   setting can have a value from 1 hour to 12 hours. If you specify a
-    #   value higher than this setting or the administrator setting (whichever
-    #   is lower), the operation fails. For example, if you specify a session
-    #   duration of 12 hours, but your administrator set the maximum session
-    #   duration to 6 hours, your operation fails. To learn how to view the
-    #   maximum value for your role, see [View the Maximum Session Duration
-    #   Setting for a Role][1] in the *IAM User Guide*.
+    #   range from 900 seconds (15 minutes) up to the maximum session duration
+    #   set for the role. The maximum session duration setting can have a
+    #   value from 1 hour to 12 hours. If you specify a value higher than this
+    #   setting or the administrator setting (whichever is lower), the
+    #   operation fails. For example, if you specify a session duration of 12
+    #   hours, but your administrator set the maximum session duration to 6
+    #   hours, your operation fails.
+    #
+    #   Role chaining limits your Amazon Web Services CLI or Amazon Web
+    #   Services API role session to a maximum of one hour. When you use the
+    #   `AssumeRole` API operation to assume a role, you can specify the
+    #   duration of your role session with the `DurationSeconds` parameter.
+    #   You can specify a parameter value of up to 43200 seconds (12 hours),
+    #   depending on the maximum session duration setting for your role.
+    #   However, if you assume a role using role chaining and provide a
+    #   `DurationSeconds` parameter value greater than one hour, the operation
+    #   fails. To learn how to view the maximum value for your role, see [View
+    #   the Maximum Session Duration Setting for a Role][1] in the *IAM User
+    #   Guide*.
     #
     #   By default, the value is set to `3600` seconds.
     #
@@ -546,8 +576,8 @@ module Aws::STS
     #   The request to the federation endpoint for a console sign-in token
     #   takes a `SessionDuration` parameter that specifies the maximum length
     #   of the console session. For more information, see [Creating a URL that
-    #   Enables Federated Users to Access the Management Console][2] in the
-    #   *IAM User Guide*.
+    #   Enables Federated Users to Access the Amazon Web Services Management
+    #   Console][2] in the *IAM User Guide*.
     #
     #    </note>
     #
@@ -559,8 +589,8 @@ module Aws::STS
     # @option params [Array<Types::Tag>] :tags
     #   A list of session tags that you want to pass. Each session tag
     #   consists of a key name and an associated value. For more information
-    #   about session tags, see [Tagging STS Sessions][1] in the *IAM User
-    #   Guide*.
+    #   about session tags, see [Tagging Amazon Web Services STS Sessions][1]
+    #   in the *IAM User Guide*.
     #
     #   This parameter is optional. You can pass up to 50 session tags. The
     #   plaintext session tag keys can’t exceed 128 characters, and the values
@@ -789,8 +819,8 @@ module Aws::STS
     # user-specific credentials or configuration. For a comparison of
     # `AssumeRoleWithSAML` with the other API operations that produce
     # temporary credentials, see [Requesting Temporary Security
-    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
-    # User Guide*.
+    # Credentials][1] and [Comparing the Amazon Web Services STS API
+    # operations][2] in the *IAM User Guide*.
     #
     # The temporary security credentials returned by this operation consist
     # of an access key ID, a secret access key, and a security token.
@@ -1042,8 +1072,8 @@ module Aws::STS
     #   The request to the federation endpoint for a console sign-in token
     #   takes a `SessionDuration` parameter that specifies the maximum length
     #   of the console session. For more information, see [Creating a URL that
-    #   Enables Federated Users to Access the Management Console][2] in the
-    #   *IAM User Guide*.
+    #   Enables Federated Users to Access the Amazon Web Services Management
+    #   Console][2] in the *IAM User Guide*.
     #
     #    </note>
     #
@@ -1163,8 +1193,8 @@ module Aws::STS
     # a token from the web identity provider. For a comparison of
     # `AssumeRoleWithWebIdentity` with the other API operations that produce
     # temporary credentials, see [Requesting Temporary Security
-    # Credentials][5] and [Comparing the STS API operations][6] in the *IAM
-    # User Guide*.
+    # Credentials][5] and [Comparing the Amazon Web Services STS API
+    # operations][6] in the *IAM User Guide*.
     #
     # The temporary security credentials returned by this API consist of an
     # access key ID, a secret access key, and a security token. Applications
@@ -1424,8 +1454,8 @@ module Aws::STS
     #   The request to the federation endpoint for a console sign-in token
     #   takes a `SessionDuration` parameter that specifies the maximum length
     #   of the console session. For more information, see [Creating a URL that
-    #   Enables Federated Users to Access the Management Console][2] in the
-    #   *IAM User Guide*.
+    #   Enables Federated Users to Access the Amazon Web Services Management
+    #   Console][2] in the *IAM User Guide*.
     #
     #    </note>
     #
@@ -1531,17 +1561,17 @@ module Aws::STS
     #  </note>
     #
     # The message is encoded because the details of the authorization status
-    # can constitute privileged information that the user who requested the
+    # can contain privileged information that the user who requested the
     # operation should not see. To decode an authorization status message, a
-    # user must be granted permissions via an IAM policy to request the
-    # `DecodeAuthorizationMessage` (`sts:DecodeAuthorizationMessage`)
+    # user must be granted permissions through an IAM [policy][1] to request
+    # the `DecodeAuthorizationMessage` (`sts:DecodeAuthorizationMessage`)
     # action.
     #
     # The decoded message includes the following type of information:
     #
     # * Whether the request was denied due to an explicit deny or due to the
     #   absence of an explicit allow. For more information, see [Determining
-    #   Whether a Request is Allowed or Denied][1] in the *IAM User Guide*.
+    #   Whether a Request is Allowed or Denied][2] in the *IAM User Guide*.
     #
     # * The principal who made the request.
     #
@@ -1553,7 +1583,8 @@ module Aws::STS
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
+    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
     #
     # @option params [required, String] :encoded_message
     #   The encoded message that was returned with the response.
@@ -1748,8 +1779,8 @@ module Aws::STS
     # can be safely stored, usually in a server-based application. For a
     # comparison of `GetFederationToken` with the other API operations that
     # produce temporary credentials, see [Requesting Temporary Security
-    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
-    # User Guide*.
+    # Credentials][1] and [Comparing the Amazon Web Services STS API
+    # operations][2] in the *IAM User Guide*.
     #
     # <note markdown="1"> You can create a mobile-based or browser-based app that can
     # authenticate users using a web identity provider like Login with
@@ -1773,7 +1804,7 @@ module Aws::STS
     # The temporary credentials are valid for the specified duration, from
     # 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
     # hours). The default session duration is 43,200 seconds (12 hours).
-    # Temporary credentials that are obtained by using Amazon Web Services
+    # Temporary credentials obtained by using the Amazon Web Services
     # account root user credentials have a maximum duration of 3,600 seconds
     # (1 hour).
     #
@@ -1828,65 +1859,6 @@ module Aws::STS
     #
     #  </note>
     #
-    # You can also call `GetFederationToken` using the security credentials
-    # of an Amazon Web Services account root user, but we do not recommend
-    # it. Instead, we recommend that you create an IAM user for the purpose
-    # of the proxy application. Then attach a policy to the IAM user that
-    # limits federated users to only the actions and resources that they
-    # need to access. For more information, see [IAM Best Practices][5] in
-    # the *IAM User Guide*.
-    #
-    # **Session duration**
-    #
-    # The temporary credentials are valid for the specified duration, from
-    # 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36
-    # hours). The default session duration is 43,200 seconds (12 hours).
-    # Temporary credentials that are obtained by using Amazon Web Services
-    # account root user credentials have a maximum duration of 3,600 seconds
-    # (1 hour).
-    #
-    # **Permissions**
-    #
-    # You can use the temporary credentials created by `GetFederationToken`
-    # in any Amazon Web Services service except the following:
-    #
-    # * You cannot call any IAM operations using the CLI or the Amazon Web
-    #   Services API.
-    #
-    # * You cannot call any STS operations except `GetCallerIdentity`.
-    #
-    # You must pass an inline or managed [session policy][6] to this
-    # operation. You can pass a single JSON policy document to use as an
-    # inline session policy. You can also specify up to 10 managed policies
-    # to use as managed session policies. The plain text that you use for
-    # both inline and managed session policies can't exceed 2,048
-    # characters.
-    #
-    # Though the session policy parameters are optional, if you do not pass
-    # a policy, then the resulting federated user session has no
-    # permissions. When you pass session policies, the session permissions
-    # are the intersection of the IAM user policies and the session policies
-    # that you pass. This gives you a way to further restrict the
-    # permissions for a federated user. You cannot use session policies to
-    # grant more permissions than those that are defined in the permissions
-    # policy of the IAM user. For more information, see [Session
-    # Policies][6] in the *IAM User Guide*. For information about using
-    # `GetFederationToken` to create temporary security credentials, see
-    # [GetFederationToken—Federation Through a Custom Identity Broker][7].
-    #
-    # You can use the credentials to access a resource that has a
-    # resource-based policy. If that policy specifically references the
-    # federated user session in the `Principal` element of the policy, the
-    # session has the permissions allowed by the policy. These permissions
-    # are granted in addition to the permissions granted by the session
-    # policies.
-    #
-    # **Tags**
-    #
-    # (Optional) You can pass tag key-value pairs to your session. These are
-    # called session tags. For more information about session tags, see
-    # [Passing Session Tags in STS][8] in the *IAM User Guide*.
-    #
     # An administrator must grant you the permissions necessary to pass
     # session tags. The administrator can also create granular permissions
     # to allow you to pass only specific session tags. For more information,
@@ -2155,8 +2127,8 @@ module Aws::STS
     # correct MFA code, then the API returns an access denied error. For a
     # comparison of `GetSessionToken` with the other API operations that
     # produce temporary credentials, see [Requesting Temporary Security
-    # Credentials][1] and [Comparing the STS API operations][2] in the *IAM
-    # User Guide*.
+    # Credentials][1] and [Comparing the Amazon Web Services STS API
+    # operations][2] in the *IAM User Guide*.
     #
     # **Session Duration**
     #
@@ -2224,8 +2196,8 @@ module Aws::STS
     #   The value is either the serial number for a hardware device (such as
     #   `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual device
     #   (such as `arn:aws:iam::123456789012:mfa/user`). You can find the
-    #   device for an IAM user by going to the Management Console and viewing
-    #   the user's security credentials.
+    #   device for an IAM user by going to the Amazon Web Services Management
+    #   Console and viewing the user's security credentials.
     #
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
@@ -2303,7 +2275,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.121.6'
+      context[:gem_version] = '3.124.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts/presigner.rb

@@ -53,7 +53,13 @@ module Aws
         )
 
         url = Aws::Partitions::EndpointProvider.resolve(
-          req.context.config.region, 'sts', 'regional'
+          req.context.config.region,
+          'sts',
+          req.context.config.sts_regional_endpoints,
+          {
+            dualstack: req.context.config.use_dualstack_endpoint,
+            fips: req.context.config.use_fips_endpoint
+          }
         )
         url += "/?#{param_list}"
 

data/lib/aws-sdk-sts/types.rb

@@ -132,16 +132,25 @@ module Aws::STS
     #
     # @!attribute [rw] duration_seconds
     #   The duration, in seconds, of the role session. The value specified
-    #   can can range from 900 seconds (15 minutes) up to the maximum
-    #   session duration that is set for the role. The maximum session
-    #   duration setting can have a value from 1 hour to 12 hours. If you
-    #   specify a value higher than this setting or the administrator
-    #   setting (whichever is lower), the operation fails. For example, if
-    #   you specify a session duration of 12 hours, but your administrator
-    #   set the maximum session duration to 6 hours, your operation fails.
-    #   To learn how to view the maximum value for your role, see [View the
-    #   Maximum Session Duration Setting for a Role][1] in the *IAM User
-    #   Guide*.
+    #   can range from 900 seconds (15 minutes) up to the maximum session
+    #   duration set for the role. The maximum session duration setting can
+    #   have a value from 1 hour to 12 hours. If you specify a value higher
+    #   than this setting or the administrator setting (whichever is lower),
+    #   the operation fails. For example, if you specify a session duration
+    #   of 12 hours, but your administrator set the maximum session duration
+    #   to 6 hours, your operation fails.
+    #
+    #   Role chaining limits your Amazon Web Services CLI or Amazon Web
+    #   Services API role session to a maximum of one hour. When you use the
+    #   `AssumeRole` API operation to assume a role, you can specify the
+    #   duration of your role session with the `DurationSeconds` parameter.
+    #   You can specify a parameter value of up to 43200 seconds (12 hours),
+    #   depending on the maximum session duration setting for your role.
+    #   However, if you assume a role using role chaining and provide a
+    #   `DurationSeconds` parameter value greater than one hour, the
+    #   operation fails. To learn how to view the maximum value for your
+    #   role, see [View the Maximum Session Duration Setting for a Role][1]
+    #   in the *IAM User Guide*.
     #
     #   By default, the value is set to `3600` seconds.
     #
@@ -150,8 +159,8 @@ module Aws::STS
     #   credentials. The request to the federation endpoint for a console
     #   sign-in token takes a `SessionDuration` parameter that specifies the
     #   maximum length of the console session. For more information, see
-    #   [Creating a URL that Enables Federated Users to Access the
-    #   Management Console][2] in the *IAM User Guide*.
+    #   [Creating a URL that Enables Federated Users to Access the Amazon
+    #   Web Services Management Console][2] in the *IAM User Guide*.
     #
     #    </note>
     #
@@ -164,8 +173,8 @@ module Aws::STS
     # @!attribute [rw] tags
     #   A list of session tags that you want to pass. Each session tag
     #   consists of a key name and an associated value. For more information
-    #   about session tags, see [Tagging STS Sessions][1] in the *IAM User
-    #   Guide*.
+    #   about session tags, see [Tagging Amazon Web Services STS
+    #   Sessions][1] in the *IAM User Guide*.
     #
     #   This parameter is optional. You can pass up to 50 session tags. The
     #   plaintext session tag keys can’t exceed 128 characters, and the
@@ -516,8 +525,8 @@ module Aws::STS
     #   credentials. The request to the federation endpoint for a console
     #   sign-in token takes a `SessionDuration` parameter that specifies the
     #   maximum length of the console session. For more information, see
-    #   [Creating a URL that Enables Federated Users to Access the
-    #   Management Console][2] in the *IAM User Guide*.
+    #   [Creating a URL that Enables Federated Users to Access the Amazon
+    #   Web Services Management Console][2] in the *IAM User Guide*.
     #
     #    </note>
     #
@@ -802,8 +811,8 @@ module Aws::STS
     #   credentials. The request to the federation endpoint for a console
     #   sign-in token takes a `SessionDuration` parameter that specifies the
     #   maximum length of the console session. For more information, see
-    #   [Creating a URL that Enables Federated Users to Access the
-    #   Management Console][2] in the *IAM User Guide*.
+    #   [Creating a URL that Enables Federated Users to Access the Amazon
+    #   Web Services Management Console][2] in the *IAM User Guide*.
     #
     #    </note>
     #
@@ -1012,7 +1021,7 @@ module Aws::STS
     # returned in response to an Amazon Web Services request.
     #
     # @!attribute [rw] decoded_message
-    #   An XML document that contains the decoded message.
+    #   The API returns a response with the decoded message.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/DecodeAuthorizationMessageResponse AWS API Documentation
@@ -1396,8 +1405,8 @@ module Aws::STS
     #   The value is either the serial number for a hardware device (such as
     #   `GAHT12345678`) or an Amazon Resource Name (ARN) for a virtual
     #   device (such as `arn:aws:iam::123456789012:mfa/user`). You can find
-    #   the device for an IAM user by going to the Management Console and
-    #   viewing the user's security credentials.
+    #   the device for an IAM user by going to the Amazon Web Services
+    #   Management Console and viewing the user's security credentials.
     #
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
@@ -1546,7 +1555,7 @@ module Aws::STS
     #
     #
     # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html
-    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
+    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1612,7 +1621,8 @@ module Aws::STS
     # You can pass custom key-value pair attributes when you assume a role
     # or federate a user. These are called session tags. You can then use
     # the session tags to control access to resources. For more information,
-    # see [Tagging STS Sessions][1] in the *IAM User Guide*.
+    # see [Tagging Amazon Web Services STS Sessions][1] in the *IAM User
+    # Guide*.
     #
     #
     #

data/lib/aws-sdk-sts.rb

@@ -50,6 +50,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @!group service
 module Aws::STS
 
-  GEM_VERSION = '3.121.6'
+  GEM_VERSION = '3.124.0'
 
 end

data/lib/seahorse/client/configuration.rb

@@ -195,6 +195,10 @@ module Seahorse
           @members.include?(method_name) or super
         end
 
+        def override_config(k, v)
+          @struct[k] = v
+        end
+
         private
 
         def value_at(opt_name)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.121.6
+  version: 3.124.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-02 00:00:00.000000000 Z
+date: 2021-11-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jmespath
@@ -33,7 +33,7 @@ dependencies:
         version: '1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.520.1
+        version: 1.525.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -43,7 +43,7 @@ dependencies:
         version: '1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.520.1
+        version: 1.525.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement