aws-sdk-core 3.191.1 → 3.229.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4fba83e64be6d833ebbde5a6b21464e168ee7237fa96a07e648c69d57da77c37
-  data.tar.gz: 84a013c1b2ba6d1d562cbffd33748273fbc520c353f4ae1876cba59256da5e6c
+  metadata.gz: bc59968a13d46354d79845e8249b17859fa38bdb7fbb8c34d7b65d88a4ba944e
+  data.tar.gz: 8e320632b66e1cc387e614bcdbb21bcfd4fce75e76829b01cd625be5db34b6f0
 SHA512:
-  metadata.gz: 2105ff1d72329e3880cf366a804df12a1e1902a7ccf95c22fe94d9df87dfe60e144b066b91d94a1d2d48f39690aa43fb0efb5cf669c48a59701e654e6c9dc9d3
-  data.tar.gz: 90eebbd2fbc6b4c6cbf94eaa8008ef9686772750b8f8f78d8ff9ac399b9708e918d01cbd63778b1f6c27a04875bb49251834efae2ec5bdaf8e698855ac37dad0
+  metadata.gz: ad44f4003065f24cdf6900730ef1c19c665041ab130fd9ffde41f69571b1dd87ac18073ced4d7d94884707b79067ba6f8ff3d9f8bfe3e576ca70ec1cf014f14e
+  data.tar.gz: de124ed509b1f008238d79221f2ddd71685a2dfc9eb039daaffa7c2202b01581b14c1d234a2c2f292131b51b5155f2504eeee858b31e814e97ec88d467cdbbd0

data/CHANGELOG.md

@@ -1,6 +1,544 @@
 Unreleased Changes
 ------------------
 
+3.229.0 (2025-08-04)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.228.0 (2025-07-31)
+------------------
+
+* Feature - Add `bigdecimal` as a dependency. For systems that are not able to build native extension gems, prefer the locally installed `bigdecimal` with `bundle install --prefer-local`.
+
+3.227.0 (2025-07-21)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Support an auth scheme signing preference list using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or `auth_scheme_preference` in shared configuration.
+
+* Feature - Support metric tracking for Bedrock Bearer tokens.
+
+3.226.3 (2025-07-17)
+------------------
+
+* Issue - Skip `Aws::InstanceProfileCredentials` instantiation when `ENV['AWS_EC2_METADATA_DISABLED']` is set to `true` in the credential resolution chain.
+
+* Issue - Refactor `InstanceProfileCredentials` to improve code clarity and documentation. 
+
+3.226.2 (2025-07-01)
+------------------
+
+* Issue - Document incorrect behavior in protocol error parsing (specifically around query and query compatible services).
+
+3.226.1 (2025-06-24)
+------------------
+
+* Issue - Fixed spelling in the `Aws::Errors::SignalEventError` error message.
+
+3.226.0 (2025-06-17)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - The AWS Security Token Service APIs AssumeRoleWithSAML and AssumeRoleWithWebIdentity can now be invoked without pre-configured AWS credentials in the SDK configuration.
+
+3.225.2 (2025-06-10)
+------------------
+
+* Issue - Only load required `cgi` modules for Ruby 3.5.
+
+3.225.1 (2025-06-05)
+------------------
+
+* Issue - Fix RPCv2 parser to handle flattened list and flattened map members correctly for `AwsQueryCompatible` services.
+
+3.225.0 (2025-06-02)
+------------------
+
+* Feature - AWS SDK for Ruby no longer supports Ruby runtime versions 2.5 and 2.6.
+
+3.224.1 (2025-05-28)
+------------------
+
+* Issue - Signal data in http response listeners prior to writing, so that data can be inspected or verified before potential mutation.
+
+3.224.0 (2025-05-12)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Support `ENV['AWS_DISABLE_HOST_PREFIX_INJECTION']` and `disable_host_prefix_injection` shared config to disable host prefix injection for all services.
+
+3.223.0 (2025-05-01)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.222.3 (2025-04-28)
+------------------
+
+* Issue - Do not dynamically create operation methods from the API. (#3234)
+
+3.222.2 (2025-04-16)
+------------------
+
+* Issue - Additional metrics collection for credentials in the User-Agent plugin.
+
+3.222.1 (2025-03-28)
+------------------
+
+* Issue - Allow explicit modeled headers to override prefixed headers for `rest` protocols. 
+
+3.222.0 (2025-03-27)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - This release adds AwsAdditionalDetails in the CreateTokenWithIAM API response.
+
+3.221.0 (2025-03-24)
+------------------
+
+* Feature - Add `logger` as an explicit dependency for Ruby 3.5.
+* Issue - Enable ALPN over TLS for H2 Connection by default.
+* Issue - Fix HTTP-2 connections to properly use config values configured on the client.
+
+3.220.2 (2025-03-20)
+------------------
+
+* Issue - Enable ALPN over TLS for H2 by default.
+
+3.220.1 (2025-03-06)
+------------------
+
+* Issue - Convert stubs at request time.
+
+3.220.0 (2025-03-04)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.219.0 (2025-02-18)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.218.1 (2025-02-07)
+------------------
+
+* Issue - Add handling of block in ExtendedSession delegation (#3178).
+
+3.218.0 (2025-02-06)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.217.1 (2025-01-30)
+------------------
+
+* Issue - Add `transfer-encoding` and `connection` to list of unsigned sigv4 headers.
+
+3.217.0 (2025-01-24)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Fixed typos in the descriptions.
+
+3.216.1 (2025-01-22)
+------------------
+
+* Issue - Use epoch seconds instead of milliseconds in cbor encode/decode.
+
+* Issue - Add handling of block in response delegation (#3169). 
+
+3.216.0 (2025-01-15)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Always calculate request checksums for operations that support or require it. Supported config options are `when_supported` and `when_required`. The default value is `when_supported`. This option is configured in code with `:request_checksum_calculation`, in the shared config file as `request_checksum_calculation`, and in the ENV as `ENV['AWS_REQUEST_CHECKSUM_CALCULATION']`.
+
+* Feature - Always validate response checksums for operations that support or require it. Supported config options are `when_supported` and `when_required`. The default value is `when_supported`. This option is configured in code with `:response_checksum_validation`, in the shared config file as `response_checksum_validation`, and in the ENV as `ENV['AWS_RESPONSE_CHECKSUM_VALIDATION']`.
+
+* Feature - Support CRC64NVME checksums through the `aws-crt` gem.
+
+3.215.1 (2025-01-14)
+------------------
+
+* Issue - Fixed error when attempting to log an unlinked tempfile.
+
+3.215.0 (2025-01-10)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Fixed typos in the descriptions.
+
+3.214.1 (2024-12-28)
+------------------
+
+* Issue - Fix documentation that references a non-existent method.
+
+3.214.0 (2024-11-25)
+------------------
+
+* Feature - Updated configuration values for `defaults_mode`.
+
+3.213.0 (2024-11-14)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - This release introduces the new API 'AssumeRoot', which returns short-term credentials that you can use to perform privileged tasks.
+
+3.212.0 (2024-11-06)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+3.211.0 (2024-10-21)
+------------------
+
+* Feature - Support functionality for services that migrate from AWS Query to AWS JSON or CBOR.
+
+* Issue - Fix RPCv2 protocol to always send an Accept header for CBOR.
+
+3.210.0 (2024-10-18)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - reduce memory usage by not using legacy endpoint data unless required.
+
+3.209.1 (2024-09-25)
+------------------
+
+* Issue - Add all core plugins to autoloads.
+
+3.209.0 (2024-09-24)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Add service identifiers to GlobalConfig's list of identifiers outside of autoload (#3113).
+
+* Issue - Ignore invalid ARNs when trying to parse accountId in assume role credentials.
+
+3.208.0 (2024-09-23)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Use autoloading at the service level to load service clients and resources.
+
+3.207.0 (2024-09-20)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Support Account ID credentials using `ENV['AWS_ACCOUNT_ID']`, `aws_account_id` shared config, or the `account_id` Client configuration option.
+
+* Feature - Support Account ID endpoint mode using `ENV['AWS_ACCOUNT_ID_ENDPOINT_MODE']`, `aws_account_id_endpoint_mode` shared config, or the `account_id_endpoint_mode` Client configuration option. Defaults to `preferred`, which will use the account id endpoint if available. Set to `disabled` to disable account id endpoints. Set to `required` to require account id endpoint usage; an error is raised if credentials do not have an account id.
+
+3.206.0 (2024-09-17)
+------------------
+
+* Feature - Support `sigv4a` endpoint auth without CRT.
+
+3.205.0 (2024-09-11)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Additional metrics collection in the User-Agent plugin.
+
+3.204.0 (2024-09-10)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Add support for `ssl_cert` and `ssl_key` configuration options to support mTLS.
+
+3.203.0 (2024-09-03)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Add support for Observability which includes a configuration, `telemetry_provider` and an OpenTelemetry-based telemetry provider.
+
+3.202.2 (2024-08-30)
+------------------
+
+* Issue - revert auto-loading of bundled gems.
+
+3.202.1 (2024-08-29)
+------------------
+
+* Issue - require default plugins when loading aws-sdk-core.
+
+3.202.0 (2024-08-27)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Reduce initial memory usage by auto-loading bundled gems (STS, SSO, SSOOIDC).
+
+3.201.5 (2024-08-15)
+------------------
+
+* Issue - Allow legacy/undocumented `sigv4_signer` configuration to override resolved signer.
+
+* Issue - Consider sigv4a supported without crt check.
+
+3.201.4 (2024-08-08)
+------------------
+
+* Issue - Update waiters to handle expected boolean values when matching errors.
+
+3.201.3 (2024-07-23)
+------------------
+
+* Issue - Add `disableNormalizePath` when resolving auth_scheme for S3.
+
+3.201.2 (2024-07-18)
+------------------
+
+* Issue - Allow modeled types to be used for Union inputs.
+* Issue - Ensure that nested sensitive members and sensitive members of lists and maps are filtered.
+
+3.201.1 (2024-07-05)
+------------------
+
+* Issue - Fix `Aws::ProcessCredentials` warning in cases where shared config is used.
+
+3.201.0 (2024-07-02)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Support `auth` trait to enable SigV4a based services.
+
+* Feature - Support configuration for sigv4a signing regions using `ENV['AWS_SIGV4A_SIGNING_REGION_SET']`, `sigv4a_signing_region_set` shared config, or the `sigv4a_signing_region_set` client option.
+
+3.200.0 (2024-06-28)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.199.0 (2024-06-25)
+------------------
+
+* Feature - Support RpcV2 protocol.
+
+* Feature - Add CBOR encoder and decoder.
+
+* Issue - Enhance, refactor, and rebase protocols to be consistent. Ensure protocol tests are run for each engine.
+
+3.198.0 (2024-06-24)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Support `:plugins` option on all Clients or using `Aws.config[:plugins]`.
+
+3.197.2 (2024-06-20)
+------------------
+
+* Issue - fix issue in Endpoint `attr` matcher when path is only an array index.
+
+* Issue - Fix trailing slash in endpoint URLs for rest-json and rest-xml services.
+
+3.197.1 (2024-06-19)
+------------------
+
+* Issue - Support an array of string arguments for `Aws::ProcessCredentials` to be executed by `system`.
+
+3.197.0 (2024-06-05)
+------------------
+
+* Issue - Ensure no UTC offset when deserializing `iso8601` timestamp format values.
+
+* Feature - Bump User Agent to version 2.1 to track business metrics. This changes the User Agent plugin order to be just before sending.
+
+3.196.1 (2024-05-14)
+------------------
+
+* Issue - Fix `ConnectionPool` for `.empty!` and `.clear!` since it prevented adding a new key from being added to the pool (#3020).
+
+3.196.0 (2024-05-13)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.195.0 (2024-05-10)
+------------------
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated request parameters for PKCE support.
+
+3.194.2 (2024-05-07)
+------------------
+
+* Issue - Fix issue where `ConnectionPool` size iteration would prevent a new key from being added to the pool.
+
+3.194.1 (2024-05-03)
+------------------
+
+* Issue - Update EC2 protocol to not serialize empty lists.
+
+3.194.0 (2024-04-30)
+------------------
+
+* Feature - Add an API private cache for S3 Express and Access Grants.
+
+3.193.0 (2024-04-25)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Issue - Update event stream documentation.
+* Issue - Move `InvocationId` plugin to all clients.
+* Issue - Handle event streaming content-sha256 header in the signer plugin.
+* Issue - Add the event stream content type to initial requests.
+* Issue - Fix `standard` and `adaptive` retry mode for event streams.
+* Issue - Add `authority` to http2 headers.
+* Issue - Do not treat single members in event stream structures as implicit payloads.
+* Issue - Do not wait for initial response headers to start sending input events.
+
+3.192.1 (2024-04-18)
+------------------
+
+* Issue - Drop key/value pair if value is `nil` when deserializing json maps.
+
+3.192.0 (2024-04-16)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Update serializing/deserializing for all protocols to align with Smithy protocol-tests.
+* Issue - Allow `nil` values in lists and maps.
+* Issue - Populate headers for XML and JSON error responses.
+* Issue - Support fractional seconds when parsing `DateTime` timestamps.
+* Issue - Correctly serialize flattened lists for Query protocol.
+* Issue - Correctly serialize payload name in Rest-XML requests.
+* Issue - Fix an issue where Rest-XML requests do not have a default `Content-Type` header applied.
+* Issue - Apply appropriate `Content-Type` header for payloads in Rest services.
+* Issue - Correctly serialize URI label bindings in Rest requests.
+* Issue - Correctly serialize and parse header bindings in Rest services.
+* Issue - Ensure that null and empty headers are not sent in Rest requests.
+* Issue - Ensure keys in query maps do not override modeled keys in Rest requests.
+* Issue - Ensure empty blob payloads are omitted in Rest requests.
+* Issue - Support parsing of `NaN`, `Infinity` and `-Infinity` float values.
+* Issue - Apply appropriate `xmlName` for flattened lists and maps in Rest-XML services.
+* Issue - Handle serializing of different formats of `xmlNamespace` on shapes.
+* Issue - Fix deserializing of an empty blob to produce an empty string.
+* Issue - Fix deserializing an empty self-closed blob to produce an empty string.
+* Issue - Support parsing of different formats of error data in Rest-XML services.
+
+3.191.6 (2024-04-02)
+------------------
+* Issue - Performance optimization: ensure presence and order of instance variables in `PluginOptions` (#3002).
+
+3.191.5 (2024-03-26)
+------------------
+
+* Issue - Fix `EC2Metadata` and `InstanceProfileCredentials` to respect the port from a configured endpoint from code, ENV, or shared config.
+
+3.191.4 (2024-03-15)
+------------------
+
+* Issue - Ensure output unions work correctly with stub_responses.
+
+3.191.3 (2024-02-20)
+------------------
+
+* Issue - Remove base64 as dependency.
+
+3.191.2 (2024-02-14)
+------------------
+
+* Issue - Add base64 as dependency to prepare for Ruby 3.4 release (#2984).
+
 3.191.1 (2024-02-07)
 ------------------
 
@@ -15,7 +553,7 @@ Unreleased Changes
 
 * Feature - Updated Aws::SSO::Client with the latest API changes.
 
-* Feature - Add RBS signature files to support static type checking.
+* Feature - Add RBS signature files to support static type checking
 
 3.190.3 (2024-01-16)
 ------------------

data/VERSION

@@ -1 +1 @@
-3.191.1
+3.229.0

data/lib/aws-defaults/default_configuration.rb

@@ -128,8 +128,7 @@ module Aws
             "override" => 3100
           }
         },
-        "in-region" => {
-        },
+        "in-region" => {},
         "cross-region" => {
           "connectTimeoutInMillis" => {
             "override" => 3100

data/lib/aws-defaults.rb

@@ -1,3 +1,6 @@
 # frozen_string_literal: true
 
-require_relative 'aws-defaults/default_configuration'
+module Aws
+  autoload :DefaultsModeConfiguration, 'aws-defaults/default_configuration'
+  autoload :DefaultsModeConfigResolver, 'aws-defaults/defaults_mode_config_resolver'
+end

data/lib/aws-sdk-core/arn.rb

@@ -24,9 +24,7 @@ module Aws
   #   arn.resource
   #   # => foo/bar
   #
-  #   # Note: parser available for parsing resource details
-  #   @see Aws::ARNParser#parse_resource
-  #
+  # @see ARNParser
   # @see https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns
   class ARN
 

data/lib/aws-sdk-core/assume_role_credentials.rb

@@ -50,6 +50,7 @@ module Aws
       end
       @client = client_opts[:client] || STS::Client.new(client_opts)
       @async_refresh = true
+      @metrics = ['CREDENTIALS_STS_ASSUME_ROLE']
       super
     end
 
@@ -62,13 +63,20 @@ module Aws
     private
 
     def refresh
-      c = @client.assume_role(@assume_role_params).credentials
+      resp = @client.assume_role(@assume_role_params)
+      creds = resp.credentials
       @credentials = Credentials.new(
-        c.access_key_id,
-        c.secret_access_key,
-        c.session_token
+        creds.access_key_id,
+        creds.secret_access_key,
+        creds.session_token,
+        account_id: parse_account_id(resp)
       )
-      @expiration = c.expiration
+      @expiration = creds.expiration
+    end
+
+    def parse_account_id(resp)
+      arn = resp.assumed_role_user&.arn
+      ARNParser.parse(arn).account_id if ARNParser.arn?(arn)
     end
 
     class << self

data/lib/aws-sdk-core/assume_role_web_identity_credentials.rb

@@ -60,7 +60,8 @@ module Aws
         # not provided, generate encoded UUID as session name
         @assume_role_web_identity_params[:role_session_name] = _session_name
       end
-      @client = client_opts[:client] || STS::Client.new(client_opts.merge(credentials: false))
+      @client = client_opts[:client] || STS::Client.new(client_opts.merge(credentials: nil))
+      @metrics = ['CREDENTIALS_STS_ASSUME_ROLE_WEB_ID']
       super
     end
 
@@ -73,14 +74,15 @@ module Aws
       # read from token file everytime it refreshes
       @assume_role_web_identity_params[:web_identity_token] = _token_from_file(@token_file)
 
-      c = @client.assume_role_with_web_identity(
-        @assume_role_web_identity_params).credentials
+      resp = @client.assume_role_with_web_identity(@assume_role_web_identity_params)
+      creds = resp.credentials
       @credentials = Credentials.new(
-        c.access_key_id,
-        c.secret_access_key,
-        c.session_token
+        creds.access_key_id,
+        creds.secret_access_key,
+        creds.session_token,
+        account_id: parse_account_id(resp)
       )
-      @expiration = c.expiration
+      @expiration = creds.expiration
     end
 
     def _token_from_file(path)
@@ -94,6 +96,11 @@ module Aws
       Base64.strict_encode64(SecureRandom.uuid)
     end
 
+    def parse_account_id(resp)
+      arn = resp.assumed_role_user&.arn
+      ARNParser.parse(arn).account_id if ARNParser.arn?(arn)
+    end
+
     class << self
 
       # @api private