aws-sdk-core 3.214.1 → 3.218.1

data/lib/aws-sdk-core/shared_config.rb

@@ -212,6 +212,8 @@ module Aws
       :retry_mode,
       :adaptive_retry_wait_to_fill,
       :correct_clock_skew,
+      :request_checksum_calculation,
+      :response_checksum_validation,
       :csm_client_id,
       :csm_enabled,
       :csm_host,

data/lib/aws-sdk-sso/client.rb

@@ -257,11 +257,34 @@ module Aws::SSO
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [String] :request_checksum_calculation ("when_supported")
+    #     Determines when a checksum will be calculated for request payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, a checksum will be
+    #       calculated for all request payloads of operations modeled with the
+    #       `httpChecksum` trait where `requestChecksumRequired` is `true` and/or a
+    #       `requestAlgorithmMember` is modeled.
+    #     * `when_required` - When set, a checksum will only be calculated for
+    #       request payloads of operations modeled with the  `httpChecksum` trait where
+    #       `requestChecksumRequired` is `true` or where a `requestAlgorithmMember`
+    #       is modeled and supplied.
+    #
     #   @option options [Integer] :request_min_compression_size_bytes (10240)
     #     The minimum size in bytes that triggers compression for request
     #     bodies. The value must be non-negative integer value between 0
     #     and 10485780 bytes inclusive.
     #
+    #   @option options [String] :response_checksum_validation ("when_supported")
+    #     Determines when checksum validation will be performed on response payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, checksum validation is performed on all
+    #       response payloads of operations modeled with the `httpChecksum` trait where
+    #       `responseAlgorithms` is modeled, except when no modeled checksum algorithms
+    #       are supported.
+    #     * `when_required` - When set, checksum validation is not performed on
+    #       response payloads of operations unless the checksum algorithm is supported and
+    #       the `requestValidationModeMember` member is set to `ENABLED`.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -669,7 +692,7 @@ module Aws::SSO
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.214.1'
+      context[:gem_version] = '3.218.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso/endpoint_provider.rb

@@ -10,43 +10,39 @@
 module Aws::SSO
   class EndpointProvider
     def resolve_endpoint(parameters)
-      region = parameters.region
-      use_dual_stack = parameters.use_dual_stack
-      use_fips = parameters.use_fips
-      endpoint = parameters.endpoint
-      if Aws::Endpoints::Matchers.set?(endpoint)
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+      if Aws::Endpoints::Matchers.set?(parameters.endpoint)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
           raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
         end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
           raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
         end
-        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+        return Aws::Endpoints::Endpoint.new(url: parameters.endpoint, headers: {}, properties: {})
       end
-      if Aws::Endpoints::Matchers.set?(region)
-        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+      if Aws::Endpoints::Matchers.set?(parameters.region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region))
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
               if Aws::Endpoints::Matchers.string_equals?("aws-us-gov", Aws::Endpoints::Matchers.attr(partition_result, "name"))
-                return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.amazonaws.com", headers: {}, properties: {})
+                return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{parameters.region}.amazonaws.com", headers: {}, properties: {})
               end
-              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso-fips.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
-          return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+          return Aws::Endpoints::Endpoint.new(url: "https://portal.sso.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end
       end
       raise ArgumentError, "Invalid Configuration: Missing Region"

data/lib/aws-sdk-sso.rb

@@ -56,7 +56,7 @@ module Aws::SSO
   autoload :EndpointProvider, 'aws-sdk-sso/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-sso/endpoints'
 
-  GEM_VERSION = '3.214.1'
+  GEM_VERSION = '3.218.1'
 
 end
 

data/lib/aws-sdk-ssooidc/client.rb

@@ -257,11 +257,34 @@ module Aws::SSOOIDC
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [String] :request_checksum_calculation ("when_supported")
+    #     Determines when a checksum will be calculated for request payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, a checksum will be
+    #       calculated for all request payloads of operations modeled with the
+    #       `httpChecksum` trait where `requestChecksumRequired` is `true` and/or a
+    #       `requestAlgorithmMember` is modeled.
+    #     * `when_required` - When set, a checksum will only be calculated for
+    #       request payloads of operations modeled with the  `httpChecksum` trait where
+    #       `requestChecksumRequired` is `true` or where a `requestAlgorithmMember`
+    #       is modeled and supplied.
+    #
     #   @option options [Integer] :request_min_compression_size_bytes (10240)
     #     The minimum size in bytes that triggers compression for request
     #     bodies. The value must be non-negative integer value between 0
     #     and 10485780 bytes inclusive.
     #
+    #   @option options [String] :response_checksum_validation ("when_supported")
+    #     Determines when checksum validation will be performed on response payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, checksum validation is performed on all
+    #       response payloads of operations modeled with the `httpChecksum` trait where
+    #       `responseAlgorithms` is modeled, except when no modeled checksum algorithms
+    #       are supported.
+    #     * `when_required` - When set, checksum validation is not performed on
+    #       response payloads of operations unless the checksum algorithm is supported and
+    #       the `requestValidationModeMember` member is set to `ENABLED`.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -449,7 +472,7 @@ module Aws::SSOOIDC
 
     # Creates and returns access and refresh tokens for clients that are
     # authenticated using client secrets. The access token can be used to
-    # fetch short-term credentials for the assigned AWS accounts or to
+    # fetch short-lived credentials for the assigned AWS accounts or to
     # access application APIs using `bearer` authentication.
     #
     # @option params [required, String] :client_id
@@ -461,30 +484,28 @@ module Aws::SSOOIDC
     #   the persisted result of the RegisterClient API.
     #
     # @option params [required, String] :grant_type
-    #   Supports the following OAuth grant types: Device Code and Refresh
-    #   Token. Specify either of the following values, depending on the grant
-    #   type that you want:
+    #   Supports the following OAuth grant types: Authorization Code, Device
+    #   Code, and Refresh Token. Specify one of the following values,
+    #   depending on the grant type that you want:
+    #
+    #   * Authorization Code - `authorization_code`
     #
     #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
     #
     #   * Refresh Token - `refresh_token`
     #
-    #   For information about how to obtain the device code, see the
-    #   StartDeviceAuthorization topic.
-    #
     # @option params [String] :device_code
     #   Used only when calling this API for the Device Code grant type. This
-    #   short-term code is used to identify this authorization request. This
+    #   short-lived code is used to identify this authorization request. This
     #   comes from the result of the StartDeviceAuthorization API.
     #
     # @option params [String] :code
     #   Used only when calling this API for the Authorization Code grant type.
-    #   The short-term code is used to identify this authorization request.
-    #   This grant type is currently unsupported for the CreateToken API.
+    #   The short-lived code is used to identify this authorization request.
     #
     # @option params [String] :refresh_token
     #   Used only when calling this API for the Refresh Token grant type. This
-    #   token is used to refresh short-term tokens, such as the access token,
+    #   token is used to refresh short-lived tokens, such as the access token,
     #   that might expire.
     #
     #   For more information about the features and limitations of the current
@@ -590,7 +611,7 @@ module Aws::SSOOIDC
 
     # Creates and returns access and refresh tokens for clients and
     # applications that are authenticated using IAM entities. The access
-    # token can be used to fetch short-term credentials for the assigned
+    # token can be used to fetch short-lived credentials for the assigned
     # Amazon Web Services accounts or to access application APIs using
     # `bearer` authentication.
     #
@@ -613,14 +634,14 @@ module Aws::SSOOIDC
     #
     # @option params [String] :code
     #   Used only when calling this API for the Authorization Code grant type.
-    #   This short-term code is used to identify this authorization request.
+    #   This short-lived code is used to identify this authorization request.
     #   The code is obtained through a redirect from IAM Identity Center to a
     #   redirect URI persisted in the Authorization Code GrantOptions for the
     #   application.
     #
     # @option params [String] :refresh_token
     #   Used only when calling this API for the Refresh Token grant type. This
-    #   token is used to refresh short-term tokens, such as the access token,
+    #   token is used to refresh short-lived tokens, such as the access token,
     #   that might expire.
     #
     #   For more information about the features and limitations of the current
@@ -823,9 +844,10 @@ module Aws::SSOOIDC
       req.send_request(options)
     end
 
-    # Registers a client with IAM Identity Center. This allows clients to
-    # initiate device authorization. The output should be persisted for
-    # reuse through many authentication requests.
+    # Registers a public client with IAM Identity Center. This allows
+    # clients to perform authorization using the authorization
+    # code grant with Proof Key for Code Exchange (PKCE) or the device
+    # code grant.
     #
     # @option params [required, String] :client_name
     #   The friendly name of the client.
@@ -847,7 +869,14 @@ module Aws::SSOOIDC
     # @option params [Array<String>] :grant_types
     #   The list of OAuth 2.0 grant types that are defined by the client. This
     #   list is used to restrict the token granting flows available to the
-    #   client.
+    #   client. Supports the following OAuth 2.0 grant types: Authorization
+    #   Code, Device Code, and Refresh Token.
+    #
+    #   * Authorization Code - `authorization_code`
+    #
+    #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
+    #
+    #   * Refresh Token - `refresh_token`
     #
     # @option params [String] :issuer_url
     #   The IAM Identity Center Issuer URL associated with an instance of IAM
@@ -1022,7 +1051,7 @@ module Aws::SSOOIDC
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.214.1'
+      context[:gem_version] = '3.218.1'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ssooidc/endpoint_provider.rb

@@ -10,43 +10,39 @@
 module Aws::SSOOIDC
   class EndpointProvider
     def resolve_endpoint(parameters)
-      region = parameters.region
-      use_dual_stack = parameters.use_dual_stack
-      use_fips = parameters.use_fips
-      endpoint = parameters.endpoint
-      if Aws::Endpoints::Matchers.set?(endpoint)
-        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+      if Aws::Endpoints::Matchers.set?(parameters.endpoint)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
           raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
         end
-        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+        if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
           raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
         end
-        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+        return Aws::Endpoints::Endpoint.new(url: parameters.endpoint, headers: {}, properties: {})
       end
-      if Aws::Endpoints::Matchers.set?(region)
-        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+      if Aws::Endpoints::Matchers.set?(parameters.region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region))
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
             if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
               if Aws::Endpoints::Matchers.string_equals?(Aws::Endpoints::Matchers.attr(partition_result, "name"), "aws-us-gov")
-                return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.amazonaws.com", headers: {}, properties: {})
+                return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{parameters.region}.amazonaws.com", headers: {}, properties: {})
               end
-              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://oidc-fips.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
           end
-          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, true)
             if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
-              return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{parameters.region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
-          return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+          return Aws::Endpoints::Endpoint.new(url: "https://oidc.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end
       end
       raise ArgumentError, "Invalid Configuration: Missing Region"

data/lib/aws-sdk-ssooidc/types.rb

@@ -64,34 +64,32 @@ module Aws::SSOOIDC
     #   @return [String]
     #
     # @!attribute [rw] grant_type
-    #   Supports the following OAuth grant types: Device Code and Refresh
-    #   Token. Specify either of the following values, depending on the
-    #   grant type that you want:
+    #   Supports the following OAuth grant types: Authorization Code, Device
+    #   Code, and Refresh Token. Specify one of the following values,
+    #   depending on the grant type that you want:
+    #
+    #   * Authorization Code - `authorization_code`
     #
     #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
     #
     #   * Refresh Token - `refresh_token`
-    #
-    #   For information about how to obtain the device code, see the
-    #   StartDeviceAuthorization topic.
     #   @return [String]
     #
     # @!attribute [rw] device_code
     #   Used only when calling this API for the Device Code grant type. This
-    #   short-term code is used to identify this authorization request. This
-    #   comes from the result of the StartDeviceAuthorization API.
+    #   short-lived code is used to identify this authorization request.
+    #   This comes from the result of the StartDeviceAuthorization API.
     #   @return [String]
     #
     # @!attribute [rw] code
     #   Used only when calling this API for the Authorization Code grant
-    #   type. The short-term code is used to identify this authorization
-    #   request. This grant type is currently unsupported for the
-    #   CreateToken API.
+    #   type. The short-lived code is used to identify this authorization
+    #   request.
     #   @return [String]
     #
     # @!attribute [rw] refresh_token
     #   Used only when calling this API for the Refresh Token grant type.
-    #   This token is used to refresh short-term tokens, such as the access
+    #   This token is used to refresh short-lived tokens, such as the access
     #   token, that might expire.
     #
     #   For more information about the features and limitations of the
@@ -217,7 +215,7 @@ module Aws::SSOOIDC
     #
     # @!attribute [rw] code
     #   Used only when calling this API for the Authorization Code grant
-    #   type. This short-term code is used to identify this authorization
+    #   type. This short-lived code is used to identify this authorization
     #   request. The code is obtained through a redirect from IAM Identity
     #   Center to a redirect URI persisted in the Authorization Code
     #   GrantOptions for the application.
@@ -225,7 +223,7 @@ module Aws::SSOOIDC
     #
     # @!attribute [rw] refresh_token
     #   Used only when calling this API for the Refresh Token grant type.
-    #   This token is used to refresh short-term tokens, such as the access
+    #   This token is used to refresh short-lived tokens, such as the access
     #   token, that might expire.
     #
     #   For more information about the features and limitations of the
@@ -606,7 +604,14 @@ module Aws::SSOOIDC
     # @!attribute [rw] grant_types
     #   The list of OAuth 2.0 grant types that are defined by the client.
     #   This list is used to restrict the token granting flows available to
-    #   the client.
+    #   the client. Supports the following OAuth 2.0 grant types:
+    #   Authorization Code, Device Code, and Refresh Token.
+    #
+    #   * Authorization Code - `authorization_code`
+    #
+    #   * Device Code - `urn:ietf:params:oauth:grant-type:device_code`
+    #
+    #   * Refresh Token - `refresh_token`
     #   @return [Array<String>]
     #
     # @!attribute [rw] issuer_url

data/lib/aws-sdk-ssooidc.rb

@@ -56,7 +56,7 @@ module Aws::SSOOIDC
   autoload :EndpointProvider, 'aws-sdk-ssooidc/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-ssooidc/endpoints'
 
-  GEM_VERSION = '3.214.1'
+  GEM_VERSION = '3.218.1'
 
 end
 

data/lib/aws-sdk-sts/client.rb

@@ -259,11 +259,34 @@ module Aws::STS
     #     Used when loading credentials from the shared credentials file
     #     at HOME/.aws/credentials.  When not specified, 'default' is used.
     #
+    #   @option options [String] :request_checksum_calculation ("when_supported")
+    #     Determines when a checksum will be calculated for request payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, a checksum will be
+    #       calculated for all request payloads of operations modeled with the
+    #       `httpChecksum` trait where `requestChecksumRequired` is `true` and/or a
+    #       `requestAlgorithmMember` is modeled.
+    #     * `when_required` - When set, a checksum will only be calculated for
+    #       request payloads of operations modeled with the  `httpChecksum` trait where
+    #       `requestChecksumRequired` is `true` or where a `requestAlgorithmMember`
+    #       is modeled and supplied.
+    #
     #   @option options [Integer] :request_min_compression_size_bytes (10240)
     #     The minimum size in bytes that triggers compression for request
     #     bodies. The value must be non-negative integer value between 0
     #     and 10485780 bytes inclusive.
     #
+    #   @option options [String] :response_checksum_validation ("when_supported")
+    #     Determines when checksum validation will be performed on response payloads. Values are:
+    #
+    #     * `when_supported` - (default) When set, checksum validation is performed on all
+    #       response payloads of operations modeled with the `httpChecksum` trait where
+    #       `responseAlgorithms` is modeled, except when no modeled checksum algorithms
+    #       are supported.
+    #     * `when_required` - When set, checksum validation is not performed on
+    #       response payloads of operations unless the checksum algorithm is supported and
+    #       the `requestValidationModeMember` member is set to `ENABLED`.
+    #
     #   @option options [Proc] :retry_backoff
     #     A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
     #     This option is only used in the `legacy` retry mode.
@@ -831,7 +854,7 @@ module Aws::STS
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
     #   spaces. You can also include underscores or any of the following
-    #   characters: =,.@-. You cannot use a value that begins with the text
+    #   characters: +=,.@-. You cannot use a value that begins with the text
     #   `aws:`. This prefix is reserved for Amazon Web Services internal use.
     #
     #
@@ -1514,8 +1537,9 @@ module Aws::STS
     #   authenticating the user who is using your application with a web
     #   identity provider before the application makes an
     #   `AssumeRoleWithWebIdentity` call. Timestamps in the token must be
-    #   formatted as either an integer or a long integer. Only tokens with RSA
-    #   algorithms (RS256) are supported.
+    #   formatted as either an integer or a long integer. Tokens must be
+    #   signed using either RSA keys (RS256, RS384, or RS512) or ECDSA keys
+    #   (ES256, ES384, or ES512).
     #
     # @option params [String] :provider_id
     #   The fully qualified host component of the domain name of the OAuth 2.0
@@ -1708,14 +1732,14 @@ module Aws::STS
     end
 
     # Returns a set of short term credentials you can use to perform
-    # privileged tasks in a member account.
+    # privileged tasks on a member account in your organization.
     #
-    # Before you can launch a privileged session, you must have enabled
-    # centralized root access in your organization. For steps to enable this
-    # feature, see [Centralize root access for member accounts][1] in the
-    # *IAM User Guide*.
+    # Before you can launch a privileged session, you must have centralized
+    # root access in your organization. For steps to enable this feature,
+    # see [Centralize root access for member accounts][1] in the *IAM User
+    # Guide*.
     #
-    # <note markdown="1"> The global endpoint is not supported for AssumeRoot. You must send
+    # <note markdown="1"> The STS global endpoint is not supported for AssumeRoot. You must send
     # this request to a Regional STS endpoint. For more information, see
     # [Endpoints][2].
     #
@@ -1737,9 +1761,7 @@ module Aws::STS
     # @option params [required, Types::PolicyDescriptorType] :task_policy_arn
     #   The identity based policy that scopes the session to the privileged
     #   tasks that can be performed. You can use one of following Amazon Web
-    #   Services managed policies to scope root session actions. You can add
-    #   additional customer managed policies to further limit the permissions
-    #   for the root session.
+    #   Services managed policies to scope root session actions.
     #
     #   * [IAMAuditRootUserCredentials][1]
     #
@@ -2573,7 +2595,7 @@ module Aws::STS
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.214.1'
+      context[:gem_version] = '3.218.1'
       Seahorse::Client::Request.new(handlers, context)
     end