aws-sdk-core 3.219.0 → 3.240.0

data/lib/aws-sdk-sts/endpoint_provider.rb

@@ -12,54 +12,54 @@ module Aws::STS
     def resolve_endpoint(parameters)
       if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_global_endpoint, true) && Aws::Endpoints::Matchers.not(Aws::Endpoints::Matchers.set?(parameters.endpoint)) && Aws::Endpoints::Matchers.set?(parameters.region) && (partition_result = Aws::Endpoints::Matchers.aws_partition(parameters.region)) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, false) && Aws::Endpoints::Matchers.boolean_equals?(parameters.use_dual_stack, false)
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-northeast-1")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-south-1")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-southeast-1")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ap-southeast-2")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "aws-global")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "ca-central-1")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-central-1")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-north-1")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-west-1")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-west-2")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "eu-west-3")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "sa-east-1")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-east-1")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-east-2")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-west-1")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
         if Aws::Endpoints::Matchers.string_equals?(parameters.region, "us-west-2")
-          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+          return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
         end
-        return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"#{parameters.region}"}]})
+        return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "#{parameters.region}"}]})
       end
       if Aws::Endpoints::Matchers.set?(parameters.endpoint)
         if Aws::Endpoints::Matchers.boolean_equals?(parameters.use_fips, true)
@@ -94,7 +94,7 @@ module Aws::STS
             raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
           end
           if Aws::Endpoints::Matchers.string_equals?(parameters.region, "aws-global")
-            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes"=>[{"name"=>"sigv4", "signingName"=>"sts", "signingRegion"=>"us-east-1"}]})
+            return Aws::Endpoints::Endpoint.new(url: "https://sts.amazonaws.com", headers: {}, properties: {"authSchemes" => [{"name" => "sigv4", "signingName" => "sts", "signingRegion" => "us-east-1"}]})
           end
           return Aws::Endpoints::Endpoint.new(url: "https://sts.#{parameters.region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
         end

data/lib/aws-sdk-sts/errors.rb

@@ -28,13 +28,22 @@ module Aws::STS
   #
   # ## Error Classes
   # * {ExpiredTokenException}
+  # * {ExpiredTradeInTokenException}
   # * {IDPCommunicationErrorException}
+  #    * This error class is not used. `IDPCommunicationError` is used during parsing instead.
   # * {IDPRejectedClaimException}
+  #    * This error class is not used. `IDPRejectedClaim` is used during parsing instead.
   # * {InvalidAuthorizationMessageException}
   # * {InvalidIdentityTokenException}
+  #    * This error class is not used. `InvalidIdentityToken` is used during parsing instead.
+  # * {JWTPayloadSizeExceededException}
   # * {MalformedPolicyDocumentException}
+  #    * This error class is not used. `MalformedPolicyDocument` is used during parsing instead.
+  # * {OutboundWebIdentityFederationDisabledException}
   # * {PackedPolicyTooLargeException}
+  #    * This error class is not used. `PackedPolicyTooLarge` is used during parsing instead.
   # * {RegionDisabledException}
+  # * {SessionDurationEscalationException}
   #
   # Additionally, error classes are dynamically generated for service errors based on the error code
   # if they are not defined above.
@@ -57,6 +66,23 @@ module Aws::STS
       end
     end
 
+    class ExpiredTradeInTokenException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::STS::Types::ExpiredTradeInTokenException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
+    # @deprecated This error class is not used during parsing.
+    #   Please use `IDPCommunicationError` instead.
     class IDPCommunicationErrorException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -72,6 +98,8 @@ module Aws::STS
       end
     end
 
+    # @deprecated This error class is not used during parsing.
+    #   Please use `IDPRejectedClaim` instead.
     class IDPRejectedClaimException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -102,6 +130,8 @@ module Aws::STS
       end
     end
 
+    # @deprecated This error class is not used during parsing.
+    #   Please use `InvalidIdentityToken` instead.
     class InvalidIdentityTokenException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -117,6 +147,23 @@ module Aws::STS
       end
     end
 
+    class JWTPayloadSizeExceededException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::STS::Types::JWTPayloadSizeExceededException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
+    # @deprecated This error class is not used during parsing.
+    #   Please use `MalformedPolicyDocument` instead.
     class MalformedPolicyDocumentException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -132,6 +179,23 @@ module Aws::STS
       end
     end
 
+    class OutboundWebIdentityFederationDisabledException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::STS::Types::OutboundWebIdentityFederationDisabledException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
+    # @deprecated This error class is not used during parsing.
+    #   Please use `PackedPolicyTooLarge` instead.
     class PackedPolicyTooLargeException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context
@@ -162,5 +226,20 @@ module Aws::STS
       end
     end
 
+    class SessionDurationEscalationException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::STS::Types::SessionDurationEscalationException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
   end
 end

data/lib/aws-sdk-sts/presigner.rb

@@ -53,13 +53,9 @@ module Aws
           use_fips: context.config.use_fips_endpoint,
           use_global_endpoint: context.config.sts_regional_endpoints == 'legacy'
         )
-        endpoint = context.config.endpoint_provider
-                          .resolve_endpoint(endpoint_params)
+        endpoint = context.config.endpoint_provider.resolve_endpoint(endpoint_params)
         auth_scheme = Aws::Endpoints.resolve_auth_scheme(context, endpoint)
-
-        signer = Aws::Plugins::Sign.signer_for(
-          auth_scheme, context.config
-        )
+        signer = Aws::Plugins::Sign.signer_for(auth_scheme, context.config)
 
         signer.presign_url(
           http_method: 'GET',

data/lib/aws-sdk-sts/types.rb

@@ -35,7 +35,7 @@ module Aws::STS
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
     #   spaces. You can also include underscores or any of the following
-    #   characters: =,.@-
+    #   characters: +=,.@-
     #
     #
     #
@@ -240,7 +240,7 @@ module Aws::STS
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
     #   spaces. You can also include underscores or any of the following
-    #   characters: =,.@:/-
+    #   characters: +=,.@:\\/-
     #
     #
     #
@@ -259,7 +259,7 @@ module Aws::STS
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
     #   spaces. You can also include underscores or any of the following
-    #   characters: =,.@-
+    #   characters: +=/:,.@-
     #   @return [String]
     #
     # @!attribute [rw] token_code
@@ -961,8 +961,8 @@ module Aws::STS
     #
     # @!attribute [rw] task_policy_arn
     #   The identity based policy that scopes the session to the privileged
-    #   tasks that can be performed. You can use one of following Amazon Web
-    #   Services managed policies to scope root session actions.
+    #   tasks that can be performed. You must use one of following Amazon
+    #   Web Services managed policies to scope root session actions:
     #
     #   * [IAMAuditRootUserCredentials][1]
     #
@@ -1144,6 +1144,21 @@ module Aws::STS
       include Aws::Structure
     end
 
+    # The trade-in token provided in the request has expired and can no
+    # longer be exchanged for credentials. Request a new token and retry the
+    # operation.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/ExpiredTradeInTokenException AWS API Documentation
+    #
+    class ExpiredTradeInTokenException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Identifiers for the federated user that is associated with the
     # credentials.
     #
@@ -1239,6 +1254,47 @@ module Aws::STS
       include Aws::Structure
     end
 
+    # @!attribute [rw] trade_in_token
+    #   The token to exchange for temporary Amazon Web Services credentials.
+    #   This token must be valid and unexpired at the time of the request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetDelegatedAccessTokenRequest AWS API Documentation
+    #
+    class GetDelegatedAccessTokenRequest < Struct.new(
+      :trade_in_token)
+      SENSITIVE = [:trade_in_token]
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] credentials
+    #   Amazon Web Services credentials for API authentication.
+    #   @return [Types::Credentials]
+    #
+    # @!attribute [rw] packed_policy_size
+    #   The percentage of the maximum policy size that is used by the
+    #   session policy. The policy size is calculated as the sum of all the
+    #   session policies and permission boundaries attached to the session.
+    #   If the packed size exceeds 100%, the request fails.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] assumed_principal
+    #   The Amazon Resource Name (ARN) of the principal that was assumed
+    #   when obtaining the delegated access token. This ARN identifies the
+    #   IAM entity whose permissions are granted by the temporary
+    #   credentials.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetDelegatedAccessTokenResponse AWS API Documentation
+    #
+    class GetDelegatedAccessTokenResponse < Struct.new(
+      :credentials,
+      :packed_policy_size,
+      :assumed_principal)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] name
     #   The name of the federated user. The name is used as an identifier
     #   for the temporary security credentials (such as `Bob`). For example,
@@ -1522,6 +1578,73 @@ module Aws::STS
       include Aws::Structure
     end
 
+    # @!attribute [rw] audience
+    #   The intended recipient of the web identity token. This value
+    #   populates the `aud` claim in the JWT and should identify the service
+    #   or application that will validate and use the token. The external
+    #   service should verify this claim to ensure the token was intended
+    #   for their use.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] duration_seconds
+    #   The duration, in seconds, for which the JSON Web Token (JWT) will
+    #   remain valid. The value can range from 60 seconds (1 minute) to 3600
+    #   seconds (1 hour). If not specified, the default duration is 300
+    #   seconds (5 minutes). The token is designed to be short-lived and
+    #   should be used for proof of identity, then exchanged for credentials
+    #   or short-lived tokens in the external service.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] signing_algorithm
+    #   The cryptographic algorithm to use for signing the JSON Web Token
+    #   (JWT). Valid values are RS256 (RSA with SHA-256) and ES384 (ECDSA
+    #   using P-384 curve with SHA-384).
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   An optional list of tags to include in the JSON Web Token (JWT).
+    #   These tags are added as custom claims to the JWT and can be used by
+    #   the downstream service for authorization decisions.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetWebIdentityTokenRequest AWS API Documentation
+    #
+    class GetWebIdentityTokenRequest < Struct.new(
+      :audience,
+      :duration_seconds,
+      :signing_algorithm,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] web_identity_token
+    #   A signed JSON Web Token (JWT) that represents the caller's Amazon
+    #   Web Services identity. The token contains standard JWT claims such
+    #   as subject, audience, expiration time, and additional identity
+    #   attributes added by STS as custom claims. You can also add your own
+    #   custom claims to the token by passing tags as request parameters to
+    #   the `GetWebIdentityToken` API. The token is signed using the
+    #   specified signing algorithm and can be verified using the
+    #   verification keys available at the issuer's JWKS endpoint.
+    #   @return [String]
+    #
+    # @!attribute [rw] expiration
+    #   The date and time when the web identity token expires, in UTC. The
+    #   expiration is determined by adding the `DurationSeconds` value to
+    #   the time the token was issued. After this time, the token should no
+    #   longer be considered valid.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetWebIdentityTokenResponse AWS API Documentation
+    #
+    class GetWebIdentityTokenResponse < Struct.new(
+      :web_identity_token,
+      :expiration)
+      SENSITIVE = [:web_identity_token]
+      include Aws::Structure
+    end
+
     # The request could not be fulfilled because the identity provider (IDP)
     # that was asked to verify the incoming identity token could not be
     # reached. This is often a transient error caused by network conditions.
@@ -1589,6 +1712,21 @@ module Aws::STS
       include Aws::Structure
     end
 
+    # The requested token payload size exceeds the maximum allowed size.
+    # Reduce the number of request tags included in the
+    # `GetWebIdentityToken` API call to reduce the token payload size.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/JWTPayloadSizeExceededException AWS API Documentation
+    #
+    class JWTPayloadSizeExceededException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The request was rejected because the policy document was malformed.
     # The error message describes the specific error.
     #
@@ -1603,6 +1741,21 @@ module Aws::STS
       include Aws::Structure
     end
 
+    # The outbound web identity federation feature is not enabled for this
+    # account. To use this feature, you must first enable it through the
+    # Amazon Web Services Management Console or API.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/OutboundWebIdentityFederationDisabledException AWS API Documentation
+    #
+    class OutboundWebIdentityFederationDisabledException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The request was rejected because the total packed size of the session
     # policies and session tags combined was too large. An Amazon Web
     # Services conversion compresses the session policy document, session
@@ -1686,7 +1839,7 @@ module Aws::STS
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1699,6 +1852,22 @@ module Aws::STS
       include Aws::Structure
     end
 
+    # The requested token duration would extend the session beyond its
+    # original expiration time. You cannot use this operation to extend the
+    # lifetime of a session beyond what was granted when the session was
+    # originally created.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/SessionDurationEscalationException AWS API Documentation
+    #
+    class SessionDurationEscalationException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # You can pass custom key-value pair attributes when you assume a role
     # or federate a user. These are called session tags. You can then use
     # the session tags to control access to resources. For more information,

data/lib/aws-sdk-sts.rb

@@ -56,7 +56,7 @@ module Aws::STS
   autoload :EndpointProvider, 'aws-sdk-sts/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-sts/endpoints'
 
-  GEM_VERSION = '3.219.0'
+  GEM_VERSION = '3.240.0'
 
 end
 

data/lib/seahorse/client/async_base.rb

@@ -3,7 +3,6 @@
 module Seahorse
   module Client
     class AsyncBase < Seahorse::Client::Base
-
       # default H2 plugins
       # @api private
       @plugins = PluginList.new([
@@ -11,10 +10,10 @@ module Seahorse
         Plugins::H2,
         Plugins::ResponseTarget
       ])
+
       def initialize(plugins, options)
-        super
-        @connection = H2::Connection.new(options)
-        @options = options
+        super(plugins, options)
+        @connection = H2::Connection.new(@config)
       end
 
       # @return [H2::Connection]
@@ -36,7 +35,7 @@ module Seahorse
       # @return [Seahorse::Client::H2::Connection]
       def new_connection
         if @connection.closed?
-          @connection = H2::Connection.new(@options)
+          @connection = H2::Connection.new(@config)
         else
           @connection
         end

data/lib/seahorse/client/base.rb

@@ -176,8 +176,6 @@ module Seahorse
         # @return [Model::Api]
         def set_api(api)
           @api = api
-          define_operation_methods
-          @api
         end
 
         # @option options [Model::Api, Hash] :api ({})
@@ -196,18 +194,6 @@ module Seahorse
 
         private
 
-        def define_operation_methods
-          operations_module = Module.new
-          @api.operation_names.each do |method_name|
-            operations_module.send(:define_method, method_name) do |*args, &block|
-              params = args[0] || {}
-              options = args[1] || {}
-              build_request(method_name, params).send_request(options, &block)
-            end
-          end
-          include(operations_module)
-        end
-
         def build_plugins(plugins)
           plugins.map { |plugin| plugin.is_a?(Class) ? plugin.new : plugin }
         end