aws-sdk-core 3.226.3 → 3.229.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bcc66e64079950ab715bf739b9731f997c9d5c933dc6bf1a5a14c30afdf8e640
-  data.tar.gz: 239c2f96e5984261f5a020a2c219a24f80ccfbeba99ac9f71374d06924728d9f
+  metadata.gz: bc59968a13d46354d79845e8249b17859fa38bdb7fbb8c34d7b65d88a4ba944e
+  data.tar.gz: 8e320632b66e1cc387e614bcdbb21bcfd4fce75e76829b01cd625be5db34b6f0
 SHA512:
-  metadata.gz: dac55de1f81dd26a15940cda1d4c7769aa7d3de2a5a02201c5c965caecd9ddf42fe9158ef16be0b1ec6c1d36ada3fface779f524e769b4ba3153e024eb272ccf
-  data.tar.gz: f157a62c531b7c3a6ae39f8ef4826161ef5641790d519658e9098571c5bee32f54fc149ae744a799a2e2550ffeb9269a0b23aed0b037368619337ae7e29e2063
+  metadata.gz: ad44f4003065f24cdf6900730ef1c19c665041ab130fd9ffde41f69571b1dd87ac18073ced4d7d94884707b79067ba6f8ff3d9f8bfe3e576ca70ec1cf014f14e
+  data.tar.gz: de124ed509b1f008238d79221f2ddd71685a2dfc9eb039daaffa7c2202b01581b14c1d234a2c2f292131b51b5155f2504eeee858b31e814e97ec88d467cdbbd0

data/CHANGELOG.md

@@ -1,6 +1,33 @@
 Unreleased Changes
 ------------------
 
+3.229.0 (2025-08-04)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+3.228.0 (2025-07-31)
+------------------
+
+* Feature - Add `bigdecimal` as a dependency. For systems that are not able to build native extension gems, prefer the locally installed `bigdecimal` with `bundle install --prefer-local`.
+
+3.227.0 (2025-07-21)
+------------------
+
+* Feature - Updated Aws::STS::Client with the latest API changes.
+
+* Feature - Updated Aws::SSOOIDC::Client with the latest API changes.
+
+* Feature - Updated Aws::SSO::Client with the latest API changes.
+
+* Feature - Support an auth scheme signing preference list using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or `auth_scheme_preference` in shared configuration.
+
+* Feature - Support metric tracking for Bedrock Bearer tokens.
+
 3.226.3 (2025-07-17)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-3.226.3
+3.229.0

data/lib/aws-sdk-core/endpoints.rb

@@ -19,19 +19,28 @@ require 'aws-sigv4'
 module Aws
   # @api private
   module Endpoints
-    SUPPORTED_AUTH_TRAITS = %w[
-      aws.auth#sigv4
-      aws.auth#sigv4a
-      smithy.api#httpBearerAuth
-      smithy.api#noAuth
-    ].freeze
+    # Maps config auth scheme preferences to endpoint auth scheme names.
+    ENDPOINT_AUTH_PREFERENCE_MAP = {
+      'sigv4' => %w[sigv4 sigv4-s3express],
+      'sigv4a' => ['sigv4a'],
+      'httpBearerAuth' => ['bearer'],
+      'noAuth' => ['none']
+    }.freeze
+    SUPPORTED_ENDPOINT_AUTH = ENDPOINT_AUTH_PREFERENCE_MAP.values.flatten.freeze
+
+    # Maps configured auth scheme preferences to modeled auth traits.
+    MODELED_AUTH_PREFERENCE_MAP = {
+      'sigv4' => 'aws.auth#sigv4',
+      'sigv4a' => 'aws.auth#sigv4a',
+      'httpBearerAuth' => 'smithy.api#httpBearerAuth',
+      'noAuth' => 'smithy.api#noAuth'
+    }.freeze
+    SUPPORTED_MODELED_AUTH = MODELED_AUTH_PREFERENCE_MAP.values.freeze
 
     class << self
       def resolve_auth_scheme(context, endpoint)
         if endpoint && (auth_schemes = endpoint.properties['authSchemes'])
-          auth_scheme = auth_schemes.find do |scheme|
-            Aws::Plugins::Sign::SUPPORTED_AUTH_TYPES.include?(scheme['name'])
-          end
+          auth_scheme = endpoint_auth_scheme_preference(auth_schemes, context.config.auth_scheme_preference)
           raise 'No supported auth scheme for this endpoint.' unless auth_scheme
 
           merge_signing_defaults(auth_scheme, context.config)
@@ -42,6 +51,16 @@ module Aws
 
       private
 
+      def endpoint_auth_scheme_preference(auth_schemes, preferred_auth)
+        ordered_auth = preferred_auth.each_with_object([]) do |pref, list|
+          next unless ENDPOINT_AUTH_PREFERENCE_MAP.key?(pref)
+
+          ENDPOINT_AUTH_PREFERENCE_MAP[pref].each { |name| list << { 'name' => name } }
+        end
+        ordered_auth += auth_schemes
+        ordered_auth.find { |auth| SUPPORTED_ENDPOINT_AUTH.include?(auth['name']) }
+      end
+
       def merge_signing_defaults(auth_scheme, config)
         if %w[sigv4 sigv4a sigv4-s3express].include?(auth_scheme['name'])
           auth_scheme['signingName'] ||= sigv4_name(config)
@@ -64,13 +83,12 @@ module Aws
       end
 
       def sigv4_name(config)
-        config.api.metadata['signingName'] ||
-          config.api.metadata['endpointPrefix']
+        config.api.metadata['signingName'] || config.api.metadata['endpointPrefix']
       end
 
       def default_auth_scheme(context)
-        if (auth_list = default_api_auth(context))
-          auth = auth_list.find { |a| SUPPORTED_AUTH_TRAITS.include?(a) }
+        if (modeled_auth = default_api_auth(context))
+          auth = modeled_auth_scheme_preference(modeled_auth, context.config.auth_scheme_preference)
           case auth
           when 'aws.auth#sigv4', 'aws.auth#sigv4a'
             auth_scheme = { 'name' => auth.split('#').last }
@@ -93,6 +111,12 @@ module Aws
         end
       end
 
+      def modeled_auth_scheme_preference(modeled_auth, preferred_auth)
+        ordered_auth = preferred_auth.map { |pref| MODELED_AUTH_PREFERENCE_MAP[pref] }.compact
+        ordered_auth += modeled_auth
+        ordered_auth.find { |auth| SUPPORTED_MODELED_AUTH.include?(auth) }
+      end
+
       def default_api_auth(context)
         context.config.api.operation(context.operation_name)['auth'] ||
           context.config.api.metadata['auth']

data/lib/aws-sdk-core/plugins/credentials_configuration.rb

@@ -14,64 +14,68 @@ module Aws
 
       option(:account_id, doc_type: String, docstring: '')
 
-      option(:profile,
+      option(
+        :profile,
         doc_default: 'default',
         doc_type: String,
-        docstring: <<-DOCS)
-Used when loading credentials from the shared credentials file
-at HOME/.aws/credentials.  When not specified, 'default' is used.
+        docstring: <<~DOCS)
+          Used when loading credentials from the shared credentials file at `HOME/.aws/credentials`.
+          When not specified, 'default' is used.
         DOCS
 
-      option(:credentials,
+      option(
+        :credentials,
         required: true,
         doc_type: 'Aws::CredentialProvider',
         rbs_type: 'untyped',
-        docstring: <<-DOCS
-Your AWS credentials. This can be an instance of any one of the
-following classes:
+        docstring: <<~DOCS
+          Your AWS credentials used for authentication. This can be any class that includes and implements
+          `Aws::CredentialProvider`, or instance of any one of the following classes:
 
-* `Aws::Credentials` - Used for configuring static, non-refreshing
-  credentials.
+          * `Aws::Credentials` - Used for configuring static, non-refreshing
+            credentials.
 
-* `Aws::SharedCredentials` - Used for loading static credentials from a
-  shared file, such as `~/.aws/config`.
+          * `Aws::SharedCredentials` - Used for loading static credentials from a
+            shared file, such as `~/.aws/config`.
 
-* `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+          * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
 
-* `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
-  assume a role after providing credentials via the web.
+          * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
+            assume a role after providing credentials via the web.
 
-* `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
-  access token generated from `aws login`.
+          * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
+            access token generated from `aws login`.
 
-* `Aws::ProcessCredentials` - Used for loading credentials from a
-  process that outputs to stdout.
+          * `Aws::ProcessCredentials` - Used for loading credentials from a
+            process that outputs to stdout.
 
-* `Aws::InstanceProfileCredentials` - Used for loading credentials
-  from an EC2 IMDS on an EC2 instance.
+          * `Aws::InstanceProfileCredentials` - Used for loading credentials
+            from an EC2 IMDS on an EC2 instance.
 
-* `Aws::ECSCredentials` - Used for loading credentials from
-  instances running in ECS.
+          * `Aws::ECSCredentials` - Used for loading credentials from
+            instances running in ECS.
 
-* `Aws::CognitoIdentityCredentials` - Used for loading credentials
-  from the Cognito Identity service.
+          * `Aws::CognitoIdentityCredentials` - Used for loading credentials
+            from the Cognito Identity service.
 
-When `:credentials` are not configured directly, the following
-locations will be searched for credentials:
+          When `:credentials` are not configured directly, the following locations will be searched for credentials:
 
-* `Aws.config[:credentials]`
-* The `:access_key_id`, `:secret_access_key`, `:session_token`, and
-  `:account_id` options.
-* ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
-  ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
-* `~/.aws/credentials`
-* `~/.aws/config`
-* EC2/ECS IMDS instance profile - When used by default, the timeouts
-  are very aggressive. Construct and pass an instance of
-  `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
-  enable retries and extended timeouts. Instance profile credential
-  fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
-  to true.
+          * `Aws.config[:credentials]`
+
+          * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
+            `:account_id` options.
+
+          * `ENV['AWS_ACCESS_KEY_ID']`, `ENV['AWS_SECRET_ACCESS_KEY']`,
+            `ENV['AWS_SESSION_TOKEN']`, and `ENV['AWS_ACCOUNT_ID']`.
+
+          * `~/.aws/credentials`
+
+          * `~/.aws/config`
+
+          * EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive.
+            Construct and pass an instance of `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
+            enable retries and extended timeouts. Instance profile credential fetching can be disabled by
+            setting `ENV['AWS_EC2_METADATA_DISABLED']` to `true`.
         DOCS
       ) do |config|
         CredentialProviderChain.new(config).resolve
@@ -81,31 +85,43 @@ locations will be searched for credentials:
 
       option(:instance_profile_credentials_timeout, 1)
 
-      option(:token_provider,
-             required: false,
-             doc_type: 'Aws::TokenProvider',
-             rbs_type: 'untyped',
-             docstring: <<-DOCS
-A Bearer Token Provider. This can be an instance of any one of the
-following classes:
+      option(
+        :token_provider,
+        doc_type: 'Aws::TokenProvider',
+        rbs_type: 'untyped',
+        docstring: <<~DOCS
+          Your Bearer token used for authentication. This can be any class that includes and implements
+          `Aws::TokenProvider`, or instance of any one of the following classes:
 
-* `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
-  tokens.
+          * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
+            tokens.
 
-* `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
-  access token generated from `aws login`.
+          * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
+            access token generated from `aws login`.
 
-When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
-will be used to search for tokens configured for your profile in shared configuration files.
-      DOCS
+          When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
+          will be used to search for tokens configured for your profile in shared configuration files.
+        DOCS
       ) do |config|
-        if config.stub_responses
-          StaticTokenProvider.new('token')
-        else
-          TokenProviderChain.new(config).resolve
-        end
+        TokenProviderChain.new(config).resolve
       end
 
+      option(
+        :auth_scheme_preference,
+        doc_type: 'Array<String>',
+        rbs_type: 'Array[String]',
+        docstring: <<~DOCS
+          A list of preferred authentication schemes to use when making a request. Supported values are:
+          `sigv4`, `sigv4a`, `httpBearerAuth`, and `noAuth`. When set using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or in
+          shared config as `auth_scheme_preference`, the value should be a comma-separated list.
+        DOCS
+      ) do |config|
+        value =
+          ENV['AWS_AUTH_SCHEME_PREFERENCE'] ||
+          Aws.shared_config.auth_scheme_preference(profile: config.profile) ||
+          ''
+        value.gsub(' ', '').gsub("\t", '').split(',')
+      end
     end
   end
 end

data/lib/aws-sdk-core/plugins/sign.rb

@@ -13,9 +13,6 @@ module Aws
       option(:sigv4_region)
       option(:unsigned_operations, default: [])
 
-      supported_auth_types = %w[sigv4 bearer sigv4-s3express sigv4a none]
-      SUPPORTED_AUTH_TYPES = supported_auth_types.freeze
-
       def add_handlers(handlers, cfg)
         operations = cfg.api.operation_names - cfg.unsigned_operations
         handlers.add(Handler, step: :sign, operations: operations)
@@ -32,7 +29,7 @@ module Aws
           }
           SignatureV4.new(auth_scheme, config, sigv4_overrides)
         when 'bearer'
-          Bearer.new
+          Bearer.new(config)
         else
           NullSigner.new
         end
@@ -41,7 +38,6 @@ module Aws
       class Handler < Seahorse::Client::Handler
         def call(context)
           # Skip signing if using sigv2 signing from s3_signer in S3
-          credentials = nil
           unless v2_signing?(context.config)
             signer = Sign.signer_for(
               context[:auth_scheme],
@@ -49,18 +45,22 @@ module Aws
               context[:sigv4_region],
               context[:sigv4_credentials]
             )
-            credentials = signer.credentials if signer.is_a?(SignatureV4)
             signer.sign(context)
           end
-          with_metrics(credentials) { @handler.call(context) }
+          with_metrics(signer) { @handler.call(context) }
         end
 
         private
 
-        def with_metrics(credentials, &block)
-          return block.call unless credentials&.respond_to?(:metrics)
-
-          Aws::Plugins::UserAgent.metric(*credentials.metrics, &block)
+        def with_metrics(signer, &block)
+          case signer
+          when SignatureV4
+            Aws::Plugins::UserAgent.metric(*signer.credentials.metrics, &block)
+          when Bearer
+            Aws::Plugins::UserAgent.metric(*signer.token_provider.metrics, &block)
+          else
+            block.call
+          end
         end
 
         def v2_signing?(config)
@@ -72,21 +72,19 @@ module Aws
 
       # @api private
       class Bearer
-        def initialize
+        def initialize(config)
+          @token_provider = config.token_provider
         end
 
+        attr_reader :token_provider
+
         def sign(context)
           if context.http_request.endpoint.scheme != 'https'
-            raise ArgumentError,
-                  'Unable to use bearer authorization on non https endpoint.'
+            raise ArgumentError, 'Unable to use bearer authorization on non https endpoint.'
           end
+          raise Errors::MissingBearerTokenError unless @token_provider && @token_provider.set?
 
-          token_provider = context.config.token_provider
-
-          raise Errors::MissingBearerTokenError unless token_provider&.set?
-
-          context.http_request.headers['Authorization'] =
-            "Bearer #{token_provider.token.token}"
+          context.http_request.headers['Authorization'] = "Bearer #{@token_provider.token.token}"
         end
 
         def presign_url(*args)
@@ -100,16 +98,11 @@ module Aws
 
       # @api private
       class SignatureV4
-        attr_reader :signer
-
         def initialize(auth_scheme, config, sigv4_overrides = {})
           scheme_name = auth_scheme['name']
-
           unless %w[sigv4 sigv4a sigv4-s3express].include?(scheme_name)
-            raise ArgumentError,
-                  "Expected sigv4, sigv4a, or sigv4-s3express auth scheme, got #{scheme_name}"
+            raise ArgumentError, "Expected sigv4, sigv4a, or sigv4-s3express auth scheme, got #{scheme_name}"
           end
-
           region = if scheme_name == 'sigv4a'
                      auth_scheme['signingRegionSet'].join(',')
                    else
@@ -121,8 +114,8 @@ module Aws
               region: sigv4_overrides[:region] || config.sigv4_region || region,
               credentials_provider: sigv4_overrides[:credentials] || config.credentials,
               signing_algorithm: scheme_name.to_sym,
-              uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
-              normalize_path: !!!auth_scheme['disableNormalizePath'],
+              uri_escape_path: !auth_scheme['disableDoubleEncoding'],
+              normalize_path: !auth_scheme['disableNormalizePath'],
               unsigned_headers: %w[content-length user-agent x-amzn-trace-id expect transfer-encoding connection]
             )
           rescue Aws::Sigv4::Errors::MissingCredentialsError
@@ -130,6 +123,8 @@ module Aws
           end
         end
 
+        attr_reader :signer
+
         def sign(context)
           req = context.http_request
 

data/lib/aws-sdk-core/plugins/stub_responses.rb

@@ -29,6 +29,12 @@ requests are made, and retries are disabled.
         end
       end
 
+      option(:token_provider) do |config|
+        if config.stub_responses
+          StaticTokenProvider.new('stubbed-token')
+        end
+      end
+
       option(:stubs) { {} }
       option(:stubs_mutex) { Mutex.new }
       option(:api_requests) { [] }

data/lib/aws-sdk-core/plugins/user_agent.rb

@@ -54,7 +54,8 @@ module Aws
           "CREDENTIALS_HTTP" : "z",
           "CREDENTIALS_IMDS" : "0",
           "SSO_LOGIN_DEVICE" : "1",
-          "SSO_LOGIN_AUTH" : "2"
+          "SSO_LOGIN_AUTH" : "2",
+          "BEARER_SERVICE_ENV_VARS": "3"
         }
       METRICS
 

data/lib/aws-sdk-core/shared_config.rb

@@ -203,6 +203,7 @@ module Aws
     config_reader(
       :region,
       :account_id_endpoint_mode,
+      :auth_scheme_preference,
       :sigv4a_signing_region_set,
       :ca_bundle,
       :credential_process,

data/lib/aws-sdk-core/static_token_provider.rb

@@ -2,12 +2,11 @@
 
 module Aws
   class StaticTokenProvider
-
     include TokenProvider
 
     # @param [String] token
     # @param [Time] expiration
-    def initialize(token, expiration=nil)
+    def initialize(token, expiration = nil)
       @token = Token.new(token, expiration)
     end
   end

data/lib/aws-sdk-core/token.rb

@@ -3,9 +3,9 @@
 module Aws
   class Token
 
-    # @param [String] token
-    # @param [Time] expiration
-    def initialize(token, expiration=nil)
+    # @param [String, nil] token
+    # @param [Time, nil] expiration
+    def initialize(token, expiration = nil)
       @token = token
       @expiration = expiration
     end

data/lib/aws-sdk-core/token_provider.rb

@@ -6,6 +6,10 @@ module Aws
     # @return [Token]
     attr_reader :token
 
+    # @api private
+    # Returns UserAgent metrics for tokens.
+    attr_accessor :metrics
+
     # @return [Boolean]
     def set?
       !!token && token.set?

data/lib/aws-sdk-core/token_provider_chain.rb

@@ -27,17 +27,13 @@ module Aws
 
     def static_profile_sso_token(options)
       if Aws.shared_config.config_enabled? && options[:config] && options[:config].profile
-        Aws.shared_config.sso_token_from_config(
-          profile: options[:config].profile
-        )
+        Aws.shared_config.sso_token_from_config(profile: options[:config].profile)
       end
     end
 
-
     def sso_token(options)
-      profile_name = determine_profile_name(options)
       if Aws.shared_config.config_enabled?
-        Aws.shared_config.sso_token_from_config(profile: profile_name)
+        Aws.shared_config.sso_token_from_config(profile: determine_profile_name(options))
       end
     rescue Errors::NoSuchProfileError
       nil

data/lib/aws-sdk-sso/client.rb

@@ -95,8 +95,8 @@ module Aws::SSO
     #     class name or an instance of a plugin class.
     #
     #   @option options [required, Aws::CredentialProvider] :credentials
-    #     Your AWS credentials. This can be an instance of any one of the
-    #     following classes:
+    #     Your AWS credentials used for authentication. This can be any class that includes and implements
+    #     `Aws::CredentialProvider`, or instance of any one of the following classes:
     #
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
@@ -124,22 +124,24 @@ module Aws::SSO
     #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
     #       from the Cognito Identity service.
     #
-    #     When `:credentials` are not configured directly, the following
-    #     locations will be searched for credentials:
+    #     When `:credentials` are not configured directly, the following locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
+    #
     #     * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
     #       `:account_id` options.
-    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
-    #       ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
+    #
+    #     * `ENV['AWS_ACCESS_KEY_ID']`, `ENV['AWS_SECRET_ACCESS_KEY']`,
+    #       `ENV['AWS_SESSION_TOKEN']`, and `ENV['AWS_ACCOUNT_ID']`.
+    #
     #     * `~/.aws/credentials`
+    #
     #     * `~/.aws/config`
-    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
-    #       are very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts. Instance profile credential
-    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
-    #       to true.
+    #
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive.
+    #       Construct and pass an instance of `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts. Instance profile credential fetching can be disabled by
+    #       setting `ENV['AWS_EC2_METADATA_DISABLED']` to `true`.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -167,6 +169,11 @@ module Aws::SSO
     #     When false, the request will raise a `RetryCapacityNotAvailableError` and will
     #     not retry instead of sleeping.
     #
+    #   @option options [Array<String>] :auth_scheme_preference
+    #     A list of preferred authentication schemes to use when making a request. Supported values are:
+    #     `sigv4`, `sigv4a`, `httpBearerAuth`, and `noAuth`. When set using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or in
+    #     shared config as `auth_scheme_preference`, the value should be a comma-separated list.
+    #
     #   @option options [Boolean] :client_side_monitoring (false)
     #     When `true`, client-side metrics will be collected for all API requests from
     #     this client.
@@ -253,8 +260,8 @@ module Aws::SSO
     #     4 times. Used in `standard` and `adaptive` retry modes.
     #
     #   @option options [String] :profile ("default")
-    #     Used when loading credentials from the shared credentials file
-    #     at HOME/.aws/credentials.  When not specified, 'default' is used.
+    #     Used when loading credentials from the shared credentials file at `HOME/.aws/credentials`.
+    #     When not specified, 'default' is used.
     #
     #   @option options [String] :request_checksum_calculation ("when_supported")
     #     Determines when a checksum will be calculated for request payloads. Values are:
@@ -367,8 +374,8 @@ module Aws::SSO
     #     `Aws::Telemetry::OTelProvider` for telemetry provider.
     #
     #   @option options [Aws::TokenProvider] :token_provider
-    #     A Bearer Token Provider. This can be an instance of any one of the
-    #     following classes:
+    #     Your Bearer token used for authentication. This can be any class that includes and implements
+    #     `Aws::TokenProvider`, or instance of any one of the following classes:
     #
     #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
     #       tokens.
@@ -691,7 +698,7 @@ module Aws::SSO
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.226.3'
+      context[:gem_version] = '3.229.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sso.rb

@@ -56,7 +56,7 @@ module Aws::SSO
   autoload :EndpointProvider, 'aws-sdk-sso/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-sso/endpoints'
 
-  GEM_VERSION = '3.226.3'
+  GEM_VERSION = '3.229.0'
 
 end
 

data/lib/aws-sdk-ssooidc/client.rb

@@ -95,8 +95,8 @@ module Aws::SSOOIDC
     #     class name or an instance of a plugin class.
     #
     #   @option options [required, Aws::CredentialProvider] :credentials
-    #     Your AWS credentials. This can be an instance of any one of the
-    #     following classes:
+    #     Your AWS credentials used for authentication. This can be any class that includes and implements
+    #     `Aws::CredentialProvider`, or instance of any one of the following classes:
     #
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
@@ -124,22 +124,24 @@ module Aws::SSOOIDC
     #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
     #       from the Cognito Identity service.
     #
-    #     When `:credentials` are not configured directly, the following
-    #     locations will be searched for credentials:
+    #     When `:credentials` are not configured directly, the following locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
+    #
     #     * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
     #       `:account_id` options.
-    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
-    #       ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
+    #
+    #     * `ENV['AWS_ACCESS_KEY_ID']`, `ENV['AWS_SECRET_ACCESS_KEY']`,
+    #       `ENV['AWS_SESSION_TOKEN']`, and `ENV['AWS_ACCOUNT_ID']`.
+    #
     #     * `~/.aws/credentials`
+    #
     #     * `~/.aws/config`
-    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
-    #       are very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts. Instance profile credential
-    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
-    #       to true.
+    #
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive.
+    #       Construct and pass an instance of `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts. Instance profile credential fetching can be disabled by
+    #       setting `ENV['AWS_EC2_METADATA_DISABLED']` to `true`.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -167,6 +169,11 @@ module Aws::SSOOIDC
     #     When false, the request will raise a `RetryCapacityNotAvailableError` and will
     #     not retry instead of sleeping.
     #
+    #   @option options [Array<String>] :auth_scheme_preference
+    #     A list of preferred authentication schemes to use when making a request. Supported values are:
+    #     `sigv4`, `sigv4a`, `httpBearerAuth`, and `noAuth`. When set using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or in
+    #     shared config as `auth_scheme_preference`, the value should be a comma-separated list.
+    #
     #   @option options [Boolean] :client_side_monitoring (false)
     #     When `true`, client-side metrics will be collected for all API requests from
     #     this client.
@@ -253,8 +260,8 @@ module Aws::SSOOIDC
     #     4 times. Used in `standard` and `adaptive` retry modes.
     #
     #   @option options [String] :profile ("default")
-    #     Used when loading credentials from the shared credentials file
-    #     at HOME/.aws/credentials.  When not specified, 'default' is used.
+    #     Used when loading credentials from the shared credentials file at `HOME/.aws/credentials`.
+    #     When not specified, 'default' is used.
     #
     #   @option options [String] :request_checksum_calculation ("when_supported")
     #     Determines when a checksum will be calculated for request payloads. Values are:
@@ -367,8 +374,8 @@ module Aws::SSOOIDC
     #     `Aws::Telemetry::OTelProvider` for telemetry provider.
     #
     #   @option options [Aws::TokenProvider] :token_provider
-    #     A Bearer Token Provider. This can be an instance of any one of the
-    #     following classes:
+    #     Your Bearer token used for authentication. This can be any class that includes and implements
+    #     `Aws::TokenProvider`, or instance of any one of the following classes:
     #
     #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
     #       tokens.
@@ -1061,7 +1068,7 @@ module Aws::SSOOIDC
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.226.3'
+      context[:gem_version] = '3.229.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ssooidc.rb

@@ -56,7 +56,7 @@ module Aws::SSOOIDC
   autoload :EndpointProvider, 'aws-sdk-ssooidc/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-ssooidc/endpoints'
 
-  GEM_VERSION = '3.226.3'
+  GEM_VERSION = '3.229.0'
 
 end
 

data/lib/aws-sdk-sts/client.rb

@@ -97,8 +97,8 @@ module Aws::STS
     #     class name or an instance of a plugin class.
     #
     #   @option options [required, Aws::CredentialProvider] :credentials
-    #     Your AWS credentials. This can be an instance of any one of the
-    #     following classes:
+    #     Your AWS credentials used for authentication. This can be any class that includes and implements
+    #     `Aws::CredentialProvider`, or instance of any one of the following classes:
     #
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
@@ -126,22 +126,24 @@ module Aws::STS
     #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
     #       from the Cognito Identity service.
     #
-    #     When `:credentials` are not configured directly, the following
-    #     locations will be searched for credentials:
+    #     When `:credentials` are not configured directly, the following locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
+    #
     #     * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
     #       `:account_id` options.
-    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
-    #       ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
+    #
+    #     * `ENV['AWS_ACCESS_KEY_ID']`, `ENV['AWS_SECRET_ACCESS_KEY']`,
+    #       `ENV['AWS_SESSION_TOKEN']`, and `ENV['AWS_ACCOUNT_ID']`.
+    #
     #     * `~/.aws/credentials`
+    #
     #     * `~/.aws/config`
-    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
-    #       are very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts. Instance profile credential
-    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
-    #       to true.
+    #
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive.
+    #       Construct and pass an instance of `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts. Instance profile credential fetching can be disabled by
+    #       setting `ENV['AWS_EC2_METADATA_DISABLED']` to `true`.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -169,6 +171,11 @@ module Aws::STS
     #     When false, the request will raise a `RetryCapacityNotAvailableError` and will
     #     not retry instead of sleeping.
     #
+    #   @option options [Array<String>] :auth_scheme_preference
+    #     A list of preferred authentication schemes to use when making a request. Supported values are:
+    #     `sigv4`, `sigv4a`, `httpBearerAuth`, and `noAuth`. When set using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or in
+    #     shared config as `auth_scheme_preference`, the value should be a comma-separated list.
+    #
     #   @option options [Boolean] :client_side_monitoring (false)
     #     When `true`, client-side metrics will be collected for all API requests from
     #     this client.
@@ -255,8 +262,8 @@ module Aws::STS
     #     4 times. Used in `standard` and `adaptive` retry modes.
     #
     #   @option options [String] :profile ("default")
-    #     Used when loading credentials from the shared credentials file
-    #     at HOME/.aws/credentials.  When not specified, 'default' is used.
+    #     Used when loading credentials from the shared credentials file at `HOME/.aws/credentials`.
+    #     When not specified, 'default' is used.
     #
     #   @option options [String] :request_checksum_calculation ("when_supported")
     #     Determines when a checksum will be calculated for request payloads. Values are:
@@ -374,8 +381,8 @@ module Aws::STS
     #     `Aws::Telemetry::OTelProvider` for telemetry provider.
     #
     #   @option options [Aws::TokenProvider] :token_provider
-    #     A Bearer Token Provider. This can be an instance of any one of the
-    #     following classes:
+    #     Your Bearer token used for authentication. This can be any class that includes and implements
+    #     `Aws::TokenProvider`, or instance of any one of the following classes:
     #
     #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
     #       tokens.
@@ -2594,7 +2601,7 @@ module Aws::STS
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.226.3'
+      context[:gem_version] = '3.229.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts/presigner.rb

@@ -53,13 +53,9 @@ module Aws
           use_fips: context.config.use_fips_endpoint,
           use_global_endpoint: context.config.sts_regional_endpoints == 'legacy'
         )
-        endpoint = context.config.endpoint_provider
-                          .resolve_endpoint(endpoint_params)
+        endpoint = context.config.endpoint_provider.resolve_endpoint(endpoint_params)
         auth_scheme = Aws::Endpoints.resolve_auth_scheme(context, endpoint)
-
-        signer = Aws::Plugins::Sign.signer_for(
-          auth_scheme, context.config
-        )
+        signer = Aws::Plugins::Sign.signer_for(auth_scheme, context.config)
 
         signer.presign_url(
           http_method: 'GET',

data/lib/aws-sdk-sts.rb

@@ -56,7 +56,7 @@ module Aws::STS
   autoload :EndpointProvider, 'aws-sdk-sts/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-sts/endpoints'
 
-  GEM_VERSION = '3.226.3'
+  GEM_VERSION = '3.229.0'
 
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.226.3
+  version: 3.229.0
 platform: ruby
 authors:
 - Amazon Web Services
@@ -77,6 +77,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: bigdecimal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: jmespath
   requirement: !ruby/object:Gem::Requirement