aws-sdk-core 3.236.0 → 3.239.2

data/lib/aws-sdk-sts/client_api.rb

@@ -28,22 +28,29 @@ module Aws::STS
     DecodeAuthorizationMessageRequest = Shapes::StructureShape.new(name: 'DecodeAuthorizationMessageRequest')
     DecodeAuthorizationMessageResponse = Shapes::StructureShape.new(name: 'DecodeAuthorizationMessageResponse')
     ExpiredTokenException = Shapes::StructureShape.new(name: 'ExpiredTokenException', error: {"code" => "ExpiredTokenException", "httpStatusCode" => 400, "senderFault" => true})
+    ExpiredTradeInTokenException = Shapes::StructureShape.new(name: 'ExpiredTradeInTokenException', error: {"code" => "ExpiredTradeInTokenException", "httpStatusCode" => 400, "senderFault" => true})
     FederatedUser = Shapes::StructureShape.new(name: 'FederatedUser')
     GetAccessKeyInfoRequest = Shapes::StructureShape.new(name: 'GetAccessKeyInfoRequest')
     GetAccessKeyInfoResponse = Shapes::StructureShape.new(name: 'GetAccessKeyInfoResponse')
     GetCallerIdentityRequest = Shapes::StructureShape.new(name: 'GetCallerIdentityRequest')
     GetCallerIdentityResponse = Shapes::StructureShape.new(name: 'GetCallerIdentityResponse')
+    GetDelegatedAccessTokenRequest = Shapes::StructureShape.new(name: 'GetDelegatedAccessTokenRequest')
+    GetDelegatedAccessTokenResponse = Shapes::StructureShape.new(name: 'GetDelegatedAccessTokenResponse')
     GetFederationTokenRequest = Shapes::StructureShape.new(name: 'GetFederationTokenRequest')
     GetFederationTokenResponse = Shapes::StructureShape.new(name: 'GetFederationTokenResponse')
     GetSessionTokenRequest = Shapes::StructureShape.new(name: 'GetSessionTokenRequest')
     GetSessionTokenResponse = Shapes::StructureShape.new(name: 'GetSessionTokenResponse')
+    GetWebIdentityTokenRequest = Shapes::StructureShape.new(name: 'GetWebIdentityTokenRequest')
+    GetWebIdentityTokenResponse = Shapes::StructureShape.new(name: 'GetWebIdentityTokenResponse')
     IDPCommunicationErrorException = Shapes::StructureShape.new(name: 'IDPCommunicationErrorException', error: {"code" => "IDPCommunicationError", "httpStatusCode" => 400, "senderFault" => true})
     IDPRejectedClaimException = Shapes::StructureShape.new(name: 'IDPRejectedClaimException', error: {"code" => "IDPRejectedClaim", "httpStatusCode" => 403, "senderFault" => true})
     InvalidAuthorizationMessageException = Shapes::StructureShape.new(name: 'InvalidAuthorizationMessageException', error: {"code" => "InvalidAuthorizationMessageException", "httpStatusCode" => 400, "senderFault" => true})
     InvalidIdentityTokenException = Shapes::StructureShape.new(name: 'InvalidIdentityTokenException', error: {"code" => "InvalidIdentityToken", "httpStatusCode" => 400, "senderFault" => true})
     Issuer = Shapes::StringShape.new(name: 'Issuer')
+    JWTPayloadSizeExceededException = Shapes::StructureShape.new(name: 'JWTPayloadSizeExceededException', error: {"code" => "JWTPayloadSizeExceededException", "httpStatusCode" => 400, "senderFault" => true})
     MalformedPolicyDocumentException = Shapes::StructureShape.new(name: 'MalformedPolicyDocumentException', error: {"code" => "MalformedPolicyDocument", "httpStatusCode" => 400, "senderFault" => true})
     NameQualifier = Shapes::StringShape.new(name: 'NameQualifier')
+    OutboundWebIdentityFederationDisabledException = Shapes::StructureShape.new(name: 'OutboundWebIdentityFederationDisabledException', error: {"code" => "OutboundWebIdentityFederationDisabledException", "httpStatusCode" => 403, "senderFault" => true})
     PackedPolicyTooLargeException = Shapes::StructureShape.new(name: 'PackedPolicyTooLargeException', error: {"code" => "PackedPolicyTooLarge", "httpStatusCode" => 400, "senderFault" => true})
     PolicyDescriptorType = Shapes::StructureShape.new(name: 'PolicyDescriptorType')
     ProvidedContext = Shapes::StructureShape.new(name: 'ProvidedContext')
@@ -51,6 +58,7 @@ module Aws::STS
     RegionDisabledException = Shapes::StructureShape.new(name: 'RegionDisabledException', error: {"code" => "RegionDisabledException", "httpStatusCode" => 403, "senderFault" => true})
     RootDurationSecondsType = Shapes::IntegerShape.new(name: 'RootDurationSecondsType')
     SAMLAssertionType = Shapes::StringShape.new(name: 'SAMLAssertionType')
+    SessionDurationEscalationException = Shapes::StructureShape.new(name: 'SessionDurationEscalationException', error: {"code" => "SessionDurationEscalationException", "httpStatusCode" => 403, "senderFault" => true})
     Subject = Shapes::StringShape.new(name: 'Subject')
     SubjectType = Shapes::StringShape.new(name: 'SubjectType')
     Tag = Shapes::StructureShape.new(name: 'Tag')
@@ -67,20 +75,25 @@ module Aws::STS
     durationSecondsType = Shapes::IntegerShape.new(name: 'durationSecondsType')
     encodedMessageType = Shapes::StringShape.new(name: 'encodedMessageType')
     expiredIdentityTokenMessage = Shapes::StringShape.new(name: 'expiredIdentityTokenMessage')
+    expiredTradeInTokenExceptionMessage = Shapes::StringShape.new(name: 'expiredTradeInTokenExceptionMessage')
     externalIdType = Shapes::StringShape.new(name: 'externalIdType')
     federatedIdType = Shapes::StringShape.new(name: 'federatedIdType')
     idpCommunicationErrorMessage = Shapes::StringShape.new(name: 'idpCommunicationErrorMessage')
     idpRejectedClaimMessage = Shapes::StringShape.new(name: 'idpRejectedClaimMessage')
     invalidAuthorizationMessage = Shapes::StringShape.new(name: 'invalidAuthorizationMessage')
     invalidIdentityTokenMessage = Shapes::StringShape.new(name: 'invalidIdentityTokenMessage')
+    jwtAlgorithmType = Shapes::StringShape.new(name: 'jwtAlgorithmType')
+    jwtPayloadSizeExceededException = Shapes::StringShape.new(name: 'jwtPayloadSizeExceededException')
     malformedPolicyDocumentMessage = Shapes::StringShape.new(name: 'malformedPolicyDocumentMessage')
     nonNegativeIntegerType = Shapes::IntegerShape.new(name: 'nonNegativeIntegerType')
+    outboundWebIdentityFederationDisabledException = Shapes::StringShape.new(name: 'outboundWebIdentityFederationDisabledException')
     packedPolicyTooLargeMessage = Shapes::StringShape.new(name: 'packedPolicyTooLargeMessage')
     policyDescriptorListType = Shapes::ListShape.new(name: 'policyDescriptorListType')
     regionDisabledMessage = Shapes::StringShape.new(name: 'regionDisabledMessage')
     roleDurationSecondsType = Shapes::IntegerShape.new(name: 'roleDurationSecondsType')
     roleSessionNameType = Shapes::StringShape.new(name: 'roleSessionNameType')
     serialNumberType = Shapes::StringShape.new(name: 'serialNumberType')
+    sessionDurationEscalationException = Shapes::StringShape.new(name: 'sessionDurationEscalationException')
     sessionPolicyDocumentType = Shapes::StringShape.new(name: 'sessionPolicyDocumentType')
     sourceIdentityType = Shapes::StringShape.new(name: 'sourceIdentityType')
     tagKeyListType = Shapes::ListShape.new(name: 'tagKeyListType')
@@ -89,11 +102,16 @@ module Aws::STS
     tagValueType = Shapes::StringShape.new(name: 'tagValueType')
     tokenCodeType = Shapes::StringShape.new(name: 'tokenCodeType')
     tokenType = Shapes::StringShape.new(name: 'tokenType')
+    tradeInTokenType = Shapes::StringShape.new(name: 'tradeInTokenType')
     unrestrictedSessionPolicyDocumentType = Shapes::StringShape.new(name: 'unrestrictedSessionPolicyDocumentType')
     urlType = Shapes::StringShape.new(name: 'urlType')
     userIdType = Shapes::StringShape.new(name: 'userIdType')
     userNameType = Shapes::StringShape.new(name: 'userNameType')
     webIdentitySubjectType = Shapes::StringShape.new(name: 'webIdentitySubjectType')
+    webIdentityTokenAudienceListType = Shapes::ListShape.new(name: 'webIdentityTokenAudienceListType')
+    webIdentityTokenAudienceStringType = Shapes::StringShape.new(name: 'webIdentityTokenAudienceStringType')
+    webIdentityTokenDurationSecondsType = Shapes::IntegerShape.new(name: 'webIdentityTokenDurationSecondsType')
+    webIdentityTokenType = Shapes::StringShape.new(name: 'webIdentityTokenType')
 
     AssumeRoleRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "RoleArn"))
     AssumeRoleRequest.add_member(:role_session_name, Shapes::ShapeRef.new(shape: roleSessionNameType, required: true, location_name: "RoleSessionName"))
@@ -180,6 +198,9 @@ module Aws::STS
     ExpiredTokenException.add_member(:message, Shapes::ShapeRef.new(shape: expiredIdentityTokenMessage, location_name: "message"))
     ExpiredTokenException.struct_class = Types::ExpiredTokenException
 
+    ExpiredTradeInTokenException.add_member(:message, Shapes::ShapeRef.new(shape: expiredTradeInTokenExceptionMessage, location_name: "message"))
+    ExpiredTradeInTokenException.struct_class = Types::ExpiredTradeInTokenException
+
     FederatedUser.add_member(:federated_user_id, Shapes::ShapeRef.new(shape: federatedIdType, required: true, location_name: "FederatedUserId"))
     FederatedUser.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "Arn"))
     FederatedUser.struct_class = Types::FederatedUser
@@ -197,6 +218,14 @@ module Aws::STS
     GetCallerIdentityResponse.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, location_name: "Arn"))
     GetCallerIdentityResponse.struct_class = Types::GetCallerIdentityResponse
 
+    GetDelegatedAccessTokenRequest.add_member(:trade_in_token, Shapes::ShapeRef.new(shape: tradeInTokenType, required: true, location_name: "TradeInToken"))
+    GetDelegatedAccessTokenRequest.struct_class = Types::GetDelegatedAccessTokenRequest
+
+    GetDelegatedAccessTokenResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials"))
+    GetDelegatedAccessTokenResponse.add_member(:packed_policy_size, Shapes::ShapeRef.new(shape: nonNegativeIntegerType, location_name: "PackedPolicySize"))
+    GetDelegatedAccessTokenResponse.add_member(:assumed_principal, Shapes::ShapeRef.new(shape: arnType, location_name: "AssumedPrincipal"))
+    GetDelegatedAccessTokenResponse.struct_class = Types::GetDelegatedAccessTokenResponse
+
     GetFederationTokenRequest.add_member(:name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "Name"))
     GetFederationTokenRequest.add_member(:policy, Shapes::ShapeRef.new(shape: sessionPolicyDocumentType, location_name: "Policy"))
     GetFederationTokenRequest.add_member(:policy_arns, Shapes::ShapeRef.new(shape: policyDescriptorListType, location_name: "PolicyArns"))
@@ -217,6 +246,16 @@ module Aws::STS
     GetSessionTokenResponse.add_member(:credentials, Shapes::ShapeRef.new(shape: Credentials, location_name: "Credentials"))
     GetSessionTokenResponse.struct_class = Types::GetSessionTokenResponse
 
+    GetWebIdentityTokenRequest.add_member(:audience, Shapes::ShapeRef.new(shape: webIdentityTokenAudienceListType, required: true, location_name: "Audience"))
+    GetWebIdentityTokenRequest.add_member(:duration_seconds, Shapes::ShapeRef.new(shape: webIdentityTokenDurationSecondsType, location_name: "DurationSeconds"))
+    GetWebIdentityTokenRequest.add_member(:signing_algorithm, Shapes::ShapeRef.new(shape: jwtAlgorithmType, required: true, location_name: "SigningAlgorithm"))
+    GetWebIdentityTokenRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
+    GetWebIdentityTokenRequest.struct_class = Types::GetWebIdentityTokenRequest
+
+    GetWebIdentityTokenResponse.add_member(:web_identity_token, Shapes::ShapeRef.new(shape: webIdentityTokenType, location_name: "WebIdentityToken"))
+    GetWebIdentityTokenResponse.add_member(:expiration, Shapes::ShapeRef.new(shape: dateType, location_name: "Expiration"))
+    GetWebIdentityTokenResponse.struct_class = Types::GetWebIdentityTokenResponse
+
     IDPCommunicationErrorException.add_member(:message, Shapes::ShapeRef.new(shape: idpCommunicationErrorMessage, location_name: "message"))
     IDPCommunicationErrorException.struct_class = Types::IDPCommunicationErrorException
 
@@ -229,9 +268,15 @@ module Aws::STS
     InvalidIdentityTokenException.add_member(:message, Shapes::ShapeRef.new(shape: invalidIdentityTokenMessage, location_name: "message"))
     InvalidIdentityTokenException.struct_class = Types::InvalidIdentityTokenException
 
+    JWTPayloadSizeExceededException.add_member(:message, Shapes::ShapeRef.new(shape: jwtPayloadSizeExceededException, location_name: "message"))
+    JWTPayloadSizeExceededException.struct_class = Types::JWTPayloadSizeExceededException
+
     MalformedPolicyDocumentException.add_member(:message, Shapes::ShapeRef.new(shape: malformedPolicyDocumentMessage, location_name: "message"))
     MalformedPolicyDocumentException.struct_class = Types::MalformedPolicyDocumentException
 
+    OutboundWebIdentityFederationDisabledException.add_member(:message, Shapes::ShapeRef.new(shape: outboundWebIdentityFederationDisabledException, location_name: "message"))
+    OutboundWebIdentityFederationDisabledException.struct_class = Types::OutboundWebIdentityFederationDisabledException
+
     PackedPolicyTooLargeException.add_member(:message, Shapes::ShapeRef.new(shape: packedPolicyTooLargeMessage, location_name: "message"))
     PackedPolicyTooLargeException.struct_class = Types::PackedPolicyTooLargeException
 
@@ -247,6 +292,9 @@ module Aws::STS
     RegionDisabledException.add_member(:message, Shapes::ShapeRef.new(shape: regionDisabledMessage, location_name: "message"))
     RegionDisabledException.struct_class = Types::RegionDisabledException
 
+    SessionDurationEscalationException.add_member(:message, Shapes::ShapeRef.new(shape: sessionDurationEscalationException, location_name: "message"))
+    SessionDurationEscalationException.struct_class = Types::SessionDurationEscalationException
+
     Tag.add_member(:key, Shapes::ShapeRef.new(shape: tagKeyType, required: true, location_name: "Key"))
     Tag.add_member(:value, Shapes::ShapeRef.new(shape: tagValueType, required: true, location_name: "Value"))
     Tag.struct_class = Types::Tag
@@ -257,6 +305,8 @@ module Aws::STS
 
     tagListType.member = Shapes::ShapeRef.new(shape: Tag)
 
+    webIdentityTokenAudienceListType.member = Shapes::ShapeRef.new(shape: webIdentityTokenAudienceStringType)
+
 
     # @api private
     API = Seahorse::Model::Api.new.tap do |api|
@@ -358,6 +408,17 @@ module Aws::STS
         o.output = Shapes::ShapeRef.new(shape: GetCallerIdentityResponse)
       end)
 
+      api.add_operation(:get_delegated_access_token, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetDelegatedAccessToken"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetDelegatedAccessTokenRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetDelegatedAccessTokenResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ExpiredTradeInTokenException)
+        o.errors << Shapes::ShapeRef.new(shape: RegionDisabledException)
+        o.errors << Shapes::ShapeRef.new(shape: PackedPolicyTooLargeException)
+      end)
+
       api.add_operation(:get_federation_token, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetFederationToken"
         o.http_method = "POST"
@@ -377,6 +438,17 @@ module Aws::STS
         o.output = Shapes::ShapeRef.new(shape: GetSessionTokenResponse)
         o.errors << Shapes::ShapeRef.new(shape: RegionDisabledException)
       end)
+
+      api.add_operation(:get_web_identity_token, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetWebIdentityToken"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetWebIdentityTokenRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetWebIdentityTokenResponse)
+        o.errors << Shapes::ShapeRef.new(shape: SessionDurationEscalationException)
+        o.errors << Shapes::ShapeRef.new(shape: OutboundWebIdentityFederationDisabledException)
+        o.errors << Shapes::ShapeRef.new(shape: JWTPayloadSizeExceededException)
+      end)
     end
 
   end

data/lib/aws-sdk-sts/errors.rb

@@ -28,6 +28,7 @@ module Aws::STS
   #
   # ## Error Classes
   # * {ExpiredTokenException}
+  # * {ExpiredTradeInTokenException}
   # * {IDPCommunicationErrorException}
   #    * This error class is not used. `IDPCommunicationError` is used during parsing instead.
   # * {IDPRejectedClaimException}
@@ -35,11 +36,14 @@ module Aws::STS
   # * {InvalidAuthorizationMessageException}
   # * {InvalidIdentityTokenException}
   #    * This error class is not used. `InvalidIdentityToken` is used during parsing instead.
+  # * {JWTPayloadSizeExceededException}
   # * {MalformedPolicyDocumentException}
   #    * This error class is not used. `MalformedPolicyDocument` is used during parsing instead.
+  # * {OutboundWebIdentityFederationDisabledException}
   # * {PackedPolicyTooLargeException}
   #    * This error class is not used. `PackedPolicyTooLarge` is used during parsing instead.
   # * {RegionDisabledException}
+  # * {SessionDurationEscalationException}
   #
   # Additionally, error classes are dynamically generated for service errors based on the error code
   # if they are not defined above.
@@ -62,6 +66,21 @@ module Aws::STS
       end
     end
 
+    class ExpiredTradeInTokenException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::STS::Types::ExpiredTradeInTokenException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     # @deprecated This error class is not used during parsing.
     #   Please use `IDPCommunicationError` instead.
     class IDPCommunicationErrorException < ServiceError
@@ -128,6 +147,21 @@ module Aws::STS
       end
     end
 
+    class JWTPayloadSizeExceededException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::STS::Types::JWTPayloadSizeExceededException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     # @deprecated This error class is not used during parsing.
     #   Please use `MalformedPolicyDocument` instead.
     class MalformedPolicyDocumentException < ServiceError
@@ -145,6 +179,21 @@ module Aws::STS
       end
     end
 
+    class OutboundWebIdentityFederationDisabledException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::STS::Types::OutboundWebIdentityFederationDisabledException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     # @deprecated This error class is not used during parsing.
     #   Please use `PackedPolicyTooLarge` instead.
     class PackedPolicyTooLargeException < ServiceError
@@ -177,5 +226,20 @@ module Aws::STS
       end
     end
 
+    class SessionDurationEscalationException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::STS::Types::SessionDurationEscalationException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
   end
 end

data/lib/aws-sdk-sts/types.rb

@@ -35,7 +35,7 @@ module Aws::STS
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
     #   spaces. You can also include underscores or any of the following
-    #   characters: =,.@-
+    #   characters: +=,.@-
     #
     #
     #
@@ -240,7 +240,7 @@ module Aws::STS
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
     #   spaces. You can also include underscores or any of the following
-    #   characters: =,.@:/-
+    #   characters: +=,.@:\\/-
     #
     #
     #
@@ -259,7 +259,7 @@ module Aws::STS
     #   The regex used to validate this parameter is a string of characters
     #   consisting of upper- and lower-case alphanumeric characters with no
     #   spaces. You can also include underscores or any of the following
-    #   characters: =,.@-
+    #   characters: +=/:,.@-
     #   @return [String]
     #
     # @!attribute [rw] token_code
@@ -961,8 +961,8 @@ module Aws::STS
     #
     # @!attribute [rw] task_policy_arn
     #   The identity based policy that scopes the session to the privileged
-    #   tasks that can be performed. You can use one of following Amazon Web
-    #   Services managed policies to scope root session actions.
+    #   tasks that can be performed. You must use one of following Amazon
+    #   Web Services managed policies to scope root session actions:
     #
     #   * [IAMAuditRootUserCredentials][1]
     #
@@ -1144,6 +1144,21 @@ module Aws::STS
       include Aws::Structure
     end
 
+    # The trade-in token provided in the request has expired and can no
+    # longer be exchanged for credentials. Request a new token and retry the
+    # operation.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/ExpiredTradeInTokenException AWS API Documentation
+    #
+    class ExpiredTradeInTokenException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Identifiers for the federated user that is associated with the
     # credentials.
     #
@@ -1239,6 +1254,47 @@ module Aws::STS
       include Aws::Structure
     end
 
+    # @!attribute [rw] trade_in_token
+    #   The token to exchange for temporary Amazon Web Services credentials.
+    #   This token must be valid and unexpired at the time of the request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetDelegatedAccessTokenRequest AWS API Documentation
+    #
+    class GetDelegatedAccessTokenRequest < Struct.new(
+      :trade_in_token)
+      SENSITIVE = [:trade_in_token]
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] credentials
+    #   Amazon Web Services credentials for API authentication.
+    #   @return [Types::Credentials]
+    #
+    # @!attribute [rw] packed_policy_size
+    #   The percentage of the maximum policy size that is used by the
+    #   session policy. The policy size is calculated as the sum of all the
+    #   session policies and permission boundaries attached to the session.
+    #   If the packed size exceeds 100%, the request fails.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] assumed_principal
+    #   The Amazon Resource Name (ARN) of the principal that was assumed
+    #   when obtaining the delegated access token. This ARN identifies the
+    #   IAM entity whose permissions are granted by the temporary
+    #   credentials.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetDelegatedAccessTokenResponse AWS API Documentation
+    #
+    class GetDelegatedAccessTokenResponse < Struct.new(
+      :credentials,
+      :packed_policy_size,
+      :assumed_principal)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] name
     #   The name of the federated user. The name is used as an identifier
     #   for the temporary security credentials (such as `Bob`). For example,
@@ -1522,6 +1578,73 @@ module Aws::STS
       include Aws::Structure
     end
 
+    # @!attribute [rw] audience
+    #   The intended recipient of the web identity token. This value
+    #   populates the `aud` claim in the JWT and should identify the service
+    #   or application that will validate and use the token. The external
+    #   service should verify this claim to ensure the token was intended
+    #   for their use.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] duration_seconds
+    #   The duration, in seconds, for which the JSON Web Token (JWT) will
+    #   remain valid. The value can range from 60 seconds (1 minute) to 3600
+    #   seconds (1 hour). If not specified, the default duration is 300
+    #   seconds (5 minutes). The token is designed to be short-lived and
+    #   should be used for proof of identity, then exchanged for credentials
+    #   or short-lived tokens in the external service.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] signing_algorithm
+    #   The cryptographic algorithm to use for signing the JSON Web Token
+    #   (JWT). Valid values are RS256 (RSA with SHA-256) and ES384 (ECDSA
+    #   using P-384 curve with SHA-384).
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   An optional list of tags to include in the JSON Web Token (JWT).
+    #   These tags are added as custom claims to the JWT and can be used by
+    #   the downstream service for authorization decisions.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetWebIdentityTokenRequest AWS API Documentation
+    #
+    class GetWebIdentityTokenRequest < Struct.new(
+      :audience,
+      :duration_seconds,
+      :signing_algorithm,
+      :tags)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] web_identity_token
+    #   A signed JSON Web Token (JWT) that represents the caller's Amazon
+    #   Web Services identity. The token contains standard JWT claims such
+    #   as subject, audience, expiration time, and additional identity
+    #   attributes added by STS as custom claims. You can also add your own
+    #   custom claims to the token by passing tags as request parameters to
+    #   the `GetWebIdentityToken` API. The token is signed using the
+    #   specified signing algorithm and can be verified using the
+    #   verification keys available at the issuer's JWKS endpoint.
+    #   @return [String]
+    #
+    # @!attribute [rw] expiration
+    #   The date and time when the web identity token expires, in UTC. The
+    #   expiration is determined by adding the `DurationSeconds` value to
+    #   the time the token was issued. After this time, the token should no
+    #   longer be considered valid.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetWebIdentityTokenResponse AWS API Documentation
+    #
+    class GetWebIdentityTokenResponse < Struct.new(
+      :web_identity_token,
+      :expiration)
+      SENSITIVE = [:web_identity_token]
+      include Aws::Structure
+    end
+
     # The request could not be fulfilled because the identity provider (IDP)
     # that was asked to verify the incoming identity token could not be
     # reached. This is often a transient error caused by network conditions.
@@ -1589,6 +1712,21 @@ module Aws::STS
       include Aws::Structure
     end
 
+    # The requested token payload size exceeds the maximum allowed size.
+    # Reduce the number of request tags included in the
+    # `GetWebIdentityToken` API call to reduce the token payload size.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/JWTPayloadSizeExceededException AWS API Documentation
+    #
+    class JWTPayloadSizeExceededException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The request was rejected because the policy document was malformed.
     # The error message describes the specific error.
     #
@@ -1603,6 +1741,21 @@ module Aws::STS
       include Aws::Structure
     end
 
+    # The outbound web identity federation feature is not enabled for this
+    # account. To use this feature, you must first enable it through the
+    # Amazon Web Services Management Console or API.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/OutboundWebIdentityFederationDisabledException AWS API Documentation
+    #
+    class OutboundWebIdentityFederationDisabledException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The request was rejected because the total packed size of the session
     # policies and session tags combined was too large. An Amazon Web
     # Services conversion compresses the session policy document, session
@@ -1686,7 +1839,7 @@ module Aws::STS
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1699,6 +1852,22 @@ module Aws::STS
       include Aws::Structure
     end
 
+    # The requested token duration would extend the session beyond its
+    # original expiration time. You cannot use this operation to extend the
+    # lifetime of a session beyond what was granted when the session was
+    # originally created.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/SessionDurationEscalationException AWS API Documentation
+    #
+    class SessionDurationEscalationException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # You can pass custom key-value pair attributes when you assume a role
     # or federate a user. These are called session tags. You can then use
     # the session tags to control access to resources. For more information,

data/lib/aws-sdk-sts.rb

@@ -56,7 +56,7 @@ module Aws::STS
   autoload :EndpointProvider, 'aws-sdk-sts/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-sts/endpoints'
 
-  GEM_VERSION = '3.236.0'
+  GEM_VERSION = '3.239.2'
 
 end
 

data/lib/seahorse/client/h2/handler.rb

@@ -130,7 +130,12 @@ module Seahorse
         # https://http2.github.io/http2-spec/#rfc.section.8.1.2.3
         def _h2_headers(req)
           headers = {}
-          headers[':authority'] = req.endpoint.host
+          headers[':authority'] =
+            if req.endpoint.port != 443
+              "#{req.endpoint.host}:#{req.endpoint.port}"
+            else
+              req.endpoint.host
+            end
           headers[':method'] = req.http_method.upcase
           headers[':scheme'] = req.endpoint.scheme
           headers[':path'] = req.endpoint.path.empty? ? '/' : req.endpoint.path

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 3.236.0
+  version: 3.239.2
 platform: ruby
 authors:
 - Amazon Web Services
@@ -197,6 +197,7 @@ files:
 - lib/aws-sdk-core/log/handler.rb
 - lib/aws-sdk-core/log/param_filter.rb
 - lib/aws-sdk-core/log/param_formatter.rb
+- lib/aws-sdk-core/login_credentials.rb
 - lib/aws-sdk-core/lru_cache.rb
 - lib/aws-sdk-core/pageable_response.rb
 - lib/aws-sdk-core/pager.rb
@@ -329,6 +330,17 @@ files:
 - lib/aws-sdk-core/xml/parser/parsing_error.rb
 - lib/aws-sdk-core/xml/parser/rexml_engine.rb
 - lib/aws-sdk-core/xml/parser/stack.rb
+- lib/aws-sdk-signin.rb
+- lib/aws-sdk-signin/client.rb
+- lib/aws-sdk-signin/client_api.rb
+- lib/aws-sdk-signin/customizations.rb
+- lib/aws-sdk-signin/endpoint_parameters.rb
+- lib/aws-sdk-signin/endpoint_provider.rb
+- lib/aws-sdk-signin/endpoints.rb
+- lib/aws-sdk-signin/errors.rb
+- lib/aws-sdk-signin/plugins/endpoints.rb
+- lib/aws-sdk-signin/resource.rb
+- lib/aws-sdk-signin/types.rb
 - lib/aws-sdk-sso.rb
 - lib/aws-sdk-sso/client.rb
 - lib/aws-sdk-sso/client_api.rb