aws-sdk-core 3.54.2 → 3.75.0

data/lib/aws-sdk-core/shared_config.rb

@@ -99,12 +99,10 @@ module Aws
     def credentials(opts = {})
       p = opts[:profile] || @profile_name
       validate_profile_exists(p) if credentials_present?
-      if credentials = credentials_from_shared(p, opts)
+      if (credentials = credentials_from_shared(p, opts))
         credentials
-      elsif credentials = credentials_from_config(p, opts)
+      elsif (credentials = credentials_from_config(p, opts))
         credentials
-      else
-        nil
       end
     end
 
@@ -121,6 +119,25 @@ module Aws
       credentials
     end
 
+    def assume_role_web_identity_credentials_from_config(profile)
+      p = profile || @profile_name
+      if @config_enabled && @parsed_config
+        entry = @parsed_config.fetch(p, {})
+        if entry['web_identity_token_file'] &&
+          entry['role_arn']
+          AssumeRoleWebIdentityCredentials.new(
+            role_arn: entry['role_arn'],
+            web_identity_token_file: entry['web_identity_token_file'],
+            role_session_name: entry['role_session_name']
+          )
+        else
+          nil
+        end
+      else
+        nil
+      end
+    end
+
     def region(opts = {})
       p = opts[:profile] || @profile_name
       if @config_enabled
@@ -136,6 +153,21 @@ module Aws
       end
     end
 
+    def sts_regional_endpoints(opts = {})
+      p = opts[:profile] || @profile_name
+      if @config_enabled
+        if @parsed_credentials
+          mode = @parsed_credentials.fetch(p, {})["sts_regional_endpoints"]
+        end
+        if @parsed_config
+          mode ||= @parsed_config.fetch(p, {})["sts_regional_endpoints"]
+        end
+        mode
+      else
+        nil
+      end
+    end
+
     def endpoint_discovery(opts = {})
       p = opts[:profile] || @profile_name
       if @config_enabled && @parsed_config
@@ -193,7 +225,23 @@ module Aws
       end
     end
 
+    def csm_host(opts = {})
+      p = opts[:profile] || @profile_name
+      if @config_enabled
+        if @parsed_credentials
+          value = @parsed_credentials.fetch(p, {})["csm_host"]
+        end
+        if @parsed_config
+          value ||= @parsed_config.fetch(p, {})["csm_host"]
+        end
+        value
+      else
+        nil
+      end
+    end
+
     private
+
     def credentials_present?
       (@parsed_credentials && !@parsed_credentials.empty?) ||
         (@parsed_config && !@parsed_config.empty?)
@@ -211,11 +259,12 @@ module Aws
               "provide only source_profile or credential_source, not both."
           )
         elsif opts[:source_profile]
-          opts[:credentials] = credentials(profile: opts[:source_profile])
+          opts[:credentials] = resolve_source_profile(opts[:source_profile])
           if opts[:credentials]
             opts[:role_session_name] ||= prof_cfg["role_session_name"]
             opts[:role_session_name] ||= "default_session"
             opts[:role_arn] ||= prof_cfg["role_arn"]
+            opts[:duration_seconds] ||= prof_cfg["duration_seconds"]
             opts[:external_id] ||= prof_cfg["external_id"]
             opts[:serial_number] ||= prof_cfg["mfa_serial"]
             opts[:profile] = opts.delete(:source_profile)
@@ -235,6 +284,7 @@ module Aws
             opts[:role_session_name] ||= prof_cfg["role_session_name"]
             opts[:role_session_name] ||= "default_session"
             opts[:role_arn] ||= prof_cfg["role_arn"]
+            opts[:duration_seconds] ||= prof_cfg["duration_seconds"]
             opts[:external_id] ||= prof_cfg["external_id"]
             opts[:serial_number] ||= prof_cfg["mfa_serial"]
             opts.delete(:source_profile) # Cleanup
@@ -257,6 +307,20 @@ module Aws
       end
     end
 
+    def resolve_source_profile(profile)
+      if (creds = credentials(profile: profile))
+        creds # static credentials
+      elsif (provider = assume_role_web_identity_credentials_from_config(profile))
+        if provider.credentials.set?
+          provider.credentials
+        end
+      elsif (provider = assume_role_process_credentials_from_config(profile))
+        if provider.credentials.set?
+          provider.credentials
+        end
+      end
+    end
+
     def credentials_from_source(credential_source, config)
       case credential_source
       when "Ec2InstanceMetadata"
@@ -274,6 +338,11 @@ module Aws
       end
     end
 
+    def assume_role_process_credentials_from_config(profile)
+      credential_process = credentials_process(profile)
+      ProcessCredentials.new(credential_process) if credential_process
+    end
+
     def credentials_from_shared(profile, opts)
       if @parsed_credentials && prof_config = @parsed_credentials[profile]
         credentials_from_profile(prof_config)

data/lib/aws-sdk-core.rb

@@ -9,6 +9,7 @@ require_relative 'aws-sdk-core/deprecations'
 require_relative 'aws-sdk-core/credential_provider'
 require_relative 'aws-sdk-core/refreshing_credentials'
 require_relative 'aws-sdk-core/assume_role_credentials'
+require_relative 'aws-sdk-core/assume_role_web_identity_credentials'
 require_relative 'aws-sdk-core/credentials'
 require_relative 'aws-sdk-core/credential_provider_chain'
 require_relative 'aws-sdk-core/ecs_credentials'

data/lib/aws-sdk-sts/client.rb

@@ -26,6 +26,7 @@ require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/query.rb'
+require 'aws-sdk-sts/plugins/sts_regional_endpoints.rb'
 
 Aws::Plugins::GlobalConfiguration.add_identifier(:sts)
 
@@ -59,6 +60,7 @@ module Aws::STS
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::Query)
+    add_plugin(Aws::STS::Plugins::STSRegionalEndpoints)
 
     # @overload initialize(options)
     #   @param [Hash] options
@@ -116,6 +118,10 @@ module Aws::STS
     #     Allows you to provide an identifier for this client which will be attached to
     #     all generated client side metrics. Defaults to an empty string.
     #
+    #   @option options [String] :client_side_monitoring_host ("127.0.0.1")
+    #     Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client
+    #     side monitoring agent is running on, where client metrics will be published via UDP.
+    #
     #   @option options [Integer] :client_side_monitoring_port (31000)
     #     Required for publishing client metrics. The port that the client side monitoring
     #     agent is running on, where client metrics will be published via UDP.
@@ -188,6 +194,11 @@ module Aws::STS
     #
     #   @option options [String] :session_token
     #
+    #   @option options [String] :sts_regional_endpoints ("legacy")
+    #     Passing in 'regional' to enable regional endpoint for STS for all supported
+    #     regions (except 'aws-global'), defaults to 'legacy' mode, using global endpoint
+    #     for legacy regions.
+    #
     #   @option options [Boolean] :stub_responses (false)
     #     Causes the client to return stubbed responses. By default
     #     fake responses are generated and returned. You can specify
@@ -391,8 +402,7 @@ module Aws::STS
     #   ARNs. However, the plain text that you use for both inline and managed
     #   session policies shouldn't exceed 2048 characters. For more
     #   information about ARNs, see [Amazon Resource Names (ARNs) and AWS
-    #   Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html) in
-    #   the AWS General Reference.
+    #   Service Namespaces][1] in the AWS General Reference.
     #
     #   <note markdown="1"> The characters in this parameter count towards the 2048 character
     #   session policy guideline. However, an AWS conversion compresses the
@@ -410,11 +420,12 @@ module Aws::STS
     #   access resources in the account that owns the role. You cannot use
     #   session policies to grant more permissions than those allowed by the
     #   identity-based policy of the role that is being assumed. For more
-    #   information, see [Session Policies][1] in the *IAM User Guide*.
+    #   information, see [Session Policies][2] in the *IAM User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
     #
     # @option params [String] :policy
     #   An IAM policy in JSON format that you want to use as an inline session
@@ -711,8 +722,7 @@ module Aws::STS
     #   ARNs. However, the plain text that you use for both inline and managed
     #   session policies shouldn't exceed 2048 characters. For more
     #   information about ARNs, see [Amazon Resource Names (ARNs) and AWS
-    #   Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html) in
-    #   the AWS General Reference.
+    #   Service Namespaces][1] in the AWS General Reference.
     #
     #   <note markdown="1"> The characters in this parameter count towards the 2048 character
     #   session policy guideline. However, an AWS conversion compresses the
@@ -730,11 +740,12 @@ module Aws::STS
     #   access resources in the account that owns the role. You cannot use
     #   session policies to grant more permissions than those allowed by the
     #   identity-based policy of the role that is being assumed. For more
-    #   information, see [Session Policies][1] in the *IAM User Guide*.
+    #   information, see [Session Policies][2] in the *IAM User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
     #
     # @option params [String] :policy
     #   An IAM policy in JSON format that you want to use as an inline session
@@ -1015,8 +1026,7 @@ module Aws::STS
     #   ARNs. However, the plain text that you use for both inline and managed
     #   session policies shouldn't exceed 2048 characters. For more
     #   information about ARNs, see [Amazon Resource Names (ARNs) and AWS
-    #   Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html) in
-    #   the AWS General Reference.
+    #   Service Namespaces][1] in the AWS General Reference.
     #
     #   <note markdown="1"> The characters in this parameter count towards the 2048 character
     #   session policy guideline. However, an AWS conversion compresses the
@@ -1034,11 +1044,12 @@ module Aws::STS
     #   access resources in the account that owns the role. You cannot use
     #   session policies to grant more permissions than those allowed by the
     #   identity-based policy of the role that is being assumed. For more
-    #   information, see [Session Policies][1] in the *IAM User Guide*.
+    #   information, see [Session Policies][2] in the *IAM User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
     #
     # @option params [String] :policy
     #   An IAM policy in JSON format that you want to use as an inline session
@@ -1259,8 +1270,82 @@ module Aws::STS
       req.send_request(options)
     end
 
-    # Returns details about the IAM identity whose credentials are used to
-    # call the API.
+    # Returns the account identifier for the specified access key ID.
+    #
+    # Access keys consist of two parts: an access key ID (for example,
+    # `AKIAIOSFODNN7EXAMPLE`) and a secret access key (for example,
+    # `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`). For more information
+    # about access keys, see [Managing Access Keys for IAM Users][1] in the
+    # *IAM User Guide*.
+    #
+    # When you pass an access key ID to this operation, it returns the ID of
+    # the AWS account to which the keys belong. Access key IDs beginning
+    # with `AKIA` are long-term credentials for an IAM user or the AWS
+    # account root user. Access key IDs beginning with `ASIA` are temporary
+    # credentials that are created using STS operations. If the account in
+    # the response belongs to you, you can sign in as the root user and
+    # review your root user access keys. Then, you can pull a [credentials
+    # report][2] to learn which IAM user owns the keys. To learn who
+    # requested the temporary credentials for an `ASIA` access key, view the
+    # STS events in your [CloudTrail logs][3].
+    #
+    # This operation does not indicate the state of the access key. The key
+    # might be active, inactive, or deleted. Active keys might not have
+    # permissions to perform an operation. Providing a deleted access key
+    # might return an error that the key doesn't exist.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html
+    # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html
+    # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html
+    #
+    # @option params [required, String] :access_key_id
+    #   The identifier of an access key.
+    #
+    #   This parameter allows (through its regex pattern) a string of
+    #   characters that can consist of any upper- or lowercased letter or
+    #   digit.
+    #
+    # @return [Types::GetAccessKeyInfoResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetAccessKeyInfoResponse#account #account} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_access_key_info({
+    #     access_key_id: "accessKeyIdType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.account #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfo AWS API Documentation
+    #
+    # @overload get_access_key_info(params = {})
+    # @param [Hash] params ({})
+    def get_access_key_info(params = {}, options = {})
+      req = build_request(:get_access_key_info, params)
+      req.send_request(options)
+    end
+
+    # Returns details about the IAM user or role whose credentials are used
+    # to call the operation.
+    #
+    # <note markdown="1"> No permissions are required to perform this operation. If an
+    # administrator adds a policy to your IAM user or role that explicitly
+    # denies access to the `sts:GetCallerIdentity` action, you can still
+    # perform this operation. Permissions are not required because the same
+    # information is returned when an IAM user or role is denied access. To
+    # view an example response, see [I Am Not Authorized to Perform:
+    # iam:DeleteVirtualMFADevice][1].
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa
     #
     # @return [Types::GetCallerIdentityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1474,8 +1559,7 @@ module Aws::STS
     #   both inline and managed session policies shouldn't exceed 2048
     #   characters. You can provide up to 10 managed policy ARNs. For more
     #   information about ARNs, see [Amazon Resource Names (ARNs) and AWS
-    #   Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html) in
-    #   the AWS General Reference.
+    #   Service Namespaces][2] in the AWS General Reference.
     #
     #   This parameter is optional. However, if you do not pass any session
     #   policies, then the resulting federated user session has no
@@ -1504,6 +1588,7 @@ module Aws::STS
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
+    #   [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
     #
     # @option params [Integer] :duration_seconds
     #   The duration, in seconds, that the session should last. Acceptable
@@ -1730,7 +1815,7 @@ module Aws::STS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-core'
-      context[:gem_version] = '3.54.2'
+      context[:gem_version] = '3.75.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-sts/client_api.rb

@@ -24,6 +24,8 @@ module Aws::STS
     DecodeAuthorizationMessageResponse = Shapes::StructureShape.new(name: 'DecodeAuthorizationMessageResponse')
     ExpiredTokenException = Shapes::StructureShape.new(name: 'ExpiredTokenException')
     FederatedUser = Shapes::StructureShape.new(name: 'FederatedUser')
+    GetAccessKeyInfoRequest = Shapes::StructureShape.new(name: 'GetAccessKeyInfoRequest')
+    GetAccessKeyInfoResponse = Shapes::StructureShape.new(name: 'GetAccessKeyInfoResponse')
     GetCallerIdentityRequest = Shapes::StructureShape.new(name: 'GetCallerIdentityRequest')
     GetCallerIdentityResponse = Shapes::StructureShape.new(name: 'GetCallerIdentityResponse')
     GetFederationTokenRequest = Shapes::StructureShape.new(name: 'GetFederationTokenRequest')
@@ -149,6 +151,12 @@ module Aws::STS
     FederatedUser.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "Arn"))
     FederatedUser.struct_class = Types::FederatedUser
 
+    GetAccessKeyInfoRequest.add_member(:access_key_id, Shapes::ShapeRef.new(shape: accessKeyIdType, required: true, location_name: "AccessKeyId"))
+    GetAccessKeyInfoRequest.struct_class = Types::GetAccessKeyInfoRequest
+
+    GetAccessKeyInfoResponse.add_member(:account, Shapes::ShapeRef.new(shape: accountType, location_name: "Account"))
+    GetAccessKeyInfoResponse.struct_class = Types::GetAccessKeyInfoResponse
+
     GetCallerIdentityRequest.struct_class = Types::GetCallerIdentityRequest
 
     GetCallerIdentityResponse.add_member(:user_id, Shapes::ShapeRef.new(shape: userIdType, location_name: "UserId"))
@@ -271,6 +279,14 @@ module Aws::STS
         o.errors << Shapes::ShapeRef.new(shape: InvalidAuthorizationMessageException)
       end)
 
+      api.add_operation(:get_access_key_info, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetAccessKeyInfo"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetAccessKeyInfoRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetAccessKeyInfoResponse)
+      end)
+
       api.add_operation(:get_caller_identity, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetCallerIdentity"
         o.http_method = "POST"

data/lib/aws-sdk-sts/plugins/sts_regional_endpoints.rb

@@ -0,0 +1,32 @@
+module Aws
+  module STS
+    module Plugins
+
+      class STSRegionalEndpoints < Seahorse::Client::Plugin
+
+        option(:sts_regional_endpoints,
+          default: 'legacy',
+          doc_type: String,
+          docstring: <<-DOCS) do |cfg|
+Passing in 'regional' to enable regional endpoint for STS for all supported
+regions (except 'aws-global'), defaults to 'legacy' mode, using global endpoint
+for legacy regions.
+          DOCS
+          resolve_sts_regional_endpoints(cfg)
+        end
+
+        private
+        
+        def self.resolve_sts_regional_endpoints(cfg)
+          env_mode = ENV['AWS_STS_REGIONAL_ENDPOINTS']
+          env_mode = nil if env_mode == ''
+          cfg_mode = Aws.shared_config.sts_regional_endpoints(
+            profile: cfg.profile)
+          env_mode || cfg_mode || 'legacy'
+        end
+
+      end
+
+    end
+  end
+end

data/lib/aws-sdk-sts/types.rb

@@ -57,8 +57,7 @@ module Aws::STS
     #   ARNs. However, the plain text that you use for both inline and
     #   managed session policies shouldn't exceed 2048 characters. For more
     #   information about ARNs, see [Amazon Resource Names (ARNs) and AWS
-    #   Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html)
-    #   in the AWS General Reference.
+    #   Service Namespaces][1] in the AWS General Reference.
     #
     #   <note markdown="1"> The characters in this parameter count towards the 2048 character
     #   session policy guideline. However, an AWS conversion compresses the
@@ -77,11 +76,12 @@ module Aws::STS
     #   owns the role. You cannot use session policies to grant more
     #   permissions than those allowed by the identity-based policy of the
     #   role that is being assumed. For more information, see [Session
-    #   Policies][1] in the *IAM User Guide*.
+    #   Policies][2] in the *IAM User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
     #   @return [Array<Types::PolicyDescriptorType>]
     #
     # @!attribute [rw] policy
@@ -297,8 +297,7 @@ module Aws::STS
     #   ARNs. However, the plain text that you use for both inline and
     #   managed session policies shouldn't exceed 2048 characters. For more
     #   information about ARNs, see [Amazon Resource Names (ARNs) and AWS
-    #   Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html)
-    #   in the AWS General Reference.
+    #   Service Namespaces][1] in the AWS General Reference.
     #
     #   <note markdown="1"> The characters in this parameter count towards the 2048 character
     #   session policy guideline. However, an AWS conversion compresses the
@@ -317,11 +316,12 @@ module Aws::STS
     #   owns the role. You cannot use session policies to grant more
     #   permissions than those allowed by the identity-based policy of the
     #   role that is being assumed. For more information, see [Session
-    #   Policies][1] in the *IAM User Guide*.
+    #   Policies][2] in the *IAM User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
     #   @return [Array<Types::PolicyDescriptorType>]
     #
     # @!attribute [rw] policy
@@ -548,8 +548,7 @@ module Aws::STS
     #   ARNs. However, the plain text that you use for both inline and
     #   managed session policies shouldn't exceed 2048 characters. For more
     #   information about ARNs, see [Amazon Resource Names (ARNs) and AWS
-    #   Service Namespaces](general/latest/gr/aws-arns-and-namespaces.html)
-    #   in the AWS General Reference.
+    #   Service Namespaces][1] in the AWS General Reference.
     #
     #   <note markdown="1"> The characters in this parameter count towards the 2048 character
     #   session policy guideline. However, an AWS conversion compresses the
@@ -568,11 +567,12 @@ module Aws::STS
     #   owns the role. You cannot use session policies to grant more
     #   permissions than those allowed by the identity-based policy of the
     #   role that is being assumed. For more information, see [Session
-    #   Policies][1] in the *IAM User Guide*.
+    #   Policies][2] in the *IAM User Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
     #   @return [Array<Types::PolicyDescriptorType>]
     #
     # @!attribute [rw] policy
@@ -848,6 +848,39 @@ module Aws::STS
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetAccessKeyInfoRequest
+    #   data as a hash:
+    #
+    #       {
+    #         access_key_id: "accessKeyIdType", # required
+    #       }
+    #
+    # @!attribute [rw] access_key_id
+    #   The identifier of an access key.
+    #
+    #   This parameter allows (through its regex pattern) a string of
+    #   characters that can consist of any upper- or lowercased letter or
+    #   digit.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfoRequest AWS API Documentation
+    #
+    class GetAccessKeyInfoRequest < Struct.new(
+      :access_key_id)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] account
+    #   The number used to identify the AWS account.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetAccessKeyInfoResponse AWS API Documentation
+    #
+    class GetAccessKeyInfoResponse < Struct.new(
+      :account)
+      include Aws::Structure
+    end
+
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetCallerIdentityRequest AWS API Documentation
@@ -971,9 +1004,7 @@ module Aws::STS
     #   use for both inline and managed session policies shouldn't exceed
     #   2048 characters. You can provide up to 10 managed policy ARNs. For
     #   more information about ARNs, see [Amazon Resource Names (ARNs) and
-    #   AWS Service
-    #   Namespaces](general/latest/gr/aws-arns-and-namespaces.html) in the
-    #   AWS General Reference.
+    #   AWS Service Namespaces][2] in the AWS General Reference.
     #
     #   This parameter is optional. However, if you do not pass any session
     #   policies, then the resulting federated user session has no
@@ -1002,6 +1033,7 @@ module Aws::STS
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session
+    #   [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
     #   @return [Array<Types::PolicyDescriptorType>]
     #
     # @!attribute [rw] duration_seconds
@@ -1173,7 +1205,7 @@ module Aws::STS
       include Aws::Structure
     end
 
-    # The error returned if the message passed to
+    # This error is returned if the message passed to
     # `DecodeAuthorizationMessage` was invalid. This can happen if the token
     # contains invalid characters, such as linebreaks.
     #
@@ -1241,9 +1273,12 @@ module Aws::STS
     # @!attribute [rw] arn
     #   The Amazon Resource Name (ARN) of the IAM managed policy to use as a
     #   session policy for the role. For more information about ARNs, see
-    #   [Amazon Resource Names (ARNs) and AWS Service
-    #   Namespaces](general/latest/gr/aws-arns-and-namespaces.html) in the
+    #   [Amazon Resource Names (ARNs) and AWS Service Namespaces][1] in the
     #   *AWS General Reference*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/PolicyDescriptorType AWS API Documentation

data/lib/aws-sdk-sts.rb

@@ -40,6 +40,6 @@ require_relative 'aws-sdk-sts/customizations'
 # @service
 module Aws::STS
 
-  GEM_VERSION = '3.54.2'
+  GEM_VERSION = '3.75.0'
 
 end

data/lib/seahorse/client/base.rb

@@ -194,13 +194,15 @@ module Seahorse
         private
 
         def define_operation_methods
+          operations_module = Module.new
           @api.operation_names.each do |method_name|
-            define_method(method_name) do |*args, &block|
+            operations_module.send(:define_method, method_name) do |*args, &block|
               params = args[0] || {}
               options = args[1] || {}
               build_request(method_name, params).send_request(options, &block)
             end
           end
+          include(operations_module)
         end
 
         def build_plugins

data/lib/seahorse/client/handler_list_entry.rb

@@ -77,8 +77,8 @@ module Seahorse
         if options.key?(name)
           options[name]
         else
-          msg = "invalid :priority `%s', must be between 0 and 99"
-          raise ArgumentError, msg % priority.inspect
+          msg = "missing option: `%s'"
+          raise ArgumentError, msg % name.inspect
         end
       end
 

data/lib/seahorse/client/plugin.rb

@@ -119,7 +119,7 @@ module Seahorse
         attr_accessor :default_block
         attr_accessor :required
         attr_accessor :doc_type
-        attr_accessor :doc_default
+        attr_writer :doc_default
         attr_accessor :docstring
 
         def doc_default