@aws-amplify/graphql-api-construct 1.18.1 → 1.18.3-ai-next.0

package/node_modules/@aws-sdk/client-sts/dist-es/commands/AssumeRootCommand.js

@@ -0,0 +1,23 @@
+import { getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { getSerdePlugin } from "@smithy/middleware-serde";
+import { Command as $Command } from "@smithy/smithy-client";
+import { commonParams } from "../endpoint/EndpointParameters";
+import { AssumeRootResponseFilterSensitiveLog } from "../models/models_0";
+import { de_AssumeRootCommand, se_AssumeRootCommand } from "../protocols/Aws_query";
+export { $Command };
+export class AssumeRootCommand extends $Command
+    .classBuilder()
+    .ep(commonParams)
+    .m(function (Command, cs, config, o) {
+    return [
+        getSerdePlugin(config, this.serialize, this.deserialize),
+        getEndpointPlugin(config, Command.getEndpointParameterInstructions()),
+    ];
+})
+    .s("AWSSecurityTokenServiceV20110615", "AssumeRoot", {})
+    .n("STSClient", "AssumeRootCommand")
+    .f(void 0, AssumeRootResponseFilterSensitiveLog)
+    .ser(se_AssumeRootCommand)
+    .de(de_AssumeRootCommand)
+    .build() {
+}

package/node_modules/@aws-sdk/client-sts/dist-es/commands/index.js

@@ -1,6 +1,7 @@
 export * from "./AssumeRoleCommand";
 export * from "./AssumeRoleWithSAMLCommand";
 export * from "./AssumeRoleWithWebIdentityCommand";
+export * from "./AssumeRootCommand";
 export * from "./DecodeAuthorizationMessageCommand";
 export * from "./GetAccessKeyInfoCommand";
 export * from "./GetCallerIdentityCommand";

package/node_modules/@aws-sdk/client-sts/dist-es/defaultStsRoleAssumers.js

@@ -1,3 +1,4 @@
+import { setCredentialFeature } from "@aws-sdk/core/client";
 import { AssumeRoleCommand } from "./commands/AssumeRoleCommand";
 import { AssumeRoleWithWebIdentityCommand, } from "./commands/AssumeRoleWithWebIdentityCommand";
 const ASSUME_ROLE_DEFAULT_REGION = "us-east-1";
@@ -37,7 +38,7 @@ export const getDefaultRoleAssumer = (stsOptions, stsClientCtor) => {
             throw new Error(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);
         }
         const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);
-        return {
+        const credentials = {
             accessKeyId: Credentials.AccessKeyId,
             secretAccessKey: Credentials.SecretAccessKey,
             sessionToken: Credentials.SessionToken,
@@ -45,6 +46,8 @@ export const getDefaultRoleAssumer = (stsOptions, stsClientCtor) => {
             ...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }),
             ...(accountId && { accountId }),
         };
+        setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE", "i");
+        return credentials;
     };
 };
 export const getDefaultRoleAssumerWithWebIdentity = (stsOptions, stsClientCtor) => {
@@ -65,7 +68,7 @@ export const getDefaultRoleAssumerWithWebIdentity = (stsOptions, stsClientCtor)
             throw new Error(`Invalid response from STS.assumeRoleWithWebIdentity call with role ${params.RoleArn}`);
         }
         const accountId = getAccountIdFromAssumedRoleUser(AssumedRoleUser);
-        return {
+        const credentials = {
             accessKeyId: Credentials.AccessKeyId,
             secretAccessKey: Credentials.SecretAccessKey,
             sessionToken: Credentials.SessionToken,
@@ -73,6 +76,11 @@ export const getDefaultRoleAssumerWithWebIdentity = (stsOptions, stsClientCtor)
             ...(Credentials.CredentialScope && { credentialScope: Credentials.CredentialScope }),
             ...(accountId && { accountId }),
         };
+        if (accountId) {
+            setCredentialFeature(credentials, "RESOLVED_ACCOUNT_ID", "T");
+        }
+        setCredentialFeature(credentials, "CREDENTIALS_STS_ASSUME_ROLE_WEB_ID", "k");
+        return credentials;
     };
 };
 export const decorateDefaultCredentialProvider = (provider) => (input) => provider({

package/node_modules/@aws-sdk/client-sts/dist-es/models/models_0.js

@@ -120,6 +120,10 @@ export const AssumeRoleWithWebIdentityResponseFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) }),
 });
+export const AssumeRootResponseFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) }),
+});
 export const GetFederationTokenResponseFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) }),

package/node_modules/@aws-sdk/client-sts/dist-es/protocols/Aws_query.js

@@ -33,6 +33,16 @@ export const se_AssumeRoleWithWebIdentityCommand = async (input, context) => {
     });
     return buildHttpRpcRequest(context, headers, "/", undefined, body);
 };
+export const se_AssumeRootCommand = async (input, context) => {
+    const headers = SHARED_HEADERS;
+    let body;
+    body = buildFormUrlencodedString({
+        ...se_AssumeRootRequest(input, context),
+        [_A]: _ARs,
+        [_V]: _,
+    });
+    return buildHttpRpcRequest(context, headers, "/", undefined, body);
+};
 export const se_DecodeAuthorizationMessageCommand = async (input, context) => {
     const headers = SHARED_HEADERS;
     let body;
@@ -122,6 +132,19 @@ export const de_AssumeRoleWithWebIdentityCommand = async (output, context) => {
     };
     return response;
 };
+export const de_AssumeRootCommand = async (output, context) => {
+    if (output.statusCode >= 300) {
+        return de_CommandError(output, context);
+    }
+    const data = await parseBody(output.body, context);
+    let contents = {};
+    contents = de_AssumeRootResponse(data.AssumeRootResult, context);
+    const response = {
+        $metadata: deserializeMetadata(output),
+        ...contents,
+    };
+    return response;
+};
 export const de_DecodeAuthorizationMessageCommand = async (output, context) => {
     if (output.statusCode >= 300) {
         return de_CommandError(output, context);
@@ -428,6 +451,23 @@ const se_AssumeRoleWithWebIdentityRequest = (input, context) => {
     }
     return entries;
 };
+const se_AssumeRootRequest = (input, context) => {
+    const entries = {};
+    if (input[_TP] != null) {
+        entries[_TP] = input[_TP];
+    }
+    if (input[_TPA] != null) {
+        const memberEntries = se_PolicyDescriptorType(input[_TPA], context);
+        Object.entries(memberEntries).forEach(([key, value]) => {
+            const loc = `TaskPolicyArn.${key}`;
+            entries[loc] = value;
+        });
+    }
+    if (input[_DS] != null) {
+        entries[_DS] = input[_DS];
+    }
+    return entries;
+};
 const se_DecodeAuthorizationMessageRequest = (input, context) => {
     const entries = {};
     if (input[_EM] != null) {
@@ -658,6 +698,16 @@ const de_AssumeRoleWithWebIdentityResponse = (output, context) => {
     }
     return contents;
 };
+const de_AssumeRootResponse = (output, context) => {
+    const contents = {};
+    if (output[_C] != null) {
+        contents[_C] = de_Credentials(output[_C], context);
+    }
+    if (output[_SI] != null) {
+        contents[_SI] = __expectString(output[_SI]);
+    }
+    return contents;
+};
 const de_Credentials = (output, context) => {
     const contents = {};
     if (output[_AKI] != null) {
@@ -824,6 +874,7 @@ const _ARI = "AssumedRoleId";
 const _ARU = "AssumedRoleUser";
 const _ARWSAML = "AssumeRoleWithSAML";
 const _ARWWI = "AssumeRoleWithWebIdentity";
+const _ARs = "AssumeRoot";
 const _Ac = "Account";
 const _Ar = "Arn";
 const _Au = "Audience";
@@ -865,6 +916,8 @@ const _ST = "SubjectType";
 const _STe = "SessionToken";
 const _T = "Tags";
 const _TC = "TokenCode";
+const _TP = "TargetPrincipal";
+const _TPA = "TaskPolicyArn";
 const _TTK = "TransitiveTagKeys";
 const _UI = "UserId";
 const _V = "Version";

package/node_modules/@aws-sdk/client-sts/dist-es/runtimeConfig.browser.js

@@ -1,6 +1,6 @@
 import packageInfo from "../package.json";
 import { Sha256 } from "@aws-crypto/sha256-browser";
-import { defaultUserAgent } from "@aws-sdk/util-user-agent-browser";
+import { createDefaultUserAgentProvider } from "@aws-sdk/util-user-agent-browser";
 import { DEFAULT_USE_DUALSTACK_ENDPOINT, DEFAULT_USE_FIPS_ENDPOINT } from "@smithy/config-resolver";
 import { FetchHttpHandler as RequestHandler, streamCollector } from "@smithy/fetch-http-handler";
 import { invalidProvider } from "@smithy/invalid-dependency";
@@ -21,7 +21,7 @@ export const getRuntimeConfig = (config) => {
         bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength,
         credentialDefaultProvider: config?.credentialDefaultProvider ?? ((_) => () => Promise.reject(new Error("Credential is missing"))),
         defaultUserAgentProvider: config?.defaultUserAgentProvider ??
-            defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }),
+            createDefaultUserAgentProvider({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }),
         maxAttempts: config?.maxAttempts ?? DEFAULT_MAX_ATTEMPTS,
         region: config?.region ?? invalidProvider("Region is missing"),
         requestHandler: RequestHandler.create(config?.requestHandler ?? defaultConfigProvider),

package/node_modules/@aws-sdk/client-sts/dist-es/runtimeConfig.js

@@ -1,7 +1,7 @@
 import packageInfo from "../package.json";
 import { AwsSdkSigV4Signer, emitWarningIfUnsupportedVersion as awsCheckVersion } from "@aws-sdk/core";
 import { defaultProvider as credentialDefaultProvider } from "@aws-sdk/credential-provider-node";
-import { defaultUserAgent } from "@aws-sdk/util-user-agent-node";
+import { NODE_APP_ID_CONFIG_OPTIONS, createDefaultUserAgentProvider } from "@aws-sdk/util-user-agent-node";
 import { NODE_REGION_CONFIG_FILE_OPTIONS, NODE_REGION_CONFIG_OPTIONS, NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, } from "@smithy/config-resolver";
 import { NoAuthSigner } from "@smithy/core";
 import { Hash } from "@smithy/hash-node";
@@ -28,7 +28,7 @@ export const getRuntimeConfig = (config) => {
         bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength,
         credentialDefaultProvider: config?.credentialDefaultProvider ?? credentialDefaultProvider,
         defaultUserAgentProvider: config?.defaultUserAgentProvider ??
-            defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }),
+            createDefaultUserAgentProvider({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }),
         httpAuthSchemes: config?.httpAuthSchemes ?? [
             {
                 schemeId: "aws.auth#sigv4",
@@ -54,5 +54,6 @@ export const getRuntimeConfig = (config) => {
         streamCollector: config?.streamCollector ?? streamCollector,
         useDualstackEndpoint: config?.useDualstackEndpoint ?? loadNodeConfig(NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS),
         useFipsEndpoint: config?.useFipsEndpoint ?? loadNodeConfig(NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS),
+        userAgentAppId: config?.userAgentAppId ?? loadNodeConfig(NODE_APP_ID_CONFIG_OPTIONS),
     };
 };

package/node_modules/@aws-sdk/client-sts/dist-types/STS.d.ts

@@ -2,6 +2,7 @@ import { HttpHandlerOptions as __HttpHandlerOptions } from "@smithy/types";
 import { AssumeRoleCommandInput, AssumeRoleCommandOutput } from "./commands/AssumeRoleCommand";
 import { AssumeRoleWithSAMLCommandInput, AssumeRoleWithSAMLCommandOutput } from "./commands/AssumeRoleWithSAMLCommand";
 import { AssumeRoleWithWebIdentityCommandInput, AssumeRoleWithWebIdentityCommandOutput } from "./commands/AssumeRoleWithWebIdentityCommand";
+import { AssumeRootCommandInput, AssumeRootCommandOutput } from "./commands/AssumeRootCommand";
 import { DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput } from "./commands/DecodeAuthorizationMessageCommand";
 import { GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput } from "./commands/GetAccessKeyInfoCommand";
 import { GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput } from "./commands/GetCallerIdentityCommand";
@@ -27,6 +28,12 @@ export interface STS {
     assumeRoleWithWebIdentity(args: AssumeRoleWithWebIdentityCommandInput, options?: __HttpHandlerOptions): Promise<AssumeRoleWithWebIdentityCommandOutput>;
     assumeRoleWithWebIdentity(args: AssumeRoleWithWebIdentityCommandInput, cb: (err: any, data?: AssumeRoleWithWebIdentityCommandOutput) => void): void;
     assumeRoleWithWebIdentity(args: AssumeRoleWithWebIdentityCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AssumeRoleWithWebIdentityCommandOutput) => void): void;
+    /**
+     * @see {@link AssumeRootCommand}
+     */
+    assumeRoot(args: AssumeRootCommandInput, options?: __HttpHandlerOptions): Promise<AssumeRootCommandOutput>;
+    assumeRoot(args: AssumeRootCommandInput, cb: (err: any, data?: AssumeRootCommandOutput) => void): void;
+    assumeRoot(args: AssumeRootCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AssumeRootCommandOutput) => void): void;
     /**
      * @see {@link DecodeAuthorizationMessageCommand}
      */

package/node_modules/@aws-sdk/client-sts/dist-types/STSClient.d.ts

@@ -10,6 +10,7 @@ import { HttpAuthSchemeInputConfig, HttpAuthSchemeResolvedConfig } from "./auth/
 import { AssumeRoleCommandInput, AssumeRoleCommandOutput } from "./commands/AssumeRoleCommand";
 import { AssumeRoleWithSAMLCommandInput, AssumeRoleWithSAMLCommandOutput } from "./commands/AssumeRoleWithSAMLCommand";
 import { AssumeRoleWithWebIdentityCommandInput, AssumeRoleWithWebIdentityCommandOutput } from "./commands/AssumeRoleWithWebIdentityCommand";
+import { AssumeRootCommandInput, AssumeRootCommandOutput } from "./commands/AssumeRootCommand";
 import { DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput } from "./commands/DecodeAuthorizationMessageCommand";
 import { GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput } from "./commands/GetAccessKeyInfoCommand";
 import { GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput } from "./commands/GetCallerIdentityCommand";
@@ -21,11 +22,11 @@ export { __Client };
 /**
  * @public
  */
-export type ServiceInputTypes = AssumeRoleCommandInput | AssumeRoleWithSAMLCommandInput | AssumeRoleWithWebIdentityCommandInput | DecodeAuthorizationMessageCommandInput | GetAccessKeyInfoCommandInput | GetCallerIdentityCommandInput | GetFederationTokenCommandInput | GetSessionTokenCommandInput;
+export type ServiceInputTypes = AssumeRoleCommandInput | AssumeRoleWithSAMLCommandInput | AssumeRoleWithWebIdentityCommandInput | AssumeRootCommandInput | DecodeAuthorizationMessageCommandInput | GetAccessKeyInfoCommandInput | GetCallerIdentityCommandInput | GetFederationTokenCommandInput | GetSessionTokenCommandInput;
 /**
  * @public
  */
-export type ServiceOutputTypes = AssumeRoleCommandOutput | AssumeRoleWithSAMLCommandOutput | AssumeRoleWithWebIdentityCommandOutput | DecodeAuthorizationMessageCommandOutput | GetAccessKeyInfoCommandOutput | GetCallerIdentityCommandOutput | GetFederationTokenCommandOutput | GetSessionTokenCommandOutput;
+export type ServiceOutputTypes = AssumeRoleCommandOutput | AssumeRoleWithSAMLCommandOutput | AssumeRoleWithWebIdentityCommandOutput | AssumeRootCommandOutput | DecodeAuthorizationMessageCommandOutput | GetAccessKeyInfoCommandOutput | GetCallerIdentityCommandOutput | GetFederationTokenCommandOutput | GetSessionTokenCommandOutput;
 /**
  * @public
  */

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRoleCommand.d.ts

@@ -32,8 +32,8 @@ declare const AssumeRoleCommand_base: {
  *          and a security token. Typically, you use <code>AssumeRole</code> within your account or for
  *          cross-account access. For a comparison of <code>AssumeRole</code> with other API operations
  *          that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
- *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
+ *             credentials</a> in the <i>IAM User Guide</i>.</p>
  *          <p>
  *             <b>Permissions</b>
  *          </p>
@@ -41,11 +41,11 @@ declare const AssumeRoleCommand_base: {
  *          make API calls to any Amazon Web Services service with the following exception: You cannot call the
  *          Amazon Web Services STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API
  *          operations.</p>
- *          <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to
- *          this operation. You can pass a single JSON policy document to use as an inline session
- *          policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as
- *          managed session policies. The plaintext that you use for both inline and managed session
- *          policies can't exceed 2,048 characters. Passing policies to this operation returns new
+ *          <p>(Optional) You can pass inline or managed session policies to this operation. You can
+ *          pass a single JSON policy document to use as an inline session policy. You can also specify
+ *          up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies.
+ *          The plaintext that you use for both inline and managed session policies can't exceed 2,048
+ *          characters. Passing policies to this operation returns new
  *          temporary credentials. The resulting session's permissions are the intersection of the
  *          role's identity-based policy and the session policies. You can use the role's temporary
  *          credentials in subsequent Amazon Web Services API calls to access resources in the account that owns
@@ -192,15 +192,15 @@ declare const AssumeRoleCommand_base: {
  *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
  *             the <i>IAM User Guide</i>.</p>
  *          <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
- *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate STS
- *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
- *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                     Guide</i>.</p>
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>
@@ -255,4 +255,15 @@ declare const AssumeRoleCommand_base: {
  *
  */
 export declare class AssumeRoleCommand extends AssumeRoleCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: AssumeRoleRequest;
+            output: AssumeRoleResponse;
+        };
+        sdk: {
+            input: AssumeRoleCommandInput;
+            output: AssumeRoleCommandOutput;
+        };
+    };
 }

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRoleWithSAMLCommand.d.ts

@@ -32,8 +32,8 @@ declare const AssumeRoleWithSAMLCommand_base: {
  *          enterprise identity store or directory to role-based Amazon Web Services access without user-specific
  *          credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the
  *          other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
- *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
+ *             credentials</a> in the <i>IAM User Guide</i>.</p>
  *          <p>The temporary security credentials returned by this operation consist of an access key
  *          ID, a secret access key, and a security token. Applications can use these temporary
  *          security credentials to sign calls to Amazon Web Services services.</p>
@@ -230,15 +230,15 @@ declare const AssumeRoleWithSAMLCommand_base: {
  *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
  *             the <i>IAM User Guide</i>.</p>
  *          <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
- *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate STS
- *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
- *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                     Guide</i>.</p>
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>
@@ -280,4 +280,15 @@ declare const AssumeRoleWithSAMLCommand_base: {
  *
  */
 export declare class AssumeRoleWithSAMLCommand extends AssumeRoleWithSAMLCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: AssumeRoleWithSAMLRequest;
+            output: AssumeRoleWithSAMLResponse;
+        };
+        sdk: {
+            input: AssumeRoleWithSAMLCommandInput;
+            output: AssumeRoleWithSAMLCommandOutput;
+        };
+    };
 }

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRoleWithWebIdentityCommand.d.ts

@@ -47,8 +47,8 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *          using a token from the web identity provider. For a comparison of
  *             <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce
  *          temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
- *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
+ *             credentials</a> in the <i>IAM User Guide</i>.</p>
  *          <p>The temporary security credentials returned by this API consist of an access key ID, a
  *          secret access key, and a security token. Applications can use these temporary security
  *          credentials to sign calls to Amazon Web Services service API operations.</p>
@@ -60,8 +60,7 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *          optional <code>DurationSeconds</code> parameter to specify the duration of your session.
  *          You can provide a value from 900 seconds (15 minutes) up to the maximum session duration
  *          setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how
- *          to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session">View the
- *             Maximum Session Duration Setting for a Role</a> in the
+ *          to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration">Update the maximum session duration for a role </a> in the
  *             <i>IAM User Guide</i>. The maximum session duration limit applies when
  *          you use the <code>AssumeRole*</code> API operations or the <code>assume-role*</code> CLI
  *          commands. However the limit does not apply when you use those operations to create a
@@ -130,7 +129,7 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *             or a pairwise identifier, as <a href="http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes">suggested
  *                in the OIDC specification</a>.</p>
  *          </important>
- *          <p>For more information about how to use web identity federation and the
+ *          <p>For more information about how to use OIDC federation and the
  *             <code>AssumeRoleWithWebIdentity</code> API, see the following resources: </p>
  *          <ul>
  *             <li>
@@ -139,25 +138,11 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *             </li>
  *             <li>
  *                <p>
- *                   <a href="https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/"> Web Identity Federation Playground</a>. Walk through the process of
- *                authenticating through Login with Amazon, Facebook, or Google, getting temporary
- *                security credentials, and then using those credentials to make a request to Amazon Web Services.
- *             </p>
- *             </li>
- *             <li>
- *                <p>
  *                   <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits
  *                contain sample apps that show how to invoke the identity providers. The toolkits then
  *                show how to use the information from these providers to get and use temporary
  *                security credentials. </p>
  *             </li>
- *             <li>
- *                <p>
- *                   <a href="http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications">Web Identity
- *                   Federation with Mobile Applications</a>. This article discusses web identity
- *                federation and shows an example of how to use web identity federation to get access
- *                to content in Amazon S3. </p>
- *             </li>
  *          </ul>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
@@ -211,11 +196,11 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *             token from the identity provider and then retry the request.</p>
  *
  * @throws {@link IDPCommunicationErrorException} (client fault)
- *  <p>The request could not be fulfilled because the identity provider (IDP) that
- *             was asked to verify the incoming identity token could not be reached. This is often a
- *             transient error caused by network conditions. Retry the request a limited number of
- *             times so that you don't exceed the request rate. If the error persists, the
- *             identity provider might be down or not responding.</p>
+ *  <p>The request could not be fulfilled because the identity provider (IDP) that was asked
+ *             to verify the incoming identity token could not be reached. This is often a transient
+ *             error caused by network conditions. Retry the request a limited number of times so that
+ *             you don't exceed the request rate. If the error persists, the identity provider might be
+ *             down or not responding.</p>
  *
  * @throws {@link IDPRejectedClaimException} (client fault)
  *  <p>The identity provider (IdP) reported that authentication failed. This might be because
@@ -239,15 +224,15 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
  *             the <i>IAM User Guide</i>.</p>
  *          <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
- *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate STS
- *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
- *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                     Guide</i>.</p>
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>
@@ -289,4 +274,15 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *
  */
 export declare class AssumeRoleWithWebIdentityCommand extends AssumeRoleWithWebIdentityCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: AssumeRoleWithWebIdentityRequest;
+            output: AssumeRoleWithWebIdentityResponse;
+        };
+        sdk: {
+            input: AssumeRoleWithWebIdentityCommandInput;
+            output: AssumeRoleWithWebIdentityCommandOutput;
+        };
+    };
 }

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRootCommand.d.ts

@@ -0,0 +1,129 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { AssumeRootRequest, AssumeRootResponse } from "../models/models_0";
+import { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link AssumeRootCommand}.
+ */
+export interface AssumeRootCommandInput extends AssumeRootRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link AssumeRootCommand}.
+ */
+export interface AssumeRootCommandOutput extends AssumeRootResponse, __MetadataBearer {
+}
+declare const AssumeRootCommand_base: {
+    new (input: AssumeRootCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRootCommandInput, AssumeRootCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (__0_0: AssumeRootCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRootCommandInput, AssumeRootCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Returns a set of short term credentials you can use to perform privileged tasks in a
+ *          member account.</p>
+ *          <p>Before you can launch a privileged session, you must have enabled centralized root
+ *          access in your organization. For steps to enable this feature, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html">Centralize root access for member accounts</a> in the <i>IAM User
+ *             Guide</i>.</p>
+ *          <note>
+ *             <p>The global endpoint is not supported for AssumeRoot. You must send this request to a
+ *             Regional STS endpoint. For more information, see <a href="https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html#sts-endpoints">Endpoints</a>.</p>
+ *          </note>
+ *          <p>You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a
+ *          session. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html">Track privileged tasks
+ *             in CloudTrail</a> in the <i>IAM User Guide</i>.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, AssumeRootCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, AssumeRootCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * const client = new STSClient(config);
+ * const input = { // AssumeRootRequest
+ *   TargetPrincipal: "STRING_VALUE", // required
+ *   TaskPolicyArn: { // PolicyDescriptorType
+ *     arn: "STRING_VALUE",
+ *   },
+ *   DurationSeconds: Number("int"),
+ * };
+ * const command = new AssumeRootCommand(input);
+ * const response = await client.send(command);
+ * // { // AssumeRootResponse
+ * //   Credentials: { // Credentials
+ * //     AccessKeyId: "STRING_VALUE", // required
+ * //     SecretAccessKey: "STRING_VALUE", // required
+ * //     SessionToken: "STRING_VALUE", // required
+ * //     Expiration: new Date("TIMESTAMP"), // required
+ * //   },
+ * //   SourceIdentity: "STRING_VALUE",
+ * // };
+ *
+ * ```
+ *
+ * @param AssumeRootCommandInput - {@link AssumeRootCommandInput}
+ * @returns {@link AssumeRootCommandOutput}
+ * @see {@link AssumeRootCommandInput} for command's `input` shape.
+ * @see {@link AssumeRootCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ * @throws {@link ExpiredTokenException} (client fault)
+ *  <p>The web identity token that was passed is expired or is not valid. Get a new identity
+ *             token from the identity provider and then retry the request.</p>
+ *
+ * @throws {@link RegionDisabledException} (client fault)
+ *  <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
+ *
+ * @throws {@link STSServiceException}
+ * <p>Base exception class for all service exceptions from STS service.</p>
+ *
+ * @public
+ * @example To launch a privileged session
+ * ```javascript
+ * // The following command retrieves a set of short-term credentials you can use to unlock an S3 bucket for a member account by removing the bucket policy.
+ * const input = {
+ *   "DurationSeconds": 900,
+ *   "TargetPrincipal": "111122223333",
+ *   "TaskPolicyArn": {
+ *     "arn": "arn:aws:iam::aws:policy/root-task/S3UnlockBucketPolicy"
+ *   }
+ * };
+ * const command = new AssumeRootCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "Credentials": {
+ *     "AccessKeyId": "ASIAJEXAMPLEXEG2JICEA",
+ *     "Expiration": "2024-11-15T00:05:07Z",
+ *     "SecretAccessKey": "9drTJvcXLB89EXAMPLELB8923FB892xMFI",
+ *     "SessionToken": "AQoXdzELDDY//////////wEaoAK1wvxJY12r2IrDFT2IvAzTCn3zHoZ7YNtpiQLF0MqZye/qwjzP2iEXAMPLEbw/m3hsj8VBTkPORGvr9jM5sgP+w9IZWZnU+LWhmg+a5fDi2oTGUYcdg9uexQ4mtCHIHfi4citgqZTgco40Yqr4lIlo4V2b2Dyauk0eYFNebHtYlFVgAUj+7Indz3LU0aTWk1WKIjHmmMCIoTkyYp/k7kUG7moeEYKSitwQIi6Gjn+nyzM+PtoA3685ixzv0R7i5rjQi0YE0lf1oeie3bDiNHncmzosRM6SFiPzSvp6h/32xQuZsjcypmwsPSDtTPYcs0+YN/8BRi2/IcrxSpnWEXAMPLEXSDFTAQAM6Dl9zR0tXoybnlrZIwMLlMi1Kcgo5OytwU="
+ *   },
+ *   "SourceIdentity": "Alice"
+ * }
+ * *\/
+ * // example id: to-launch-a-privileged-session-1731335424565
+ * ```
+ *
+ */
+export declare class AssumeRootCommand extends AssumeRootCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: AssumeRootRequest;
+            output: AssumeRootResponse;
+        };
+        sdk: {
+            input: AssumeRootCommandInput;
+            output: AssumeRootCommandOutput;
+        };
+    };
+}