@aws-sdk/client-iam 3.738.0 → 3.742.0

package/dist-cjs/index.js

@@ -27,6 +27,7 @@ __export(src_exports, {
   AddClientIDToOpenIDConnectProviderCommand: () => AddClientIDToOpenIDConnectProviderCommand,
   AddRoleToInstanceProfileCommand: () => AddRoleToInstanceProfileCommand,
   AddUserToGroupCommand: () => AddUserToGroupCommand,
+  AssertionEncryptionModeType: () => AssertionEncryptionModeType,
   AssignmentStatusType: () => AssignmentStatusType,
   AttachGroupPolicyCommand: () => AttachGroupPolicyCommand,
   AttachRolePolicyCommand: () => AttachRolePolicyCommand,
@@ -48,6 +49,7 @@ __export(src_exports, {
   CreatePolicyVersionCommand: () => CreatePolicyVersionCommand,
   CreateRoleCommand: () => CreateRoleCommand,
   CreateSAMLProviderCommand: () => CreateSAMLProviderCommand,
+  CreateSAMLProviderRequestFilterSensitiveLog: () => CreateSAMLProviderRequestFilterSensitiveLog,
   CreateServiceLinkedRoleCommand: () => CreateServiceLinkedRoleCommand,
   CreateServiceSpecificCredentialCommand: () => CreateServiceSpecificCredentialCommand,
   CreateServiceSpecificCredentialResponseFilterSensitiveLog: () => CreateServiceSpecificCredentialResponseFilterSensitiveLog,
@@ -244,6 +246,7 @@ __export(src_exports, {
   UpdateRoleCommand: () => UpdateRoleCommand,
   UpdateRoleDescriptionCommand: () => UpdateRoleDescriptionCommand,
   UpdateSAMLProviderCommand: () => UpdateSAMLProviderCommand,
+  UpdateSAMLProviderRequestFilterSensitiveLog: () => UpdateSAMLProviderRequestFilterSensitiveLog,
   UpdateSSHPublicKeyCommand: () => UpdateSSHPublicKeyCommand,
   UpdateServerCertificateCommand: () => UpdateServerCertificateCommand,
   UpdateServiceSpecificCredentialCommand: () => UpdateServiceSpecificCredentialCommand,
@@ -608,6 +611,10 @@ var UnmodifiableEntityException = class _UnmodifiableEntityException extends IAM
     Object.setPrototypeOf(this, _UnmodifiableEntityException.prototype);
   }
 };
+var AssertionEncryptionModeType = {
+  Allowed: "Allowed",
+  Required: "Required"
+};
 var AssignmentStatusType = {
   Any: "Any",
   Assigned: "Assigned",
@@ -1089,11 +1096,6 @@ var ContextKeyTypeEnum = {
   STRING: "string",
   STRING_LIST: "stringList"
 };
-var PolicyEvaluationDecisionType = {
-  ALLOWED: "allowed",
-  EXPLICIT_DENY: "explicitDeny",
-  IMPLICIT_DENY: "implicitDeny"
-};
 var AccessKeyFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj,
   ...obj.SecretAccessKey && { SecretAccessKey: import_smithy_client.SENSITIVE_STRING }
@@ -1111,6 +1113,10 @@ var CreateLoginProfileRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) =
   ...obj,
   ...obj.Password && { Password: import_smithy_client.SENSITIVE_STRING }
 }), "CreateLoginProfileRequestFilterSensitiveLog");
+var CreateSAMLProviderRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
+  ...obj,
+  ...obj.AddPrivateKey && { AddPrivateKey: import_smithy_client.SENSITIVE_STRING }
+}), "CreateSAMLProviderRequestFilterSensitiveLog");
 var ServiceSpecificCredentialFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj,
   ...obj.ServicePassword && { ServicePassword: import_smithy_client.SENSITIVE_STRING }
@@ -1145,6 +1151,11 @@ var ResetServiceSpecificCredentialResponseFilterSensitiveLog = /* @__PURE__ */ _
 
 // src/models/models_1.ts
 
+var PolicyEvaluationDecisionType = {
+  ALLOWED: "allowed",
+  EXPLICIT_DENY: "explicitDeny",
+  IMPLICIT_DENY: "implicitDeny"
+};
 var PolicySourceType = {
   AWS_MANAGED: "aws-managed",
   GROUP: "group",
@@ -1266,6 +1277,10 @@ var UpdateLoginProfileRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) =
   ...obj,
   ...obj.Password && { Password: import_smithy_client.SENSITIVE_STRING }
 }), "UpdateLoginProfileRequestFilterSensitiveLog");
+var UpdateSAMLProviderRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
+  ...obj,
+  ...obj.AddPrivateKey && { AddPrivateKey: import_smithy_client.SENSITIVE_STRING }
+}), "UpdateSAMLProviderRequestFilterSensitiveLog");
 var UploadServerCertificateRequestFilterSensitiveLog = /* @__PURE__ */ __name((obj) => ({
   ...obj,
   ...obj.PrivateKey && { PrivateKey: import_smithy_client.SENSITIVE_STRING }
@@ -5560,6 +5575,12 @@ var se_CreateSAMLProviderRequest = /* @__PURE__ */ __name((input, context) => {
       entries[loc] = value;
     });
   }
+  if (input[_AEM] != null) {
+    entries[_AEM] = input[_AEM];
+  }
+  if (input[_APK] != null) {
+    entries[_APK] = input[_APK];
+  }
   return entries;
 }, "se_CreateSAMLProviderRequest");
 var se_CreateServiceLinkedRoleRequest = /* @__PURE__ */ __name((input, context) => {
@@ -7372,6 +7393,15 @@ var se_UpdateSAMLProviderRequest = /* @__PURE__ */ __name((input, context) => {
   if (input[_SAMLPA] != null) {
     entries[_SAMLPA] = input[_SAMLPA];
   }
+  if (input[_AEM] != null) {
+    entries[_AEM] = input[_AEM];
+  }
+  if (input[_APK] != null) {
+    entries[_APK] = input[_APK];
+  }
+  if (input[_RPK] != null) {
+    entries[_RPK] = input[_RPK];
+  }
   return entries;
 }, "se_UpdateSAMLProviderRequest");
 var se_UpdateServerCertificateRequest = /* @__PURE__ */ __name((input, context) => {
@@ -8233,6 +8263,9 @@ var de_GetRoleResponse = /* @__PURE__ */ __name((output, context) => {
 }, "de_GetRoleResponse");
 var de_GetSAMLProviderResponse = /* @__PURE__ */ __name((output, context) => {
   const contents = {};
+  if (output[_SAMLPUUID] != null) {
+    contents[_SAMLPUUID] = (0, import_smithy_client.expectString)(output[_SAMLPUUID]);
+  }
   if (output[_SAMLMD] != null) {
     contents[_SAMLMD] = (0, import_smithy_client.expectString)(output[_SAMLMD]);
   }
@@ -8247,6 +8280,14 @@ var de_GetSAMLProviderResponse = /* @__PURE__ */ __name((output, context) => {
   } else if (output[_T] != null && output[_T][_me] != null) {
     contents[_T] = de_tagListType((0, import_smithy_client.getArrayIfSingleItem)(output[_T][_me]), context);
   }
+  if (output[_AEM] != null) {
+    contents[_AEM] = (0, import_smithy_client.expectString)(output[_AEM]);
+  }
+  if (output.PrivateKeyList === "") {
+    contents[_PKL] = [];
+  } else if (output[_PKL] != null && output[_PKL][_me] != null) {
+    contents[_PKL] = de_privateKeyList((0, import_smithy_client.getArrayIfSingleItem)(output[_PKL][_me]), context);
+  }
   return contents;
 }, "de_GetSAMLProviderResponse");
 var de_GetServerCertificateResponse = /* @__PURE__ */ __name((output, context) => {
@@ -9398,6 +9439,11 @@ var de_Position = /* @__PURE__ */ __name((output, context) => {
   }
   return contents;
 }, "de_Position");
+var de_privateKeyList = /* @__PURE__ */ __name((output, context) => {
+  return (output || []).filter((e) => e != null).map((entry) => {
+    return de_SAMLPrivateKey(entry, context);
+  });
+}, "de_privateKeyList");
 var de_ReportGenerationLimitExceededException = /* @__PURE__ */ __name((output, context) => {
   const contents = {};
   if (output[_m] != null) {
@@ -9569,6 +9615,16 @@ var de_RoleUsageType = /* @__PURE__ */ __name((output, context) => {
   }
   return contents;
 }, "de_RoleUsageType");
+var de_SAMLPrivateKey = /* @__PURE__ */ __name((output, context) => {
+  const contents = {};
+  if (output[_KI] != null) {
+    contents[_KI] = (0, import_smithy_client.expectString)(output[_KI]);
+  }
+  if (output[_Ti] != null) {
+    contents[_Ti] = (0, import_smithy_client.expectNonNull)((0, import_smithy_client.parseRfc3339DateTimeWithOffset)(output[_Ti]));
+  }
+  return contents;
+}, "de_SAMLPrivateKey");
 var de_SAMLProviderListEntry = /* @__PURE__ */ __name((output, context) => {
   const contents = {};
   if (output[_Ar] != null) {
@@ -10093,6 +10149,7 @@ var _ACIDTOIDCP = "AddClientIDToOpenIDConnectProvider";
 var _ACt = "AttachmentCount";
 var _ACu = "AuthenticationCode2";
 var _AD = "AccessDetails";
+var _AEM = "AssertionEncryptionMode";
 var _AGP = "AttachGroupPolicy";
 var _AK = "AccessKey";
 var _AKI = "AccessKeyId";
@@ -10102,6 +10159,7 @@ var _AMP = "AttachedManagedPolicies";
 var _AN = "ActionNames";
 var _ANc = "ActionName";
 var _AP = "AttachedPolicies";
+var _APK = "AddPrivateKey";
 var _ARP = "AttachRolePolicy";
 var _ARPD = "AssumeRolePolicyDocument";
 var _ARTIP = "AddRoleToInstanceProfile";
@@ -10259,6 +10317,7 @@ var _JI = "JobId";
 var _JS = "JobStatus";
 var _JT = "JobType";
 var _K = "Key";
+var _KI = "KeyId";
 var _L = "Line";
 var _LA = "LastAuthenticated";
 var _LAA = "ListAccountAliases";
@@ -10343,6 +10402,7 @@ var _PGSA = "PoliciesGrantingServiceAccess";
 var _PI = "PolicyId";
 var _PIL = "PolicyInputList";
 var _PK = "PrivateKey";
+var _PKL = "PrivateKeyList";
 var _PLU = "PasswordLastUsed";
 var _PN = "PolicyName";
 var _PNo = "PolicyNames";
@@ -10379,6 +10439,7 @@ var _RN = "RoleName";
 var _RNe = "RequireNumbers";
 var _RO = "ResourceOwner";
 var _RP = "ResourcePolicy";
+var _RPK = "RemovePrivateKey";
 var _RPL = "RolePolicyList";
 var _RRFIP = "RemoveRoleFromInstanceProfile";
 var _RS = "RequireSymbols";
@@ -10397,6 +10458,7 @@ var _SAK = "SecretAccessKey";
 var _SAMLMD = "SAMLMetadataDocument";
 var _SAMLPA = "SAMLProviderArn";
 var _SAMLPL = "SAMLProviderList";
+var _SAMLPUUID = "SAMLProviderUUID";
 var _SC = "ServerCertificate";
 var _SCI = "ServerCertificateId";
 var _SCM = "ServerCertificateMetadata";
@@ -10440,6 +10502,7 @@ var _TR = "TagRole";
 var _TSAMLP = "TagSAMLProvider";
 var _TSC = "TagServerCertificate";
 var _TU = "TagUser";
+var _Ti = "Timestamp";
 var _Ty = "Type";
 var _U = "Url";
 var _UAK = "UpdateAccessKey";
@@ -10742,7 +10805,7 @@ var CreateSAMLProviderCommand = class extends import_smithy_client.Command.class
     (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize),
     (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions())
   ];
-}).s("AWSIdentityManagementV20100508", "CreateSAMLProvider", {}).n("IAMClient", "CreateSAMLProviderCommand").f(void 0, void 0).ser(se_CreateSAMLProviderCommand).de(de_CreateSAMLProviderCommand).build() {
+}).s("AWSIdentityManagementV20100508", "CreateSAMLProvider", {}).n("IAMClient", "CreateSAMLProviderCommand").f(CreateSAMLProviderRequestFilterSensitiveLog, void 0).ser(se_CreateSAMLProviderCommand).de(de_CreateSAMLProviderCommand).build() {
   static {
     __name(this, "CreateSAMLProviderCommand");
   }
@@ -12827,7 +12890,7 @@ var UpdateSAMLProviderCommand = class extends import_smithy_client.Command.class
     (0, import_middleware_serde.getSerdePlugin)(config, this.serialize, this.deserialize),
     (0, import_middleware_endpoint.getEndpointPlugin)(config, Command.getEndpointParameterInstructions())
   ];
-}).s("AWSIdentityManagementV20100508", "UpdateSAMLProvider", {}).n("IAMClient", "UpdateSAMLProviderCommand").f(void 0, void 0).ser(se_UpdateSAMLProviderCommand).de(de_UpdateSAMLProviderCommand).build() {
+}).s("AWSIdentityManagementV20100508", "UpdateSAMLProvider", {}).n("IAMClient", "UpdateSAMLProviderCommand").f(UpdateSAMLProviderRequestFilterSensitiveLog, void 0).ser(se_UpdateSAMLProviderCommand).de(de_UpdateSAMLProviderCommand).build() {
   static {
     __name(this, "UpdateSAMLProviderCommand");
   }
@@ -13589,6 +13652,7 @@ var waitUntilUserExists = /* @__PURE__ */ __name(async (params, input) => {
   ServiceFailureException,
   EntityAlreadyExistsException,
   UnmodifiableEntityException,
+  AssertionEncryptionModeType,
   AssignmentStatusType,
   PermissionsBoundaryAttachmentType,
   PolicyNotAttachableException,
@@ -13626,17 +13690,18 @@ var waitUntilUserExists = /* @__PURE__ */ __name(async (params, input) => {
   GlobalEndpointTokenVersion,
   PolicyEvaluationException,
   ContextKeyTypeEnum,
-  PolicyEvaluationDecisionType,
   AccessKeyFilterSensitiveLog,
   ChangePasswordRequestFilterSensitiveLog,
   CreateAccessKeyResponseFilterSensitiveLog,
   CreateLoginProfileRequestFilterSensitiveLog,
+  CreateSAMLProviderRequestFilterSensitiveLog,
   ServiceSpecificCredentialFilterSensitiveLog,
   CreateServiceSpecificCredentialResponseFilterSensitiveLog,
   VirtualMFADeviceFilterSensitiveLog,
   CreateVirtualMFADeviceResponseFilterSensitiveLog,
   ListVirtualMFADevicesResponseFilterSensitiveLog,
   ResetServiceSpecificCredentialResponseFilterSensitiveLog,
+  PolicyEvaluationDecisionType,
   PolicySourceType,
   KeyPairMismatchException,
   MalformedCertificateException,
@@ -13645,6 +13710,7 @@ var waitUntilUserExists = /* @__PURE__ */ __name(async (params, input) => {
   DuplicateSSHPublicKeyException,
   InvalidPublicKeyException,
   UpdateLoginProfileRequestFilterSensitiveLog,
+  UpdateSAMLProviderRequestFilterSensitiveLog,
   UploadServerCertificateRequestFilterSensitiveLog
 });
 

package/dist-es/commands/CreateSAMLProviderCommand.js

@@ -2,6 +2,7 @@ import { getEndpointPlugin } from "@smithy/middleware-endpoint";
 import { getSerdePlugin } from "@smithy/middleware-serde";
 import { Command as $Command } from "@smithy/smithy-client";
 import { commonParams } from "../endpoint/EndpointParameters";
+import { CreateSAMLProviderRequestFilterSensitiveLog, } from "../models/models_0";
 import { de_CreateSAMLProviderCommand, se_CreateSAMLProviderCommand } from "../protocols/Aws_query";
 export { $Command };
 export class CreateSAMLProviderCommand extends $Command
@@ -15,7 +16,7 @@ export class CreateSAMLProviderCommand extends $Command
 })
     .s("AWSIdentityManagementV20100508", "CreateSAMLProvider", {})
     .n("IAMClient", "CreateSAMLProviderCommand")
-    .f(void 0, void 0)
+    .f(CreateSAMLProviderRequestFilterSensitiveLog, void 0)
     .ser(se_CreateSAMLProviderCommand)
     .de(de_CreateSAMLProviderCommand)
     .build() {

package/dist-es/commands/UpdateSAMLProviderCommand.js

@@ -2,6 +2,7 @@ import { getEndpointPlugin } from "@smithy/middleware-endpoint";
 import { getSerdePlugin } from "@smithy/middleware-serde";
 import { Command as $Command } from "@smithy/smithy-client";
 import { commonParams } from "../endpoint/EndpointParameters";
+import { UpdateSAMLProviderRequestFilterSensitiveLog, } from "../models/models_1";
 import { de_UpdateSAMLProviderCommand, se_UpdateSAMLProviderCommand } from "../protocols/Aws_query";
 export { $Command };
 export class UpdateSAMLProviderCommand extends $Command
@@ -15,7 +16,7 @@ export class UpdateSAMLProviderCommand extends $Command
 })
     .s("AWSIdentityManagementV20100508", "UpdateSAMLProvider", {})
     .n("IAMClient", "UpdateSAMLProviderCommand")
-    .f(void 0, void 0)
+    .f(UpdateSAMLProviderRequestFilterSensitiveLog, void 0)
     .ser(se_UpdateSAMLProviderCommand)
     .de(de_UpdateSAMLProviderCommand)
     .build() {

package/dist-es/models/models_0.js

@@ -94,6 +94,10 @@ export class UnmodifiableEntityException extends __BaseException {
         Object.setPrototypeOf(this, UnmodifiableEntityException.prototype);
     }
 }
+export const AssertionEncryptionModeType = {
+    Allowed: "Allowed",
+    Required: "Required",
+};
 export const AssignmentStatusType = {
     Any: "Any",
     Assigned: "Assigned",
@@ -455,11 +459,6 @@ export const ContextKeyTypeEnum = {
     STRING: "string",
     STRING_LIST: "stringList",
 };
-export const PolicyEvaluationDecisionType = {
-    ALLOWED: "allowed",
-    EXPLICIT_DENY: "explicitDeny",
-    IMPLICIT_DENY: "implicitDeny",
-};
 export const AccessKeyFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.SecretAccessKey && { SecretAccessKey: SENSITIVE_STRING }),
@@ -477,6 +476,10 @@ export const CreateLoginProfileRequestFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.Password && { Password: SENSITIVE_STRING }),
 });
+export const CreateSAMLProviderRequestFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.AddPrivateKey && { AddPrivateKey: SENSITIVE_STRING }),
+});
 export const ServiceSpecificCredentialFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.ServicePassword && { ServicePassword: SENSITIVE_STRING }),

package/dist-es/models/models_1.js

@@ -1,5 +1,10 @@
 import { SENSITIVE_STRING } from "@smithy/smithy-client";
 import { IAMServiceException as __BaseException } from "./IAMServiceException";
+export const PolicyEvaluationDecisionType = {
+    ALLOWED: "allowed",
+    EXPLICIT_DENY: "explicitDeny",
+    IMPLICIT_DENY: "implicitDeny",
+};
 export const PolicySourceType = {
     AWS_MANAGED: "aws-managed",
     GROUP: "group",
@@ -85,6 +90,10 @@ export const UpdateLoginProfileRequestFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.Password && { Password: SENSITIVE_STRING }),
 });
+export const UpdateSAMLProviderRequestFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.AddPrivateKey && { AddPrivateKey: SENSITIVE_STRING }),
+});
 export const UploadServerCertificateRequestFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.PrivateKey && { PrivateKey: SENSITIVE_STRING }),

package/dist-es/protocols/Aws_query.js

@@ -4283,6 +4283,12 @@ const se_CreateSAMLProviderRequest = (input, context) => {
             entries[loc] = value;
         });
     }
+    if (input[_AEM] != null) {
+        entries[_AEM] = input[_AEM];
+    }
+    if (input[_APK] != null) {
+        entries[_APK] = input[_APK];
+    }
     return entries;
 };
 const se_CreateServiceLinkedRoleRequest = (input, context) => {
@@ -6095,6 +6101,15 @@ const se_UpdateSAMLProviderRequest = (input, context) => {
     if (input[_SAMLPA] != null) {
         entries[_SAMLPA] = input[_SAMLPA];
     }
+    if (input[_AEM] != null) {
+        entries[_AEM] = input[_AEM];
+    }
+    if (input[_APK] != null) {
+        entries[_APK] = input[_APK];
+    }
+    if (input[_RPK] != null) {
+        entries[_RPK] = input[_RPK];
+    }
     return entries;
 };
 const se_UpdateServerCertificateRequest = (input, context) => {
@@ -7001,6 +7016,9 @@ const de_GetRoleResponse = (output, context) => {
 };
 const de_GetSAMLProviderResponse = (output, context) => {
     const contents = {};
+    if (output[_SAMLPUUID] != null) {
+        contents[_SAMLPUUID] = __expectString(output[_SAMLPUUID]);
+    }
     if (output[_SAMLMD] != null) {
         contents[_SAMLMD] = __expectString(output[_SAMLMD]);
     }
@@ -7016,6 +7034,15 @@ const de_GetSAMLProviderResponse = (output, context) => {
     else if (output[_T] != null && output[_T][_me] != null) {
         contents[_T] = de_tagListType(__getArrayIfSingleItem(output[_T][_me]), context);
     }
+    if (output[_AEM] != null) {
+        contents[_AEM] = __expectString(output[_AEM]);
+    }
+    if (output.PrivateKeyList === "") {
+        contents[_PKL] = [];
+    }
+    else if (output[_PKL] != null && output[_PKL][_me] != null) {
+        contents[_PKL] = de_privateKeyList(__getArrayIfSingleItem(output[_PKL][_me]), context);
+    }
     return contents;
 };
 const de_GetServerCertificateResponse = (output, context) => {
@@ -8242,6 +8269,13 @@ const de_Position = (output, context) => {
     }
     return contents;
 };
+const de_privateKeyList = (output, context) => {
+    return (output || [])
+        .filter((e) => e != null)
+        .map((entry) => {
+        return de_SAMLPrivateKey(entry, context);
+    });
+};
 const de_ReportGenerationLimitExceededException = (output, context) => {
     const contents = {};
     if (output[_m] != null) {
@@ -8430,6 +8464,16 @@ const de_RoleUsageType = (output, context) => {
     }
     return contents;
 };
+const de_SAMLPrivateKey = (output, context) => {
+    const contents = {};
+    if (output[_KI] != null) {
+        contents[_KI] = __expectString(output[_KI]);
+    }
+    if (output[_Ti] != null) {
+        contents[_Ti] = __expectNonNull(__parseRfc3339DateTimeWithOffset(output[_Ti]));
+    }
+    return contents;
+};
 const de_SAMLProviderListEntry = (output, context) => {
     const contents = {};
     if (output[_Ar] != null) {
@@ -8989,6 +9033,7 @@ const _ACIDTOIDCP = "AddClientIDToOpenIDConnectProvider";
 const _ACt = "AttachmentCount";
 const _ACu = "AuthenticationCode2";
 const _AD = "AccessDetails";
+const _AEM = "AssertionEncryptionMode";
 const _AGP = "AttachGroupPolicy";
 const _AK = "AccessKey";
 const _AKI = "AccessKeyId";
@@ -8998,6 +9043,7 @@ const _AMP = "AttachedManagedPolicies";
 const _AN = "ActionNames";
 const _ANc = "ActionName";
 const _AP = "AttachedPolicies";
+const _APK = "AddPrivateKey";
 const _ARP = "AttachRolePolicy";
 const _ARPD = "AssumeRolePolicyDocument";
 const _ARTIP = "AddRoleToInstanceProfile";
@@ -9155,6 +9201,7 @@ const _JI = "JobId";
 const _JS = "JobStatus";
 const _JT = "JobType";
 const _K = "Key";
+const _KI = "KeyId";
 const _L = "Line";
 const _LA = "LastAuthenticated";
 const _LAA = "ListAccountAliases";
@@ -9239,6 +9286,7 @@ const _PGSA = "PoliciesGrantingServiceAccess";
 const _PI = "PolicyId";
 const _PIL = "PolicyInputList";
 const _PK = "PrivateKey";
+const _PKL = "PrivateKeyList";
 const _PLU = "PasswordLastUsed";
 const _PN = "PolicyName";
 const _PNo = "PolicyNames";
@@ -9275,6 +9323,7 @@ const _RN = "RoleName";
 const _RNe = "RequireNumbers";
 const _RO = "ResourceOwner";
 const _RP = "ResourcePolicy";
+const _RPK = "RemovePrivateKey";
 const _RPL = "RolePolicyList";
 const _RRFIP = "RemoveRoleFromInstanceProfile";
 const _RS = "RequireSymbols";
@@ -9293,6 +9342,7 @@ const _SAK = "SecretAccessKey";
 const _SAMLMD = "SAMLMetadataDocument";
 const _SAMLPA = "SAMLProviderArn";
 const _SAMLPL = "SAMLProviderList";
+const _SAMLPUUID = "SAMLProviderUUID";
 const _SC = "ServerCertificate";
 const _SCI = "ServerCertificateId";
 const _SCM = "ServerCertificateMetadata";
@@ -9336,6 +9386,7 @@ const _TR = "TagRole";
 const _TSAMLP = "TagSAMLProvider";
 const _TSC = "TagServerCertificate";
 const _TU = "TagUser";
+const _Ti = "Timestamp";
 const _Ty = "Type";
 const _U = "Url";
 const _UAK = "UpdateAccessKey";

package/dist-types/commands/AddRoleToInstanceProfileCommand.d.ts

@@ -37,6 +37,13 @@ declare const AddRoleToInstanceProfileCommand_base: {
  *             <p>The caller of this operation must be granted the <code>PassRole</code> permission
  *                 on the IAM role by a permissions policy.</p>
  *          </note>
+ *          <important>
+ *             <p>When using the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#available-keys-for-iam">iam:AssociatedResourceArn</a> condition in a policy to restrict the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html">PassRole</a> IAM action, special considerations apply if the policy is
+ *                 intended to define access for the <code>AddRoleToInstanceProfile</code> action. In
+ *                 this case, you cannot specify a Region or instance ID in the EC2 instance ARN. The
+ *                 ARN value must be <code>arn:aws:ec2:*:CallerAccountId:instance/*</code>. Using any
+ *                 other ARN value may lead to unexpected evaluation results.</p>
+ *          </important>
  *          <p> For more information about roles, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html">IAM roles</a> in the
  *                 <i>IAM User Guide</i>. For more information about instance profiles,
  *             see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html">Using

package/dist-types/commands/CreateSAMLProviderCommand.d.ts

@@ -60,6 +60,8 @@ declare const CreateSAMLProviderCommand_base: {
  *       Value: "STRING_VALUE", // required
  *     },
  *   ],
+ *   AssertionEncryptionMode: "Required" || "Allowed",
+ *   AddPrivateKey: "STRING_VALUE",
  * };
  * const command = new CreateSAMLProviderCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/DisableOrganizationsRootCredentialsManagementCommand.d.ts

@@ -29,7 +29,7 @@ declare const DisableOrganizationsRootCredentialsManagementCommand_base: {
 /**
  * <p>Disables the management of privileged root user credentials across member accounts in
  *             your organization. When you disable this feature, the management account and the
- *             delegated admininstrator for IAM can no longer manage root user credentials for member
+ *             delegated administrator for IAM can no longer manage root user credentials for member
  *             accounts in your organization.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
@@ -66,7 +66,7 @@ declare const DisableOrganizationsRootCredentialsManagementCommand_base: {
  * @throws {@link OrganizationNotInAllFeaturesModeException} (client fault)
  *  <p>The request was rejected because your organization does not have All features enabled. For
  *       more information, see <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set">Available feature sets</a> in the <i>Organizations User
- *       Guide</i>.</p>
+ *           Guide</i>.</p>
  *
  * @throws {@link ServiceAccessNotEnabledException} (client fault)
  *  <p>The request was rejected because trusted access is not enabled for IAM in Organizations. For details, see IAM and Organizations in the <i>Organizations User Guide</i>.</p>

package/dist-types/commands/DisableOrganizationsRootSessionsCommand.d.ts

@@ -29,7 +29,7 @@ declare const DisableOrganizationsRootSessionsCommand_base: {
 /**
  * <p>Disables root user sessions for privileged tasks across member accounts in your
  *             organization. When you disable this feature, the management account and the delegated
- *             admininstrator for IAM can no longer perform privileged tasks on member accounts in
+ *             administrator for IAM can no longer perform privileged tasks on member accounts in
  *             your organization.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
@@ -66,7 +66,7 @@ declare const DisableOrganizationsRootSessionsCommand_base: {
  * @throws {@link OrganizationNotInAllFeaturesModeException} (client fault)
  *  <p>The request was rejected because your organization does not have All features enabled. For
  *       more information, see <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set">Available feature sets</a> in the <i>Organizations User
- *       Guide</i>.</p>
+ *           Guide</i>.</p>
  *
  * @throws {@link ServiceAccessNotEnabledException} (client fault)
  *  <p>The request was rejected because trusted access is not enabled for IAM in Organizations. For details, see IAM and Organizations in the <i>Organizations User Guide</i>.</p>

package/dist-types/commands/EnableOrganizationsRootCredentialsManagementCommand.d.ts

@@ -29,7 +29,7 @@ declare const EnableOrganizationsRootCredentialsManagementCommand_base: {
 /**
  * <p>Enables the management of privileged root user credentials across member accounts in your
  *             organization. When you enable root credentials management for <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management">centralized root access</a>, the management account and the delegated
- *             admininstrator for IAM can manage root user credentials for member accounts in your
+ *             administrator for IAM can manage root user credentials for member accounts in your
  *             organization.</p>
  *          <p>Before you enable centralized root access, you must have an account configured with
  *             the following settings:</p>
@@ -39,7 +39,7 @@ declare const EnableOrganizationsRootCredentialsManagementCommand_base: {
  *             </li>
  *             <li>
  *                <p>Enable trusted access for Identity and Access Management in Organizations. For details, see
- *                         <a href="https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-ra.html">IAM and Organizations</a> in the <i>Organizations User
+ *                         <a href="https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-iam.html">IAM and Organizations</a> in the <i>Organizations User
  *                         Guide</i>.</p>
  *             </li>
  *          </ul>
@@ -82,7 +82,7 @@ declare const EnableOrganizationsRootCredentialsManagementCommand_base: {
  * @throws {@link OrganizationNotInAllFeaturesModeException} (client fault)
  *  <p>The request was rejected because your organization does not have All features enabled. For
  *       more information, see <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set">Available feature sets</a> in the <i>Organizations User
- *       Guide</i>.</p>
+ *           Guide</i>.</p>
  *
  * @throws {@link ServiceAccessNotEnabledException} (client fault)
  *  <p>The request was rejected because trusted access is not enabled for IAM in Organizations. For details, see IAM and Organizations in the <i>Organizations User Guide</i>.</p>

package/dist-types/commands/EnableOrganizationsRootSessionsCommand.d.ts

@@ -81,7 +81,7 @@ declare const EnableOrganizationsRootSessionsCommand_base: {
  * @throws {@link OrganizationNotInAllFeaturesModeException} (client fault)
  *  <p>The request was rejected because your organization does not have All features enabled. For
  *       more information, see <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set">Available feature sets</a> in the <i>Organizations User
- *       Guide</i>.</p>
+ *           Guide</i>.</p>
  *
  * @throws {@link ServiceAccessNotEnabledException} (client fault)
  *  <p>The request was rejected because trusted access is not enabled for IAM in Organizations. For details, see IAM and Organizations in the <i>Organizations User Guide</i>.</p>

package/dist-types/commands/GetCredentialReportCommand.d.ts

@@ -57,7 +57,7 @@ declare const GetCredentialReportCommand_base: {
  *  <p>The request was rejected because the most recent credential report has expired. To
  *       generate a new credential report, use <a>GenerateCredentialReport</a>. For more
  *       information about credential report expiration, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html">Getting credential reports</a> in the
- *         <i>IAM User Guide</i>.</p>
+ *       <i>IAM User Guide</i>.</p>
  *
  * @throws {@link CredentialReportNotPresentException} (client fault)
  *  <p>The request was rejected because the credential report does not exist. To generate a

package/dist-types/commands/GetSAMLProviderCommand.d.ts

@@ -44,6 +44,7 @@ declare const GetSAMLProviderCommand_base: {
  * const command = new GetSAMLProviderCommand(input);
  * const response = await client.send(command);
  * // { // GetSAMLProviderResponse
+ * //   SAMLProviderUUID: "STRING_VALUE",
  * //   SAMLMetadataDocument: "STRING_VALUE",
  * //   CreateDate: new Date("TIMESTAMP"),
  * //   ValidUntil: new Date("TIMESTAMP"),
@@ -53,6 +54,13 @@ declare const GetSAMLProviderCommand_base: {
  * //       Value: "STRING_VALUE", // required
  * //     },
  * //   ],
+ * //   AssertionEncryptionMode: "Required" || "Allowed",
+ * //   PrivateKeyList: [ // privateKeyList
+ * //     { // SAMLPrivateKey
+ * //       KeyId: "STRING_VALUE",
+ * //       Timestamp: new Date("TIMESTAMP"),
+ * //     },
+ * //   ],
  * // };
  *
  * ```

package/dist-types/commands/ListAccountAliasesCommand.d.ts

@@ -28,9 +28,9 @@ declare const ListAccountAliasesCommand_base: {
 };
 /**
  * <p>Lists the account alias associated with the Amazon Web Services account (Note: you can have only
- *             one). For information about using an Amazon Web Services account alias, see <a href="https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html">Creating,
- *                 deleting, and listing an Amazon Web Services account alias</a> in the <i>Amazon Web Services Sign-In
- *                 User Guide</i>.</p>
+ *             one). For information about using an Amazon Web Services account alias, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html#CreateAccountAlias">Creating,
+ *                 deleting, and listing an Amazon Web Services account alias</a> in the
+ *                 <i>IAM User Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListOrganizationsFeaturesCommand.d.ts

@@ -64,7 +64,7 @@ declare const ListOrganizationsFeaturesCommand_base: {
  * @throws {@link OrganizationNotInAllFeaturesModeException} (client fault)
  *  <p>The request was rejected because your organization does not have All features enabled. For
  *       more information, see <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set">Available feature sets</a> in the <i>Organizations User
- *       Guide</i>.</p>
+ *           Guide</i>.</p>
  *
  * @throws {@link ServiceAccessNotEnabledException} (client fault)
  *  <p>The request was rejected because trusted access is not enabled for IAM in Organizations. For details, see IAM and Organizations in the <i>Organizations User Guide</i>.</p>

package/dist-types/commands/UpdateSAMLProviderCommand.d.ts

@@ -27,10 +27,9 @@ declare const UpdateSAMLProviderCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Updates the metadata document for an existing SAML provider resource object.</p>
- *          <note>
- *             <p>This operation requires <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a>.</p>
- *          </note>
+ * <p>Updates the metadata document, SAML encryption settings, and private keys for an
+ *             existing SAML provider. To rotate private keys, add your new private key and then remove
+ *             the old key in a separate request.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -38,8 +37,11 @@ declare const UpdateSAMLProviderCommand_base: {
  * // const { IAMClient, UpdateSAMLProviderCommand } = require("@aws-sdk/client-iam"); // CommonJS import
  * const client = new IAMClient(config);
  * const input = { // UpdateSAMLProviderRequest
- *   SAMLMetadataDocument: "STRING_VALUE", // required
+ *   SAMLMetadataDocument: "STRING_VALUE",
  *   SAMLProviderArn: "STRING_VALUE", // required
+ *   AssertionEncryptionMode: "Required" || "Allowed",
+ *   AddPrivateKey: "STRING_VALUE",
+ *   RemovePrivateKey: "STRING_VALUE",
  * };
  * const command = new UpdateSAMLProviderCommand(input);
  * const response = await client.send(command);

package/dist-types/models/models_0.d.ts

@@ -363,6 +363,18 @@ export interface AddUserToGroupRequest {
      */
     UserName: string | undefined;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const AssertionEncryptionModeType: {
+    readonly Allowed: "Allowed";
+    readonly Required: "Required";
+};
+/**
+ * @public
+ */
+export type AssertionEncryptionModeType = (typeof AssertionEncryptionModeType)[keyof typeof AssertionEncryptionModeType];
 /**
  * @public
  * @enum
@@ -1551,6 +1563,18 @@ export interface CreateSAMLProviderRequest {
      * @public
      */
     Tags?: Tag[] | undefined;
+    /**
+     * <p>Specifies the encryption setting for the SAML provider.</p>
+     * @public
+     */
+    AssertionEncryptionMode?: AssertionEncryptionModeType | undefined;
+    /**
+     * <p>The private key generated from your external identity provider. The private key must
+     *             be a .pem file that uses AES-GCM or AES-CBC encryption algorithm to decrypt SAML
+     *             assertions.</p>
+     * @public
+     */
+    AddPrivateKey?: string | undefined;
 }
 /**
  * <p>Contains the response to a successful <a>CreateSAMLProvider</a> request.
@@ -2431,7 +2455,7 @@ export declare class OrganizationNotFoundException extends __BaseException {
 /**
  * <p>The request was rejected because your organization does not have All features enabled. For
  *       more information, see <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html#feature-set">Available feature sets</a> in the <i>Organizations User
- *       Guide</i>.</p>
+ *           Guide</i>.</p>
  * @public
  */
 export declare class OrganizationNotInAllFeaturesModeException extends __BaseException {
@@ -3014,7 +3038,8 @@ export interface RoleDetail {
      *          date and time and the Region in which the role was last used. Activity is only reported for
      *          the trailing 400 days. This period can be shorter if your Region began supporting these
      *          features within the last year. The role might have been used more than 400 days ago. For
-     *          more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period">Regions where data is tracked</a> in the <i>IAM User Guide</i>.</p>
+     *          more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period">Regions where data is tracked</a> in the
+     *          <i>IAM User Guide</i>.</p>
      * @public
      */
     RoleLastUsed?: RoleLastUsed | undefined;
@@ -3347,7 +3372,7 @@ export interface GetContextKeysForPrincipalPolicyRequest {
  * <p>The request was rejected because the most recent credential report has expired. To
  *       generate a new credential report, use <a>GenerateCredentialReport</a>. For more
  *       information about credential report expiration, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html">Getting credential reports</a> in the
- *         <i>IAM User Guide</i>.</p>
+ *       <i>IAM User Guide</i>.</p>
  * @public
  */
 export declare class CredentialReportExpiredException extends __BaseException {
@@ -3951,12 +3976,35 @@ export interface GetSAMLProviderRequest {
      */
     SAMLProviderArn: string | undefined;
 }
+/**
+ * <p>Contains the private keys for the SAML provider.</p>
+ *          <p>This data type is used as a response element in the <a>GetSAMLProvider</a> operation.</p>
+ * @public
+ */
+export interface SAMLPrivateKey {
+    /**
+     * <p>The unique identifier for the SAML private key.</p>
+     * @public
+     */
+    KeyId?: string | undefined;
+    /**
+     * <p>The date and time, in <a href="http://www.iso.org/iso/iso8601">ISO 8601 date-time
+     *          </a> format, when the private key was uploaded.</p>
+     * @public
+     */
+    Timestamp?: Date | undefined;
+}
 /**
  * <p>Contains the response to a successful <a>GetSAMLProvider</a> request.
  *     </p>
  * @public
  */
 export interface GetSAMLProviderResponse {
+    /**
+     * <p>The unique identifier assigned to the SAML provider.</p>
+     * @public
+     */
+    SAMLProviderUUID?: string | undefined;
     /**
      * <p>The XML metadata document that includes information about an identity provider.</p>
      * @public
@@ -3979,6 +4027,16 @@ export interface GetSAMLProviderResponse {
      * @public
      */
     Tags?: Tag[] | undefined;
+    /**
+     * <p>Specifies the encryption setting for the SAML provider.</p>
+     * @public
+     */
+    AssertionEncryptionMode?: AssertionEncryptionModeType | undefined;
+    /**
+     * <p>The private key metadata for the SAML provider.</p>
+     * @public
+     */
+    PrivateKeyList?: SAMLPrivateKey[] | undefined;
 }
 /**
  * @public
@@ -4195,8 +4253,8 @@ export interface ServiceLastAccessed {
      */
     LastAuthenticatedRegion?: string | undefined;
     /**
-     * <p>The total number of authenticated principals (root user, IAM users, or IAM roles)
-     *          that have attempted to access the service.</p>
+     * <p>The total number of authenticated principals (root user, IAM users, or IAM roles) that
+     *          have attempted to access the service.</p>
      *          <p>This field is null if no principals attempted to access the service within the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period">tracking period</a>.</p>
      * @public
      */
@@ -7751,39 +7809,6 @@ export interface SimulateCustomPolicyRequest {
      */
     Marker?: string | undefined;
 }
-/**
- * @public
- * @enum
- */
-export declare const PolicyEvaluationDecisionType: {
-    readonly ALLOWED: "allowed";
-    readonly EXPLICIT_DENY: "explicitDeny";
-    readonly IMPLICIT_DENY: "implicitDeny";
-};
-/**
- * @public
- */
-export type PolicyEvaluationDecisionType = (typeof PolicyEvaluationDecisionType)[keyof typeof PolicyEvaluationDecisionType];
-/**
- * <p>Contains the row and column of a location of a <code>Statement</code> element in a
- *          policy document.</p>
- *          <p>This data type is used as a member of the <code>
- *                <a>Statement</a>
- *             </code> type.</p>
- * @public
- */
-export interface Position {
-    /**
-     * <p>The line containing the specified position in the document.</p>
-     * @public
-     */
-    Line?: number | undefined;
-    /**
-     * <p>The column in the line containing the specified position in the document.</p>
-     * @public
-     */
-    Column?: number | undefined;
-}
 /**
  * @internal
  */
@@ -7800,6 +7825,10 @@ export declare const CreateAccessKeyResponseFilterSensitiveLog: (obj: CreateAcce
  * @internal
  */
 export declare const CreateLoginProfileRequestFilterSensitiveLog: (obj: CreateLoginProfileRequest) => any;
+/**
+ * @internal
+ */
+export declare const CreateSAMLProviderRequestFilterSensitiveLog: (obj: CreateSAMLProviderRequest) => any;
 /**
  * @internal
  */

package/dist-types/models/models_1.d.ts

@@ -1,6 +1,39 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
 import { IAMServiceException as __BaseException } from "./IAMServiceException";
-import { ContextEntry, PolicyEvaluationDecisionType, Position, Role, ServerCertificateMetadata, SigningCertificate, SSHPublicKey, StatusType, Tag } from "./models_0";
+import { AssertionEncryptionModeType, ContextEntry, Role, ServerCertificateMetadata, SigningCertificate, SSHPublicKey, StatusType, Tag } from "./models_0";
+/**
+ * @public
+ * @enum
+ */
+export declare const PolicyEvaluationDecisionType: {
+    readonly ALLOWED: "allowed";
+    readonly EXPLICIT_DENY: "explicitDeny";
+    readonly IMPLICIT_DENY: "implicitDeny";
+};
+/**
+ * @public
+ */
+export type PolicyEvaluationDecisionType = (typeof PolicyEvaluationDecisionType)[keyof typeof PolicyEvaluationDecisionType];
+/**
+ * <p>Contains the row and column of a location of a <code>Statement</code> element in a
+ *          policy document.</p>
+ *          <p>This data type is used as a member of the <code>
+ *                <a>Statement</a>
+ *             </code> type.</p>
+ * @public
+ */
+export interface Position {
+    /**
+     * <p>The line containing the specified position in the document.</p>
+     * @public
+     */
+    Line?: number | undefined;
+    /**
+     * <p>The column in the line containing the specified position in the document.</p>
+     * @public
+     */
+    Column?: number | undefined;
+}
 /**
  * @public
  * @enum
@@ -1081,16 +1114,33 @@ export interface UpdateSAMLProviderRequest {
      *             document includes the issuer's name, expiration information, and keys that can be used
      *             to validate the SAML authentication response (assertions) that are received from the
      *             IdP. You must generate the metadata document using the identity management software that
-     *             is used as your organization's IdP.</p>
+     *             is used as your IdP.</p>
      * @public
      */
-    SAMLMetadataDocument: string | undefined;
+    SAMLMetadataDocument?: string | undefined;
     /**
      * <p>The Amazon Resource Name (ARN) of the SAML provider to update.</p>
      *          <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
      * @public
      */
     SAMLProviderArn: string | undefined;
+    /**
+     * <p>Specifies the encryption setting for the SAML provider.</p>
+     * @public
+     */
+    AssertionEncryptionMode?: AssertionEncryptionModeType | undefined;
+    /**
+     * <p>Specifies the new private key from your external identity provider. The
+     *             private key must be a .pem file that uses AES-GCM or AES-CBC encryption algorithm to
+     *             decrypt SAML assertions.</p>
+     * @public
+     */
+    AddPrivateKey?: string | undefined;
+    /**
+     * <p>The Key ID of the private key to remove.</p>
+     * @public
+     */
+    RemovePrivateKey?: string | undefined;
 }
 /**
  * <p>Contains the response to a successful <a>UpdateSAMLProvider</a> request.
@@ -1541,6 +1591,10 @@ export interface UploadSSHPublicKeyResponse {
  * @internal
  */
 export declare const UpdateLoginProfileRequestFilterSensitiveLog: (obj: UpdateLoginProfileRequest) => any;
+/**
+ * @internal
+ */
+export declare const UpdateSAMLProviderRequestFilterSensitiveLog: (obj: UpdateSAMLProviderRequest) => any;
 /**
  * @internal
  */

package/dist-types/ts3.4/models/models_0.d.ts

@@ -102,6 +102,12 @@ export interface AddUserToGroupRequest {
   GroupName: string | undefined;
   UserName: string | undefined;
 }
+export declare const AssertionEncryptionModeType: {
+  readonly Allowed: "Allowed";
+  readonly Required: "Required";
+};
+export type AssertionEncryptionModeType =
+  (typeof AssertionEncryptionModeType)[keyof typeof AssertionEncryptionModeType];
 export declare const AssignmentStatusType: {
   readonly Any: "Any";
   readonly Assigned: "Assigned";
@@ -340,6 +346,8 @@ export interface CreateSAMLProviderRequest {
   SAMLMetadataDocument: string | undefined;
   Name: string | undefined;
   Tags?: Tag[] | undefined;
+  AssertionEncryptionMode?: AssertionEncryptionModeType | undefined;
+  AddPrivateKey?: string | undefined;
 }
 export interface CreateSAMLProviderResponse {
   SAMLProviderArn?: string | undefined;
@@ -925,11 +933,18 @@ export interface GetRolePolicyResponse {
 export interface GetSAMLProviderRequest {
   SAMLProviderArn: string | undefined;
 }
+export interface SAMLPrivateKey {
+  KeyId?: string | undefined;
+  Timestamp?: Date | undefined;
+}
 export interface GetSAMLProviderResponse {
+  SAMLProviderUUID?: string | undefined;
   SAMLMetadataDocument?: string | undefined;
   CreateDate?: Date | undefined;
   ValidUntil?: Date | undefined;
   Tags?: Tag[] | undefined;
+  AssertionEncryptionMode?: AssertionEncryptionModeType | undefined;
+  PrivateKeyList?: SAMLPrivateKey[] | undefined;
 }
 export interface GetServerCertificateRequest {
   ServerCertificateName: string | undefined;
@@ -1602,17 +1617,6 @@ export interface SimulateCustomPolicyRequest {
   MaxItems?: number | undefined;
   Marker?: string | undefined;
 }
-export declare const PolicyEvaluationDecisionType: {
-  readonly ALLOWED: "allowed";
-  readonly EXPLICIT_DENY: "explicitDeny";
-  readonly IMPLICIT_DENY: "implicitDeny";
-};
-export type PolicyEvaluationDecisionType =
-  (typeof PolicyEvaluationDecisionType)[keyof typeof PolicyEvaluationDecisionType];
-export interface Position {
-  Line?: number | undefined;
-  Column?: number | undefined;
-}
 export declare const AccessKeyFilterSensitiveLog: (obj: AccessKey) => any;
 export declare const ChangePasswordRequestFilterSensitiveLog: (
   obj: ChangePasswordRequest
@@ -1623,6 +1627,9 @@ export declare const CreateAccessKeyResponseFilterSensitiveLog: (
 export declare const CreateLoginProfileRequestFilterSensitiveLog: (
   obj: CreateLoginProfileRequest
 ) => any;
+export declare const CreateSAMLProviderRequestFilterSensitiveLog: (
+  obj: CreateSAMLProviderRequest
+) => any;
 export declare const ServiceSpecificCredentialFilterSensitiveLog: (
   obj: ServiceSpecificCredential
 ) => any;

package/dist-types/ts3.4/models/models_1.d.ts

@@ -1,9 +1,8 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
 import { IAMServiceException as __BaseException } from "./IAMServiceException";
 import {
+  AssertionEncryptionModeType,
   ContextEntry,
-  PolicyEvaluationDecisionType,
-  Position,
   Role,
   ServerCertificateMetadata,
   SigningCertificate,
@@ -11,6 +10,17 @@ import {
   StatusType,
   Tag,
 } from "./models_0";
+export declare const PolicyEvaluationDecisionType: {
+  readonly ALLOWED: "allowed";
+  readonly EXPLICIT_DENY: "explicitDeny";
+  readonly IMPLICIT_DENY: "implicitDeny";
+};
+export type PolicyEvaluationDecisionType =
+  (typeof PolicyEvaluationDecisionType)[keyof typeof PolicyEvaluationDecisionType];
+export interface Position {
+  Line?: number | undefined;
+  Column?: number | undefined;
+}
 export declare const PolicySourceType: {
   readonly AWS_MANAGED: "aws-managed";
   readonly GROUP: "group";
@@ -192,8 +202,11 @@ export interface UpdateRoleDescriptionResponse {
   Role?: Role | undefined;
 }
 export interface UpdateSAMLProviderRequest {
-  SAMLMetadataDocument: string | undefined;
+  SAMLMetadataDocument?: string | undefined;
   SAMLProviderArn: string | undefined;
+  AssertionEncryptionMode?: AssertionEncryptionModeType | undefined;
+  AddPrivateKey?: string | undefined;
+  RemovePrivateKey?: string | undefined;
 }
 export interface UpdateSAMLProviderResponse {
   SAMLProviderArn?: string | undefined;
@@ -294,6 +307,9 @@ export interface UploadSSHPublicKeyResponse {
 export declare const UpdateLoginProfileRequestFilterSensitiveLog: (
   obj: UpdateLoginProfileRequest
 ) => any;
+export declare const UpdateSAMLProviderRequestFilterSensitiveLog: (
+  obj: UpdateSAMLProviderRequest
+) => any;
 export declare const UploadServerCertificateRequestFilterSensitiveLog: (
   obj: UploadServerCertificateRequest
 ) => any;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-iam",
   "description": "AWS SDK for JavaScript Iam Client for Node.js, Browser and React Native",
-  "version": "3.738.0",
+  "version": "3.742.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-iam",
@@ -21,7 +21,7 @@
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
     "@aws-sdk/core": "3.734.0",
-    "@aws-sdk/credential-provider-node": "3.738.0",
+    "@aws-sdk/credential-provider-node": "3.741.0",
     "@aws-sdk/middleware-host-header": "3.734.0",
     "@aws-sdk/middleware-logger": "3.734.0",
     "@aws-sdk/middleware-recursion-detection": "3.734.0",