@aws-sdk/client-iotsecuretunneling 3.82.0 → 3.84.0

package/CHANGELOG.md

@@ -3,6 +3,17 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [3.84.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.83.0...v3.84.0) (2022-05-04)
+
+
+### Features
+
+* **client-iotsecuretunneling:** This release introduces a new API RotateTunnelAccessToken that allow revoking the existing tokens and generate new tokens ([d77322a](https://github.com/aws/aws-sdk-js-v3/commit/d77322a3d86a528f7af55c7d048f50d8a78766d2))
+
+
+
+
+
 # [3.82.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.81.0...v3.82.0) (2022-05-02)
 
 **Note:** Version bump only for package @aws-sdk/client-iotsecuretunneling

package/README.md

@@ -7,12 +7,12 @@
 
 AWS SDK for JavaScript IoTSecureTunneling Client for Node.js, Browser and React Native.
 
-<fullname>AWS IoT Secure Tunneling</fullname>
+<fullname>IoT Secure Tunneling</fullname>
 
-<p>AWS IoT Secure Tunnling enables you to create remote connections to devices
-deployed in the field.</p>
-
-<p>For more information about how AWS IoT Secure Tunneling works, see <a href="https://docs.aws.amazon.com/iot/latest/developerguide/secure-tunneling.html">AWS IoT Secure Tunneling</a>.</p>
+<p>IoT Secure Tunneling creates remote connections to devices deployed in the
+field.</p>
+<p>For more information about how IoT Secure Tunneling works, see <a href="https://docs.aws.amazon.com/iot/latest/developerguide/secure-tunneling.html">IoT
+Secure Tunneling</a>.</p>
 
 ## Installing
 

package/dist-cjs/IoTSecureTunneling.js

@@ -6,6 +6,7 @@ const DescribeTunnelCommand_1 = require("./commands/DescribeTunnelCommand");
 const ListTagsForResourceCommand_1 = require("./commands/ListTagsForResourceCommand");
 const ListTunnelsCommand_1 = require("./commands/ListTunnelsCommand");
 const OpenTunnelCommand_1 = require("./commands/OpenTunnelCommand");
+const RotateTunnelAccessTokenCommand_1 = require("./commands/RotateTunnelAccessTokenCommand");
 const TagResourceCommand_1 = require("./commands/TagResourceCommand");
 const UntagResourceCommand_1 = require("./commands/UntagResourceCommand");
 const IoTSecureTunnelingClient_1 = require("./IoTSecureTunnelingClient");
@@ -80,6 +81,20 @@ class IoTSecureTunneling extends IoTSecureTunnelingClient_1.IoTSecureTunnelingCl
             return this.send(command, optionsOrCb);
         }
     }
+    rotateTunnelAccessToken(args, optionsOrCb, cb) {
+        const command = new RotateTunnelAccessTokenCommand_1.RotateTunnelAccessTokenCommand(args);
+        if (typeof optionsOrCb === "function") {
+            this.send(command, optionsOrCb);
+        }
+        else if (typeof cb === "function") {
+            if (typeof optionsOrCb !== "object")
+                throw new Error(`Expect http options but get ${typeof optionsOrCb}`);
+            this.send(command, optionsOrCb || {}, cb);
+        }
+        else {
+            return this.send(command, optionsOrCb);
+        }
+    }
     tagResource(args, optionsOrCb, cb) {
         const command = new TagResourceCommand_1.TagResourceCommand(args);
         if (typeof optionsOrCb === "function") {

package/dist-cjs/commands/RotateTunnelAccessTokenCommand.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RotateTunnelAccessTokenCommand = void 0;
+const middleware_serde_1 = require("@aws-sdk/middleware-serde");
+const smithy_client_1 = require("@aws-sdk/smithy-client");
+const models_0_1 = require("../models/models_0");
+const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
+class RotateTunnelAccessTokenCommand extends smithy_client_1.Command {
+    constructor(input) {
+        super();
+        this.input = input;
+    }
+    resolveMiddleware(clientStack, configuration, options) {
+        this.middlewareStack.use((0, middleware_serde_1.getSerdePlugin)(configuration, this.serialize, this.deserialize));
+        const stack = clientStack.concat(this.middlewareStack);
+        const { logger } = configuration;
+        const clientName = "IoTSecureTunnelingClient";
+        const commandName = "RotateTunnelAccessTokenCommand";
+        const handlerExecutionContext = {
+            logger,
+            clientName,
+            commandName,
+            inputFilterSensitiveLog: models_0_1.RotateTunnelAccessTokenRequest.filterSensitiveLog,
+            outputFilterSensitiveLog: models_0_1.RotateTunnelAccessTokenResponse.filterSensitiveLog,
+        };
+        const { requestHandler } = configuration;
+        return stack.resolve((request) => requestHandler.handle(request.request, options || {}), handlerExecutionContext);
+    }
+    serialize(input, context) {
+        return (0, Aws_json1_1_1.serializeAws_json1_1RotateTunnelAccessTokenCommand)(input, context);
+    }
+    deserialize(output, context) {
+        return (0, Aws_json1_1_1.deserializeAws_json1_1RotateTunnelAccessTokenCommand)(output, context);
+    }
+}
+exports.RotateTunnelAccessTokenCommand = RotateTunnelAccessTokenCommand;

package/dist-cjs/commands/index.js

@@ -6,5 +6,6 @@ tslib_1.__exportStar(require("./DescribeTunnelCommand"), exports);
 tslib_1.__exportStar(require("./ListTagsForResourceCommand"), exports);
 tslib_1.__exportStar(require("./ListTunnelsCommand"), exports);
 tslib_1.__exportStar(require("./OpenTunnelCommand"), exports);
+tslib_1.__exportStar(require("./RotateTunnelAccessTokenCommand"), exports);
 tslib_1.__exportStar(require("./TagResourceCommand"), exports);
 tslib_1.__exportStar(require("./UntagResourceCommand"), exports);

package/dist-cjs/models/models_0.js

@@ -1,8 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.UntagResourceResponse = exports.UntagResourceRequest = exports.TagResourceResponse = exports.TagResourceRequest = exports.OpenTunnelResponse = exports.OpenTunnelRequest = exports.LimitExceededException = exports.ListTunnelsResponse = exports.TunnelSummary = exports.ListTunnelsRequest = exports.ListTagsForResourceResponse = exports.ListTagsForResourceRequest = exports.DescribeTunnelResponse = exports.Tunnel = exports.TimeoutConfig = exports.Tag = exports.TunnelStatus = exports.DestinationConfig = exports.DescribeTunnelRequest = exports.ConnectionState = exports.ConnectionStatus = exports.ResourceNotFoundException = exports.CloseTunnelResponse = exports.CloseTunnelRequest = void 0;
+exports.UntagResourceResponse = exports.UntagResourceRequest = exports.TagResourceResponse = exports.TagResourceRequest = exports.RotateTunnelAccessTokenResponse = exports.RotateTunnelAccessTokenRequest = exports.OpenTunnelResponse = exports.OpenTunnelRequest = exports.LimitExceededException = exports.ListTunnelsResponse = exports.TunnelSummary = exports.ListTunnelsRequest = exports.ListTagsForResourceResponse = exports.ListTagsForResourceRequest = exports.DescribeTunnelResponse = exports.Tunnel = exports.TimeoutConfig = exports.Tag = exports.TunnelStatus = exports.DestinationConfig = exports.DescribeTunnelRequest = exports.ConnectionState = exports.ConnectionStatus = exports.ResourceNotFoundException = exports.CloseTunnelResponse = exports.CloseTunnelRequest = exports.ClientMode = void 0;
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const IoTSecureTunnelingServiceException_1 = require("./IoTSecureTunnelingServiceException");
+var ClientMode;
+(function (ClientMode) {
+    ClientMode["ALL"] = "ALL";
+    ClientMode["DESTINATION"] = "DESTINATION";
+    ClientMode["SOURCE"] = "SOURCE";
+})(ClientMode = exports.ClientMode || (exports.ClientMode = {}));
 var CloseTunnelRequest;
 (function (CloseTunnelRequest) {
     CloseTunnelRequest.filterSensitiveLog = (obj) => ({
@@ -137,6 +143,20 @@ var OpenTunnelResponse;
         ...(obj.destinationAccessToken && { destinationAccessToken: smithy_client_1.SENSITIVE_STRING }),
     });
 })(OpenTunnelResponse = exports.OpenTunnelResponse || (exports.OpenTunnelResponse = {}));
+var RotateTunnelAccessTokenRequest;
+(function (RotateTunnelAccessTokenRequest) {
+    RotateTunnelAccessTokenRequest.filterSensitiveLog = (obj) => ({
+        ...obj,
+    });
+})(RotateTunnelAccessTokenRequest = exports.RotateTunnelAccessTokenRequest || (exports.RotateTunnelAccessTokenRequest = {}));
+var RotateTunnelAccessTokenResponse;
+(function (RotateTunnelAccessTokenResponse) {
+    RotateTunnelAccessTokenResponse.filterSensitiveLog = (obj) => ({
+        ...obj,
+        ...(obj.sourceAccessToken && { sourceAccessToken: smithy_client_1.SENSITIVE_STRING }),
+        ...(obj.destinationAccessToken && { destinationAccessToken: smithy_client_1.SENSITIVE_STRING }),
+    });
+})(RotateTunnelAccessTokenResponse = exports.RotateTunnelAccessTokenResponse || (exports.RotateTunnelAccessTokenResponse = {}));
 var TagResourceRequest;
 (function (TagResourceRequest) {
     TagResourceRequest.filterSensitiveLog = (obj) => ({

package/dist-cjs/protocols/Aws_json1_1.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.deserializeAws_json1_1UntagResourceCommand = exports.deserializeAws_json1_1TagResourceCommand = exports.deserializeAws_json1_1OpenTunnelCommand = exports.deserializeAws_json1_1ListTunnelsCommand = exports.deserializeAws_json1_1ListTagsForResourceCommand = exports.deserializeAws_json1_1DescribeTunnelCommand = exports.deserializeAws_json1_1CloseTunnelCommand = exports.serializeAws_json1_1UntagResourceCommand = exports.serializeAws_json1_1TagResourceCommand = exports.serializeAws_json1_1OpenTunnelCommand = exports.serializeAws_json1_1ListTunnelsCommand = exports.serializeAws_json1_1ListTagsForResourceCommand = exports.serializeAws_json1_1DescribeTunnelCommand = exports.serializeAws_json1_1CloseTunnelCommand = void 0;
+exports.deserializeAws_json1_1UntagResourceCommand = exports.deserializeAws_json1_1TagResourceCommand = exports.deserializeAws_json1_1RotateTunnelAccessTokenCommand = exports.deserializeAws_json1_1OpenTunnelCommand = exports.deserializeAws_json1_1ListTunnelsCommand = exports.deserializeAws_json1_1ListTagsForResourceCommand = exports.deserializeAws_json1_1DescribeTunnelCommand = exports.deserializeAws_json1_1CloseTunnelCommand = exports.serializeAws_json1_1UntagResourceCommand = exports.serializeAws_json1_1TagResourceCommand = exports.serializeAws_json1_1RotateTunnelAccessTokenCommand = exports.serializeAws_json1_1OpenTunnelCommand = exports.serializeAws_json1_1ListTunnelsCommand = exports.serializeAws_json1_1ListTagsForResourceCommand = exports.serializeAws_json1_1DescribeTunnelCommand = exports.serializeAws_json1_1CloseTunnelCommand = void 0;
 const protocol_http_1 = require("@aws-sdk/protocol-http");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const IoTSecureTunnelingServiceException_1 = require("../models/IoTSecureTunnelingServiceException");
@@ -55,6 +55,16 @@ const serializeAws_json1_1OpenTunnelCommand = async (input, context) => {
     return buildHttpRpcRequest(context, headers, "/", undefined, body);
 };
 exports.serializeAws_json1_1OpenTunnelCommand = serializeAws_json1_1OpenTunnelCommand;
+const serializeAws_json1_1RotateTunnelAccessTokenCommand = async (input, context) => {
+    const headers = {
+        "content-type": "application/x-amz-json-1.1",
+        "x-amz-target": "IoTSecuredTunneling.RotateTunnelAccessToken",
+    };
+    let body;
+    body = JSON.stringify(serializeAws_json1_1RotateTunnelAccessTokenRequest(input, context));
+    return buildHttpRpcRequest(context, headers, "/", undefined, body);
+};
+exports.serializeAws_json1_1RotateTunnelAccessTokenCommand = serializeAws_json1_1RotateTunnelAccessTokenCommand;
 const serializeAws_json1_1TagResourceCommand = async (input, context) => {
     const headers = {
         "content-type": "application/x-amz-json-1.1",
@@ -252,6 +262,42 @@ const deserializeAws_json1_1OpenTunnelCommandError = async (output, context) =>
             throw (0, smithy_client_1.decorateServiceException)(response, parsedBody);
     }
 };
+const deserializeAws_json1_1RotateTunnelAccessTokenCommand = async (output, context) => {
+    if (output.statusCode >= 300) {
+        return deserializeAws_json1_1RotateTunnelAccessTokenCommandError(output, context);
+    }
+    const data = await parseBody(output.body, context);
+    let contents = {};
+    contents = deserializeAws_json1_1RotateTunnelAccessTokenResponse(data, context);
+    const response = {
+        $metadata: deserializeMetadata(output),
+        ...contents,
+    };
+    return Promise.resolve(response);
+};
+exports.deserializeAws_json1_1RotateTunnelAccessTokenCommand = deserializeAws_json1_1RotateTunnelAccessTokenCommand;
+const deserializeAws_json1_1RotateTunnelAccessTokenCommandError = async (output, context) => {
+    const parsedOutput = {
+        ...output,
+        body: await parseBody(output.body, context),
+    };
+    let response;
+    let errorCode = "UnknownError";
+    errorCode = loadRestJsonErrorCode(output, parsedOutput.body);
+    switch (errorCode) {
+        case "ResourceNotFoundException":
+        case "com.amazonaws.iotsecuretunneling#ResourceNotFoundException":
+            throw await deserializeAws_json1_1ResourceNotFoundExceptionResponse(parsedOutput, context);
+        default:
+            const parsedBody = parsedOutput.body;
+            response = new IoTSecureTunnelingServiceException_1.IoTSecureTunnelingServiceException({
+                name: parsedBody.code || parsedBody.Code || errorCode,
+                $fault: "client",
+                $metadata: deserializeMetadata(output),
+            });
+            throw (0, smithy_client_1.decorateServiceException)(response, parsedBody);
+    }
+};
 const deserializeAws_json1_1TagResourceCommand = async (output, context) => {
     if (output.statusCode >= 300) {
         return deserializeAws_json1_1TagResourceCommandError(output, context);
@@ -386,6 +432,16 @@ const serializeAws_json1_1OpenTunnelRequest = (input, context) => {
         }),
     };
 };
+const serializeAws_json1_1RotateTunnelAccessTokenRequest = (input, context) => {
+    return {
+        ...(input.clientMode !== undefined && input.clientMode !== null && { clientMode: input.clientMode }),
+        ...(input.destinationConfig !== undefined &&
+            input.destinationConfig !== null && {
+            destinationConfig: serializeAws_json1_1DestinationConfig(input.destinationConfig, context),
+        }),
+        ...(input.tunnelId !== undefined && input.tunnelId !== null && { tunnelId: input.tunnelId }),
+    };
+};
 const serializeAws_json1_1ServiceList = (input, context) => {
     return input
         .filter((e) => e != null)
@@ -500,6 +556,13 @@ const deserializeAws_json1_1ResourceNotFoundException = (output, context) => {
         message: (0, smithy_client_1.expectString)(output.message),
     };
 };
+const deserializeAws_json1_1RotateTunnelAccessTokenResponse = (output, context) => {
+    return {
+        destinationAccessToken: (0, smithy_client_1.expectString)(output.destinationAccessToken),
+        sourceAccessToken: (0, smithy_client_1.expectString)(output.sourceAccessToken),
+        tunnelArn: (0, smithy_client_1.expectString)(output.tunnelArn),
+    };
+};
 const deserializeAws_json1_1ServiceList = (output, context) => {
     const retVal = (output || [])
         .filter((e) => e != null)

package/dist-es/IoTSecureTunneling.js

@@ -4,6 +4,7 @@ import { DescribeTunnelCommand, } from "./commands/DescribeTunnelCommand";
 import { ListTagsForResourceCommand, } from "./commands/ListTagsForResourceCommand";
 import { ListTunnelsCommand } from "./commands/ListTunnelsCommand";
 import { OpenTunnelCommand } from "./commands/OpenTunnelCommand";
+import { RotateTunnelAccessTokenCommand, } from "./commands/RotateTunnelAccessTokenCommand";
 import { TagResourceCommand } from "./commands/TagResourceCommand";
 import { UntagResourceCommand, } from "./commands/UntagResourceCommand";
 import { IoTSecureTunnelingClient } from "./IoTSecureTunnelingClient";
@@ -82,6 +83,20 @@ var IoTSecureTunneling = (function (_super) {
             return this.send(command, optionsOrCb);
         }
     };
+    IoTSecureTunneling.prototype.rotateTunnelAccessToken = function (args, optionsOrCb, cb) {
+        var command = new RotateTunnelAccessTokenCommand(args);
+        if (typeof optionsOrCb === "function") {
+            this.send(command, optionsOrCb);
+        }
+        else if (typeof cb === "function") {
+            if (typeof optionsOrCb !== "object")
+                throw new Error("Expect http options but get ".concat(typeof optionsOrCb));
+            this.send(command, optionsOrCb || {}, cb);
+        }
+        else {
+            return this.send(command, optionsOrCb);
+        }
+    };
     IoTSecureTunneling.prototype.tagResource = function (args, optionsOrCb, cb) {
         var command = new TagResourceCommand(args);
         if (typeof optionsOrCb === "function") {

package/dist-es/commands/RotateTunnelAccessTokenCommand.js

@@ -0,0 +1,39 @@
+import { __extends } from "tslib";
+import { getSerdePlugin } from "@aws-sdk/middleware-serde";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import { RotateTunnelAccessTokenRequest, RotateTunnelAccessTokenResponse } from "../models/models_0";
+import { deserializeAws_json1_1RotateTunnelAccessTokenCommand, serializeAws_json1_1RotateTunnelAccessTokenCommand, } from "../protocols/Aws_json1_1";
+var RotateTunnelAccessTokenCommand = (function (_super) {
+    __extends(RotateTunnelAccessTokenCommand, _super);
+    function RotateTunnelAccessTokenCommand(input) {
+        var _this = _super.call(this) || this;
+        _this.input = input;
+        return _this;
+    }
+    RotateTunnelAccessTokenCommand.prototype.resolveMiddleware = function (clientStack, configuration, options) {
+        this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+        var stack = clientStack.concat(this.middlewareStack);
+        var logger = configuration.logger;
+        var clientName = "IoTSecureTunnelingClient";
+        var commandName = "RotateTunnelAccessTokenCommand";
+        var handlerExecutionContext = {
+            logger: logger,
+            clientName: clientName,
+            commandName: commandName,
+            inputFilterSensitiveLog: RotateTunnelAccessTokenRequest.filterSensitiveLog,
+            outputFilterSensitiveLog: RotateTunnelAccessTokenResponse.filterSensitiveLog,
+        };
+        var requestHandler = configuration.requestHandler;
+        return stack.resolve(function (request) {
+            return requestHandler.handle(request.request, options || {});
+        }, handlerExecutionContext);
+    };
+    RotateTunnelAccessTokenCommand.prototype.serialize = function (input, context) {
+        return serializeAws_json1_1RotateTunnelAccessTokenCommand(input, context);
+    };
+    RotateTunnelAccessTokenCommand.prototype.deserialize = function (output, context) {
+        return deserializeAws_json1_1RotateTunnelAccessTokenCommand(output, context);
+    };
+    return RotateTunnelAccessTokenCommand;
+}($Command));
+export { RotateTunnelAccessTokenCommand };

package/dist-es/commands/index.js

@@ -3,5 +3,6 @@ export * from "./DescribeTunnelCommand";
 export * from "./ListTagsForResourceCommand";
 export * from "./ListTunnelsCommand";
 export * from "./OpenTunnelCommand";
+export * from "./RotateTunnelAccessTokenCommand";
 export * from "./TagResourceCommand";
 export * from "./UntagResourceCommand";

package/dist-es/models/models_0.js

@@ -1,6 +1,12 @@
 import { __assign, __extends } from "tslib";
 import { SENSITIVE_STRING } from "@aws-sdk/smithy-client";
 import { IoTSecureTunnelingServiceException as __BaseException } from "./IoTSecureTunnelingServiceException";
+export var ClientMode;
+(function (ClientMode) {
+    ClientMode["ALL"] = "ALL";
+    ClientMode["DESTINATION"] = "DESTINATION";
+    ClientMode["SOURCE"] = "SOURCE";
+})(ClientMode || (ClientMode = {}));
 export var CloseTunnelRequest;
 (function (CloseTunnelRequest) {
     CloseTunnelRequest.filterSensitiveLog = function (obj) { return (__assign({}, obj)); };
@@ -99,6 +105,14 @@ export var OpenTunnelResponse;
 (function (OpenTunnelResponse) {
     OpenTunnelResponse.filterSensitiveLog = function (obj) { return (__assign(__assign(__assign({}, obj), (obj.sourceAccessToken && { sourceAccessToken: SENSITIVE_STRING })), (obj.destinationAccessToken && { destinationAccessToken: SENSITIVE_STRING }))); };
 })(OpenTunnelResponse || (OpenTunnelResponse = {}));
+export var RotateTunnelAccessTokenRequest;
+(function (RotateTunnelAccessTokenRequest) {
+    RotateTunnelAccessTokenRequest.filterSensitiveLog = function (obj) { return (__assign({}, obj)); };
+})(RotateTunnelAccessTokenRequest || (RotateTunnelAccessTokenRequest = {}));
+export var RotateTunnelAccessTokenResponse;
+(function (RotateTunnelAccessTokenResponse) {
+    RotateTunnelAccessTokenResponse.filterSensitiveLog = function (obj) { return (__assign(__assign(__assign({}, obj), (obj.sourceAccessToken && { sourceAccessToken: SENSITIVE_STRING })), (obj.destinationAccessToken && { destinationAccessToken: SENSITIVE_STRING }))); };
+})(RotateTunnelAccessTokenResponse || (RotateTunnelAccessTokenResponse = {}));
 export var TagResourceRequest;
 (function (TagResourceRequest) {
     TagResourceRequest.filterSensitiveLog = function (obj) { return (__assign({}, obj)); };

package/dist-es/protocols/Aws_json1_1.js

@@ -58,6 +58,17 @@ export var serializeAws_json1_1OpenTunnelCommand = function (input, context) { r
         return [2, buildHttpRpcRequest(context, headers, "/", undefined, body)];
     });
 }); };
+export var serializeAws_json1_1RotateTunnelAccessTokenCommand = function (input, context) { return __awaiter(void 0, void 0, void 0, function () {
+    var headers, body;
+    return __generator(this, function (_a) {
+        headers = {
+            "content-type": "application/x-amz-json-1.1",
+            "x-amz-target": "IoTSecuredTunneling.RotateTunnelAccessToken",
+        };
+        body = JSON.stringify(serializeAws_json1_1RotateTunnelAccessTokenRequest(input, context));
+        return [2, buildHttpRpcRequest(context, headers, "/", undefined, body)];
+    });
+}); };
 export var serializeAws_json1_1TagResourceCommand = function (input, context) { return __awaiter(void 0, void 0, void 0, function () {
     var headers, body;
     return __generator(this, function (_a) {
@@ -325,6 +336,56 @@ var deserializeAws_json1_1OpenTunnelCommandError = function (output, context) {
         }
     });
 }); };
+export var deserializeAws_json1_1RotateTunnelAccessTokenCommand = function (output, context) { return __awaiter(void 0, void 0, void 0, function () {
+    var data, contents, response;
+    return __generator(this, function (_a) {
+        switch (_a.label) {
+            case 0:
+                if (output.statusCode >= 300) {
+                    return [2, deserializeAws_json1_1RotateTunnelAccessTokenCommandError(output, context)];
+                }
+                return [4, parseBody(output.body, context)];
+            case 1:
+                data = _a.sent();
+                contents = {};
+                contents = deserializeAws_json1_1RotateTunnelAccessTokenResponse(data, context);
+                response = __assign({ $metadata: deserializeMetadata(output) }, contents);
+                return [2, Promise.resolve(response)];
+        }
+    });
+}); };
+var deserializeAws_json1_1RotateTunnelAccessTokenCommandError = function (output, context) { return __awaiter(void 0, void 0, void 0, function () {
+    var parsedOutput, _a, response, errorCode, _b, parsedBody;
+    var _c;
+    return __generator(this, function (_d) {
+        switch (_d.label) {
+            case 0:
+                _a = [__assign({}, output)];
+                _c = {};
+                return [4, parseBody(output.body, context)];
+            case 1:
+                parsedOutput = __assign.apply(void 0, _a.concat([(_c.body = _d.sent(), _c)]));
+                errorCode = "UnknownError";
+                errorCode = loadRestJsonErrorCode(output, parsedOutput.body);
+                _b = errorCode;
+                switch (_b) {
+                    case "ResourceNotFoundException": return [3, 2];
+                    case "com.amazonaws.iotsecuretunneling#ResourceNotFoundException": return [3, 2];
+                }
+                return [3, 4];
+            case 2: return [4, deserializeAws_json1_1ResourceNotFoundExceptionResponse(parsedOutput, context)];
+            case 3: throw _d.sent();
+            case 4:
+                parsedBody = parsedOutput.body;
+                response = new __BaseException({
+                    name: parsedBody.code || parsedBody.Code || errorCode,
+                    $fault: "client",
+                    $metadata: deserializeMetadata(output),
+                });
+                throw __decorateServiceException(response, parsedBody);
+        }
+    });
+}); };
 export var deserializeAws_json1_1TagResourceCommand = function (output, context) { return __awaiter(void 0, void 0, void 0, function () {
     var data, contents, response;
     return __generator(this, function (_a) {
@@ -468,6 +529,12 @@ var serializeAws_json1_1OpenTunnelRequest = function (input, context) {
         timeoutConfig: serializeAws_json1_1TimeoutConfig(input.timeoutConfig, context),
     }));
 };
+var serializeAws_json1_1RotateTunnelAccessTokenRequest = function (input, context) {
+    return __assign(__assign(__assign({}, (input.clientMode !== undefined && input.clientMode !== null && { clientMode: input.clientMode })), (input.destinationConfig !== undefined &&
+        input.destinationConfig !== null && {
+        destinationConfig: serializeAws_json1_1DestinationConfig(input.destinationConfig, context),
+    })), (input.tunnelId !== undefined && input.tunnelId !== null && { tunnelId: input.tunnelId }));
+};
 var serializeAws_json1_1ServiceList = function (input, context) {
     return input
         .filter(function (e) { return e != null; })
@@ -571,6 +638,13 @@ var deserializeAws_json1_1ResourceNotFoundException = function (output, context)
         message: __expectString(output.message),
     };
 };
+var deserializeAws_json1_1RotateTunnelAccessTokenResponse = function (output, context) {
+    return {
+        destinationAccessToken: __expectString(output.destinationAccessToken),
+        sourceAccessToken: __expectString(output.sourceAccessToken),
+        tunnelArn: __expectString(output.tunnelArn),
+    };
+};
 var deserializeAws_json1_1ServiceList = function (output, context) {
     var retVal = (output || [])
         .filter(function (e) { return e != null; })

package/dist-types/IoTSecureTunneling.d.ts

@@ -4,27 +4,30 @@ import { DescribeTunnelCommandInput, DescribeTunnelCommandOutput } from "./comma
 import { ListTagsForResourceCommandInput, ListTagsForResourceCommandOutput } from "./commands/ListTagsForResourceCommand";
 import { ListTunnelsCommandInput, ListTunnelsCommandOutput } from "./commands/ListTunnelsCommand";
 import { OpenTunnelCommandInput, OpenTunnelCommandOutput } from "./commands/OpenTunnelCommand";
+import { RotateTunnelAccessTokenCommandInput, RotateTunnelAccessTokenCommandOutput } from "./commands/RotateTunnelAccessTokenCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
 import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
 import { IoTSecureTunnelingClient } from "./IoTSecureTunnelingClient";
 /**
- * <fullname>AWS IoT Secure Tunneling</fullname>
- * 		       <p>AWS IoT Secure Tunnling enables you to create remote connections to devices
- * 			deployed in the field.</p>
- *
- * 		       <p>For more information about how AWS IoT Secure Tunneling works, see <a href="https://docs.aws.amazon.com/iot/latest/developerguide/secure-tunneling.html">AWS IoT Secure Tunneling</a>.</p>
+ * <fullname>IoT Secure Tunneling</fullname>
+ * 		       <p>IoT Secure Tunneling creates remote connections to devices deployed in the
+ * 			field.</p>
+ * 		       <p>For more information about how IoT Secure Tunneling works, see <a href="https://docs.aws.amazon.com/iot/latest/developerguide/secure-tunneling.html">IoT
+ * 				Secure Tunneling</a>.</p>
  */
 export declare class IoTSecureTunneling extends IoTSecureTunnelingClient {
     /**
      * <p>Closes a tunnel identified by the unique tunnel id. When a <code>CloseTunnel</code>
      * 			request is received, we close the WebSocket connections between the client and proxy
      * 			server so no data can be transmitted.</p>
+     * 		       <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">CloseTunnel</a> action.</p>
      */
     closeTunnel(args: CloseTunnelCommandInput, options?: __HttpHandlerOptions): Promise<CloseTunnelCommandOutput>;
     closeTunnel(args: CloseTunnelCommandInput, cb: (err: any, data?: CloseTunnelCommandOutput) => void): void;
     closeTunnel(args: CloseTunnelCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: CloseTunnelCommandOutput) => void): void;
     /**
      * <p>Gets information about a tunnel identified by the unique tunnel id.</p>
+     * 		       <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">DescribeTunnel</a> action.</p>
      */
     describeTunnel(args: DescribeTunnelCommandInput, options?: __HttpHandlerOptions): Promise<DescribeTunnelCommandOutput>;
     describeTunnel(args: DescribeTunnelCommandInput, cb: (err: any, data?: DescribeTunnelCommandOutput) => void): void;
@@ -36,19 +39,35 @@ export declare class IoTSecureTunneling extends IoTSecureTunnelingClient {
     listTagsForResource(args: ListTagsForResourceCommandInput, cb: (err: any, data?: ListTagsForResourceCommandOutput) => void): void;
     listTagsForResource(args: ListTagsForResourceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListTagsForResourceCommandOutput) => void): void;
     /**
-     * <p>List all tunnels for an AWS account. Tunnels are listed by creation time in
+     * <p>List all tunnels for an Amazon Web Services account. Tunnels are listed by creation time in
      * 			descending order, newer tunnels will be listed before older tunnels.</p>
+     * 		       <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">ListTunnels</a> action.</p>
      */
     listTunnels(args: ListTunnelsCommandInput, options?: __HttpHandlerOptions): Promise<ListTunnelsCommandOutput>;
     listTunnels(args: ListTunnelsCommandInput, cb: (err: any, data?: ListTunnelsCommandOutput) => void): void;
     listTunnels(args: ListTunnelsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListTunnelsCommandOutput) => void): void;
     /**
      * <p>Creates a new tunnel, and returns two client access tokens for clients to use to
-     * 			connect to the AWS IoT Secure Tunneling proxy server.</p>
+     * 			connect to the IoT Secure Tunneling proxy server.</p>
+     * 		       <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">OpenTunnel</a> action.</p>
      */
     openTunnel(args: OpenTunnelCommandInput, options?: __HttpHandlerOptions): Promise<OpenTunnelCommandOutput>;
     openTunnel(args: OpenTunnelCommandInput, cb: (err: any, data?: OpenTunnelCommandOutput) => void): void;
     openTunnel(args: OpenTunnelCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: OpenTunnelCommandOutput) => void): void;
+    /**
+     * <p>Revokes the current client access token (CAT) and returns new CAT for clients to
+     * 			use when reconnecting to secure tunneling to access the same tunnel.</p>
+     * 		       <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">RotateTunnelAccessToken</a> action.</p>
+     * 		       <note>
+     * 			         <p>Rotating the CAT doesn't extend the tunnel duration. For example, say the tunnel
+     * 				duration is 12 hours and the tunnel has already been open for 4 hours. When you
+     * 				rotate the access tokens, the new tokens that are generated can only be used for the
+     * 				remaining 8 hours.</p>
+     * 		       </note>
+     */
+    rotateTunnelAccessToken(args: RotateTunnelAccessTokenCommandInput, options?: __HttpHandlerOptions): Promise<RotateTunnelAccessTokenCommandOutput>;
+    rotateTunnelAccessToken(args: RotateTunnelAccessTokenCommandInput, cb: (err: any, data?: RotateTunnelAccessTokenCommandOutput) => void): void;
+    rotateTunnelAccessToken(args: RotateTunnelAccessTokenCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: RotateTunnelAccessTokenCommandOutput) => void): void;
     /**
      * <p>A resource tag.</p>
      */

package/dist-types/IoTSecureTunnelingClient.d.ts

@@ -11,10 +11,11 @@ import { DescribeTunnelCommandInput, DescribeTunnelCommandOutput } from "./comma
 import { ListTagsForResourceCommandInput, ListTagsForResourceCommandOutput } from "./commands/ListTagsForResourceCommand";
 import { ListTunnelsCommandInput, ListTunnelsCommandOutput } from "./commands/ListTunnelsCommand";
 import { OpenTunnelCommandInput, OpenTunnelCommandOutput } from "./commands/OpenTunnelCommand";
+import { RotateTunnelAccessTokenCommandInput, RotateTunnelAccessTokenCommandOutput } from "./commands/RotateTunnelAccessTokenCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
 import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
-export declare type ServiceInputTypes = CloseTunnelCommandInput | DescribeTunnelCommandInput | ListTagsForResourceCommandInput | ListTunnelsCommandInput | OpenTunnelCommandInput | TagResourceCommandInput | UntagResourceCommandInput;
-export declare type ServiceOutputTypes = CloseTunnelCommandOutput | DescribeTunnelCommandOutput | ListTagsForResourceCommandOutput | ListTunnelsCommandOutput | OpenTunnelCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput;
+export declare type ServiceInputTypes = CloseTunnelCommandInput | DescribeTunnelCommandInput | ListTagsForResourceCommandInput | ListTunnelsCommandInput | OpenTunnelCommandInput | RotateTunnelAccessTokenCommandInput | TagResourceCommandInput | UntagResourceCommandInput;
+export declare type ServiceOutputTypes = CloseTunnelCommandOutput | DescribeTunnelCommandOutput | ListTagsForResourceCommandOutput | ListTunnelsCommandOutput | OpenTunnelCommandOutput | RotateTunnelAccessTokenCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput;
 export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__HttpHandlerOptions>> {
     /**
      * The HTTP handler to use. Fetch in browser and Https in Nodejs.
@@ -133,11 +134,11 @@ declare type IoTSecureTunnelingClientResolvedConfigType = __SmithyResolvedConfig
 export interface IoTSecureTunnelingClientResolvedConfig extends IoTSecureTunnelingClientResolvedConfigType {
 }
 /**
- * <fullname>AWS IoT Secure Tunneling</fullname>
- * 		       <p>AWS IoT Secure Tunnling enables you to create remote connections to devices
- * 			deployed in the field.</p>
- *
- * 		       <p>For more information about how AWS IoT Secure Tunneling works, see <a href="https://docs.aws.amazon.com/iot/latest/developerguide/secure-tunneling.html">AWS IoT Secure Tunneling</a>.</p>
+ * <fullname>IoT Secure Tunneling</fullname>
+ * 		       <p>IoT Secure Tunneling creates remote connections to devices deployed in the
+ * 			field.</p>
+ * 		       <p>For more information about how IoT Secure Tunneling works, see <a href="https://docs.aws.amazon.com/iot/latest/developerguide/secure-tunneling.html">IoT
+ * 				Secure Tunneling</a>.</p>
  */
 export declare class IoTSecureTunnelingClient extends __Client<__HttpHandlerOptions, ServiceInputTypes, ServiceOutputTypes, IoTSecureTunnelingClientResolvedConfig> {
     /**

package/dist-types/commands/CloseTunnelCommand.d.ts

@@ -10,6 +10,7 @@ export interface CloseTunnelCommandOutput extends CloseTunnelResponse, __Metadat
  * <p>Closes a tunnel identified by the unique tunnel id. When a <code>CloseTunnel</code>
  * 			request is received, we close the WebSocket connections between the client and proxy
  * 			server so no data can be transmitted.</p>
+ * 		       <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">CloseTunnel</a> action.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/DescribeTunnelCommand.d.ts

@@ -8,6 +8,7 @@ export interface DescribeTunnelCommandOutput extends DescribeTunnelResponse, __M
 }
 /**
  * <p>Gets information about a tunnel identified by the unique tunnel id.</p>
+ * 		       <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">DescribeTunnel</a> action.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListTunnelsCommand.d.ts

@@ -7,8 +7,9 @@ export interface ListTunnelsCommandInput extends ListTunnelsRequest {
 export interface ListTunnelsCommandOutput extends ListTunnelsResponse, __MetadataBearer {
 }
 /**
- * <p>List all tunnels for an AWS account. Tunnels are listed by creation time in
+ * <p>List all tunnels for an Amazon Web Services account. Tunnels are listed by creation time in
  * 			descending order, newer tunnels will be listed before older tunnels.</p>
+ * 		       <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">ListTunnels</a> action.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/OpenTunnelCommand.d.ts

@@ -8,7 +8,8 @@ export interface OpenTunnelCommandOutput extends OpenTunnelResponse, __MetadataB
 }
 /**
  * <p>Creates a new tunnel, and returns two client access tokens for clients to use to
- * 			connect to the AWS IoT Secure Tunneling proxy server.</p>
+ * 			connect to the IoT Secure Tunneling proxy server.</p>
+ * 		       <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">OpenTunnel</a> action.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/RotateTunnelAccessTokenCommand.d.ts

@@ -0,0 +1,43 @@
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { IoTSecureTunnelingClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IoTSecureTunnelingClient";
+import { RotateTunnelAccessTokenRequest, RotateTunnelAccessTokenResponse } from "../models/models_0";
+export interface RotateTunnelAccessTokenCommandInput extends RotateTunnelAccessTokenRequest {
+}
+export interface RotateTunnelAccessTokenCommandOutput extends RotateTunnelAccessTokenResponse, __MetadataBearer {
+}
+/**
+ * <p>Revokes the current client access token (CAT) and returns new CAT for clients to
+ * 			use when reconnecting to secure tunneling to access the same tunnel.</p>
+ * 		       <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">RotateTunnelAccessToken</a> action.</p>
+ * 		       <note>
+ * 			         <p>Rotating the CAT doesn't extend the tunnel duration. For example, say the tunnel
+ * 				duration is 12 hours and the tunnel has already been open for 4 hours. When you
+ * 				rotate the access tokens, the new tokens that are generated can only be used for the
+ * 				remaining 8 hours.</p>
+ * 		       </note>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { IoTSecureTunnelingClient, RotateTunnelAccessTokenCommand } from "@aws-sdk/client-iotsecuretunneling"; // ES Modules import
+ * // const { IoTSecureTunnelingClient, RotateTunnelAccessTokenCommand } = require("@aws-sdk/client-iotsecuretunneling"); // CommonJS import
+ * const client = new IoTSecureTunnelingClient(config);
+ * const command = new RotateTunnelAccessTokenCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @see {@link RotateTunnelAccessTokenCommandInput} for command's `input` shape.
+ * @see {@link RotateTunnelAccessTokenCommandOutput} for command's `response` shape.
+ * @see {@link IoTSecureTunnelingClientResolvedConfig | config} for IoTSecureTunnelingClient's `config` shape.
+ *
+ */
+export declare class RotateTunnelAccessTokenCommand extends $Command<RotateTunnelAccessTokenCommandInput, RotateTunnelAccessTokenCommandOutput, IoTSecureTunnelingClientResolvedConfig> {
+    readonly input: RotateTunnelAccessTokenCommandInput;
+    constructor(input: RotateTunnelAccessTokenCommandInput);
+    /**
+     * @internal
+     */
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: IoTSecureTunnelingClientResolvedConfig, options?: __HttpHandlerOptions): Handler<RotateTunnelAccessTokenCommandInput, RotateTunnelAccessTokenCommandOutput>;
+    private serialize;
+    private deserialize;
+}

package/dist-types/commands/index.d.ts

@@ -3,5 +3,6 @@ export * from "./DescribeTunnelCommand";
 export * from "./ListTagsForResourceCommand";
 export * from "./ListTunnelsCommand";
 export * from "./OpenTunnelCommand";
+export * from "./RotateTunnelAccessTokenCommand";
 export * from "./TagResourceCommand";
 export * from "./UntagResourceCommand";

package/dist-types/models/models_0.d.ts

@@ -1,12 +1,17 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@aws-sdk/smithy-client";
 import { IoTSecureTunnelingServiceException as __BaseException } from "./IoTSecureTunnelingServiceException";
+export declare enum ClientMode {
+    ALL = "ALL",
+    DESTINATION = "DESTINATION",
+    SOURCE = "SOURCE"
+}
 export interface CloseTunnelRequest {
     /**
      * <p>The ID of the tunnel to close.</p>
      */
     tunnelId: string | undefined;
     /**
-     * <p>When set to true, AWS IoT Secure Tunneling deletes the tunnel data
+     * <p>When set to true, IoT Secure Tunneling deletes the tunnel data
      * 			immediately.</p>
      */
     delete?: boolean;
@@ -81,10 +86,10 @@ export interface DestinationConfig {
      */
     thingName?: string;
     /**
-     * <p>A list of service names that identity the target application. The AWS IoT client running on the destination device reads
-     * 			this value and uses it to look up a port or an IP address and a port. The AWS IoT client
-     * 			instantiates the local proxy which uses this information to connect to the destination
-     * 			application.</p>
+     * <p>A list of service names that identify the target application. The IoT client
+     * 			running on the destination device reads this value and uses it to look up a port or an
+     * 			IP address and a port. The IoT client instantiates the local proxy, which uses this
+     * 			information to connect to the destination application.</p>
      */
     services: string[] | undefined;
 }
@@ -144,9 +149,7 @@ export interface Tunnel {
      */
     tunnelId?: string;
     /**
-     * <p>The Amazon Resource Name (ARN) of a tunnel. The tunnel ARN format is
-     * 				<code>arn:aws:tunnel:<region>:<account-id>:tunnel/<tunnel-id></code>
-     *          </p>
+     * <p>The Amazon Resource Name (ARN) of a tunnel.</p>
      */
     tunnelArn?: string;
     /**
@@ -240,7 +243,8 @@ export interface ListTunnelsRequest {
      */
     maxResults?: number;
     /**
-     * <p>A token to retrieve the next set of results.</p>
+     * <p>To retrieve the next set of results, the nextToken value from a previous response;
+     * 			otherwise null to receive the first set of results.</p>
      */
     nextToken?: string;
 }
@@ -259,9 +263,7 @@ export interface TunnelSummary {
      */
     tunnelId?: string;
     /**
-     * <p>The Amazon Resource Name of the tunnel. The tunnel ARN format is
-     * 				<code>arn:aws:tunnel:<region>:<account-id>:tunnel/<tunnel-id></code>
-     *          </p>
+     * <p>The Amazon Resource Name of the tunnel. </p>
      */
     tunnelArn?: string;
     /**
@@ -289,11 +291,12 @@ export declare namespace TunnelSummary {
 }
 export interface ListTunnelsResponse {
     /**
-     * <p>A short description of the tunnels in an AWS account.</p>
+     * <p>A short description of the tunnels in an Amazon Web Services account.</p>
      */
     tunnelSummaries?: TunnelSummary[];
     /**
-     * <p>A token to used to retrieve the next set of results.</p>
+     * <p>The token to use to get the next set of results, or null if there are no additional
+     * 			results.</p>
      */
     nextToken?: string;
 }
@@ -344,18 +347,16 @@ export interface OpenTunnelResponse {
      */
     tunnelId?: string;
     /**
-     * <p>The Amazon Resource Name for the tunnel. The tunnel ARN format is
-     * 				<code>arn:aws:tunnel:<region>:<account-id>:tunnel/<tunnel-id></code>
-     *          </p>
+     * <p>The Amazon Resource Name for the tunnel.</p>
      */
     tunnelArn?: string;
     /**
-     * <p>The access token the source local proxy uses to connect to AWS IoT Secure
+     * <p>The access token the source local proxy uses to connect to IoT Secure
      * 			Tunneling.</p>
      */
     sourceAccessToken?: string;
     /**
-     * <p>The access token the destination local proxy uses to connect to AWS IoT Secure
+     * <p>The access token the destination local proxy uses to connect to IoT Secure
      * 			Tunneling.</p>
      */
     destinationAccessToken?: string;
@@ -366,6 +367,49 @@ export declare namespace OpenTunnelResponse {
      */
     const filterSensitiveLog: (obj: OpenTunnelResponse) => any;
 }
+export interface RotateTunnelAccessTokenRequest {
+    /**
+     * <p>The tunnel for which you want to rotate the access tokens.</p>
+     */
+    tunnelId: string | undefined;
+    /**
+     * <p>The mode of the client that will use the client token, which can be either the source
+     * 			or destination, or both source and destination.</p>
+     */
+    clientMode: ClientMode | string | undefined;
+    /**
+     * <p>The destination configuration.</p>
+     */
+    destinationConfig?: DestinationConfig;
+}
+export declare namespace RotateTunnelAccessTokenRequest {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: RotateTunnelAccessTokenRequest) => any;
+}
+export interface RotateTunnelAccessTokenResponse {
+    /**
+     * <p>The Amazon Resource Name for the tunnel.</p>
+     */
+    tunnelArn?: string;
+    /**
+     * <p>The client access token that the source local proxy uses to connect to IoT Secure
+     * 			Tunneling.</p>
+     */
+    sourceAccessToken?: string;
+    /**
+     * <p>The client access token that the destination local proxy uses to connect to IoT
+     * 			Secure Tunneling.</p>
+     */
+    destinationAccessToken?: string;
+}
+export declare namespace RotateTunnelAccessTokenResponse {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: RotateTunnelAccessTokenResponse) => any;
+}
 export interface TagResourceRequest {
     /**
      * <p>The ARN of the resource.</p>

package/dist-types/protocols/Aws_json1_1.d.ts

@@ -5,6 +5,7 @@ import { DescribeTunnelCommandInput, DescribeTunnelCommandOutput } from "../comm
 import { ListTagsForResourceCommandInput, ListTagsForResourceCommandOutput } from "../commands/ListTagsForResourceCommand";
 import { ListTunnelsCommandInput, ListTunnelsCommandOutput } from "../commands/ListTunnelsCommand";
 import { OpenTunnelCommandInput, OpenTunnelCommandOutput } from "../commands/OpenTunnelCommand";
+import { RotateTunnelAccessTokenCommandInput, RotateTunnelAccessTokenCommandOutput } from "../commands/RotateTunnelAccessTokenCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "../commands/TagResourceCommand";
 import { UntagResourceCommandInput, UntagResourceCommandOutput } from "../commands/UntagResourceCommand";
 export declare const serializeAws_json1_1CloseTunnelCommand: (input: CloseTunnelCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
@@ -12,6 +13,7 @@ export declare const serializeAws_json1_1DescribeTunnelCommand: (input: Describe
 export declare const serializeAws_json1_1ListTagsForResourceCommand: (input: ListTagsForResourceCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 export declare const serializeAws_json1_1ListTunnelsCommand: (input: ListTunnelsCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 export declare const serializeAws_json1_1OpenTunnelCommand: (input: OpenTunnelCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
+export declare const serializeAws_json1_1RotateTunnelAccessTokenCommand: (input: RotateTunnelAccessTokenCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 export declare const serializeAws_json1_1TagResourceCommand: (input: TagResourceCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 export declare const serializeAws_json1_1UntagResourceCommand: (input: UntagResourceCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 export declare const deserializeAws_json1_1CloseTunnelCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<CloseTunnelCommandOutput>;
@@ -19,5 +21,6 @@ export declare const deserializeAws_json1_1DescribeTunnelCommand: (output: __Htt
 export declare const deserializeAws_json1_1ListTagsForResourceCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<ListTagsForResourceCommandOutput>;
 export declare const deserializeAws_json1_1ListTunnelsCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<ListTunnelsCommandOutput>;
 export declare const deserializeAws_json1_1OpenTunnelCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<OpenTunnelCommandOutput>;
+export declare const deserializeAws_json1_1RotateTunnelAccessTokenCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<RotateTunnelAccessTokenCommandOutput>;
 export declare const deserializeAws_json1_1TagResourceCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<TagResourceCommandOutput>;
 export declare const deserializeAws_json1_1UntagResourceCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<UntagResourceCommandOutput>;

package/dist-types/ts3.4/IoTSecureTunneling.d.ts

@@ -4,6 +4,7 @@ import { DescribeTunnelCommandInput, DescribeTunnelCommandOutput } from "./comma
 import { ListTagsForResourceCommandInput, ListTagsForResourceCommandOutput } from "./commands/ListTagsForResourceCommand";
 import { ListTunnelsCommandInput, ListTunnelsCommandOutput } from "./commands/ListTunnelsCommand";
 import { OpenTunnelCommandInput, OpenTunnelCommandOutput } from "./commands/OpenTunnelCommand";
+import { RotateTunnelAccessTokenCommandInput, RotateTunnelAccessTokenCommandOutput } from "./commands/RotateTunnelAccessTokenCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
 import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
 import { IoTSecureTunnelingClient } from "./IoTSecureTunnelingClient";
@@ -30,6 +31,10 @@ export declare class IoTSecureTunneling extends IoTSecureTunnelingClient {
     openTunnel(args: OpenTunnelCommandInput, cb: (err: any, data?: OpenTunnelCommandOutput) => void): void;
     openTunnel(args: OpenTunnelCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: OpenTunnelCommandOutput) => void): void;
     
+    rotateTunnelAccessToken(args: RotateTunnelAccessTokenCommandInput, options?: __HttpHandlerOptions): Promise<RotateTunnelAccessTokenCommandOutput>;
+    rotateTunnelAccessToken(args: RotateTunnelAccessTokenCommandInput, cb: (err: any, data?: RotateTunnelAccessTokenCommandOutput) => void): void;
+    rotateTunnelAccessToken(args: RotateTunnelAccessTokenCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: RotateTunnelAccessTokenCommandOutput) => void): void;
+    
     tagResource(args: TagResourceCommandInput, options?: __HttpHandlerOptions): Promise<TagResourceCommandOutput>;
     tagResource(args: TagResourceCommandInput, cb: (err: any, data?: TagResourceCommandOutput) => void): void;
     tagResource(args: TagResourceCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: TagResourceCommandOutput) => void): void;

package/dist-types/ts3.4/IoTSecureTunnelingClient.d.ts

@@ -11,10 +11,11 @@ import { DescribeTunnelCommandInput, DescribeTunnelCommandOutput } from "./comma
 import { ListTagsForResourceCommandInput, ListTagsForResourceCommandOutput } from "./commands/ListTagsForResourceCommand";
 import { ListTunnelsCommandInput, ListTunnelsCommandOutput } from "./commands/ListTunnelsCommand";
 import { OpenTunnelCommandInput, OpenTunnelCommandOutput } from "./commands/OpenTunnelCommand";
+import { RotateTunnelAccessTokenCommandInput, RotateTunnelAccessTokenCommandOutput } from "./commands/RotateTunnelAccessTokenCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
 import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
-export declare type ServiceInputTypes = CloseTunnelCommandInput | DescribeTunnelCommandInput | ListTagsForResourceCommandInput | ListTunnelsCommandInput | OpenTunnelCommandInput | TagResourceCommandInput | UntagResourceCommandInput;
-export declare type ServiceOutputTypes = CloseTunnelCommandOutput | DescribeTunnelCommandOutput | ListTagsForResourceCommandOutput | ListTunnelsCommandOutput | OpenTunnelCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput;
+export declare type ServiceInputTypes = CloseTunnelCommandInput | DescribeTunnelCommandInput | ListTagsForResourceCommandInput | ListTunnelsCommandInput | OpenTunnelCommandInput | RotateTunnelAccessTokenCommandInput | TagResourceCommandInput | UntagResourceCommandInput;
+export declare type ServiceOutputTypes = CloseTunnelCommandOutput | DescribeTunnelCommandOutput | ListTagsForResourceCommandOutput | ListTunnelsCommandOutput | OpenTunnelCommandOutput | RotateTunnelAccessTokenCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput;
 export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__HttpHandlerOptions>> {
     
     requestHandler?: __HttpHandler;

package/dist-types/ts3.4/commands/RotateTunnelAccessTokenCommand.d.ts

@@ -0,0 +1,17 @@
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { IoTSecureTunnelingClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IoTSecureTunnelingClient";
+import { RotateTunnelAccessTokenRequest, RotateTunnelAccessTokenResponse } from "../models/models_0";
+export interface RotateTunnelAccessTokenCommandInput extends RotateTunnelAccessTokenRequest {
+}
+export interface RotateTunnelAccessTokenCommandOutput extends RotateTunnelAccessTokenResponse, __MetadataBearer {
+}
+
+export declare class RotateTunnelAccessTokenCommand extends $Command<RotateTunnelAccessTokenCommandInput, RotateTunnelAccessTokenCommandOutput, IoTSecureTunnelingClientResolvedConfig> {
+    readonly input: RotateTunnelAccessTokenCommandInput;
+    constructor(input: RotateTunnelAccessTokenCommandInput);
+    
+    resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: IoTSecureTunnelingClientResolvedConfig, options?: __HttpHandlerOptions): Handler<RotateTunnelAccessTokenCommandInput, RotateTunnelAccessTokenCommandOutput>;
+    private serialize;
+    private deserialize;
+}

package/dist-types/ts3.4/commands/index.d.ts

@@ -3,5 +3,6 @@ export * from "./DescribeTunnelCommand";
 export * from "./ListTagsForResourceCommand";
 export * from "./ListTunnelsCommand";
 export * from "./OpenTunnelCommand";
+export * from "./RotateTunnelAccessTokenCommand";
 export * from "./TagResourceCommand";
 export * from "./UntagResourceCommand";

package/dist-types/ts3.4/models/models_0.d.ts

@@ -1,5 +1,10 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@aws-sdk/smithy-client";
 import { IoTSecureTunnelingServiceException as __BaseException } from "./IoTSecureTunnelingServiceException";
+export declare enum ClientMode {
+    ALL = "ALL",
+    DESTINATION = "DESTINATION",
+    SOURCE = "SOURCE"
+}
 export interface CloseTunnelRequest {
     
     tunnelId: string | undefined;
@@ -210,6 +215,30 @@ export declare namespace OpenTunnelResponse {
     
     const filterSensitiveLog: (obj: OpenTunnelResponse) => any;
 }
+export interface RotateTunnelAccessTokenRequest {
+    
+    tunnelId: string | undefined;
+    
+    clientMode: ClientMode | string | undefined;
+    
+    destinationConfig?: DestinationConfig;
+}
+export declare namespace RotateTunnelAccessTokenRequest {
+    
+    const filterSensitiveLog: (obj: RotateTunnelAccessTokenRequest) => any;
+}
+export interface RotateTunnelAccessTokenResponse {
+    
+    tunnelArn?: string;
+    
+    sourceAccessToken?: string;
+    
+    destinationAccessToken?: string;
+}
+export declare namespace RotateTunnelAccessTokenResponse {
+    
+    const filterSensitiveLog: (obj: RotateTunnelAccessTokenResponse) => any;
+}
 export interface TagResourceRequest {
     
     resourceArn: string | undefined;

package/dist-types/ts3.4/protocols/Aws_json1_1.d.ts

@@ -5,6 +5,7 @@ import { DescribeTunnelCommandInput, DescribeTunnelCommandOutput } from "../comm
 import { ListTagsForResourceCommandInput, ListTagsForResourceCommandOutput } from "../commands/ListTagsForResourceCommand";
 import { ListTunnelsCommandInput, ListTunnelsCommandOutput } from "../commands/ListTunnelsCommand";
 import { OpenTunnelCommandInput, OpenTunnelCommandOutput } from "../commands/OpenTunnelCommand";
+import { RotateTunnelAccessTokenCommandInput, RotateTunnelAccessTokenCommandOutput } from "../commands/RotateTunnelAccessTokenCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "../commands/TagResourceCommand";
 import { UntagResourceCommandInput, UntagResourceCommandOutput } from "../commands/UntagResourceCommand";
 export declare const serializeAws_json1_1CloseTunnelCommand: (input: CloseTunnelCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
@@ -12,6 +13,7 @@ export declare const serializeAws_json1_1DescribeTunnelCommand: (input: Describe
 export declare const serializeAws_json1_1ListTagsForResourceCommand: (input: ListTagsForResourceCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 export declare const serializeAws_json1_1ListTunnelsCommand: (input: ListTunnelsCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 export declare const serializeAws_json1_1OpenTunnelCommand: (input: OpenTunnelCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
+export declare const serializeAws_json1_1RotateTunnelAccessTokenCommand: (input: RotateTunnelAccessTokenCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 export declare const serializeAws_json1_1TagResourceCommand: (input: TagResourceCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 export declare const serializeAws_json1_1UntagResourceCommand: (input: UntagResourceCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 export declare const deserializeAws_json1_1CloseTunnelCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<CloseTunnelCommandOutput>;
@@ -19,5 +21,6 @@ export declare const deserializeAws_json1_1DescribeTunnelCommand: (output: __Htt
 export declare const deserializeAws_json1_1ListTagsForResourceCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<ListTagsForResourceCommandOutput>;
 export declare const deserializeAws_json1_1ListTunnelsCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<ListTunnelsCommandOutput>;
 export declare const deserializeAws_json1_1OpenTunnelCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<OpenTunnelCommandOutput>;
+export declare const deserializeAws_json1_1RotateTunnelAccessTokenCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<RotateTunnelAccessTokenCommandOutput>;
 export declare const deserializeAws_json1_1TagResourceCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<TagResourceCommandOutput>;
 export declare const deserializeAws_json1_1UntagResourceCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<UntagResourceCommandOutput>;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-iotsecuretunneling",
   "description": "AWS SDK for JavaScript Iotsecuretunneling Client for Node.js, Browser and React Native",
-  "version": "3.82.0",
+  "version": "3.84.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "tsc -p tsconfig.cjs.json",