@aws-sdk/client-signin 3.1065.0 → 3.1067.0

package/dist-types/commands/PutResourcePermissionStatementCommand.d.ts

@@ -0,0 +1,136 @@
+import { Command as $Command } from "@smithy/core/client";
+import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import type { PutResourcePermissionStatementInput, PutResourcePermissionStatementOutput } from "../models/models_0";
+import type { ServiceInputTypes, ServiceOutputTypes, SigninClientResolvedConfig } from "../SigninClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link PutResourcePermissionStatementCommand}.
+ */
+export interface PutResourcePermissionStatementCommandInput extends PutResourcePermissionStatementInput {
+}
+/**
+ * @public
+ *
+ * The output of {@link PutResourcePermissionStatementCommand}.
+ */
+export interface PutResourcePermissionStatementCommandOutput extends PutResourcePermissionStatementOutput, __MetadataBearer {
+}
+declare const PutResourcePermissionStatementCommand_base: {
+    new (input: PutResourcePermissionStatementCommandInput): import("@smithy/core/client").CommandImpl<PutResourcePermissionStatementCommandInput, PutResourcePermissionStatementCommandOutput, SigninClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (...[input]: [] | [PutResourcePermissionStatementCommandInput]): import("@smithy/core/client").CommandImpl<PutResourcePermissionStatementCommandInput, PutResourcePermissionStatementCommandOutput, SigninClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): {
+        [x: string]: unknown;
+    };
+};
+/**
+ * Create a permission statement in the account's SignIn resource-based policy
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { SigninClient, PutResourcePermissionStatementCommand } from "@aws-sdk/client-signin"; // ES Modules import
+ * // const { SigninClient, PutResourcePermissionStatementCommand } = require("@aws-sdk/client-signin"); // CommonJS import
+ * // import type { SigninClientConfig } from "@aws-sdk/client-signin";
+ * const config = {}; // type is SigninClientConfig
+ * const client = new SigninClient(config);
+ * const input = { // PutResourcePermissionStatementInput
+ *   sourceVpc: "STRING_VALUE",
+ *   signinSourceVpce: "STRING_VALUE",
+ *   consoleSourceVpce: "STRING_VALUE",
+ *   vpcSourceIp: "STRING_VALUE",
+ *   sourceIp: "STRING_VALUE",
+ *   requestedRegion: "STRING_VALUE",
+ *   excludedPrincipal: "STRING_VALUE",
+ *   clientToken: "STRING_VALUE",
+ * };
+ * const command = new PutResourcePermissionStatementCommand(input);
+ * const response = await client.send(command);
+ * // { // PutResourcePermissionStatementOutput
+ * //   statementId: "STRING_VALUE", // required
+ * // };
+ *
+ * ```
+ *
+ * @param PutResourcePermissionStatementCommandInput - {@link PutResourcePermissionStatementCommandInput}
+ * @returns {@link PutResourcePermissionStatementCommandOutput}
+ * @see {@link PutResourcePermissionStatementCommandInput} for command's `input` shape.
+ * @see {@link PutResourcePermissionStatementCommandOutput} for command's `response` shape.
+ * @see {@link SigninClientResolvedConfig | config} for SigninClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  Error thrown for access denied scenarios with flexible HTTP status mapping
+ *
+ * Runtime HTTP Status Code Mapping:
+ * - HTTP 401 (Unauthorized): TOKEN_EXPIRED, AUTHCODE_EXPIRED
+ * - HTTP 403 (Forbidden): USER_CREDENTIALS_CHANGED, INSUFFICIENT_PERMISSIONS
+ *
+ * The specific HTTP status code is determined at runtime based on the error enum value.
+ * Consumers should use the error field to determine the specific access denial reason.
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  Error thrown when request conflicts with current state
+ *
+ * HTTP Status Code: 409 Conflict
+ *
+ * Used when the request conflicts with the current state of the resource
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  Error thrown when an internal server error occurs
+ *
+ * HTTP Status Code: 500 Internal Server Error
+ *
+ * Used for unexpected server-side errors that prevent request processing.
+ *
+ * @throws {@link ServiceQuotaExceededException} (client fault)
+ *  Error thrown when service quota is exceeded
+ *
+ * HTTP Status Code: 402 Payment Required (used as quota exceeded indicator)
+ *
+ * Used when the request would cause a service quota to be exceeded
+ *
+ * @throws {@link TooManyRequestsError} (client fault)
+ *  Error thrown when rate limit is exceeded
+ *
+ * HTTP Status Code: 429 Too Many Requests
+ *
+ * Possible OAuth2ErrorCode values:
+ * - INVALID_REQUEST: Rate limiting, too many requests, abuse prevention
+ *
+ * Possible causes:
+ * - Too many token requests from the same client
+ * - Rate limiting based on client_id or IP address
+ * - Abuse prevention mechanisms triggered
+ * - Service protection against excessive token generation
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  Error thrown when request validation fails
+ *
+ * HTTP Status Code: 400 Bad Request
+ *
+ * Used for request validation errors such as malformed parameters,
+ * missing required fields, or invalid parameter values.
+ *
+ * @throws {@link SigninServiceException}
+ * <p>Base exception class for all service exceptions from Signin service.</p>
+ *
+ *
+ * @public
+ */
+export declare class PutResourcePermissionStatementCommand extends PutResourcePermissionStatementCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: PutResourcePermissionStatementInput;
+            output: PutResourcePermissionStatementOutput;
+        };
+        sdk: {
+            input: PutResourcePermissionStatementCommandInput;
+            output: PutResourcePermissionStatementCommandOutput;
+        };
+    };
+}

package/dist-types/commands/index.d.ts

@@ -1 +1,8 @@
 export * from "./CreateOAuth2TokenCommand";
+export * from "./DeleteConsoleAuthorizationConfigurationCommand";
+export * from "./DeleteResourcePermissionStatementCommand";
+export * from "./GetConsoleAuthorizationConfigurationCommand";
+export * from "./GetResourcePolicyCommand";
+export * from "./ListResourcePermissionStatementsCommand";
+export * from "./PutConsoleAuthorizationConfigurationCommand";
+export * from "./PutResourcePermissionStatementCommand";

package/dist-types/endpoint/EndpointParameters.d.ts

@@ -47,4 +47,5 @@ export interface EndpointParameters extends __EndpointParameters {
     UseFIPS?: boolean | undefined;
     Endpoint?: string | undefined;
     Region?: string | undefined;
+    IsControlPlane?: boolean | undefined;
 }

package/dist-types/index.d.ts

@@ -11,6 +11,7 @@ export type { RuntimeExtension } from "./runtimeExtensions";
 export type { SigninExtensionConfiguration } from "./extensionConfiguration";
 export * from "./commands";
 export * from "./schemas/schemas_0";
+export * from "./pagination";
 export * from "./models/enums";
 export * from "./models/errors";
 export * from "./models/models_0";

package/dist-types/models/enums.d.ts

@@ -7,6 +7,10 @@ export declare const OAuth2ErrorCode: {
      * Authorization code has expired
      */
     readonly AUTHCODE_EXPIRED: "AUTHCODE_EXPIRED";
+    /**
+     * Request conflicts with current state of the resource
+     */
+    readonly CONFLICT: "CONFLICT";
     /**
      * Insufficient permissions to perform this operation
      */
@@ -15,10 +19,18 @@ export declare const OAuth2ErrorCode: {
      * The request is missing a required parameter, includes an invalid parameter value, or is otherwise malformed
      */
     readonly INVALID_REQUEST: "INVALID_REQUEST";
+    /**
+     * Requested resource was not found
+     */
+    readonly RESOURCE_NOT_FOUND: "RESOURCE_NOT_FOUND";
     /**
      * Internal server error occurred
      */
     readonly SERVER_ERROR: "server_error";
+    /**
+     * Request would cause a service quota to be exceeded
+     */
+    readonly SERVICE_QUOTA_EXCEEDED: "SERVICE_QUOTA_EXCEEDED";
     /**
      * Token has expired and needs to be refreshed
      */

package/dist-types/models/errors.d.ts

@@ -26,6 +26,28 @@ export declare class AccessDeniedException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<AccessDeniedException, __BaseException>);
 }
+/**
+ * Error thrown when request conflicts with current state
+ *
+ * HTTP Status Code: 409 Conflict
+ *
+ * Used when the request conflicts with the current state of the resource
+ * @public
+ */
+export declare class ConflictException extends __BaseException {
+    readonly name: "ConflictException";
+    readonly $fault: "client";
+    /**
+     * OAuth 2.0 error code indicating conflict
+     * Will be CONFLICT
+     * @public
+     */
+    error: OAuth2ErrorCode | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ConflictException, __BaseException>);
+}
 /**
  * Error thrown when an internal server error occurs
  *
@@ -100,3 +122,47 @@ export declare class ValidationException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<ValidationException, __BaseException>);
 }
+/**
+ * Error thrown when requested resource is not found
+ *
+ * HTTP Status Code: 404 Not Found
+ *
+ * Used when the specified resource does not exist
+ * @public
+ */
+export declare class ResourceNotFoundException extends __BaseException {
+    readonly name: "ResourceNotFoundException";
+    readonly $fault: "client";
+    /**
+     * OAuth 2.0 error code indicating resource not found
+     * Will be RESOURCE_NOT_FOUND
+     * @public
+     */
+    error: OAuth2ErrorCode | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ResourceNotFoundException, __BaseException>);
+}
+/**
+ * Error thrown when service quota is exceeded
+ *
+ * HTTP Status Code: 402 Payment Required (used as quota exceeded indicator)
+ *
+ * Used when the request would cause a service quota to be exceeded
+ * @public
+ */
+export declare class ServiceQuotaExceededException extends __BaseException {
+    readonly name: "ServiceQuotaExceededException";
+    readonly $fault: "client";
+    /**
+     * OAuth 2.0 error code indicating service quota exceeded
+     * Will be SERVICE_QUOTA_EXCEEDED
+     * @public
+     */
+    error: OAuth2ErrorCode | undefined;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ServiceQuotaExceededException, __BaseException>);
+}

package/dist-types/models/models_0.d.ts

@@ -140,3 +140,291 @@ export interface CreateOAuth2TokenResponse {
      */
     tokenOutput: CreateOAuth2TokenResponseBody | undefined;
 }
+/**
+ * Input for DeleteConsoleAuthorizationConfiguration operation
+ * @public
+ */
+export interface DeleteConsoleAuthorizationConfigurationInput {
+    /**
+     * Target account identifier
+     * @public
+     */
+    targetId?: string | undefined;
+}
+/**
+ * Output for DeleteConsoleAuthorizationConfiguration operation
+ * @public
+ */
+export interface DeleteConsoleAuthorizationConfigurationOutput {
+    /**
+     * Target account identifier
+     * @public
+     */
+    targetId: string | undefined;
+    /**
+     * Authorization scope
+     * @public
+     */
+    scope: string | undefined;
+    /**
+     * Whether console authorization is enabled
+     * @public
+     */
+    consoleAuthorizationEnabled: boolean | undefined;
+}
+/**
+ * Input for DeleteResourcePermissionStatement operation
+ * @public
+ */
+export interface DeleteResourcePermissionStatementInput {
+    /**
+     * Unique identifier of the permission statement to delete
+     * @public
+     */
+    statementId: string | undefined;
+    /**
+     * Idempotency token for the request
+     * @public
+     */
+    clientToken?: string | undefined;
+}
+/**
+ * Output for DeleteResourcePermissionStatement operation
+ * @public
+ */
+export interface DeleteResourcePermissionStatementOutput {
+}
+/**
+ * Input for GetConsoleAuthorizationConfiguration operation
+ * @public
+ */
+export interface GetConsoleAuthorizationConfigurationInput {
+    /**
+     * Target account identifier
+     * @public
+     */
+    targetId?: string | undefined;
+}
+/**
+ * Output for GetConsoleAuthorizationConfiguration operation
+ * @public
+ */
+export interface GetConsoleAuthorizationConfigurationOutput {
+    /**
+     * Target account identifier
+     * @public
+     */
+    targetId: string | undefined;
+    /**
+     * Authorization scope
+     * @public
+     */
+    scope: string | undefined;
+    /**
+     * Whether console authorization is enabled
+     * @public
+     */
+    consoleAuthorizationEnabled: boolean | undefined;
+}
+/**
+ * Input for GetResourcePolicy operation
+ * @public
+ */
+export interface GetResourcePolicyInput {
+}
+/**
+ * Individual policy statement within a resource-based policy
+ * @public
+ */
+export interface PolicyStatement {
+    /**
+     * Effect of the policy statement (Allow/Deny)
+     * @public
+     */
+    effect?: string | undefined;
+    /**
+     * Principal the statement applies to
+     * @public
+     */
+    principal?: Record<string, string> | undefined;
+    /**
+     * Actions the statement controls
+     * @public
+     */
+    action?: string[] | undefined;
+    /**
+     * Resource the statement applies to
+     * @public
+     */
+    resource?: string | undefined;
+    /**
+     * Condition block for the statement
+     * @public
+     */
+    condition?: Record<string, Record<string, string[]>> | undefined;
+}
+/**
+ * SignIn resource-based policy document
+ * @public
+ */
+export interface SigninResourceBasedPolicy {
+    /**
+     * Policy version
+     * @public
+     */
+    version?: string | undefined;
+    /**
+     * Policy statements
+     * @public
+     */
+    statement?: PolicyStatement[] | undefined;
+}
+/**
+ * Output for GetResourcePolicy operation
+ * @public
+ */
+export interface GetResourcePolicyOutput {
+    /**
+     * The account's SignIn resource-based policy
+     * @public
+     */
+    signinResourceBasedPolicy: SigninResourceBasedPolicy | undefined;
+}
+/**
+ * Input for ListResourcePermissionStatements operation
+ * @public
+ */
+export interface ListResourcePermissionStatementsInput {
+    /**
+     * Maximum number of results to return
+     * @public
+     */
+    maxResults?: number | undefined;
+    /**
+     * Token for pagination
+     * @public
+     */
+    nextToken?: string | undefined;
+}
+/**
+ * Summary of a permission statement
+ * @public
+ */
+export interface PermissionStatementSummary {
+    /**
+     * Unique identifier for the permission statement
+     * @public
+     */
+    sid: string | undefined;
+    /**
+     * Condition block for the permission statement
+     * @public
+     */
+    condition?: Record<string, Record<string, string[]>> | undefined;
+}
+/**
+ * Output for ListResourcePermissionStatements operation
+ * @public
+ */
+export interface ListResourcePermissionStatementsOutput {
+    /**
+     * List of permission statement summaries
+     * @public
+     */
+    permissionStatements: PermissionStatementSummary[] | undefined;
+    /**
+     * Token for next page of results
+     * @public
+     */
+    nextToken?: string | undefined;
+}
+/**
+ * Input for PutConsoleAuthorizationConfiguration operation
+ * @public
+ */
+export interface PutConsoleAuthorizationConfigurationInput {
+    /**
+     * Target account identifier
+     * @public
+     */
+    targetId?: string | undefined;
+}
+/**
+ * Output for PutConsoleAuthorizationConfiguration operation
+ * @public
+ */
+export interface PutConsoleAuthorizationConfigurationOutput {
+    /**
+     * Target account identifier
+     * @public
+     */
+    targetId: string | undefined;
+    /**
+     * Authorization scope
+     * @public
+     */
+    scope: string | undefined;
+    /**
+     * Whether console authorization is enabled
+     * @public
+     */
+    consoleAuthorizationEnabled: boolean | undefined;
+}
+/**
+ * Input for PutResourcePermissionStatement operation
+ * @public
+ */
+export interface PutResourcePermissionStatementInput {
+    /**
+     * VPC identifier to restrict console access
+     * @public
+     */
+    sourceVpc?: string | undefined;
+    /**
+     * SignIn VPC endpoint identifier
+     * @public
+     */
+    signinSourceVpce?: string | undefined;
+    /**
+     * Console VPC endpoint identifier
+     * @public
+     */
+    consoleSourceVpce?: string | undefined;
+    /**
+     * Source IP address within VPC
+     * @public
+     */
+    vpcSourceIp?: string | undefined;
+    /**
+     * Source IP address
+     * @public
+     */
+    sourceIp?: string | undefined;
+    /**
+     * AWS region where the VPC and VPC endpoint reside
+     * Required when sourceVpc or signinSourceVpce/consoleSourceVpce is provided
+     * @public
+     */
+    requestedRegion?: string | undefined;
+    /**
+     * Principal to exclude from the permission statement
+     * @public
+     */
+    excludedPrincipal?: string | undefined;
+    /**
+     * Idempotency token for the request
+     * @public
+     */
+    clientToken?: string | undefined;
+}
+/**
+ * Output for PutResourcePermissionStatement operation
+ * @public
+ */
+export interface PutResourcePermissionStatementOutput {
+    /**
+     * Unique identifier for the created permission statement
+     * @public
+     */
+    statementId: string | undefined;
+}

package/dist-types/pagination/Interfaces.d.ts

@@ -0,0 +1,8 @@
+import type { PaginationConfiguration } from "@smithy/types";
+import { SigninClient } from "../SigninClient";
+/**
+ * @public
+ */
+export interface SigninPaginationConfiguration extends PaginationConfiguration {
+    client: SigninClient;
+}

package/dist-types/pagination/ListResourcePermissionStatementsPaginator.d.ts

@@ -0,0 +1,7 @@
+import type { Paginator } from "@smithy/types";
+import { ListResourcePermissionStatementsCommandInput, ListResourcePermissionStatementsCommandOutput } from "../commands/ListResourcePermissionStatementsCommand";
+import type { SigninPaginationConfiguration } from "./Interfaces";
+/**
+ * @public
+ */
+export declare const paginateListResourcePermissionStatements: (config: SigninPaginationConfiguration, input: ListResourcePermissionStatementsCommandInput, ...rest: any[]) => Paginator<ListResourcePermissionStatementsCommandOutput>;

package/dist-types/pagination/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./Interfaces";
+export * from "./ListResourcePermissionStatementsPaginator";

package/dist-types/schemas/schemas_0.d.ts

@@ -2,7 +2,10 @@ import { TypeRegistry } from "@smithy/core/schema";
 import type { StaticErrorSchema, StaticOperationSchema, StaticStructureSchema } from "@smithy/types";
 export declare var SigninServiceException$: StaticErrorSchema;
 export declare var AccessDeniedException$: StaticErrorSchema;
+export declare var ConflictException$: StaticErrorSchema;
 export declare var InternalServerException$: StaticErrorSchema;
+export declare var ResourceNotFoundException$: StaticErrorSchema;
+export declare var ServiceQuotaExceededException$: StaticErrorSchema;
 export declare var TooManyRequestsError$: StaticErrorSchema;
 export declare var ValidationException$: StaticErrorSchema;
 /**
@@ -16,4 +19,28 @@ export declare var CreateOAuth2TokenRequest$: StaticStructureSchema;
 export declare var CreateOAuth2TokenRequestBody$: StaticStructureSchema;
 export declare var CreateOAuth2TokenResponse$: StaticStructureSchema;
 export declare var CreateOAuth2TokenResponseBody$: StaticStructureSchema;
+export declare var DeleteConsoleAuthorizationConfigurationInput$: StaticStructureSchema;
+export declare var DeleteConsoleAuthorizationConfigurationOutput$: StaticStructureSchema;
+export declare var DeleteResourcePermissionStatementInput$: StaticStructureSchema;
+export declare var DeleteResourcePermissionStatementOutput$: StaticStructureSchema;
+export declare var GetConsoleAuthorizationConfigurationInput$: StaticStructureSchema;
+export declare var GetConsoleAuthorizationConfigurationOutput$: StaticStructureSchema;
+export declare var GetResourcePolicyInput$: StaticStructureSchema;
+export declare var GetResourcePolicyOutput$: StaticStructureSchema;
+export declare var ListResourcePermissionStatementsInput$: StaticStructureSchema;
+export declare var ListResourcePermissionStatementsOutput$: StaticStructureSchema;
+export declare var PermissionStatementSummary$: StaticStructureSchema;
+export declare var PolicyStatement$: StaticStructureSchema;
+export declare var PutConsoleAuthorizationConfigurationInput$: StaticStructureSchema;
+export declare var PutConsoleAuthorizationConfigurationOutput$: StaticStructureSchema;
+export declare var PutResourcePermissionStatementInput$: StaticStructureSchema;
+export declare var PutResourcePermissionStatementOutput$: StaticStructureSchema;
+export declare var SigninResourceBasedPolicy$: StaticStructureSchema;
 export declare var CreateOAuth2Token$: StaticOperationSchema;
+export declare var DeleteConsoleAuthorizationConfiguration$: StaticOperationSchema;
+export declare var DeleteResourcePermissionStatement$: StaticOperationSchema;
+export declare var GetConsoleAuthorizationConfiguration$: StaticOperationSchema;
+export declare var GetResourcePolicy$: StaticOperationSchema;
+export declare var ListResourcePermissionStatements$: StaticOperationSchema;
+export declare var PutConsoleAuthorizationConfiguration$: StaticOperationSchema;
+export declare var PutResourcePermissionStatement$: StaticOperationSchema;