@aws-sdk/client-sts 3.288.0 → 3.290.0

package/dist-types/commands/AssumeRoleCommand.d.ts

@@ -116,6 +116,80 @@ export interface AssumeRoleCommandOutput extends AssumeRoleResponse, __MetadataB
  * @see {@link AssumeRoleCommandOutput} for command's `response` shape.
  * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
+ * @throws {@link ExpiredTokenException} (client fault)
+ *  <p>The web identity token that was passed is expired or is not valid. Get a new identity
+ *             token from the identity provider and then retry the request.</p>
+ *
+ * @throws {@link MalformedPolicyDocumentException} (client fault)
+ *  <p>The request was rejected because the policy document was malformed. The error message
+ *             describes the specific error.</p>
+ *
+ * @throws {@link PackedPolicyTooLargeException} (client fault)
+ *  <p>The request was rejected because the total packed size of the session policies and
+ *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
+ *             document, session policy ARNs, and session tags into a packed binary format that has a
+ *             separate limit. The error message indicates by percentage how close the policies and
+ *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
+ *             the <i>IAM User Guide</i>.</p>
+ *          <p>You could receive this error even though you meet other defined session policy and
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
+ *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *
+ * @throws {@link RegionDisabledException} (client fault)
+ *  <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate STS
+ *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                     Guide</i>.</p>
+ *
+ *
+ * @example To assume a role
+ * ```javascript
+ * //
+ * const input = {
+ *   "ExternalId": "123ABC",
+ *   "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:ListAllMyBuckets\",\"Resource\":\"*\"}]}",
+ *   "RoleArn": "arn:aws:iam::123456789012:role/demo",
+ *   "RoleSessionName": "testAssumeRoleSession",
+ *   "Tags": [
+ *     {
+ *       "Key": "Project",
+ *       "Value": "Unicorn"
+ *     },
+ *     {
+ *       "Key": "Team",
+ *       "Value": "Automation"
+ *     },
+ *     {
+ *       "Key": "Cost-Center",
+ *       "Value": "12345"
+ *     }
+ *   ],
+ *   "TransitiveTagKeys": [
+ *     "Project",
+ *     "Cost-Center"
+ *   ]
+ * };
+ * const command = new AssumeRoleCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "AssumedRoleUser": {
+ *     "Arn": "arn:aws:sts::123456789012:assumed-role/demo/Bob",
+ *     "AssumedRoleId": "ARO123EXAMPLE123:Bob"
+ *   },
+ *   "Credentials": {
+ *     "AccessKeyId": "AKIAIOSFODNN7EXAMPLE",
+ *     "Expiration": "2011-07-15T23:28:33.359Z",
+ *     "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
+ *     "SessionToken": "AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA=="
+ *   },
+ *   "PackedPolicySize": 8
+ * }
+ * *\/
+ * // example id: to-assume-a-role-1480532402212
+ * ```
+ *
  */
 export declare class AssumeRoleCommand extends $Command<AssumeRoleCommandInput, AssumeRoleCommandOutput, STSClientResolvedConfig> {
     readonly input: AssumeRoleCommandInput;

package/dist-types/commands/AssumeRoleWithSAMLCommand.d.ts

@@ -157,6 +157,77 @@ export interface AssumeRoleWithSAMLCommandOutput extends AssumeRoleWithSAMLRespo
  * @see {@link AssumeRoleWithSAMLCommandOutput} for command's `response` shape.
  * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
+ * @throws {@link ExpiredTokenException} (client fault)
+ *  <p>The web identity token that was passed is expired or is not valid. Get a new identity
+ *             token from the identity provider and then retry the request.</p>
+ *
+ * @throws {@link IDPRejectedClaimException} (client fault)
+ *  <p>The identity provider (IdP) reported that authentication failed. This might be because
+ *             the claim is invalid.</p>
+ *          <p>If this error is returned for the <code>AssumeRoleWithWebIdentity</code> operation, it
+ *             can also mean that the claim has expired or has been explicitly revoked. </p>
+ *
+ * @throws {@link InvalidIdentityTokenException} (client fault)
+ *  <p>The web identity token that was passed could not be validated by Amazon Web Services. Get a new
+ *             identity token from the identity provider and then retry the request.</p>
+ *
+ * @throws {@link MalformedPolicyDocumentException} (client fault)
+ *  <p>The request was rejected because the policy document was malformed. The error message
+ *             describes the specific error.</p>
+ *
+ * @throws {@link PackedPolicyTooLargeException} (client fault)
+ *  <p>The request was rejected because the total packed size of the session policies and
+ *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
+ *             document, session policy ARNs, and session tags into a packed binary format that has a
+ *             separate limit. The error message indicates by percentage how close the policies and
+ *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
+ *             the <i>IAM User Guide</i>.</p>
+ *          <p>You could receive this error even though you meet other defined session policy and
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
+ *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *
+ * @throws {@link RegionDisabledException} (client fault)
+ *  <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate STS
+ *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                     Guide</i>.</p>
+ *
+ *
+ * @example To assume a role using a SAML assertion
+ * ```javascript
+ * //
+ * const input = {
+ *   "DurationSeconds": 3600,
+ *   "PrincipalArn": "arn:aws:iam::123456789012:saml-provider/SAML-test",
+ *   "RoleArn": "arn:aws:iam::123456789012:role/TestSaml",
+ *   "SAMLAssertion": "VERYLONGENCODEDASSERTIONEXAMPLExzYW1sOkF1ZGllbmNlPmJsYW5rPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50Ij5TYW1sRXhhbXBsZTwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAxOS0xMS0wMVQyMDoyNTowNS4xNDVaIiBSZWNpcGllbnQ9Imh0dHBzOi8vc2lnbmluLmF3cy5hbWF6b24uY29tL3NhbWwiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRoPD94bWwgdmpSZXNwb25zZT4="
+ * };
+ * const command = new AssumeRoleWithSAMLCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "AssumedRoleUser": {
+ *     "Arn": "arn:aws:sts::123456789012:assumed-role/TestSaml",
+ *     "AssumedRoleId": "ARO456EXAMPLE789:TestSaml"
+ *   },
+ *   "Audience": "https://signin.aws.amazon.com/saml",
+ *   "Credentials": {
+ *     "AccessKeyId": "ASIAV3ZUEFP6EXAMPLE",
+ *     "Expiration": "2019-11-01T20:26:47Z",
+ *     "SecretAccessKey": "8P+SQvWIuLnKhh8d++jpw0nNmQRBZvNEXAMPLEKEY",
+ *     "SessionToken": "IQoJb3JpZ2luX2VjEOz////////////////////wEXAMPLEtMSJHMEUCIDoKK3JH9uGQE1z0sINr5M4jk+Na8KHDcCYRVjJCZEvOAiEA3OvJGtw1EcViOleS2vhs8VdCKFJQWPQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA=="
+ *   },
+ *   "Issuer": "https://integ.example.com/idp/shibboleth",
+ *   "NameQualifier": "SbdGOnUkh1i4+EXAMPLExL/jEvs=",
+ *   "PackedPolicySize": 6,
+ *   "Subject": "SamlExample",
+ *   "SubjectType": "transient"
+ * }
+ * *\/
+ * // example id: to-assume-role-with-saml-14882749597814
+ * ```
+ *
  */
 export declare class AssumeRoleWithSAMLCommand extends $Command<AssumeRoleWithSAMLCommandInput, AssumeRoleWithSAMLCommandOutput, STSClientResolvedConfig> {
     readonly input: AssumeRoleWithSAMLCommandInput;

package/dist-types/commands/AssumeRoleWithWebIdentityCommand.d.ts

@@ -161,6 +161,84 @@ export interface AssumeRoleWithWebIdentityCommandOutput extends AssumeRoleWithWe
  * @see {@link AssumeRoleWithWebIdentityCommandOutput} for command's `response` shape.
  * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
+ * @throws {@link ExpiredTokenException} (client fault)
+ *  <p>The web identity token that was passed is expired or is not valid. Get a new identity
+ *             token from the identity provider and then retry the request.</p>
+ *
+ * @throws {@link IDPCommunicationErrorException} (client fault)
+ *  <p>The request could not be fulfilled because the identity provider (IDP) that
+ *             was asked to verify the incoming identity token could not be reached. This is often a
+ *             transient error caused by network conditions. Retry the request a limited number of
+ *             times so that you don't exceed the request rate. If the error persists, the
+ *             identity provider might be down or not responding.</p>
+ *
+ * @throws {@link IDPRejectedClaimException} (client fault)
+ *  <p>The identity provider (IdP) reported that authentication failed. This might be because
+ *             the claim is invalid.</p>
+ *          <p>If this error is returned for the <code>AssumeRoleWithWebIdentity</code> operation, it
+ *             can also mean that the claim has expired or has been explicitly revoked. </p>
+ *
+ * @throws {@link InvalidIdentityTokenException} (client fault)
+ *  <p>The web identity token that was passed could not be validated by Amazon Web Services. Get a new
+ *             identity token from the identity provider and then retry the request.</p>
+ *
+ * @throws {@link MalformedPolicyDocumentException} (client fault)
+ *  <p>The request was rejected because the policy document was malformed. The error message
+ *             describes the specific error.</p>
+ *
+ * @throws {@link PackedPolicyTooLargeException} (client fault)
+ *  <p>The request was rejected because the total packed size of the session policies and
+ *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
+ *             document, session policy ARNs, and session tags into a packed binary format that has a
+ *             separate limit. The error message indicates by percentage how close the policies and
+ *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
+ *             the <i>IAM User Guide</i>.</p>
+ *          <p>You could receive this error even though you meet other defined session policy and
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
+ *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *
+ * @throws {@link RegionDisabledException} (client fault)
+ *  <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate STS
+ *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                     Guide</i>.</p>
+ *
+ *
+ * @example To assume a role as an OpenID Connect-federated user
+ * ```javascript
+ * //
+ * const input = {
+ *   "DurationSeconds": 3600,
+ *   "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:ListAllMyBuckets\",\"Resource\":\"*\"}]}",
+ *   "ProviderId": "www.amazon.com",
+ *   "RoleArn": "arn:aws:iam::123456789012:role/FederatedWebIdentityRole",
+ *   "RoleSessionName": "app1",
+ *   "WebIdentityToken": "Atza%7CIQEBLjAsAhRFiXuWpUXuRvQ9PZL3GMFcYevydwIUFAHZwXZXXXXXXXXJnrulxKDHwy87oGKPznh0D6bEQZTSCzyoCtL_8S07pLpr0zMbn6w1lfVZKNTBdDansFBmtGnIsIapjI6xKR02Yc_2bQ8LZbUXSGm6Ry6_BG7PrtLZtj_dfCTj92xNGed-CrKqjG7nPBjNIL016GGvuS5gSvPRUxWES3VYfm1wl7WTI7jn-Pcb6M-buCgHhFOzTQxod27L9CqnOLio7N3gZAGpsp6n1-AJBOCJckcyXe2c6uD0srOJeZlKUm2eTDVMf8IehDVI0r1QOnTV6KzzAI3OY87Vd_cVMQ"
+ * };
+ * const command = new AssumeRoleWithWebIdentityCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "AssumedRoleUser": {
+ *     "Arn": "arn:aws:sts::123456789012:assumed-role/FederatedWebIdentityRole/app1",
+ *     "AssumedRoleId": "AROACLKWSDQRAOEXAMPLE:app1"
+ *   },
+ *   "Audience": "client.5498841531868486423.1548@apps.example.com",
+ *   "Credentials": {
+ *     "AccessKeyId": "AKIAIOSFODNN7EXAMPLE",
+ *     "Expiration": "2014-10-24T23:00:23Z",
+ *     "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
+ *     "SessionToken": "AQoDYXdzEE0a8ANXXXXXXXXNO1ewxE5TijQyp+IEXAMPLE"
+ *   },
+ *   "PackedPolicySize": 123,
+ *   "Provider": "www.amazon.com",
+ *   "SubjectFromWebIdentityToken": "amzn1.account.AF6RHO7KZU5XRVQJGXK6HEXAMPLE"
+ * }
+ * *\/
+ * // example id: to-assume-a-role-as-an-openid-connect-federated-user-1480533445696
+ * ```
+ *
  */
 export declare class AssumeRoleWithWebIdentityCommand extends $Command<AssumeRoleWithWebIdentityCommandInput, AssumeRoleWithWebIdentityCommandOutput, STSClientResolvedConfig> {
     readonly input: AssumeRoleWithWebIdentityCommandInput;

package/dist-types/commands/DecodeAuthorizationMessageCommand.d.ts

@@ -64,6 +64,28 @@ export interface DecodeAuthorizationMessageCommandOutput extends DecodeAuthoriza
  * @see {@link DecodeAuthorizationMessageCommandOutput} for command's `response` shape.
  * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
+ * @throws {@link InvalidAuthorizationMessageException} (client fault)
+ *  <p>The error returned if the message passed to <code>DecodeAuthorizationMessage</code>
+ *             was invalid. This can happen if the token contains invalid characters, such as
+ *             linebreaks. </p>
+ *
+ *
+ * @example To decode information about an authorization status of a request
+ * ```javascript
+ * //
+ * const input = {
+ *   "EncodedMessage": "<encoded-message>"
+ * };
+ * const command = new DecodeAuthorizationMessageCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "DecodedMessage": "{\"allowed\": \"false\",\"explicitDeny\": \"false\",\"matchedStatements\": \"\",\"failures\": \"\",\"context\": {\"principal\": {\"id\": \"AIDACKCEVSQ6C2EXAMPLE\",\"name\": \"Bob\",\"arn\": \"arn:aws:iam::123456789012:user/Bob\"},\"action\": \"ec2:StopInstances\",\"resource\": \"arn:aws:ec2:us-east-1:123456789012:instance/i-dd01c9bd\",\"conditions\": [{\"item\": {\"key\": \"ec2:Tenancy\",\"values\": [\"default\"]},{\"item\": {\"key\": \"ec2:ResourceTag/elasticbeanstalk:environment-name\",\"values\": [\"Default-Environment\"]}},(Additional items ...)]}}"
+ * }
+ * *\/
+ * // example id: to-decode-information-about-an-authorization-status-of-a-request-1480533854499
+ * ```
+ *
  */
 export declare class DecodeAuthorizationMessageCommand extends $Command<DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput, STSClientResolvedConfig> {
     readonly input: DecodeAuthorizationMessageCommandInput;

package/dist-types/commands/GetAccessKeyInfoCommand.d.ts

@@ -46,6 +46,7 @@ export interface GetAccessKeyInfoCommandOutput extends GetAccessKeyInfoResponse,
  * @see {@link GetAccessKeyInfoCommandOutput} for command's `response` shape.
  * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
+ *
  */
 export declare class GetAccessKeyInfoCommand extends $Command<GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput, STSClientResolvedConfig> {
     readonly input: GetAccessKeyInfoCommandInput;

package/dist-types/commands/GetCallerIdentityCommand.d.ts

@@ -38,6 +38,55 @@ export interface GetCallerIdentityCommandOutput extends GetCallerIdentityRespons
  * @see {@link GetCallerIdentityCommandOutput} for command's `response` shape.
  * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
+ *
+ * @example To get details about a calling IAM user
+ * ```javascript
+ * // This example shows a request and response made with the credentials for a user named Alice in the AWS account 123456789012.
+ * const input = {};
+ * const command = new GetCallerIdentityCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "Account": "123456789012",
+ *   "Arn": "arn:aws:iam::123456789012:user/Alice",
+ *   "UserId": "AKIAI44QH8DHBEXAMPLE"
+ * }
+ * *\/
+ * // example id: to-get-details-about-a-calling-iam-user-1480540050376
+ * ```
+ *
+ * @example To get details about a calling user federated with AssumeRole
+ * ```javascript
+ * // This example shows a request and response made with temporary credentials created by AssumeRole. The name of the assumed role is my-role-name, and the RoleSessionName is set to my-role-session-name.
+ * const input = {};
+ * const command = new GetCallerIdentityCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "Account": "123456789012",
+ *   "Arn": "arn:aws:sts::123456789012:assumed-role/my-role-name/my-role-session-name",
+ *   "UserId": "AKIAI44QH8DHBEXAMPLE:my-role-session-name"
+ * }
+ * *\/
+ * // example id: to-get-details-about-a-calling-user-federated-with-assumerole-1480540158545
+ * ```
+ *
+ * @example To get details about a calling user federated with GetFederationToken
+ * ```javascript
+ * // This example shows a request and response made with temporary credentials created by using GetFederationToken. The Name parameter is set to my-federated-user-name.
+ * const input = {};
+ * const command = new GetCallerIdentityCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "Account": "123456789012",
+ *   "Arn": "arn:aws:sts::123456789012:federated-user/my-federated-user-name",
+ *   "UserId": "123456789012:my-federated-user-name"
+ * }
+ * *\/
+ * // example id: to-get-details-about-a-calling-user-federated-with-getfederationtoken-1480540231316
+ * ```
+ *
  */
 export declare class GetCallerIdentityCommand extends $Command<GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput, STSClientResolvedConfig> {
     readonly input: GetCallerIdentityCommandInput;

package/dist-types/commands/GetFederationTokenCommand.d.ts

@@ -115,6 +115,67 @@ export interface GetFederationTokenCommandOutput extends GetFederationTokenRespo
  * @see {@link GetFederationTokenCommandOutput} for command's `response` shape.
  * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
+ * @throws {@link MalformedPolicyDocumentException} (client fault)
+ *  <p>The request was rejected because the policy document was malformed. The error message
+ *             describes the specific error.</p>
+ *
+ * @throws {@link PackedPolicyTooLargeException} (client fault)
+ *  <p>The request was rejected because the total packed size of the session policies and
+ *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
+ *             document, session policy ARNs, and session tags into a packed binary format that has a
+ *             separate limit. The error message indicates by percentage how close the policies and
+ *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
+ *             the <i>IAM User Guide</i>.</p>
+ *          <p>You could receive this error even though you meet other defined session policy and
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
+ *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *
+ * @throws {@link RegionDisabledException} (client fault)
+ *  <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate STS
+ *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                     Guide</i>.</p>
+ *
+ *
+ * @example To get temporary credentials for a role by using GetFederationToken
+ * ```javascript
+ * //
+ * const input = {
+ *   "DurationSeconds": 3600,
+ *   "Name": "testFedUserSession",
+ *   "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:ListAllMyBuckets\",\"Resource\":\"*\"}]}",
+ *   "Tags": [
+ *     {
+ *       "Key": "Project",
+ *       "Value": "Pegasus"
+ *     },
+ *     {
+ *       "Key": "Cost-Center",
+ *       "Value": "98765"
+ *     }
+ *   ]
+ * };
+ * const command = new GetFederationTokenCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "Credentials": {
+ *     "AccessKeyId": "AKIAIOSFODNN7EXAMPLE",
+ *     "Expiration": "2011-07-15T23:28:33.359Z",
+ *     "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
+ *     "SessionToken": "AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA=="
+ *   },
+ *   "FederatedUser": {
+ *     "Arn": "arn:aws:sts::123456789012:federated-user/Bob",
+ *     "FederatedUserId": "123456789012:Bob"
+ *   },
+ *   "PackedPolicySize": 8
+ * }
+ * *\/
+ * // example id: to-get-temporary-credentials-for-a-role-by-using-getfederationtoken-1480540749900
+ * ```
+ *
  */
 export declare class GetFederationTokenCommand extends $Command<GetFederationTokenCommandInput, GetFederationTokenCommandOutput, STSClientResolvedConfig> {
     readonly input: GetFederationTokenCommandInput;

package/dist-types/commands/GetSessionTokenCommand.d.ts

@@ -87,6 +87,37 @@ export interface GetSessionTokenCommandOutput extends GetSessionTokenResponse, _
  * @see {@link GetSessionTokenCommandOutput} for command's `response` shape.
  * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
+ * @throws {@link RegionDisabledException} (client fault)
+ *  <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate STS
+ *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                     Guide</i>.</p>
+ *
+ *
+ * @example To get temporary credentials for an IAM user or an AWS account
+ * ```javascript
+ * //
+ * const input = {
+ *   "DurationSeconds": 3600,
+ *   "SerialNumber": "YourMFASerialNumber",
+ *   "TokenCode": "123456"
+ * };
+ * const command = new GetSessionTokenCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "Credentials": {
+ *     "AccessKeyId": "AKIAIOSFODNN7EXAMPLE",
+ *     "Expiration": "2011-07-11T19:55:29.611Z",
+ *     "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
+ *     "SessionToken": "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE"
+ *   }
+ * }
+ * *\/
+ * // example id: to-get-temporary-credentials-for-an-iam-user-or-an-aws-account-1480540814038
+ * ```
+ *
  */
 export declare class GetSessionTokenCommand extends $Command<GetSessionTokenCommandInput, GetSessionTokenCommandOutput, STSClientResolvedConfig> {
     readonly input: GetSessionTokenCommandInput;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-sts",
   "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native",
-  "version": "3.288.0",
+  "version": "3.290.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "tsc -p tsconfig.cjs.json",
@@ -22,37 +22,37 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "3.0.0",
     "@aws-crypto/sha256-js": "3.0.0",
-    "@aws-sdk/config-resolver": "3.287.0",
-    "@aws-sdk/credential-provider-node": "3.288.0",
-    "@aws-sdk/fetch-http-handler": "3.282.0",
-    "@aws-sdk/hash-node": "3.272.0",
-    "@aws-sdk/invalid-dependency": "3.272.0",
-    "@aws-sdk/middleware-content-length": "3.282.0",
-    "@aws-sdk/middleware-endpoint": "3.282.0",
-    "@aws-sdk/middleware-host-header": "3.282.0",
-    "@aws-sdk/middleware-logger": "3.288.0",
-    "@aws-sdk/middleware-recursion-detection": "3.282.0",
-    "@aws-sdk/middleware-retry": "3.287.0",
-    "@aws-sdk/middleware-sdk-sts": "3.282.0",
-    "@aws-sdk/middleware-serde": "3.272.0",
-    "@aws-sdk/middleware-signing": "3.282.0",
-    "@aws-sdk/middleware-stack": "3.272.0",
-    "@aws-sdk/middleware-user-agent": "3.282.0",
-    "@aws-sdk/node-config-provider": "3.287.0",
-    "@aws-sdk/node-http-handler": "3.282.0",
-    "@aws-sdk/protocol-http": "3.282.0",
-    "@aws-sdk/smithy-client": "3.279.0",
-    "@aws-sdk/types": "3.272.0",
-    "@aws-sdk/url-parser": "3.272.0",
+    "@aws-sdk/config-resolver": "3.290.0",
+    "@aws-sdk/credential-provider-node": "3.290.0",
+    "@aws-sdk/fetch-http-handler": "3.290.0",
+    "@aws-sdk/hash-node": "3.290.0",
+    "@aws-sdk/invalid-dependency": "3.290.0",
+    "@aws-sdk/middleware-content-length": "3.290.0",
+    "@aws-sdk/middleware-endpoint": "3.290.0",
+    "@aws-sdk/middleware-host-header": "3.290.0",
+    "@aws-sdk/middleware-logger": "3.290.0",
+    "@aws-sdk/middleware-recursion-detection": "3.290.0",
+    "@aws-sdk/middleware-retry": "3.290.0",
+    "@aws-sdk/middleware-sdk-sts": "3.290.0",
+    "@aws-sdk/middleware-serde": "3.290.0",
+    "@aws-sdk/middleware-signing": "3.290.0",
+    "@aws-sdk/middleware-stack": "3.290.0",
+    "@aws-sdk/middleware-user-agent": "3.290.0",
+    "@aws-sdk/node-config-provider": "3.290.0",
+    "@aws-sdk/node-http-handler": "3.290.0",
+    "@aws-sdk/protocol-http": "3.290.0",
+    "@aws-sdk/smithy-client": "3.290.0",
+    "@aws-sdk/types": "3.290.0",
+    "@aws-sdk/url-parser": "3.290.0",
     "@aws-sdk/util-base64": "3.208.0",
     "@aws-sdk/util-body-length-browser": "3.188.0",
     "@aws-sdk/util-body-length-node": "3.208.0",
-    "@aws-sdk/util-defaults-mode-browser": "3.279.0",
-    "@aws-sdk/util-defaults-mode-node": "3.287.0",
-    "@aws-sdk/util-endpoints": "3.272.0",
-    "@aws-sdk/util-retry": "3.272.0",
-    "@aws-sdk/util-user-agent-browser": "3.282.0",
-    "@aws-sdk/util-user-agent-node": "3.287.0",
+    "@aws-sdk/util-defaults-mode-browser": "3.290.0",
+    "@aws-sdk/util-defaults-mode-node": "3.290.0",
+    "@aws-sdk/util-endpoints": "3.290.0",
+    "@aws-sdk/util-retry": "3.290.0",
+    "@aws-sdk/util-user-agent-browser": "3.290.0",
+    "@aws-sdk/util-user-agent-node": "3.290.0",
     "@aws-sdk/util-utf8": "3.254.0",
     "fast-xml-parser": "4.1.2",
     "tslib": "^2.3.1"