@aws-sdk/client-sts 3.370.0 → 3.377.0

package/dist-cjs/protocols/Aws_query.js

@@ -522,6 +522,16 @@ const se_AssumeRoleRequest = (input, context) => {
     if (input.SourceIdentity != null) {
         entries["SourceIdentity"] = input.SourceIdentity;
     }
+    if (input.ProvidedContexts != null) {
+        const memberEntries = se_ProvidedContextsListType(input.ProvidedContexts, context);
+        if (input.ProvidedContexts?.length === 0) {
+            entries.ProvidedContexts = [];
+        }
+        Object.entries(memberEntries).forEach(([key, value]) => {
+            const loc = `ProvidedContexts.${key}`;
+            entries[loc] = value;
+        });
+    }
     return entries;
 };
 const se_AssumeRoleWithSAMLRequest = (input, context) => {
@@ -671,6 +681,31 @@ const se_PolicyDescriptorType = (input, context) => {
     }
     return entries;
 };
+const se_ProvidedContext = (input, context) => {
+    const entries = {};
+    if (input.ProviderArn != null) {
+        entries["ProviderArn"] = input.ProviderArn;
+    }
+    if (input.ContextAssertion != null) {
+        entries["ContextAssertion"] = input.ContextAssertion;
+    }
+    return entries;
+};
+const se_ProvidedContextsListType = (input, context) => {
+    const entries = {};
+    let counter = 1;
+    for (const entry of input) {
+        if (entry === null) {
+            continue;
+        }
+        const memberEntries = se_ProvidedContext(entry, context);
+        Object.entries(memberEntries).forEach(([key, value]) => {
+            entries[`member.${counter}.${key}`] = value;
+        });
+        counter++;
+    }
+    return entries;
+};
 const se_Tag = (input, context) => {
     const entries = {};
     if (input.Key != null) {

package/dist-es/protocols/Aws_query.js

@@ -503,6 +503,16 @@ const se_AssumeRoleRequest = (input, context) => {
     if (input.SourceIdentity != null) {
         entries["SourceIdentity"] = input.SourceIdentity;
     }
+    if (input.ProvidedContexts != null) {
+        const memberEntries = se_ProvidedContextsListType(input.ProvidedContexts, context);
+        if (input.ProvidedContexts?.length === 0) {
+            entries.ProvidedContexts = [];
+        }
+        Object.entries(memberEntries).forEach(([key, value]) => {
+            const loc = `ProvidedContexts.${key}`;
+            entries[loc] = value;
+        });
+    }
     return entries;
 };
 const se_AssumeRoleWithSAMLRequest = (input, context) => {
@@ -652,6 +662,31 @@ const se_PolicyDescriptorType = (input, context) => {
     }
     return entries;
 };
+const se_ProvidedContext = (input, context) => {
+    const entries = {};
+    if (input.ProviderArn != null) {
+        entries["ProviderArn"] = input.ProviderArn;
+    }
+    if (input.ContextAssertion != null) {
+        entries["ContextAssertion"] = input.ContextAssertion;
+    }
+    return entries;
+};
+const se_ProvidedContextsListType = (input, context) => {
+    const entries = {};
+    let counter = 1;
+    for (const entry of input) {
+        if (entry === null) {
+            continue;
+        }
+        const memberEntries = se_ProvidedContext(entry, context);
+        Object.entries(memberEntries).forEach(([key, value]) => {
+            entries[`member.${counter}.${key}`] = value;
+        });
+        counter++;
+    }
+    return entries;
+};
 const se_Tag = (input, context) => {
     const entries = {};
     if (input.Key != null) {

package/dist-types/commands/AssumeRoleCommand.d.ts

@@ -58,8 +58,8 @@ export interface AssumeRoleCommandOutput extends AssumeRoleResponse, __MetadataB
  *          created. That trust policy states which accounts are allowed to delegate that access to
  *          users in the account. </p>
  *          <p>A user who wants to access a role in a different account must also have permissions that
- *          are delegated from the account administrator. The administrator must attach a policy
- *          that allows the user to call <code>AssumeRole</code> for the ARN of the role in the other
+ *          are delegated from the account administrator. The administrator must attach a policy that
+ *          allows the user to call <code>AssumeRole</code> for the ARN of the role in the other
  *          account.</p>
  *          <p>To allow a user to assume a role in the same account, you can do either of the
  *          following:</p>
@@ -140,6 +140,12 @@ export interface AssumeRoleCommandOutput extends AssumeRoleResponse, __MetadataB
  *   SerialNumber: "STRING_VALUE",
  *   TokenCode: "STRING_VALUE",
  *   SourceIdentity: "STRING_VALUE",
+ *   ProvidedContexts: [ // ProvidedContextsListType
+ *     { // ProvidedContext
+ *       ProviderArn: "STRING_VALUE",
+ *       ContextAssertion: "STRING_VALUE",
+ *     },
+ *   ],
  * };
  * const command = new AssumeRoleCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/AssumeRoleWithWebIdentityCommand.d.ts

@@ -32,8 +32,8 @@ export interface AssumeRoleWithWebIdentityCommandOutput extends AssumeRoleWithWe
  *                <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a> to uniquely
  *             identify a user. You can also supply the user with a consistent identity throughout the
  *             lifetime of an application.</p>
- *             <p>To learn more about Amazon Cognito, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html">Amazon Cognito identity pools</a> in
- *             <i>Amazon Cognito Developer Guide</i>.</p>
+ *             <p>To learn more about Amazon Cognito, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html">Amazon Cognito identity
+ *                pools</a> in <i>Amazon Cognito Developer Guide</i>.</p>
  *          </note>
  *          <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services
  *          security credentials. Therefore, you can distribute an application (for example, on mobile

package/dist-types/commands/GetAccessKeyInfoCommand.d.ts

@@ -31,13 +31,12 @@ export interface GetAccessKeyInfoCommandOutput extends GetAccessKeyInfoResponse,
  *             Users</a> in the <i>IAM User Guide</i>.</p>
  *          <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services account
  *          to which the keys belong. Access key IDs beginning with <code>AKIA</code> are long-term
- *          credentials for an IAM user or the Amazon Web Services account root user. Access key IDs beginning with
- *             <code>ASIA</code> are temporary credentials that are created using STS operations. If
- *          the account in the response belongs to you, you can sign in as the root user and review
- *          your root user access keys. Then, you can pull a <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html">credentials report</a> to
- *          learn which IAM user owns the keys. To learn who requested the temporary credentials for
- *          an <code>ASIA</code> access key, view the STS events in your <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html">CloudTrail logs</a> in the
- *             <i>IAM User Guide</i>.</p>
+ *          credentials for an IAM user or the Amazon Web Services account root user. Access key IDs
+ *          beginning with <code>ASIA</code> are temporary credentials that are created using STS
+ *          operations. If the account in the response belongs to you, you can sign in as the root user and review your root user access keys. Then, you can pull a <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html">credentials
+ *             report</a> to learn which IAM user owns the keys. To learn who
+ *          requested the temporary credentials for an <code>ASIA</code> access key, view the STS
+ *          events in your <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html">CloudTrail logs</a> in the <i>IAM User Guide</i>.</p>
  *          <p>This operation does not indicate the state of the access key. The key might be active,
  *          inactive, or deleted. Active keys might not have permissions to perform an operation.
  *          Providing a deleted access key might return an error that the key doesn't exist.</p>

package/dist-types/commands/GetCallerIdentityCommand.d.ts

@@ -23,12 +23,14 @@ export interface GetCallerIdentityCommandOutput extends GetCallerIdentityRespons
 }
 /**
  * @public
- * <p>Returns details about the IAM user or role whose credentials are used to call the operation.</p>
+ * <p>Returns details about the IAM user or role whose credentials are used to
+ *          call the operation.</p>
  *          <note>
- *             <p>No permissions are required to perform this operation. If an administrator
- *            attaches a policy to your identity that explicitly denies access to the
+ *             <p>No permissions are required to perform this operation. If an administrator attaches a
+ *             policy to your identity that explicitly denies access to the
  *                <code>sts:GetCallerIdentity</code> action, you can still perform this operation.
- *             Permissions are not required because the same information is returned when access is denied. To view an example response, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa">I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice</a> in the
+ *             Permissions are not required because the same information is returned when access is
+ *             denied. To view an example response, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa">I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice</a> in the
  *                <i>IAM User Guide</i>.</p>
  *          </note>
  * @example

package/dist-types/commands/GetFederationTokenCommand.d.ts

@@ -27,16 +27,18 @@ export interface GetFederationTokenCommandOutput extends GetFederationTokenRespo
  *          secret access key, and a security token) for a user. A typical use is in a proxy
  *          application that gets temporary security credentials on behalf of distributed applications
  *          inside a corporate network.</p>
- *          <p>You must call the <code>GetFederationToken</code> operation
- *          using the long-term security credentials of an IAM user. As a result, this call is
- *          appropriate in contexts where those credentials can be safeguarded, usually in a
- *          server-based application. For a comparison of <code>GetFederationToken</code> with the
- *          other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
+ *          <p>You must call the <code>GetFederationToken</code> operation using the long-term security
+ *          credentials of an IAM user. As a result, this call is appropriate in
+ *          contexts where those credentials can be safeguarded, usually in a server-based application.
+ *          For a comparison of <code>GetFederationToken</code> with the other API operations that
+ *          produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
  *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
  *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
- *          <p>Although it is possible to call <code>GetFederationToken</code> using the security credentials of an
- *          Amazon Web Services account root user rather than an IAM user that you create for the purpose of a proxy application, we do not recommend it. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials">Safeguard your root user credentials and don't use them for everyday tasks</a> in the
- *          <i>IAM User Guide</i>. </p>
+ *          <p>Although it is possible to call <code>GetFederationToken</code> using the security
+ *          credentials of an Amazon Web Services account root user rather than an IAM user that you
+ *          create for the purpose of a proxy application, we do not recommend it. For more
+ *          information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials">Safeguard your root user credentials and don't use them for everyday tasks</a> in the
+ *             <i>IAM User Guide</i>. </p>
  *          <note>
  *             <p>You can create a mobile-based or browser-based app that can authenticate users using
  *             a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
@@ -49,7 +51,8 @@ export interface GetFederationTokenCommandOutput extends GetFederationTokenRespo
  *          </p>
  *          <p>The temporary credentials are valid for the specified duration, from 900 seconds (15
  *          minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is
- *          43,200 seconds (12 hours). Temporary credentials obtained by using the root user credentials have a maximum duration of 3,600 seconds (1 hour).</p>
+ *          43,200 seconds (12 hours). Temporary credentials obtained by using the root user
+ *          credentials have a maximum duration of 3,600 seconds (1 hour).</p>
  *          <p>
  *             <b>Permissions</b>
  *          </p>
@@ -57,7 +60,8 @@ export interface GetFederationTokenCommandOutput extends GetFederationTokenRespo
  *          Amazon Web Services service with the following exceptions:</p>
  *          <ul>
  *             <li>
- *                <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. This limitation does not apply to console sessions.</p>
+ *                <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. This
+ *                limitation does not apply to console sessions.</p>
  *             </li>
  *             <li>
  *                <p>You cannot call any STS operations except <code>GetCallerIdentity</code>.</p>
@@ -71,12 +75,13 @@ export interface GetFederationTokenCommandOutput extends GetFederationTokenRespo
  *          policies can't exceed 2,048 characters.</p>
  *          <p>Though the session policy parameters are optional, if you do not pass a policy, then the
  *          resulting federated user session has no permissions. When you pass session policies, the
- *          session permissions are the intersection of the IAM user policies and the session
- *          policies that you pass. This gives you a way to further restrict the permissions for a
- *          federated user. You cannot use session policies to grant more permissions than those that
- *          are defined in the permissions policy of the IAM user. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
- *             Policies</a> in the <i>IAM User Guide</i>. For information about
- *          using <code>GetFederationToken</code> to create temporary security credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken">GetFederationToken—Federation Through a Custom Identity Broker</a>. </p>
+ *          session permissions are the intersection of the IAM user policies and the
+ *          session policies that you pass. This gives you a way to further restrict the permissions
+ *          for a federated user. You cannot use session policies to grant more permissions than those
+ *          that are defined in the permissions policy of the IAM user. For more
+ *          information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session Policies</a> in
+ *          the <i>IAM User Guide</i>. For information about using
+ *             <code>GetFederationToken</code> to create temporary security credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken">GetFederationToken—Federation Through a Custom Identity Broker</a>. </p>
  *          <p>You can use the credentials to access a resource that has a resource-based policy. If
  *          that policy specifically references the federated user session in the
  *             <code>Principal</code> element of the policy, the session has the permissions allowed by

package/dist-types/commands/GetSessionTokenCommand.d.ts

@@ -23,15 +23,17 @@ export interface GetSessionTokenCommandOutput extends GetSessionTokenResponse, _
 }
 /**
  * @public
- * <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The
- *          credentials consist of an access key ID, a secret access key, and a security token.
+ * <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user.
+ *          The credentials consist of an access key ID, a secret access key, and a security token.
  *          Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect
- *          programmatic calls to specific Amazon Web Services API operations like Amazon EC2 <code>StopInstances</code>.</p>
- *          <p>MFA-enabled IAM users must call <code>GetSessionToken</code> and submit an MFA
- *          code that is associated with their MFA device. Using the temporary security credentials
- *          that the call returns, IAM users can then make programmatic calls to API
- *          operations that require MFA authentication. An incorrect MFA code causes the API to return an access denied error. For a comparison of <code>GetSessionToken</code>
- *          with the other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting
+ *          programmatic calls to specific Amazon Web Services API operations like Amazon EC2
+ *          <code>StopInstances</code>.</p>
+ *          <p>MFA-enabled IAM users must call <code>GetSessionToken</code> and submit
+ *          an MFA code that is associated with their MFA device. Using the temporary security
+ *          credentials that the call returns, IAM users can then make programmatic
+ *          calls to API operations that require MFA authentication. An incorrect MFA code causes the
+ *          API to return an access denied error. For a comparison of <code>GetSessionToken</code> with
+ *          the other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting
  *             Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
  *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
  *          <note>
@@ -45,8 +47,7 @@ export interface GetSessionTokenCommandOutput extends GetSessionTokenResponse, _
  *             <b>Session Duration</b>
  *          </p>
  *          <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services
- *          security credentials of an IAM user. Credentials that are
- *          created by IAM users are valid for the duration that you specify. This duration can range
+ *          security credentials of an IAM user. Credentials that are created by IAM users are valid for the duration that you specify. This duration can range
  *          from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default
  *          of 43,200 seconds (12 hours). Credentials based on account credentials can range from 900
  *          seconds (15 minutes) up to 3,600 seconds (1 hour), with a default of 1 hour. </p>
@@ -65,15 +66,16 @@ export interface GetSessionTokenCommandOutput extends GetSessionTokenResponse, _
  *                   <code>AssumeRole</code> or <code>GetCallerIdentity</code>.</p>
  *             </li>
  *          </ul>
- *          <p>The credentials that <code>GetSessionToken</code> returns are based on
- *          permissions associated with the IAM user whose credentials were used to call the operation. The
- *          temporary credentials have the same permissions as the IAM user.</p>
+ *          <p>The credentials that <code>GetSessionToken</code> returns are based on permissions
+ *          associated with the IAM user whose credentials were used to call the
+ *          operation. The temporary credentials have the same permissions as the IAM user.</p>
  *          <note>
- *             <p>Although it is possible to call <code>GetSessionToken</code> using the security credentials of an
- *             Amazon Web Services account root user rather than an IAM user, we do not recommend it. If
- *             <code>GetSessionToken</code> is called using root user credentials, the
- *             temporary credentials have root user permissions. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials">Safeguard your root user credentials and don't use them for everyday tasks</a> in the
- *             <i>IAM User Guide</i>
+ *             <p>Although it is possible to call <code>GetSessionToken</code> using the security
+ *             credentials of an Amazon Web Services account root user rather than an IAM user, we do
+ *             not recommend it. If <code>GetSessionToken</code> is called using root user
+ *             credentials, the temporary credentials have root user permissions. For more
+ *             information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials">Safeguard your root user credentials and don't use them for everyday tasks</a> in the
+ *                <i>IAM User Guide</i>
  *             </p>
  *          </note>
  *          <p>For more information about using <code>GetSessionToken</code> to create temporary

package/dist-types/models/models_0.d.ts

@@ -31,6 +31,20 @@ export interface PolicyDescriptorType {
      */
     arn?: string;
 }
+/**
+ * @public
+ * <p>Reserved for future use.</p>
+ */
+export interface ProvidedContext {
+    /**
+     * <p>Reserved for future use.</p>
+     */
+    ProviderArn?: string;
+    /**
+     * <p>Reserved for future use.</p>
+     */
+    ContextAssertion?: string;
+}
 /**
  * @public
  * <p>You can pass custom key-value pair attributes when you assume a role or federate a user.
@@ -246,6 +260,10 @@ export interface AssumeRoleRequest {
      *             <code>aws:</code>. This prefix is reserved for Amazon Web Services internal use.</p>
      */
     SourceIdentity?: string;
+    /**
+     * <p>Reserved for future use.</p>
+     */
+    ProvidedContexts?: ProvidedContext[];
 }
 /**
  * @public
@@ -612,7 +630,8 @@ export interface AssumeRoleWithWebIdentityRequest {
      * <p>The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity
      *          provider. Your application must get this token by authenticating the user who is using your
      *          application with a web identity provider before the application makes an
-     *             <code>AssumeRoleWithWebIdentity</code> call. </p>
+     *             <code>AssumeRoleWithWebIdentity</code> call. Only tokens with RSA algorithms (RS256) are
+     *          supported.</p>
      */
     WebIdentityToken: string | undefined;
     /**
@@ -886,10 +905,10 @@ export interface GetFederationTokenRequest {
      *          <p>This parameter is optional. However, if you do not pass any session policies, then the
      *          resulting federated user session has no permissions.</p>
      *          <p>When you pass session policies, the session permissions are the intersection of the
-     *          IAM user policies and the session policies that you pass. This gives you a way to further
-     *          restrict the permissions for a federated user. You cannot use session policies to grant
-     *          more permissions than those that are defined in the permissions policy of the IAM user.
-     *          For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session Policies</a> in
+     *             IAM user policies and the session policies that you pass. This gives you
+     *          a way to further restrict the permissions for a federated user. You cannot use session
+     *          policies to grant more permissions than those that are defined in the permissions policy of
+     *          the IAM user. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session Policies</a> in
      *          the <i>IAM User Guide</i>.</p>
      *          <p>The resulting credentials can be used to access a resource that has a resource-based
      *          policy. If that policy specifically references the federated user session in the
@@ -912,8 +931,7 @@ export interface GetFederationTokenRequest {
     Policy?: string;
     /**
      * <p>The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a
-     *          managed session policy. The policies must exist in the same account as the IAM user that
-     *          is requesting federated access.</p>
+     *          managed session policy. The policies must exist in the same account as the IAM user that is requesting federated access.</p>
      *          <p>You must pass an inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policy</a> to
      *          this operation. You can pass a single JSON policy document to use as an inline session
      *          policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as
@@ -924,10 +942,10 @@ export interface GetFederationTokenRequest {
      *          <p>This parameter is optional. However, if you do not pass any session policies, then the
      *          resulting federated user session has no permissions.</p>
      *          <p>When you pass session policies, the session permissions are the intersection of the
-     *          IAM user policies and the session policies that you pass. This gives you a way to further
-     *          restrict the permissions for a federated user. You cannot use session policies to grant
-     *          more permissions than those that are defined in the permissions policy of the IAM user.
-     *          For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session Policies</a> in
+     *             IAM user policies and the session policies that you pass. This gives you
+     *          a way to further restrict the permissions for a federated user. You cannot use session
+     *          policies to grant more permissions than those that are defined in the permissions policy of
+     *          the IAM user. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session Policies</a> in
      *          the <i>IAM User Guide</i>.</p>
      *          <p>The resulting credentials can be used to access a resource that has a resource-based
      *          policy. If that policy specifically references the federated user session in the
@@ -948,8 +966,8 @@ export interface GetFederationTokenRequest {
      *          federation sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with
      *          43,200 seconds (12 hours) as the default. Sessions obtained using root user
      *          credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified
-     *          duration is longer than one hour, the session obtained by using root user credentials
-     *          defaults to one hour.</p>
+     *          duration is longer than one hour, the session obtained by using root user
+     *          credentials defaults to one hour.</p>
      */
     DurationSeconds?: number;
     /**
@@ -1030,20 +1048,18 @@ export interface GetFederationTokenResponse {
 export interface GetSessionTokenRequest {
     /**
      * <p>The duration, in seconds, that the credentials should remain valid. Acceptable durations
-     *          for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours),
-     *          with 43,200 seconds (12 hours) as the default. Sessions for Amazon Web Services account owners are
-     *          restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one
-     *          hour, the session for Amazon Web Services account owners defaults to one hour.</p>
+     *          for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds
+     *          (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for Amazon Web Services account
+     *          owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer
+     *          than one hour, the session for Amazon Web Services account owners defaults to one hour.</p>
      */
     DurationSeconds?: number;
     /**
-     * <p>The identification number of the MFA device that is associated with the IAM user who
-     *          is making the <code>GetSessionToken</code> call. Specify this value if the IAM user has a
-     *          policy that requires MFA authentication. The value is either the serial number for a
-     *          hardware device (such as <code>GAHT12345678</code>) or an Amazon Resource Name (ARN) for a
-     *          virtual device (such as <code>arn:aws:iam::123456789012:mfa/user</code>). You can find the
-     *          device for an IAM user by going to the Amazon Web Services Management Console and viewing the user's security
-     *          credentials. </p>
+     * <p>The identification number of the MFA device that is associated with the IAM user who is making the <code>GetSessionToken</code> call. Specify this value
+     *          if the IAM user has a policy that requires MFA authentication. The value is
+     *          either the serial number for a hardware device (such as <code>GAHT12345678</code>) or an
+     *          Amazon Resource Name (ARN) for a virtual device (such as
+     *             <code>arn:aws:iam::123456789012:mfa/user</code>). You can find the device for an IAM user by going to the Amazon Web Services Management Console and viewing the user's security credentials. </p>
      *          <p>The regex used to validate this parameter is a string of
      *     characters consisting of upper- and lower-case alphanumeric characters with no spaces.
      *     You can also include underscores or any of the following characters: =,.@:/-</p>
@@ -1051,10 +1067,10 @@ export interface GetSessionTokenRequest {
     SerialNumber?: string;
     /**
      * <p>The value provided by the MFA device, if MFA is required. If any policy requires the
-     *          IAM user to submit an MFA code, specify this value. If MFA authentication is required,
-     *          the user must provide a code when requesting a set of temporary security credentials. A
-     *          user who fails to provide the code receives an "access denied" response when requesting
-     *          resources that require MFA authentication.</p>
+     *             IAM user to submit an MFA code, specify this value. If MFA authentication
+     *          is required, the user must provide a code when requesting a set of temporary security
+     *          credentials. A user who fails to provide the code receives an "access denied" response when
+     *          requesting resources that require MFA authentication.</p>
      *          <p>The format for this parameter, as described by its regex pattern, is a sequence of six
      *          numeric digits.</p>
      */

package/dist-types/ts3.4/models/models_0.d.ts

@@ -7,6 +7,10 @@ export interface AssumedRoleUser {
 export interface PolicyDescriptorType {
   arn?: string;
 }
+export interface ProvidedContext {
+  ProviderArn?: string;
+  ContextAssertion?: string;
+}
 export interface Tag {
   Key: string | undefined;
   Value: string | undefined;
@@ -23,6 +27,7 @@ export interface AssumeRoleRequest {
   SerialNumber?: string;
   TokenCode?: string;
   SourceIdentity?: string;
+  ProvidedContexts?: ProvidedContext[];
 }
 export interface Credentials {
   AccessKeyId: string | undefined;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-sts",
   "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native",
-  "version": "3.370.0",
+  "version": "3.377.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "tsc -p tsconfig.cjs.json",