@aws-sdk/client-sts 3.40.0 → 3.45.0

package/dist-types/commands/AssumeRoleWithSAMLCommand.d.ts

@@ -13,7 +13,7 @@ export interface AssumeRoleWithSAMLCommandOutput extends AssumeRoleWithSAMLRespo
  *          credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the
  *          other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
  *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
  *          <p>The temporary security credentials returned by this operation consist of an access key
  *          ID, a secret access key, and a security token. Applications can use these temporary
  *          security credentials to sign calls to Amazon Web Services services.</p>
@@ -35,15 +35,15 @@ export interface AssumeRoleWithSAMLCommandOutput extends AssumeRoleWithSAMLRespo
  *          console URL. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html">Using IAM Roles</a> in the
  *             <i>IAM User Guide</i>.</p>
  *          <note>
- *            <p>
- *                <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your CLI or Amazon Web Services API
- *                role session to a maximum of one hour. When you use the <code>AssumeRole</code> API
- *                operation to assume a role, you can specify the duration of your role session with
- *                the <code>DurationSeconds</code> parameter. You can specify a parameter value of up
- *                to 43200 seconds (12 hours), depending on the maximum session duration setting for
- *                your role. However, if you assume a role using role chaining and provide a
- *                <code>DurationSeconds</code> parameter value greater than one hour, the
- *                operation fails.</p>
+ *             <p>
+ *                <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining">Role chaining</a> limits your CLI or Amazon Web Services API role
+ *             session to a maximum of one hour. When you use the <code>AssumeRole</code> API operation
+ *             to assume a role, you can specify the duration of your role session with the
+ *                <code>DurationSeconds</code> parameter. You can specify a parameter value of up to
+ *             43200 seconds (12 hours), depending on the maximum session duration setting for your
+ *             role. However, if you assume a role using role chaining and provide a
+ *                <code>DurationSeconds</code> parameter value greater than one hour, the operation
+ *             fails.</p>
  *          </note>
  *          <p>
  *             <b>Permissions</b>
@@ -95,9 +95,9 @@ export interface AssumeRoleWithSAMLCommandOutput extends AssumeRoleWithSAMLRespo
  *             request are to the upper size limit.
  *             </p>
  *          </note>
- *          <p>You can pass a session tag with the same key as a tag that is
- *          attached to the role. When you do, session tags override the role's tags with the same
- *          key.</p>
+ *
+ *          <p>You can pass a session tag with the same key as a tag that is attached to the role. When
+ *          you do, session tags override the role's tags with the same key.</p>
  *          <p>An administrator must grant you the permissions necessary to pass session tags. The
  *          administrator can also create granular permissions to allow you to pass only specific
  *          session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
@@ -151,7 +151,7 @@ export interface AssumeRoleWithSAMLCommandOutput extends AssumeRoleWithSAMLRespo
  *
  * @see {@link AssumeRoleWithSAMLCommandInput} for command's `input` shape.
  * @see {@link AssumeRoleWithSAMLCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
  */
 export declare class AssumeRoleWithSAMLCommand extends $Command<AssumeRoleWithSAMLCommandInput, AssumeRoleWithSAMLCommandOutput, STSClientResolvedConfig> {

package/dist-types/commands/AssumeRoleWithWebIdentityCommand.d.ts

@@ -29,7 +29,7 @@ export interface AssumeRoleWithWebIdentityCommandOutput extends AssumeRoleWithWe
  *             <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce
  *          temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
  *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
  *          <p>The temporary security credentials returned by this API consist of an access key ID, a
  *          secret access key, and a security token. Applications can use these temporary security
  *          credentials to sign calls to Amazon Web Services service API operations.</p>
@@ -87,9 +87,9 @@ export interface AssumeRoleWithWebIdentityCommandOutput extends AssumeRoleWithWe
  *             request are to the upper size limit.
  *             </p>
  *          </note>
- *          <p>You can pass a session tag with the same key as a tag that is
- *          attached to the role. When you do, the session tag overrides the role tag with the same
- *          key.</p>
+ *
+ *          <p>You can pass a session tag with the same key as a tag that is attached to the role. When
+ *          you do, the session tag overrides the role tag with the same key.</p>
  *          <p>An administrator must grant you the permissions necessary to pass session tags. The
  *          administrator can also create granular permissions to allow you to pass only specific
  *          session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
@@ -155,7 +155,7 @@ export interface AssumeRoleWithWebIdentityCommandOutput extends AssumeRoleWithWe
  *
  * @see {@link AssumeRoleWithWebIdentityCommandInput} for command's `input` shape.
  * @see {@link AssumeRoleWithWebIdentityCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
  */
 export declare class AssumeRoleWithWebIdentityCommand extends $Command<AssumeRoleWithWebIdentityCommandInput, AssumeRoleWithWebIdentityCommandOutput, STSClientResolvedConfig> {

package/dist-types/commands/DecodeAuthorizationMessageCommand.d.ts

@@ -18,9 +18,9 @@ export interface DecodeAuthorizationMessageCommandOutput extends DecodeAuthoriza
  *             documentation for an individual operation indicates whether that operation returns an
  *             encoded message in addition to returning an HTTP code.</p>
  *          </note>
- *          <p>The message is encoded because the details of the authorization status can constitute
+ *          <p>The message is encoded because the details of the authorization status can contain
  *          privileged information that the user who requested the operation should not see. To decode
- *          an authorization status message, a user must be granted permissions via an IAM policy to
+ *          an authorization status message, a user must be granted permissions through an IAM <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html">policy</a> to
  *          request the <code>DecodeAuthorizationMessage</code>
  *             (<code>sts:DecodeAuthorizationMessage</code>) action. </p>
  *          <p>The decoded message includes the following type of information:</p>
@@ -55,7 +55,7 @@ export interface DecodeAuthorizationMessageCommandOutput extends DecodeAuthoriza
  *
  * @see {@link DecodeAuthorizationMessageCommandInput} for command's `input` shape.
  * @see {@link DecodeAuthorizationMessageCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
  */
 export declare class DecodeAuthorizationMessageCommand extends $Command<DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput, STSClientResolvedConfig> {

package/dist-types/commands/GetAccessKeyInfoCommand.d.ts

@@ -8,23 +8,23 @@ export interface GetAccessKeyInfoCommandOutput extends GetAccessKeyInfoResponse,
 }
 /**
  * <p>Returns the account identifier for the specified access key ID.</p>
- *         <p>Access keys consist of two parts: an access key ID (for example,
- *                 <code>AKIAIOSFODNN7EXAMPLE</code>) and a secret access key (for example,
- *                 <code>wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY</code>). For more information about
- *             access keys, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html">Managing Access Keys for IAM
- *                 Users</a> in the <i>IAM User Guide</i>.</p>
- *         <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services
- *             account to which the keys belong. Access key IDs beginning with <code>AKIA</code> are
- *             long-term credentials for an IAM user or the Amazon Web Services account root user. Access key IDs
- *             beginning with <code>ASIA</code> are temporary credentials that are created using STS
- *             operations. If the account in the response belongs to you, you can sign in as the root
- *             user and review your root user access keys. Then, you can pull a <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html">credentials report</a> to learn which IAM user owns the keys. To learn who
- *             requested the temporary credentials for an <code>ASIA</code> access key, view the STS
- *             events in your <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html">CloudTrail logs</a> in the
- *                 <i>IAM User Guide</i>.</p>
- *         <p>This operation does not indicate the state of the access key. The key might be active,
- *             inactive, or deleted. Active keys might not have permissions to perform an operation.
- *             Providing a deleted access key might return an error that the key doesn't exist.</p>
+ *          <p>Access keys consist of two parts: an access key ID (for example,
+ *             <code>AKIAIOSFODNN7EXAMPLE</code>) and a secret access key (for example,
+ *             <code>wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY</code>). For more information about
+ *          access keys, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html">Managing Access Keys for IAM
+ *             Users</a> in the <i>IAM User Guide</i>.</p>
+ *          <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services account
+ *          to which the keys belong. Access key IDs beginning with <code>AKIA</code> are long-term
+ *          credentials for an IAM user or the Amazon Web Services account root user. Access key IDs beginning with
+ *             <code>ASIA</code> are temporary credentials that are created using STS operations. If
+ *          the account in the response belongs to you, you can sign in as the root user and review
+ *          your root user access keys. Then, you can pull a <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html">credentials report</a> to
+ *          learn which IAM user owns the keys. To learn who requested the temporary credentials for
+ *          an <code>ASIA</code> access key, view the STS events in your <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html">CloudTrail logs</a> in the
+ *             <i>IAM User Guide</i>.</p>
+ *          <p>This operation does not indicate the state of the access key. The key might be active,
+ *          inactive, or deleted. Active keys might not have permissions to perform an operation.
+ *          Providing a deleted access key might return an error that the key doesn't exist.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -37,7 +37,7 @@ export interface GetAccessKeyInfoCommandOutput extends GetAccessKeyInfoResponse,
  *
  * @see {@link GetAccessKeyInfoCommandInput} for command's `input` shape.
  * @see {@link GetAccessKeyInfoCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
  */
 export declare class GetAccessKeyInfoCommand extends $Command<GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput, STSClientResolvedConfig> {

package/dist-types/commands/GetCallerIdentityCommand.d.ts

@@ -8,15 +8,15 @@ export interface GetCallerIdentityCommandOutput extends GetCallerIdentityRespons
 }
 /**
  * <p>Returns details about the IAM user or role whose credentials are used to call the
- *             operation.</p>
- *         <note>
+ *          operation.</p>
+ *          <note>
  *             <p>No permissions are required to perform this operation. If an administrator adds a
- *                 policy to your IAM user or role that explicitly denies access to the
- *                     <code>sts:GetCallerIdentity</code> action, you can still perform this operation.
- *                 Permissions are not required because the same information is returned when an IAM
- *                 user or role is denied access. To view an example response, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa">I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice</a> in the
- *                     <i>IAM User Guide</i>.</p>
- *         </note>
+ *             policy to your IAM user or role that explicitly denies access to the
+ *                <code>sts:GetCallerIdentity</code> action, you can still perform this operation.
+ *             Permissions are not required because the same information is returned when an IAM user
+ *             or role is denied access. To view an example response, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa">I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice</a> in the
+ *                <i>IAM User Guide</i>.</p>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -29,7 +29,7 @@ export interface GetCallerIdentityCommandOutput extends GetCallerIdentityRespons
  *
  * @see {@link GetCallerIdentityCommandInput} for command's `input` shape.
  * @see {@link GetCallerIdentityCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
  */
 export declare class GetCallerIdentityCommand extends $Command<GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput, STSClientResolvedConfig> {

package/dist-types/commands/GetFederationTokenCommand.d.ts

@@ -16,7 +16,7 @@ export interface GetFederationTokenCommandOutput extends GetFederationTokenRespo
  *          server-based application. For a comparison of <code>GetFederationToken</code> with the
  *          other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
  *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
  *          <note>
  *             <p>You can create a mobile-based or browser-based app that can authenticate users using
  *             a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
@@ -35,8 +35,8 @@ export interface GetFederationTokenCommandOutput extends GetFederationTokenRespo
  *          </p>
  *          <p>The temporary credentials are valid for the specified duration, from 900 seconds (15
  *          minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is
- *          43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account
- *          root user credentials have a maximum duration of 3,600 seconds (1 hour).</p>
+ *          43,200 seconds (12 hours). Temporary credentials obtained by using the Amazon Web Services account root
+ *          user credentials have a maximum duration of 3,600 seconds (1 hour).</p>
  *          <p>
  *             <b>Permissions</b>
  *          </p>
@@ -74,78 +74,25 @@ export interface GetFederationTokenCommandOutput extends GetFederationTokenRespo
  *          <p>(Optional) You can pass tag key-value pairs to your session. These are called session
  *          tags. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
  *             <i>IAM User Guide</i>.</p>
- *         <note>
- *             <p>You can create a mobile-based or browser-based app that can authenticate users
- *                 using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
- *                 Connect-compatible identity provider. In this case, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon Cognito</a> or
- *                     <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a> in the
- *                     <i>IAM User Guide</i>.</p>
- *         </note>
- *         <p>You can also call <code>GetFederationToken</code> using the security credentials of an
- *             Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you
- *             create an IAM user for the purpose of the proxy application. Then attach a policy to
- *             the IAM user that limits federated users to only the actions and resources that they
- *             need to access. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html">IAM Best Practices</a> in the
- *                 <i>IAM User Guide</i>. </p>
- *         <p>
- *             <b>Session duration</b>
- *          </p>
- *         <p>The temporary credentials are valid for the specified duration, from 900 seconds (15
- *             minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is
- *             43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services
- *             account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p>
- *         <p>
- *             <b>Permissions</b>
- *         </p>
- *         <p>You can use the temporary credentials created by <code>GetFederationToken</code> in
- *             any Amazon Web Services service except the following:</p>
- *         <ul>
- *             <li>
- *                 <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API.
- *                 </p>
- *             </li>
- *             <li>
- *                 <p>You cannot call any STS operations except
- *                     <code>GetCallerIdentity</code>.</p>
- *             </li>
- *          </ul>
- *         <p>You must pass an inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policy</a> to
- *             this operation. You can pass a single JSON policy document to use as an inline session
- *             policy. You can also specify up to 10 managed policies to use as managed session
- *             policies. The plain text that you use for both inline and managed session policies can't
- *             exceed 2,048 characters.</p>
- *         <p>Though the session policy parameters are optional, if you do not pass a policy, then
- *             the resulting federated user session has no permissions. When you pass session policies,
- *             the session permissions are the intersection of the IAM user policies and the session
- *             policies that you pass. This gives you a way to further restrict the permissions for a
- *             federated user. You cannot use session policies to grant more permissions than those
- *             that are defined in the permissions policy of the IAM user. For more information, see
- *                 <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session Policies</a>
- *             in the <i>IAM User Guide</i>. For information about using
- *                 <code>GetFederationToken</code> to create temporary security credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken">GetFederationToken—Federation Through a Custom Identity Broker</a>. </p>
- *         <p>You can use the credentials to access a resource that has a resource-based policy. If
- *             that policy specifically references the federated user session in the
- *                 <code>Principal</code> element of the policy, the session has the permissions
- *             allowed by the policy. These permissions are granted in addition to the permissions
- *             granted by the session policies.</p>
- *         <p>
- *             <b>Tags</b>
- *          </p>
- *         <p>(Optional) You can pass tag key-value pairs to your session. These are called session
- *             tags. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
- *             the <i>IAM User Guide</i>.</p>
- *         <p>An administrator must grant you the permissions necessary to pass session tags. The
- *             administrator can also create granular permissions to allow you to pass only specific
- *             session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using
- *                 Tags for Attribute-Based Access Control</a> in the
- *                 <i>IAM User Guide</i>.</p>
- *         <p>Tag key–value pairs are not case sensitive, but case is preserved. This means that you
- *             cannot have separate <code>Department</code> and <code>department</code> tag keys.
- *             Assume that the user that you are federating has the
- *                 <code>Department</code>=<code>Marketing</code> tag and you pass the
- *                 <code>department</code>=<code>engineering</code> session tag.
- *                 <code>Department</code> and <code>department</code> are not saved as separate tags,
- *             and the session tag passed in the request takes precedence over the user tag.</p>
+ *          <note>
+ *             <p>You can create a mobile-based or browser-based app that can authenticate users using
+ *             a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
+ *             Connect-compatible identity provider. In this case, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon Cognito</a> or
+ *                <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a> in the
+ *                <i>IAM User Guide</i>.</p>
+ *          </note>
+ *          <p>An administrator must grant you the permissions necessary to pass session tags. The
+ *          administrator can also create granular permissions to allow you to pass only specific
+ *          session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
+ *             for Attribute-Based Access Control</a> in the
+ *          <i>IAM User Guide</i>.</p>
+ *          <p>Tag key–value pairs are not case sensitive, but case is preserved. This means that you
+ *          cannot have separate <code>Department</code> and <code>department</code> tag keys. Assume
+ *          that the user that you are federating has the
+ *             <code>Department</code>=<code>Marketing</code> tag and you pass the
+ *             <code>department</code>=<code>engineering</code> session tag. <code>Department</code>
+ *          and <code>department</code> are not saved as separate tags, and the session tag passed in
+ *          the request takes precedence over the user tag.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -158,7 +105,7 @@ export interface GetFederationTokenCommandOutput extends GetFederationTokenRespo
  *
  * @see {@link GetFederationTokenCommandInput} for command's `input` shape.
  * @see {@link GetFederationTokenCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
  */
 export declare class GetFederationTokenCommand extends $Command<GetFederationTokenCommandInput, GetFederationTokenCommandOutput, STSClientResolvedConfig> {

package/dist-types/commands/GetSessionTokenCommand.d.ts

@@ -18,7 +18,7 @@ export interface GetSessionTokenCommandOutput extends GetSessionTokenResponse, _
  *          the API returns an access denied error. For a comparison of <code>GetSessionToken</code>
  *          with the other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting
  *             Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
  *          <p>
  *             <b>Session Duration</b>
  *          </p>
@@ -71,7 +71,7 @@ export interface GetSessionTokenCommandOutput extends GetSessionTokenResponse, _
  *
  * @see {@link GetSessionTokenCommandInput} for command's `input` shape.
  * @see {@link GetSessionTokenCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
  */
 export declare class GetSessionTokenCommand extends $Command<GetSessionTokenCommandInput, GetSessionTokenCommandOutput, STSClientResolvedConfig> {