@aws-sdk/client-sts 3.42.0 → 3.47.0

package/dist-types/commands/GetCallerIdentityCommand.d.ts

@@ -8,15 +8,15 @@ export interface GetCallerIdentityCommandOutput extends GetCallerIdentityRespons
 }
 /**
  * <p>Returns details about the IAM user or role whose credentials are used to call the
- *             operation.</p>
- *         <note>
+ *          operation.</p>
+ *          <note>
  *             <p>No permissions are required to perform this operation. If an administrator adds a
- *                 policy to your IAM user or role that explicitly denies access to the
- *                     <code>sts:GetCallerIdentity</code> action, you can still perform this operation.
- *                 Permissions are not required because the same information is returned when an IAM
- *                 user or role is denied access. To view an example response, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa">I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice</a> in the
- *                     <i>IAM User Guide</i>.</p>
- *         </note>
+ *             policy to your IAM user or role that explicitly denies access to the
+ *                <code>sts:GetCallerIdentity</code> action, you can still perform this operation.
+ *             Permissions are not required because the same information is returned when an IAM user
+ *             or role is denied access. To view an example response, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa">I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice</a> in the
+ *                <i>IAM User Guide</i>.</p>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetFederationTokenCommand.d.ts

@@ -16,7 +16,7 @@ export interface GetFederationTokenCommandOutput extends GetFederationTokenRespo
  *          server-based application. For a comparison of <code>GetFederationToken</code> with the
  *          other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
  *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
  *          <note>
  *             <p>You can create a mobile-based or browser-based app that can authenticate users using
  *             a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
@@ -35,8 +35,8 @@ export interface GetFederationTokenCommandOutput extends GetFederationTokenRespo
  *          </p>
  *          <p>The temporary credentials are valid for the specified duration, from 900 seconds (15
  *          minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is
- *          43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account
- *          root user credentials have a maximum duration of 3,600 seconds (1 hour).</p>
+ *          43,200 seconds (12 hours). Temporary credentials obtained by using the Amazon Web Services account root
+ *          user credentials have a maximum duration of 3,600 seconds (1 hour).</p>
  *          <p>
  *             <b>Permissions</b>
  *          </p>
@@ -74,78 +74,25 @@ export interface GetFederationTokenCommandOutput extends GetFederationTokenRespo
  *          <p>(Optional) You can pass tag key-value pairs to your session. These are called session
  *          tags. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
  *             <i>IAM User Guide</i>.</p>
- *         <note>
- *             <p>You can create a mobile-based or browser-based app that can authenticate users
- *                 using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
- *                 Connect-compatible identity provider. In this case, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon Cognito</a> or
- *                     <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a> in the
- *                     <i>IAM User Guide</i>.</p>
- *         </note>
- *         <p>You can also call <code>GetFederationToken</code> using the security credentials of an
- *             Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you
- *             create an IAM user for the purpose of the proxy application. Then attach a policy to
- *             the IAM user that limits federated users to only the actions and resources that they
- *             need to access. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html">IAM Best Practices</a> in the
- *                 <i>IAM User Guide</i>. </p>
- *         <p>
- *             <b>Session duration</b>
- *          </p>
- *         <p>The temporary credentials are valid for the specified duration, from 900 seconds (15
- *             minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is
- *             43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services
- *             account root user credentials have a maximum duration of 3,600 seconds (1 hour).</p>
- *         <p>
- *             <b>Permissions</b>
- *         </p>
- *         <p>You can use the temporary credentials created by <code>GetFederationToken</code> in
- *             any Amazon Web Services service except the following:</p>
- *         <ul>
- *             <li>
- *                 <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API.
- *                 </p>
- *             </li>
- *             <li>
- *                 <p>You cannot call any STS operations except
- *                     <code>GetCallerIdentity</code>.</p>
- *             </li>
- *          </ul>
- *         <p>You must pass an inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policy</a> to
- *             this operation. You can pass a single JSON policy document to use as an inline session
- *             policy. You can also specify up to 10 managed policies to use as managed session
- *             policies. The plain text that you use for both inline and managed session policies can't
- *             exceed 2,048 characters.</p>
- *         <p>Though the session policy parameters are optional, if you do not pass a policy, then
- *             the resulting federated user session has no permissions. When you pass session policies,
- *             the session permissions are the intersection of the IAM user policies and the session
- *             policies that you pass. This gives you a way to further restrict the permissions for a
- *             federated user. You cannot use session policies to grant more permissions than those
- *             that are defined in the permissions policy of the IAM user. For more information, see
- *                 <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session Policies</a>
- *             in the <i>IAM User Guide</i>. For information about using
- *                 <code>GetFederationToken</code> to create temporary security credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken">GetFederationToken—Federation Through a Custom Identity Broker</a>. </p>
- *         <p>You can use the credentials to access a resource that has a resource-based policy. If
- *             that policy specifically references the federated user session in the
- *                 <code>Principal</code> element of the policy, the session has the permissions
- *             allowed by the policy. These permissions are granted in addition to the permissions
- *             granted by the session policies.</p>
- *         <p>
- *             <b>Tags</b>
- *          </p>
- *         <p>(Optional) You can pass tag key-value pairs to your session. These are called session
- *             tags. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
- *             the <i>IAM User Guide</i>.</p>
- *         <p>An administrator must grant you the permissions necessary to pass session tags. The
- *             administrator can also create granular permissions to allow you to pass only specific
- *             session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using
- *                 Tags for Attribute-Based Access Control</a> in the
- *                 <i>IAM User Guide</i>.</p>
- *         <p>Tag key–value pairs are not case sensitive, but case is preserved. This means that you
- *             cannot have separate <code>Department</code> and <code>department</code> tag keys.
- *             Assume that the user that you are federating has the
- *                 <code>Department</code>=<code>Marketing</code> tag and you pass the
- *                 <code>department</code>=<code>engineering</code> session tag.
- *                 <code>Department</code> and <code>department</code> are not saved as separate tags,
- *             and the session tag passed in the request takes precedence over the user tag.</p>
+ *          <note>
+ *             <p>You can create a mobile-based or browser-based app that can authenticate users using
+ *             a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
+ *             Connect-compatible identity provider. In this case, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon Cognito</a> or
+ *                <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a> in the
+ *                <i>IAM User Guide</i>.</p>
+ *          </note>
+ *          <p>An administrator must grant you the permissions necessary to pass session tags. The
+ *          administrator can also create granular permissions to allow you to pass only specific
+ *          session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
+ *             for Attribute-Based Access Control</a> in the
+ *          <i>IAM User Guide</i>.</p>
+ *          <p>Tag key–value pairs are not case sensitive, but case is preserved. This means that you
+ *          cannot have separate <code>Department</code> and <code>department</code> tag keys. Assume
+ *          that the user that you are federating has the
+ *             <code>Department</code>=<code>Marketing</code> tag and you pass the
+ *             <code>department</code>=<code>engineering</code> session tag. <code>Department</code>
+ *          and <code>department</code> are not saved as separate tags, and the session tag passed in
+ *          the request takes precedence over the user tag.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/GetSessionTokenCommand.d.ts

@@ -18,7 +18,7 @@ export interface GetSessionTokenCommandOutput extends GetSessionTokenResponse, _
  *          the API returns an access denied error. For a comparison of <code>GetSessionToken</code>
  *          with the other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting
  *             Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
  *          <p>
  *             <b>Session Duration</b>
  *          </p>

package/dist-types/models/models_0.d.ts

@@ -43,7 +43,7 @@ export declare namespace PolicyDescriptorType {
 /**
  * <p>You can pass custom key-value pair attributes when you assume a role or federate a user.
  *          These are called session tags. You can then use the session tags to control access to
- *          resources. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Tagging STS Sessions</a> in the
+ *          resources. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Tagging Amazon Web Services STS Sessions</a> in the
  *             <i>IAM User Guide</i>.</p>
  */
 export interface Tag {
@@ -93,6 +93,7 @@ export interface AssumeRoleRequest {
      *          plaintext that you use for both inline and managed session policies can't exceed 2,048
      *          characters. For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs) and Amazon Web Services
      *             Service Namespaces</a> in the Amazon Web Services General Reference.</p>
+     *
      *          <note>
      *             <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a
      *             packed binary format that has a separate limit. Your request can fail for this limit
@@ -127,6 +128,7 @@ export interface AssumeRoleRequest {
      *          character to the end of the valid character list (\u0020 through \u00FF). It can also
      *          include the tab (\u0009), linefeed (\u000A), and carriage return (\u000D)
      *          characters.</p>
+     *
      *          <note>
      *             <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a
      *             packed binary format that has a separate limit. Your request can fail for this limit
@@ -138,13 +140,19 @@ export interface AssumeRoleRequest {
      */
     Policy?: string;
     /**
-     * <p>The duration, in seconds, of the role session. The value specified can can range from
-     *          900 seconds (15 minutes) up to the maximum session duration that is set for the role. The
-     *          maximum session duration setting can have a value from 1 hour to 12 hours. If you specify a
-     *          value higher than this setting or the administrator setting (whichever is lower), the
-     *          operation fails. For example, if you specify a session duration of 12 hours, but your
-     *          administrator set the maximum session duration to 6 hours, your operation fails. To learn
-     *          how to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session">View the
+     * <p>The duration, in seconds, of the role session. The value specified can range from 900
+     *          seconds (15 minutes) up to the maximum session duration set for the role. The maximum
+     *          session duration setting can have a value from 1 hour to 12 hours. If you specify a value
+     *          higher than this setting or the administrator setting (whichever is lower), the operation
+     *          fails. For example, if you specify a session duration of 12 hours, but your administrator
+     *          set the maximum session duration to 6 hours, your operation fails. </p>
+     *          <p>Role chaining limits your Amazon Web Services CLI or Amazon Web Services API role session to a maximum of one hour.
+     *          When you use the <code>AssumeRole</code> API operation to assume a role, you can specify
+     *          the duration of your role session with the <code>DurationSeconds</code> parameter. You can
+     *          specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum
+     *          session duration setting for your role. However, if you assume a role using role chaining
+     *          and provide a <code>DurationSeconds</code> parameter value greater than one hour, the
+     *          operation fails. To learn how to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session">View the
      *             Maximum Session Duration Setting for a Role</a> in the
      *             <i>IAM User Guide</i>.</p>
      *          <p>By default, the value is set to <code>3600</code> seconds. </p>
@@ -154,14 +162,14 @@ export interface AssumeRoleRequest {
      *             federation endpoint for a console sign-in token takes a <code>SessionDuration</code>
      *             parameter that specifies the maximum length of the console session. For more
      *             information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html">Creating a URL
-     *                that Enables Federated Users to Access the Management Console</a> in the
+     *                that Enables Federated Users to Access the Amazon Web Services Management Console</a> in the
      *                <i>IAM User Guide</i>.</p>
      *          </note>
      */
     DurationSeconds?: number;
     /**
      * <p>A list of session tags that you want to pass. Each session tag consists of a key name
-     *          and an associated value. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Tagging STS
+     *          and an associated value. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Tagging Amazon Web Services STS
      *             Sessions</a> in the <i>IAM User Guide</i>.</p>
      *          <p>This parameter is optional. You can pass up to 50 session tags. The plaintext session
      *          tag keys can’t exceed 128 characters, and the values can’t exceed 256 characters. For these
@@ -176,8 +184,9 @@ export interface AssumeRoleRequest {
      *             request are to the upper size limit.
      *             </p>
      *          </note>
-     *          <p>You can pass a session tag with the same key as a tag that is already
-     *          attached to the role. When you do, session tags override a role tag with the same key. </p>
+     *
+     *          <p>You can pass a session tag with the same key as a tag that is already attached to the
+     *          role. When you do, session tags override a role tag with the same key. </p>
      *          <p>Tag key–value pairs are not case sensitive, but case is preserved. This means that you
      *          cannot have separate <code>Department</code> and <code>department</code> tag keys. Assume
      *          that the role has the <code>Department</code>=<code>Marketing</code> tag and you pass the
@@ -253,8 +262,7 @@ export interface AssumeRoleRequest {
      *          <p>The regex used to validate this parameter is a string of characters consisting of upper-
      *          and lower-case alphanumeric characters with no spaces. You can also include underscores or
      *          any of the following characters: =,.@-. You cannot use a value that begins with the text
-     *          <code>aws:</code>. This prefix is reserved for Amazon Web Services internal
-     *          use.</p>
+     *             <code>aws:</code>. This prefix is reserved for Amazon Web Services internal use.</p>
      */
     SourceIdentity?: string;
 }
@@ -300,6 +308,7 @@ export interface AssumeRoleResponse {
     /**
      * <p>The temporary security credentials, which include an access key ID, a secret access key,
      *          and a security (or session) token.</p>
+     *
      *          <note>
      *             <p>The size of the security token that STS API operations return is not fixed. We
      *         strongly recommend that you make no assumptions about the maximum size.</p>
@@ -352,12 +361,6 @@ export interface ExpiredTokenException extends __SmithyException, $MetadataBeare
     $fault: "client";
     message?: string;
 }
-export declare namespace ExpiredTokenException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: ExpiredTokenException) => any;
-}
 /**
  * <p>The request was rejected because the policy document was malformed. The error message
  *             describes the specific error.</p>
@@ -367,12 +370,6 @@ export interface MalformedPolicyDocumentException extends __SmithyException, $Me
     $fault: "client";
     message?: string;
 }
-export declare namespace MalformedPolicyDocumentException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: MalformedPolicyDocumentException) => any;
-}
 /**
  * <p>The request was rejected because the total packed size of the session policies and
  *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
@@ -381,7 +378,7 @@ export declare namespace MalformedPolicyDocumentException {
  *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
  *             the <i>IAM User Guide</i>.</p>
  *         <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">IAM and STS Entity
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
  *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
  */
 export interface PackedPolicyTooLargeException extends __SmithyException, $MetadataBearer {
@@ -389,12 +386,6 @@ export interface PackedPolicyTooLargeException extends __SmithyException, $Metad
     $fault: "client";
     message?: string;
 }
-export declare namespace PackedPolicyTooLargeException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: PackedPolicyTooLargeException) => any;
-}
 /**
  * <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate STS
@@ -407,12 +398,6 @@ export interface RegionDisabledException extends __SmithyException, $MetadataBea
     $fault: "client";
     message?: string;
 }
-export declare namespace RegionDisabledException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: RegionDisabledException) => any;
-}
 export interface AssumeRoleWithSAMLRequest {
     /**
      * <p>The Amazon Resource Name (ARN) of the role that the caller is assuming.</p>
@@ -436,6 +421,7 @@ export interface AssumeRoleWithSAMLRequest {
      *          plaintext that you use for both inline and managed session policies can't exceed 2,048
      *          characters. For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs) and Amazon Web Services
      *             Service Namespaces</a> in the Amazon Web Services General Reference.</p>
+     *
      *          <note>
      *             <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a
      *             packed binary format that has a separate limit. Your request can fail for this limit
@@ -470,6 +456,7 @@ export interface AssumeRoleWithSAMLRequest {
      *          character to the end of the valid character list (\u0020 through \u00FF). It can also
      *          include the tab (\u0009), linefeed (\u000A), and carriage return (\u000D)
      *          characters.</p>
+     *
      *          <note>
      *             <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a
      *             packed binary format that has a separate limit. Your request can fail for this limit
@@ -499,7 +486,7 @@ export interface AssumeRoleWithSAMLRequest {
      *             federation endpoint for a console sign-in token takes a <code>SessionDuration</code>
      *             parameter that specifies the maximum length of the console session. For more
      *             information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html">Creating a URL
-     *                that Enables Federated Users to Access the Management Console</a> in the
+     *                that Enables Federated Users to Access the Amazon Web Services Management Console</a> in the
      *                <i>IAM User Guide</i>.</p>
      *          </note>
      */
@@ -519,6 +506,7 @@ export interface AssumeRoleWithSAMLResponse {
     /**
      * <p>The temporary security credentials, which include an access key ID, a secret access key,
      *          and a security (or session) token.</p>
+     *
      *          <note>
      *             <p>The size of the security token that STS API operations return is not fixed. We
      *         strongly recommend that you make no assumptions about the maximum size.</p>
@@ -618,12 +606,6 @@ export interface IDPRejectedClaimException extends __SmithyException, $MetadataB
     $fault: "client";
     message?: string;
 }
-export declare namespace IDPRejectedClaimException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: IDPRejectedClaimException) => any;
-}
 /**
  * <p>The web identity token that was passed could not be validated by Amazon Web Services. Get a new
  *             identity token from the identity provider and then retry the request.</p>
@@ -633,12 +615,6 @@ export interface InvalidIdentityTokenException extends __SmithyException, $Metad
     $fault: "client";
     message?: string;
 }
-export declare namespace InvalidIdentityTokenException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: InvalidIdentityTokenException) => any;
-}
 export interface AssumeRoleWithWebIdentityRequest {
     /**
      * <p>The Amazon Resource Name (ARN) of the role that the caller is assuming.</p>
@@ -678,6 +654,7 @@ export interface AssumeRoleWithWebIdentityRequest {
      *          plaintext that you use for both inline and managed session policies can't exceed 2,048
      *          characters. For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs) and Amazon Web Services
      *             Service Namespaces</a> in the Amazon Web Services General Reference.</p>
+     *
      *          <note>
      *             <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a
      *             packed binary format that has a separate limit. Your request can fail for this limit
@@ -712,6 +689,7 @@ export interface AssumeRoleWithWebIdentityRequest {
      *          character to the end of the valid character list (\u0020 through \u00FF). It can also
      *          include the tab (\u0009), linefeed (\u000A), and carriage return (\u000D)
      *          characters.</p>
+     *
      *          <note>
      *             <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a
      *             packed binary format that has a separate limit. Your request can fail for this limit
@@ -738,7 +716,7 @@ export interface AssumeRoleWithWebIdentityRequest {
      *             federation endpoint for a console sign-in token takes a <code>SessionDuration</code>
      *             parameter that specifies the maximum length of the console session. For more
      *             information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html">Creating a URL
-     *                that Enables Federated Users to Access the Management Console</a> in the
+     *                that Enables Federated Users to Access the Amazon Web Services Management Console</a> in the
      *                <i>IAM User Guide</i>.</p>
      *          </note>
      */
@@ -758,6 +736,7 @@ export interface AssumeRoleWithWebIdentityResponse {
     /**
      * <p>The temporary security credentials, which include an access key ID, a secret access key,
      *          and a security token.</p>
+     *
      *          <note>
      *             <p>The size of the security token that STS API operations return is not fixed. We
      *         strongly recommend that you make no assumptions about the maximum size.</p>
@@ -839,12 +818,6 @@ export interface IDPCommunicationErrorException extends __SmithyException, $Meta
     $fault: "client";
     message?: string;
 }
-export declare namespace IDPCommunicationErrorException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: IDPCommunicationErrorException) => any;
-}
 export interface DecodeAuthorizationMessageRequest {
     /**
      * <p>The encoded message that was returned with the response.</p>
@@ -863,7 +836,7 @@ export declare namespace DecodeAuthorizationMessageRequest {
  */
 export interface DecodeAuthorizationMessageResponse {
     /**
-     * <p>An XML document that contains the decoded message.</p>
+     * <p>The API returns a response with the decoded message.</p>
      */
     DecodedMessage?: string;
 }
@@ -883,17 +856,11 @@ export interface InvalidAuthorizationMessageException extends __SmithyException,
     $fault: "client";
     message?: string;
 }
-export declare namespace InvalidAuthorizationMessageException {
-    /**
-     * @internal
-     */
-    const filterSensitiveLog: (obj: InvalidAuthorizationMessageException) => any;
-}
 export interface GetAccessKeyInfoRequest {
     /**
      * <p>The identifier of an access key.</p>
-     *         <p>This parameter allows (through its regex pattern) a string of characters that can
-     *             consist of any upper- or lowercase letter or digit.</p>
+     *          <p>This parameter allows (through its regex pattern) a string of characters that can
+     *          consist of any upper- or lowercase letter or digit.</p>
      */
     AccessKeyId: string | undefined;
 }
@@ -985,6 +952,7 @@ export interface GetFederationTokenRequest {
      *          character to the end of the valid character list (\u0020 through \u00FF). It can also
      *          include the tab (\u0009), linefeed (\u000A), and carriage return (\u000D)
      *          characters.</p>
+     *
      *          <note>
      *             <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a
      *             packed binary format that has a separate limit. Your request can fail for this limit
@@ -1005,7 +973,8 @@ export interface GetFederationTokenRequest {
      *          The plaintext that you use for both inline and managed session policies can't exceed 2,048
      *          characters. You can provide up to 10 managed policy ARNs. For more information about ARNs,
      *          see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon
-     *             Resource Names (ARNs) and Amazon Web Services Service Namespaces</a> in the Amazon Web Services General Reference.</p>
+     *             Resource Names (ARNs) and Amazon Web Services Service Namespaces</a> in the
+     *          Amazon Web Services General Reference.</p>
      *          <p>This parameter is optional. However, if you do not pass any session policies, then the
      *          resulting federated user session has no permissions.</p>
      *          <p>When you pass session policies, the session permissions are the intersection of the
@@ -1019,6 +988,7 @@ export interface GetFederationTokenRequest {
      *             <code>Principal</code> element of the policy, the session has the permissions allowed by
      *          the policy. These permissions are granted in addition to the permissions that are granted
      *          by the session policies.</p>
+     *
      *          <note>
      *             <p>An Amazon Web Services conversion compresses the passed session policies and session tags into a
      *             packed binary format that has a separate limit. Your request can fail for this limit
@@ -1055,9 +1025,9 @@ export interface GetFederationTokenRequest {
      *             request are to the upper size limit.
      *             </p>
      *          </note>
-     *          <p>You can pass a session tag with the same key as a tag that is already
-     *          attached to the user you are federating. When you do, session tags override a user tag with
-     *          the same key. </p>
+     *
+     *          <p>You can pass a session tag with the same key as a tag that is already attached to the
+     *          user you are federating. When you do, session tags override a user tag with the same key. </p>
      *          <p>Tag key–value pairs are not case sensitive, but case is preserved. This means that you
      *          cannot have separate <code>Department</code> and <code>department</code> tag keys. Assume
      *          that the role has the <code>Department</code>=<code>Marketing</code> tag and you pass the
@@ -1103,6 +1073,7 @@ export interface GetFederationTokenResponse {
     /**
      * <p>The temporary security credentials, which include an access key ID, a secret access key,
      *          and a security (or session) token.</p>
+     *
      *          <note>
      *             <p>The size of the security token that STS API operations return is not fixed. We
      *         strongly recommend that you make no assumptions about the maximum size.</p>
@@ -1131,34 +1102,34 @@ export declare namespace GetFederationTokenResponse {
 }
 export interface GetSessionTokenRequest {
     /**
-     * <p>The duration, in seconds, that the credentials should remain valid. Acceptable
-     *             durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds
-     *             (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for Amazon Web Services account
-     *             owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is
-     *             longer than one hour, the session for Amazon Web Services account owners defaults to one hour.</p>
+     * <p>The duration, in seconds, that the credentials should remain valid. Acceptable durations
+     *          for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours),
+     *          with 43,200 seconds (12 hours) as the default. Sessions for Amazon Web Services account owners are
+     *          restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one
+     *          hour, the session for Amazon Web Services account owners defaults to one hour.</p>
      */
     DurationSeconds?: number;
     /**
      * <p>The identification number of the MFA device that is associated with the IAM user who
-     *             is making the <code>GetSessionToken</code> call. Specify this value if the IAM user
-     *             has a policy that requires MFA authentication. The value is either the serial number for
-     *             a hardware device (such as <code>GAHT12345678</code>) or an Amazon Resource Name (ARN)
-     *             for a virtual device (such as <code>arn:aws:iam::123456789012:mfa/user</code>). You can
-     *             find the device for an IAM user by going to the Management Console and viewing the user's
-     *             security credentials. </p>
-     *         <p>The regex used to validate this parameter is a string of
+     *          is making the <code>GetSessionToken</code> call. Specify this value if the IAM user has a
+     *          policy that requires MFA authentication. The value is either the serial number for a
+     *          hardware device (such as <code>GAHT12345678</code>) or an Amazon Resource Name (ARN) for a
+     *          virtual device (such as <code>arn:aws:iam::123456789012:mfa/user</code>). You can find the
+     *          device for an IAM user by going to the Amazon Web Services Management Console and viewing the user's security
+     *          credentials. </p>
+     *          <p>The regex used to validate this parameter is a string of
      *     characters consisting of upper- and lower-case alphanumeric characters with no spaces.
      *     You can also include underscores or any of the following characters: =,.@:/-</p>
      */
     SerialNumber?: string;
     /**
      * <p>The value provided by the MFA device, if MFA is required. If any policy requires the
-     *             IAM user to submit an MFA code, specify this value. If MFA authentication is required,
-     *             the user must provide a code when requesting a set of temporary security credentials. A
-     *             user who fails to provide the code receives an "access denied" response when requesting
-     *             resources that require MFA authentication.</p>
-     *         <p>The format for this parameter, as described by its regex pattern, is a sequence of six
-     *             numeric digits.</p>
+     *          IAM user to submit an MFA code, specify this value. If MFA authentication is required,
+     *          the user must provide a code when requesting a set of temporary security credentials. A
+     *          user who fails to provide the code receives an "access denied" response when requesting
+     *          resources that require MFA authentication.</p>
+     *          <p>The format for this parameter, as described by its regex pattern, is a sequence of six
+     *          numeric digits.</p>
      */
     TokenCode?: string;
 }
@@ -1174,8 +1145,8 @@ export declare namespace GetSessionTokenRequest {
  */
 export interface GetSessionTokenResponse {
     /**
-     * <p>The temporary security credentials, which include an access key ID, a secret access
-     *             key, and a security (or session) token.</p>
+     * <p>The temporary security credentials, which include an access key ID, a secret access key,
+     *          and a security (or session) token.</p>
      *
      *          <note>
      *             <p>The size of the security token that STS API operations return is not fixed. We

package/dist-types/runtimeConfig.browser.d.ts

@@ -1,10 +1,11 @@
-import { FetchHttpHandler } from "@aws-sdk/fetch-http-handler";
+import { FetchHttpHandler as RequestHandler } from "@aws-sdk/fetch-http-handler";
 import { STSClientConfig } from "./STSClient";
 /**
  * @internal
  */
 export declare const getRuntimeConfig: (config: STSClientConfig) => {
     runtime: string;
+    defaultsMode: import("@aws-sdk/types").Provider<import("@aws-sdk/smithy-client").ResolvedDefaultsMode>;
     base64Decoder: import("@aws-sdk/types").Decoder;
     base64Encoder: import("@aws-sdk/types").Encoder;
     bodyLengthChecker: (body: any) => number | undefined;
@@ -12,7 +13,7 @@ export declare const getRuntimeConfig: (config: STSClientConfig) => {
     defaultUserAgentProvider: import("@aws-sdk/types").Provider<import("@aws-sdk/types").UserAgent>;
     maxAttempts: number | import("@aws-sdk/types").Provider<number>;
     region: string | import("@aws-sdk/types").Provider<any>;
-    requestHandler: (import("@aws-sdk/types").RequestHandler<any, any, import("@aws-sdk/types").HttpHandlerOptions> & import("@aws-sdk/protocol-http").HttpHandler) | FetchHttpHandler;
+    requestHandler: (import("@aws-sdk/types").RequestHandler<any, any, import("@aws-sdk/types").HttpHandlerOptions> & import("@aws-sdk/protocol-http").HttpHandler) | RequestHandler;
     retryMode: string | import("@aws-sdk/types").Provider<string>;
     sha256: import("@aws-sdk/types").HashConstructor;
     streamCollector: import("@aws-sdk/types").StreamCollector;

package/dist-types/runtimeConfig.d.ts

@@ -1,10 +1,11 @@
-import { NodeHttpHandler } from "@aws-sdk/node-http-handler";
+import { NodeHttpHandler as RequestHandler } from "@aws-sdk/node-http-handler";
 import { STSClientConfig } from "./STSClient";
 /**
  * @internal
  */
 export declare const getRuntimeConfig: (config: STSClientConfig) => {
     runtime: string;
+    defaultsMode: import("@aws-sdk/types").Provider<import("@aws-sdk/smithy-client").ResolvedDefaultsMode>;
     base64Decoder: import("@aws-sdk/types").Decoder;
     base64Encoder: import("@aws-sdk/types").Encoder;
     bodyLengthChecker: (body: any) => number | undefined;
@@ -12,7 +13,7 @@ export declare const getRuntimeConfig: (config: STSClientConfig) => {
     defaultUserAgentProvider: import("@aws-sdk/types").Provider<import("@aws-sdk/types").UserAgent>;
     maxAttempts: number | import("@aws-sdk/types").Provider<number>;
     region: string | import("@aws-sdk/types").Provider<string>;
-    requestHandler: (import("@aws-sdk/types").RequestHandler<any, any, import("@aws-sdk/types").HttpHandlerOptions> & import("@aws-sdk/protocol-http").HttpHandler) | NodeHttpHandler;
+    requestHandler: (import("@aws-sdk/types").RequestHandler<any, any, import("@aws-sdk/types").HttpHandlerOptions> & import("@aws-sdk/protocol-http").HttpHandler) | RequestHandler;
     retryMode: string | import("@aws-sdk/types").Provider<string>;
     sha256: import("@aws-sdk/types").HashConstructor;
     streamCollector: import("@aws-sdk/types").StreamCollector;

package/dist-types/runtimeConfig.native.d.ts

@@ -25,6 +25,7 @@ export declare const getRuntimeConfig: (config: STSClientConfig) => {
     credentialDefaultProvider: (input: any) => import("@aws-sdk/types").Provider<import("@aws-sdk/types").Credentials>;
     regionInfoProvider: import("@aws-sdk/types").RegionInfoProvider;
     defaultUserAgentProvider: import("@aws-sdk/types").Provider<import("@aws-sdk/types").UserAgent>;
+    defaultsMode: import("@aws-sdk/smithy-client").DefaultsMode | import("@aws-sdk/types").Provider<import("@aws-sdk/smithy-client").DefaultsMode> | import("@aws-sdk/types").Provider<import("@aws-sdk/smithy-client").ResolvedDefaultsMode>;
     endpoint?: string | import("@aws-sdk/types").Endpoint | import("@aws-sdk/types").Provider<import("@aws-sdk/types").Endpoint> | undefined;
     tls?: boolean | undefined;
     retryStrategy?: import("@aws-sdk/types").RetryStrategy | undefined;