@aws-sdk/client-sts 3.54.0 → 3.54.2

package/dist-types/ts3.4/commands/DecodeAuthorizationMessageCommand.d.ts

@@ -6,11 +6,64 @@ export interface DecodeAuthorizationMessageCommandInput extends DecodeAuthorizat
 }
 export interface DecodeAuthorizationMessageCommandOutput extends DecodeAuthorizationMessageResponse, __MetadataBearer {
 }
-
+/**
+ * <p>Decodes additional information about the authorization status of a request from an
+ *          encoded message returned in response to an Amazon Web Services request.</p>
+ *          <p>For example, if a user is not authorized to perform an operation that he or she has
+ *          requested, the request returns a <code>Client.UnauthorizedOperation</code> response (an
+ *          HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can
+ *          provide details about this authorization failure. </p>
+ *          <note>
+ *             <p>Only certain Amazon Web Services operations return an encoded authorization message. The
+ *             documentation for an individual operation indicates whether that operation returns an
+ *             encoded message in addition to returning an HTTP code.</p>
+ *          </note>
+ *          <p>The message is encoded because the details of the authorization status can contain
+ *          privileged information that the user who requested the operation should not see. To decode
+ *          an authorization status message, a user must be granted permissions through an IAM <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html">policy</a> to
+ *          request the <code>DecodeAuthorizationMessage</code>
+ *             (<code>sts:DecodeAuthorizationMessage</code>) action. </p>
+ *          <p>The decoded message includes the following type of information:</p>
+ *          <ul>
+ *             <li>
+ *                <p>Whether the request was denied due to an explicit deny or due to the absence of an
+ *                explicit allow. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow">Determining Whether a Request is Allowed or Denied</a> in the
+ *                   <i>IAM User Guide</i>. </p>
+ *             </li>
+ *             <li>
+ *                <p>The principal who made the request.</p>
+ *             </li>
+ *             <li>
+ *                <p>The requested action.</p>
+ *             </li>
+ *             <li>
+ *                <p>The requested resource.</p>
+ *             </li>
+ *             <li>
+ *                <p>The values of condition keys in the context of the user's request.</p>
+ *             </li>
+ *          </ul>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, DecodeAuthorizationMessageCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, DecodeAuthorizationMessageCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * const client = new STSClient(config);
+ * const command = new DecodeAuthorizationMessageCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @see {@link DecodeAuthorizationMessageCommandInput} for command's `input` shape.
+ * @see {@link DecodeAuthorizationMessageCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ */
 export declare class DecodeAuthorizationMessageCommand extends $Command<DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput, STSClientResolvedConfig> {
     readonly input: DecodeAuthorizationMessageCommandInput;
     constructor(input: DecodeAuthorizationMessageCommandInput);
-    
+    /**
+     * @internal
+     */
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: STSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/GetAccessKeyInfoCommand.d.ts

@@ -6,11 +6,46 @@ export interface GetAccessKeyInfoCommandInput extends GetAccessKeyInfoRequest {
 }
 export interface GetAccessKeyInfoCommandOutput extends GetAccessKeyInfoResponse, __MetadataBearer {
 }
-
+/**
+ * <p>Returns the account identifier for the specified access key ID.</p>
+ *          <p>Access keys consist of two parts: an access key ID (for example,
+ *             <code>AKIAIOSFODNN7EXAMPLE</code>) and a secret access key (for example,
+ *             <code>wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY</code>). For more information about
+ *          access keys, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html">Managing Access Keys for IAM
+ *             Users</a> in the <i>IAM User Guide</i>.</p>
+ *          <p>When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services account
+ *          to which the keys belong. Access key IDs beginning with <code>AKIA</code> are long-term
+ *          credentials for an IAM user or the Amazon Web Services account root user. Access key IDs beginning with
+ *             <code>ASIA</code> are temporary credentials that are created using STS operations. If
+ *          the account in the response belongs to you, you can sign in as the root user and review
+ *          your root user access keys. Then, you can pull a <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html">credentials report</a> to
+ *          learn which IAM user owns the keys. To learn who requested the temporary credentials for
+ *          an <code>ASIA</code> access key, view the STS events in your <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html">CloudTrail logs</a> in the
+ *             <i>IAM User Guide</i>.</p>
+ *          <p>This operation does not indicate the state of the access key. The key might be active,
+ *          inactive, or deleted. Active keys might not have permissions to perform an operation.
+ *          Providing a deleted access key might return an error that the key doesn't exist.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, GetAccessKeyInfoCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, GetAccessKeyInfoCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * const client = new STSClient(config);
+ * const command = new GetAccessKeyInfoCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @see {@link GetAccessKeyInfoCommandInput} for command's `input` shape.
+ * @see {@link GetAccessKeyInfoCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ */
 export declare class GetAccessKeyInfoCommand extends $Command<GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput, STSClientResolvedConfig> {
     readonly input: GetAccessKeyInfoCommandInput;
     constructor(input: GetAccessKeyInfoCommandInput);
-    
+    /**
+     * @internal
+     */
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: STSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/GetCallerIdentityCommand.d.ts

@@ -6,11 +6,38 @@ export interface GetCallerIdentityCommandInput extends GetCallerIdentityRequest
 }
 export interface GetCallerIdentityCommandOutput extends GetCallerIdentityResponse, __MetadataBearer {
 }
-
+/**
+ * <p>Returns details about the IAM user or role whose credentials are used to call the
+ *          operation.</p>
+ *          <note>
+ *             <p>No permissions are required to perform this operation. If an administrator adds a
+ *             policy to your IAM user or role that explicitly denies access to the
+ *                <code>sts:GetCallerIdentity</code> action, you can still perform this operation.
+ *             Permissions are not required because the same information is returned when an IAM user
+ *             or role is denied access. To view an example response, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa">I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice</a> in the
+ *                <i>IAM User Guide</i>.</p>
+ *          </note>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, GetCallerIdentityCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, GetCallerIdentityCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * const client = new STSClient(config);
+ * const command = new GetCallerIdentityCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @see {@link GetCallerIdentityCommandInput} for command's `input` shape.
+ * @see {@link GetCallerIdentityCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ */
 export declare class GetCallerIdentityCommand extends $Command<GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput, STSClientResolvedConfig> {
     readonly input: GetCallerIdentityCommandInput;
     constructor(input: GetCallerIdentityCommandInput);
-    
+    /**
+     * @internal
+     */
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: STSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/GetFederationTokenCommand.d.ts

@@ -6,11 +6,114 @@ export interface GetFederationTokenCommandInput extends GetFederationTokenReques
 }
 export interface GetFederationTokenCommandOutput extends GetFederationTokenResponse, __MetadataBearer {
 }
-
+/**
+ * <p>Returns a set of temporary security credentials (consisting of an access key ID, a
+ *          secret access key, and a security token) for a federated user. A typical use is in a proxy
+ *          application that gets temporary security credentials on behalf of distributed applications
+ *          inside a corporate network. You must call the <code>GetFederationToken</code> operation
+ *          using the long-term security credentials of an IAM user. As a result, this call is
+ *          appropriate in contexts where those credentials can be safely stored, usually in a
+ *          server-based application. For a comparison of <code>GetFederationToken</code> with the
+ *          other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
+ *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
+ *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *          <note>
+ *             <p>You can create a mobile-based or browser-based app that can authenticate users using
+ *             a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
+ *             Connect-compatible identity provider. In this case, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon Cognito</a> or
+ *                <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a> in the
+ *                <i>IAM User Guide</i>.</p>
+ *          </note>
+ *          <p>You can also call <code>GetFederationToken</code> using the security credentials of an
+ *          Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create
+ *          an IAM user for the purpose of the proxy application. Then attach a policy to the IAM
+ *          user that limits federated users to only the actions and resources that they need to
+ *          access. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html">IAM Best Practices</a> in the
+ *             <i>IAM User Guide</i>. </p>
+ *          <p>
+ *             <b>Session duration</b>
+ *          </p>
+ *          <p>The temporary credentials are valid for the specified duration, from 900 seconds (15
+ *          minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is
+ *          43,200 seconds (12 hours). Temporary credentials obtained by using the Amazon Web Services account root
+ *          user credentials have a maximum duration of 3,600 seconds (1 hour).</p>
+ *          <p>
+ *             <b>Permissions</b>
+ *          </p>
+ *          <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any
+ *          Amazon Web Services service except the following:</p>
+ *          <ul>
+ *             <li>
+ *                <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. </p>
+ *             </li>
+ *             <li>
+ *                <p>You cannot call any STS operations except <code>GetCallerIdentity</code>.</p>
+ *             </li>
+ *          </ul>
+ *          <p>You must pass an inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policy</a> to
+ *          this operation. You can pass a single JSON policy document to use as an inline session
+ *          policy. You can also specify up to 10 managed policies to use as managed session policies.
+ *          The plaintext that you use for both inline and managed session policies can't exceed 2,048
+ *          characters.</p>
+ *          <p>Though the session policy parameters are optional, if you do not pass a policy, then the
+ *          resulting federated user session has no permissions. When you pass session policies, the
+ *          session permissions are the intersection of the IAM user policies and the session
+ *          policies that you pass. This gives you a way to further restrict the permissions for a
+ *          federated user. You cannot use session policies to grant more permissions than those that
+ *          are defined in the permissions policy of the IAM user. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
+ *             Policies</a> in the <i>IAM User Guide</i>. For information about
+ *          using <code>GetFederationToken</code> to create temporary security credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken">GetFederationToken—Federation Through a Custom Identity Broker</a>. </p>
+ *          <p>You can use the credentials to access a resource that has a resource-based policy. If
+ *          that policy specifically references the federated user session in the
+ *             <code>Principal</code> element of the policy, the session has the permissions allowed by
+ *          the policy. These permissions are granted in addition to the permissions granted by the
+ *          session policies.</p>
+ *          <p>
+ *             <b>Tags</b>
+ *          </p>
+ *          <p>(Optional) You can pass tag key-value pairs to your session. These are called session
+ *          tags. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
+ *             <i>IAM User Guide</i>.</p>
+ *          <note>
+ *             <p>You can create a mobile-based or browser-based app that can authenticate users using
+ *             a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
+ *             Connect-compatible identity provider. In this case, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon Cognito</a> or
+ *                <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a> in the
+ *                <i>IAM User Guide</i>.</p>
+ *          </note>
+ *          <p>An administrator must grant you the permissions necessary to pass session tags. The
+ *          administrator can also create granular permissions to allow you to pass only specific
+ *          session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
+ *             for Attribute-Based Access Control</a> in the
+ *          <i>IAM User Guide</i>.</p>
+ *          <p>Tag key–value pairs are not case sensitive, but case is preserved. This means that you
+ *          cannot have separate <code>Department</code> and <code>department</code> tag keys. Assume
+ *          that the user that you are federating has the
+ *             <code>Department</code>=<code>Marketing</code> tag and you pass the
+ *             <code>department</code>=<code>engineering</code> session tag. <code>Department</code>
+ *          and <code>department</code> are not saved as separate tags, and the session tag passed in
+ *          the request takes precedence over the user tag.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, GetFederationTokenCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, GetFederationTokenCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * const client = new STSClient(config);
+ * const command = new GetFederationTokenCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @see {@link GetFederationTokenCommandInput} for command's `input` shape.
+ * @see {@link GetFederationTokenCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ */
 export declare class GetFederationTokenCommand extends $Command<GetFederationTokenCommandInput, GetFederationTokenCommandOutput, STSClientResolvedConfig> {
     readonly input: GetFederationTokenCommandInput;
     constructor(input: GetFederationTokenCommandInput);
-    
+    /**
+     * @internal
+     */
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: STSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GetFederationTokenCommandInput, GetFederationTokenCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/commands/GetSessionTokenCommand.d.ts

@@ -6,11 +6,80 @@ export interface GetSessionTokenCommandInput extends GetSessionTokenRequest {
 }
 export interface GetSessionTokenCommandOutput extends GetSessionTokenResponse, __MetadataBearer {
 }
-
+/**
+ * <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The
+ *          credentials consist of an access key ID, a secret access key, and a security token.
+ *          Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect
+ *          programmatic calls to specific Amazon Web Services API operations like Amazon EC2 <code>StopInstances</code>.
+ *          MFA-enabled IAM users would need to call <code>GetSessionToken</code> and submit an MFA
+ *          code that is associated with their MFA device. Using the temporary security credentials
+ *          that are returned from the call, IAM users can then make programmatic calls to API
+ *          operations that require MFA authentication. If you do not supply a correct MFA code, then
+ *          the API returns an access denied error. For a comparison of <code>GetSessionToken</code>
+ *          with the other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting
+ *             Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
+ *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *          <p>
+ *             <b>Session Duration</b>
+ *          </p>
+ *          <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services
+ *          security credentials of the Amazon Web Services account root user or an IAM user. Credentials that are
+ *          created by IAM users are valid for the duration that you specify. This duration can range
+ *          from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default
+ *          of 43,200 seconds (12 hours). Credentials based on account credentials can range from 900
+ *          seconds (15 minutes) up to 3,600 seconds (1 hour), with a default of 1 hour. </p>
+ *          <p>
+ *             <b>Permissions</b>
+ *          </p>
+ *          <p>The temporary security credentials created by <code>GetSessionToken</code> can be used
+ *          to make API calls to any Amazon Web Services service with the following exceptions:</p>
+ *          <ul>
+ *             <li>
+ *                <p>You cannot call any IAM API operations unless MFA authentication information is
+ *                included in the request.</p>
+ *             </li>
+ *             <li>
+ *                <p>You cannot call any STS API <i>except</i>
+ *                   <code>AssumeRole</code> or <code>GetCallerIdentity</code>.</p>
+ *             </li>
+ *          </ul>
+ *          <note>
+ *             <p>We recommend that you do not call <code>GetSessionToken</code> with Amazon Web Services account
+ *             root user credentials. Instead, follow our <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users">best practices</a> by
+ *             creating one or more IAM users, giving them the necessary permissions, and using IAM
+ *             users for everyday interaction with Amazon Web Services. </p>
+ *          </note>
+ *          <p>The credentials that are returned by <code>GetSessionToken</code> are based on
+ *          permissions associated with the user whose credentials were used to call the operation. If
+ *             <code>GetSessionToken</code> is called using Amazon Web Services account root user credentials, the
+ *          temporary credentials have root user permissions. Similarly, if
+ *             <code>GetSessionToken</code> is called using the credentials of an IAM user, the
+ *          temporary credentials have the same permissions as the IAM user. </p>
+ *          <p>For more information about using <code>GetSessionToken</code> to create temporary
+ *          credentials, go to <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken">Temporary
+ *             Credentials for Users in Untrusted Environments</a> in the
+ *             <i>IAM User Guide</i>. </p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, GetSessionTokenCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, GetSessionTokenCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * const client = new STSClient(config);
+ * const command = new GetSessionTokenCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @see {@link GetSessionTokenCommandInput} for command's `input` shape.
+ * @see {@link GetSessionTokenCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ */
 export declare class GetSessionTokenCommand extends $Command<GetSessionTokenCommandInput, GetSessionTokenCommandOutput, STSClientResolvedConfig> {
     readonly input: GetSessionTokenCommandInput;
     constructor(input: GetSessionTokenCommandInput);
-    
+    /**
+     * @internal
+     */
     resolveMiddleware(clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>, configuration: STSClientResolvedConfig, options?: __HttpHandlerOptions): Handler<GetSessionTokenCommandInput, GetSessionTokenCommandOutput>;
     private serialize;
     private deserialize;

package/dist-types/ts3.4/defaultRoleAssumers.d.ts

@@ -1,8 +1,19 @@
 import { DefaultCredentialProvider, RoleAssumer, RoleAssumerWithWebIdentity } from "./defaultStsRoleAssumers";
 import { STSClientConfig } from "./STSClient";
-
+/**
+ * The default role assumer that used by credential providers when sts:AssumeRole API is needed.
+ */
 export declare const getDefaultRoleAssumer: (stsOptions?: Pick<STSClientConfig, "logger" | "region" | "requestHandler">) => RoleAssumer;
-
+/**
+ * The default role assumer that used by credential providers when sts:AssumeRoleWithWebIdentity API is needed.
+ */
 export declare const getDefaultRoleAssumerWithWebIdentity: (stsOptions?: Pick<STSClientConfig, "logger" | "region" | "requestHandler">) => RoleAssumerWithWebIdentity;
-
+/**
+ * The default credential providers depend STS client to assume role with desired API: sts:assumeRole,
+ * sts:assumeRoleWithWebIdentity, etc. This function decorates the default credential provider with role assumers which
+ * encapsulates the process of calling STS commands. This can only be imported by AWS client packages to avoid circular
+ * dependencies.
+ *
+ * @internal
+ */
 export declare const decorateDefaultCredentialProvider: (provider: DefaultCredentialProvider) => DefaultCredentialProvider;

package/dist-types/ts3.4/defaultStsRoleAssumers.d.ts

@@ -2,15 +2,34 @@ import { Credentials, Provider } from "@aws-sdk/types";
 import { AssumeRoleCommandInput } from "./commands/AssumeRoleCommand";
 import { AssumeRoleWithWebIdentityCommandInput } from "./commands/AssumeRoleWithWebIdentityCommand";
 import { STSClient, STSClientConfig } from "./STSClient";
-
+/**
+ * @internal
+ */
 export declare type RoleAssumer = (sourceCreds: Credentials, params: AssumeRoleCommandInput) => Promise<Credentials>;
-
+/**
+ * The default role assumer that used by credential providers when sts:AssumeRole API is needed.
+ * @internal
+ */
 export declare const getDefaultRoleAssumer: (stsOptions: Pick<STSClientConfig, "logger" | "region" | "requestHandler">, stsClientCtor: new (options: STSClientConfig) => STSClient) => RoleAssumer;
-
+/**
+ * @internal
+ */
 export declare type RoleAssumerWithWebIdentity = (params: AssumeRoleWithWebIdentityCommandInput) => Promise<Credentials>;
-
+/**
+ * The default role assumer that used by credential providers when sts:AssumeRoleWithWebIdentity API is needed.
+ * @internal
+ */
 export declare const getDefaultRoleAssumerWithWebIdentity: (stsOptions: Pick<STSClientConfig, "logger" | "region" | "requestHandler">, stsClientCtor: new (options: STSClientConfig) => STSClient) => RoleAssumerWithWebIdentity;
-
+/**
+ * @internal
+ */
 export declare type DefaultCredentialProvider = (input: any) => Provider<Credentials>;
-
+/**
+ * The default credential providers depend STS client to assume role with desired API: sts:assumeRole,
+ * sts:assumeRoleWithWebIdentity, etc. This function decorates the default credential provider with role assumers which
+ * encapsulates the process of calling STS commands. This can only be imported by AWS client packages to avoid circular
+ * dependencies.
+ *
+ * @internal
+ */
 export declare const decorateDefaultCredentialProvider: (provider: DefaultCredentialProvider) => DefaultCredentialProvider;

package/dist-types/ts3.4/models/STSServiceException.d.ts

@@ -1,6 +1,10 @@
 import { ServiceException as __ServiceException, ServiceExceptionOptions as __ServiceExceptionOptions } from "@aws-sdk/smithy-client";
-
+/**
+ * Base exception class for all service exceptions from STS service.
+ */
 export declare class STSServiceException extends __ServiceException {
-    
+    /**
+     * @internal
+     */
     constructor(options: __ServiceExceptionOptions);
 }