@aws-sdk/client-sts 3.687.0 → 3.692.0

package/dist-types/commands/AssumeRootCommand.d.ts

@@ -0,0 +1,103 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { AssumeRootRequest, AssumeRootResponse } from "../models/models_0";
+import { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link AssumeRootCommand}.
+ */
+export interface AssumeRootCommandInput extends AssumeRootRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link AssumeRootCommand}.
+ */
+export interface AssumeRootCommandOutput extends AssumeRootResponse, __MetadataBearer {
+}
+declare const AssumeRootCommand_base: {
+    new (input: AssumeRootCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRootCommandInput, AssumeRootCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (__0_0: AssumeRootCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRootCommandInput, AssumeRootCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Returns a set of short term credentials you can use to perform privileged tasks in a
+ *          member account.</p>
+ *          <p>Before you can launch a privileged session, you must have enabled centralized root
+ *          access in your organization. For steps to enable this feature, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html">Centralize root access for member accounts</a> in the <i>IAM User
+ *             Guide</i>.</p>
+ *          <note>
+ *             <p>The global endpoint is not supported for AssumeRoot. You must send this request to a
+ *             Regional STS endpoint. For more information, see <a href="https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html#sts-endpoints">Endpoints</a>.</p>
+ *          </note>
+ *          <p>You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a
+ *          session. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html">Track privileged tasks
+ *             in CloudTrail</a> in the <i>IAM User Guide</i>.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, AssumeRootCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, AssumeRootCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * const client = new STSClient(config);
+ * const input = { // AssumeRootRequest
+ *   TargetPrincipal: "STRING_VALUE", // required
+ *   TaskPolicyArn: { // PolicyDescriptorType
+ *     arn: "STRING_VALUE",
+ *   },
+ *   DurationSeconds: Number("int"),
+ * };
+ * const command = new AssumeRootCommand(input);
+ * const response = await client.send(command);
+ * // { // AssumeRootResponse
+ * //   Credentials: { // Credentials
+ * //     AccessKeyId: "STRING_VALUE", // required
+ * //     SecretAccessKey: "STRING_VALUE", // required
+ * //     SessionToken: "STRING_VALUE", // required
+ * //     Expiration: new Date("TIMESTAMP"), // required
+ * //   },
+ * //   SourceIdentity: "STRING_VALUE",
+ * // };
+ *
+ * ```
+ *
+ * @param AssumeRootCommandInput - {@link AssumeRootCommandInput}
+ * @returns {@link AssumeRootCommandOutput}
+ * @see {@link AssumeRootCommandInput} for command's `input` shape.
+ * @see {@link AssumeRootCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ * @throws {@link ExpiredTokenException} (client fault)
+ *  <p>The web identity token that was passed is expired or is not valid. Get a new identity
+ *             token from the identity provider and then retry the request.</p>
+ *
+ * @throws {@link RegionDisabledException} (client fault)
+ *  <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
+ *
+ * @throws {@link STSServiceException}
+ * <p>Base exception class for all service exceptions from STS service.</p>
+ *
+ * @public
+ */
+export declare class AssumeRootCommand extends AssumeRootCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: AssumeRootRequest;
+            output: AssumeRootResponse;
+        };
+        sdk: {
+            input: AssumeRootCommandInput;
+            output: AssumeRootCommandOutput;
+        };
+    };
+}

package/dist-types/commands/DecodeAuthorizationMessageCommand.d.ts

@@ -88,8 +88,8 @@ declare const DecodeAuthorizationMessageCommand_base: {
  *
  * @throws {@link InvalidAuthorizationMessageException} (client fault)
  *  <p>The error returned if the message passed to <code>DecodeAuthorizationMessage</code>
- *             was invalid. This can happen if the token contains invalid characters, such as
- *             linebreaks. </p>
+ *             was invalid. This can happen if the token contains invalid characters, such as line
+ *             breaks, or if the message has expired.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/dist-types/commands/GetFederationTokenCommand.d.ts

@@ -36,8 +36,8 @@ declare const GetFederationTokenCommand_base: {
  *          contexts where those credentials can be safeguarded, usually in a server-based application.
  *          For a comparison of <code>GetFederationToken</code> with the other API operations that
  *          produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
- *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
+ *             credentials</a> in the <i>IAM User Guide</i>.</p>
  *          <p>Although it is possible to call <code>GetFederationToken</code> using the security
  *          credentials of an Amazon Web Services account root user rather than an IAM user that you
  *          create for the purpose of a proxy application, we do not recommend it. For more
@@ -174,15 +174,15 @@ declare const GetFederationTokenCommand_base: {
  *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
  *             the <i>IAM User Guide</i>.</p>
  *          <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
- *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate STS
- *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
- *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                     Guide</i>.</p>
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/dist-types/commands/GetSessionTokenCommand.d.ts

@@ -38,8 +38,8 @@ declare const GetSessionTokenCommand_base: {
  *          calls to API operations that require MFA authentication. An incorrect MFA code causes the
  *          API to return an access denied error. For a comparison of <code>GetSessionToken</code> with
  *          the other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting
- *             Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
+ *             credentials</a> in the <i>IAM User Guide</i>.</p>
  *          <note>
  *             <p>No permissions are required for users to perform this operation. The purpose of the
  *                <code>sts:GetSessionToken</code> operation is to authenticate the user using MFA. You
@@ -118,10 +118,10 @@ declare const GetSessionTokenCommand_base: {
  *
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate STS
- *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
- *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                     Guide</i>.</p>
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/dist-types/commands/index.d.ts

@@ -1,6 +1,7 @@
 export * from "./AssumeRoleCommand";
 export * from "./AssumeRoleWithSAMLCommand";
 export * from "./AssumeRoleWithWebIdentityCommand";
+export * from "./AssumeRootCommand";
 export * from "./DecodeAuthorizationMessageCommand";
 export * from "./GetAccessKeyInfoCommand";
 export * from "./GetCallerIdentityCommand";