@aws-sdk/client-sts 3.927.0 → 3.928.0

package/README.md

@@ -262,6 +262,14 @@ GetCallerIdentity
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sts/command/GetCallerIdentityCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetCallerIdentityCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetCallerIdentityCommandOutput/)
 
+</details>
+<details>
+<summary>
+GetDelegatedAccessToken
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/sts/command/GetDelegatedAccessTokenCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetDelegatedAccessTokenCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-sts/Interface/GetDelegatedAccessTokenCommandOutput/)
+
 </details>
 <details>
 <summary>

package/dist-cjs/index.js

@@ -113,6 +113,18 @@ class InvalidAuthorizationMessageException extends STSServiceException {
         Object.setPrototypeOf(this, InvalidAuthorizationMessageException.prototype);
     }
 }
+class ExpiredTradeInTokenException extends STSServiceException {
+    name = "ExpiredTradeInTokenException";
+    $fault = "client";
+    constructor(opts) {
+        super({
+            name: "ExpiredTradeInTokenException",
+            $fault: "client",
+            ...opts,
+        });
+        Object.setPrototypeOf(this, ExpiredTradeInTokenException.prototype);
+    }
+}
 const CredentialsFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.SecretAccessKey && { SecretAccessKey: smithyClient.SENSITIVE_STRING }),
@@ -141,6 +153,14 @@ const AssumeRootResponseFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) }),
 });
+const GetDelegatedAccessTokenRequestFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.TradeInToken && { TradeInToken: smithyClient.SENSITIVE_STRING }),
+});
+const GetDelegatedAccessTokenResponseFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) }),
+});
 const GetFederationTokenResponseFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) }),
@@ -220,6 +240,16 @@ const se_GetCallerIdentityCommand = async (input, context) => {
     });
     return buildHttpRpcRequest(context, headers, "/", undefined, body);
 };
+const se_GetDelegatedAccessTokenCommand = async (input, context) => {
+    const headers = SHARED_HEADERS;
+    let body;
+    body = buildFormUrlencodedString({
+        ...se_GetDelegatedAccessTokenRequest(input),
+        [_A]: _GDAT,
+        [_V]: _,
+    });
+    return buildHttpRpcRequest(context, headers, "/", undefined, body);
+};
 const se_GetFederationTokenCommand = async (input, context) => {
     const headers = SHARED_HEADERS;
     let body;
@@ -331,6 +361,19 @@ const de_GetCallerIdentityCommand = async (output, context) => {
     };
     return response;
 };
+const de_GetDelegatedAccessTokenCommand = async (output, context) => {
+    if (output.statusCode >= 300) {
+        return de_CommandError(output, context);
+    }
+    const data = await core.parseXmlBody(output.body, context);
+    let contents = {};
+    contents = de_GetDelegatedAccessTokenResponse(data.GetDelegatedAccessTokenResult);
+    const response = {
+        $metadata: deserializeMetadata(output),
+        ...contents,
+    };
+    return response;
+};
 const de_GetFederationTokenCommand = async (output, context) => {
     if (output.statusCode >= 300) {
         return de_CommandError(output, context);
@@ -388,6 +431,9 @@ const de_CommandError = async (output, context) => {
         case "InvalidAuthorizationMessageException":
         case "com.amazonaws.sts#InvalidAuthorizationMessageException":
             throw await de_InvalidAuthorizationMessageExceptionRes(parsedOutput);
+        case "ExpiredTradeInTokenException":
+        case "com.amazonaws.sts#ExpiredTradeInTokenException":
+            throw await de_ExpiredTradeInTokenExceptionRes(parsedOutput);
         default:
             const parsedBody = parsedOutput.body;
             return throwDefaultError({
@@ -406,6 +452,15 @@ const de_ExpiredTokenExceptionRes = async (parsedOutput, context) => {
     });
     return smithyClient.decorateServiceException(exception, body);
 };
+const de_ExpiredTradeInTokenExceptionRes = async (parsedOutput, context) => {
+    const body = parsedOutput.body;
+    const deserialized = de_ExpiredTradeInTokenException(body.Error);
+    const exception = new ExpiredTradeInTokenException({
+        $metadata: deserializeMetadata(parsedOutput),
+        ...deserialized,
+    });
+    return smithyClient.decorateServiceException(exception, body);
+};
 const de_IDPCommunicationErrorExceptionRes = async (parsedOutput, context) => {
     const body = parsedOutput.body;
     const deserialized = de_IDPCommunicationErrorException(body.Error);
@@ -633,6 +688,13 @@ const se_GetCallerIdentityRequest = (input, context) => {
     const entries = {};
     return entries;
 };
+const se_GetDelegatedAccessTokenRequest = (input, context) => {
+    const entries = {};
+    if (input[_TIT] != null) {
+        entries[_TIT] = input[_TIT];
+    }
+    return entries;
+};
 const se_GetFederationTokenRequest = (input, context) => {
     const entries = {};
     if (input[_N] != null) {
@@ -885,6 +947,13 @@ const de_ExpiredTokenException = (output, context) => {
     }
     return contents;
 };
+const de_ExpiredTradeInTokenException = (output, context) => {
+    const contents = {};
+    if (output[_m] != null) {
+        contents[_m] = smithyClient.expectString(output[_m]);
+    }
+    return contents;
+};
 const de_FederatedUser = (output, context) => {
     const contents = {};
     if (output[_FUI] != null) {
@@ -915,6 +984,19 @@ const de_GetCallerIdentityResponse = (output, context) => {
     }
     return contents;
 };
+const de_GetDelegatedAccessTokenResponse = (output, context) => {
+    const contents = {};
+    if (output[_C] != null) {
+        contents[_C] = de_Credentials(output[_C]);
+    }
+    if (output[_PPS] != null) {
+        contents[_PPS] = smithyClient.strictParseInt32(output[_PPS]);
+    }
+    if (output[_AP] != null) {
+        contents[_AP] = smithyClient.expectString(output[_AP]);
+    }
+    return contents;
+};
 const de_GetFederationTokenResponse = (output, context) => {
     const contents = {};
     if (output[_C] != null) {
@@ -1012,6 +1094,7 @@ const SHARED_HEADERS = {
 const _ = "2011-06-15";
 const _A = "Action";
 const _AKI = "AccessKeyId";
+const _AP = "AssumedPrincipal";
 const _AR = "AssumeRole";
 const _ARI = "AssumedRoleId";
 const _ARU = "AssumedRoleUser";
@@ -1033,6 +1116,7 @@ const _FU = "FederatedUser";
 const _FUI = "FederatedUserId";
 const _GAKI = "GetAccessKeyInfo";
 const _GCI = "GetCallerIdentity";
+const _GDAT = "GetDelegatedAccessToken";
 const _GFT = "GetFederationToken";
 const _GST = "GetSessionToken";
 const _I = "Issuer";
@@ -1059,6 +1143,7 @@ const _ST = "SubjectType";
 const _STe = "SessionToken";
 const _T = "Tags";
 const _TC = "TokenCode";
+const _TIT = "TradeInToken";
 const _TP = "TargetPrincipal";
 const _TPA = "TaskPolicyArn";
 const _TTK = "TransitiveTagKeys";
@@ -1199,6 +1284,23 @@ class GetCallerIdentityCommand extends smithyClient.Command
     .build() {
 }
 
+class GetDelegatedAccessTokenCommand extends smithyClient.Command
+    .classBuilder()
+    .ep(EndpointParameters.commonParams)
+    .m(function (Command, cs, config, o) {
+    return [
+        middlewareSerde.getSerdePlugin(config, this.serialize, this.deserialize),
+        middlewareEndpoint.getEndpointPlugin(config, Command.getEndpointParameterInstructions()),
+    ];
+})
+    .s("AWSSecurityTokenServiceV20110615", "GetDelegatedAccessToken", {})
+    .n("STSClient", "GetDelegatedAccessTokenCommand")
+    .f(GetDelegatedAccessTokenRequestFilterSensitiveLog, GetDelegatedAccessTokenResponseFilterSensitiveLog)
+    .ser(se_GetDelegatedAccessTokenCommand)
+    .de(de_GetDelegatedAccessTokenCommand)
+    .build() {
+}
+
 class GetFederationTokenCommand extends smithyClient.Command
     .classBuilder()
     .ep(EndpointParameters.commonParams)
@@ -1241,6 +1343,7 @@ const commands = {
     DecodeAuthorizationMessageCommand,
     GetAccessKeyInfoCommand,
     GetCallerIdentityCommand,
+    GetDelegatedAccessTokenCommand,
     GetFederationTokenCommand,
     GetSessionTokenCommand,
 };
@@ -1384,8 +1487,12 @@ exports.AssumeRootResponseFilterSensitiveLog = AssumeRootResponseFilterSensitive
 exports.CredentialsFilterSensitiveLog = CredentialsFilterSensitiveLog;
 exports.DecodeAuthorizationMessageCommand = DecodeAuthorizationMessageCommand;
 exports.ExpiredTokenException = ExpiredTokenException;
+exports.ExpiredTradeInTokenException = ExpiredTradeInTokenException;
 exports.GetAccessKeyInfoCommand = GetAccessKeyInfoCommand;
 exports.GetCallerIdentityCommand = GetCallerIdentityCommand;
+exports.GetDelegatedAccessTokenCommand = GetDelegatedAccessTokenCommand;
+exports.GetDelegatedAccessTokenRequestFilterSensitiveLog = GetDelegatedAccessTokenRequestFilterSensitiveLog;
+exports.GetDelegatedAccessTokenResponseFilterSensitiveLog = GetDelegatedAccessTokenResponseFilterSensitiveLog;
 exports.GetFederationTokenCommand = GetFederationTokenCommand;
 exports.GetFederationTokenResponseFilterSensitiveLog = GetFederationTokenResponseFilterSensitiveLog;
 exports.GetSessionTokenCommand = GetSessionTokenCommand;

package/dist-es/STS.js

@@ -6,6 +6,7 @@ import { AssumeRootCommand } from "./commands/AssumeRootCommand";
 import { DecodeAuthorizationMessageCommand, } from "./commands/DecodeAuthorizationMessageCommand";
 import { GetAccessKeyInfoCommand, } from "./commands/GetAccessKeyInfoCommand";
 import { GetCallerIdentityCommand, } from "./commands/GetCallerIdentityCommand";
+import { GetDelegatedAccessTokenCommand, } from "./commands/GetDelegatedAccessTokenCommand";
 import { GetFederationTokenCommand, } from "./commands/GetFederationTokenCommand";
 import { GetSessionTokenCommand, } from "./commands/GetSessionTokenCommand";
 import { STSClient } from "./STSClient";
@@ -17,6 +18,7 @@ const commands = {
     DecodeAuthorizationMessageCommand,
     GetAccessKeyInfoCommand,
     GetCallerIdentityCommand,
+    GetDelegatedAccessTokenCommand,
     GetFederationTokenCommand,
     GetSessionTokenCommand,
 };

package/dist-es/commands/GetDelegatedAccessTokenCommand.js

@@ -0,0 +1,23 @@
+import { getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { getSerdePlugin } from "@smithy/middleware-serde";
+import { Command as $Command } from "@smithy/smithy-client";
+import { commonParams } from "../endpoint/EndpointParameters";
+import { GetDelegatedAccessTokenRequestFilterSensitiveLog, GetDelegatedAccessTokenResponseFilterSensitiveLog, } from "../models/models_0";
+import { de_GetDelegatedAccessTokenCommand, se_GetDelegatedAccessTokenCommand } from "../protocols/Aws_query";
+export { $Command };
+export class GetDelegatedAccessTokenCommand extends $Command
+    .classBuilder()
+    .ep(commonParams)
+    .m(function (Command, cs, config, o) {
+    return [
+        getSerdePlugin(config, this.serialize, this.deserialize),
+        getEndpointPlugin(config, Command.getEndpointParameterInstructions()),
+    ];
+})
+    .s("AWSSecurityTokenServiceV20110615", "GetDelegatedAccessToken", {})
+    .n("STSClient", "GetDelegatedAccessTokenCommand")
+    .f(GetDelegatedAccessTokenRequestFilterSensitiveLog, GetDelegatedAccessTokenResponseFilterSensitiveLog)
+    .ser(se_GetDelegatedAccessTokenCommand)
+    .de(de_GetDelegatedAccessTokenCommand)
+    .build() {
+}

package/dist-es/commands/index.js

@@ -5,5 +5,6 @@ export * from "./AssumeRootCommand";
 export * from "./DecodeAuthorizationMessageCommand";
 export * from "./GetAccessKeyInfoCommand";
 export * from "./GetCallerIdentityCommand";
+export * from "./GetDelegatedAccessTokenCommand";
 export * from "./GetFederationTokenCommand";
 export * from "./GetSessionTokenCommand";

package/dist-es/models/models_0.js

@@ -96,6 +96,18 @@ export class InvalidAuthorizationMessageException extends __BaseException {
         Object.setPrototypeOf(this, InvalidAuthorizationMessageException.prototype);
     }
 }
+export class ExpiredTradeInTokenException extends __BaseException {
+    name = "ExpiredTradeInTokenException";
+    $fault = "client";
+    constructor(opts) {
+        super({
+            name: "ExpiredTradeInTokenException",
+            $fault: "client",
+            ...opts,
+        });
+        Object.setPrototypeOf(this, ExpiredTradeInTokenException.prototype);
+    }
+}
 export const CredentialsFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.SecretAccessKey && { SecretAccessKey: SENSITIVE_STRING }),
@@ -124,6 +136,14 @@ export const AssumeRootResponseFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) }),
 });
+export const GetDelegatedAccessTokenRequestFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.TradeInToken && { TradeInToken: SENSITIVE_STRING }),
+});
+export const GetDelegatedAccessTokenResponseFilterSensitiveLog = (obj) => ({
+    ...obj,
+    ...(obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) }),
+});
 export const GetFederationTokenResponseFilterSensitiveLog = (obj) => ({
     ...obj,
     ...(obj.Credentials && { Credentials: CredentialsFilterSensitiveLog(obj.Credentials) }),

package/dist-es/protocols/Aws_query.js

@@ -1,7 +1,7 @@
 import { parseXmlBody as parseBody, parseXmlErrorBody as parseErrorBody } from "@aws-sdk/core";
 import { HttpRequest as __HttpRequest } from "@smithy/protocol-http";
 import { collectBody, decorateServiceException as __decorateServiceException, expectNonNull as __expectNonNull, expectString as __expectString, extendedEncodeURIComponent as __extendedEncodeURIComponent, parseRfc3339DateTimeWithOffset as __parseRfc3339DateTimeWithOffset, strictParseInt32 as __strictParseInt32, withBaseException, } from "@smithy/smithy-client";
-import { ExpiredTokenException, IDPCommunicationErrorException, IDPRejectedClaimException, InvalidAuthorizationMessageException, InvalidIdentityTokenException, MalformedPolicyDocumentException, PackedPolicyTooLargeException, RegionDisabledException, } from "../models/models_0";
+import { ExpiredTokenException, ExpiredTradeInTokenException, IDPCommunicationErrorException, IDPRejectedClaimException, InvalidAuthorizationMessageException, InvalidIdentityTokenException, MalformedPolicyDocumentException, PackedPolicyTooLargeException, RegionDisabledException, } from "../models/models_0";
 import { STSServiceException as __BaseException } from "../models/STSServiceException";
 export const se_AssumeRoleCommand = async (input, context) => {
     const headers = SHARED_HEADERS;
@@ -73,6 +73,16 @@ export const se_GetCallerIdentityCommand = async (input, context) => {
     });
     return buildHttpRpcRequest(context, headers, "/", undefined, body);
 };
+export const se_GetDelegatedAccessTokenCommand = async (input, context) => {
+    const headers = SHARED_HEADERS;
+    let body;
+    body = buildFormUrlencodedString({
+        ...se_GetDelegatedAccessTokenRequest(input, context),
+        [_A]: _GDAT,
+        [_V]: _,
+    });
+    return buildHttpRpcRequest(context, headers, "/", undefined, body);
+};
 export const se_GetFederationTokenCommand = async (input, context) => {
     const headers = SHARED_HEADERS;
     let body;
@@ -184,6 +194,19 @@ export const de_GetCallerIdentityCommand = async (output, context) => {
     };
     return response;
 };
+export const de_GetDelegatedAccessTokenCommand = async (output, context) => {
+    if (output.statusCode >= 300) {
+        return de_CommandError(output, context);
+    }
+    const data = await parseBody(output.body, context);
+    let contents = {};
+    contents = de_GetDelegatedAccessTokenResponse(data.GetDelegatedAccessTokenResult, context);
+    const response = {
+        $metadata: deserializeMetadata(output),
+        ...contents,
+    };
+    return response;
+};
 export const de_GetFederationTokenCommand = async (output, context) => {
     if (output.statusCode >= 300) {
         return de_CommandError(output, context);
@@ -241,6 +264,9 @@ const de_CommandError = async (output, context) => {
         case "InvalidAuthorizationMessageException":
         case "com.amazonaws.sts#InvalidAuthorizationMessageException":
             throw await de_InvalidAuthorizationMessageExceptionRes(parsedOutput, context);
+        case "ExpiredTradeInTokenException":
+        case "com.amazonaws.sts#ExpiredTradeInTokenException":
+            throw await de_ExpiredTradeInTokenExceptionRes(parsedOutput, context);
         default:
             const parsedBody = parsedOutput.body;
             return throwDefaultError({
@@ -259,6 +285,15 @@ const de_ExpiredTokenExceptionRes = async (parsedOutput, context) => {
     });
     return __decorateServiceException(exception, body);
 };
+const de_ExpiredTradeInTokenExceptionRes = async (parsedOutput, context) => {
+    const body = parsedOutput.body;
+    const deserialized = de_ExpiredTradeInTokenException(body.Error, context);
+    const exception = new ExpiredTradeInTokenException({
+        $metadata: deserializeMetadata(parsedOutput),
+        ...deserialized,
+    });
+    return __decorateServiceException(exception, body);
+};
 const de_IDPCommunicationErrorExceptionRes = async (parsedOutput, context) => {
     const body = parsedOutput.body;
     const deserialized = de_IDPCommunicationErrorException(body.Error, context);
@@ -486,6 +521,13 @@ const se_GetCallerIdentityRequest = (input, context) => {
     const entries = {};
     return entries;
 };
+const se_GetDelegatedAccessTokenRequest = (input, context) => {
+    const entries = {};
+    if (input[_TIT] != null) {
+        entries[_TIT] = input[_TIT];
+    }
+    return entries;
+};
 const se_GetFederationTokenRequest = (input, context) => {
     const entries = {};
     if (input[_N] != null) {
@@ -738,6 +780,13 @@ const de_ExpiredTokenException = (output, context) => {
     }
     return contents;
 };
+const de_ExpiredTradeInTokenException = (output, context) => {
+    const contents = {};
+    if (output[_m] != null) {
+        contents[_m] = __expectString(output[_m]);
+    }
+    return contents;
+};
 const de_FederatedUser = (output, context) => {
     const contents = {};
     if (output[_FUI] != null) {
@@ -768,6 +817,19 @@ const de_GetCallerIdentityResponse = (output, context) => {
     }
     return contents;
 };
+const de_GetDelegatedAccessTokenResponse = (output, context) => {
+    const contents = {};
+    if (output[_C] != null) {
+        contents[_C] = de_Credentials(output[_C], context);
+    }
+    if (output[_PPS] != null) {
+        contents[_PPS] = __strictParseInt32(output[_PPS]);
+    }
+    if (output[_AP] != null) {
+        contents[_AP] = __expectString(output[_AP]);
+    }
+    return contents;
+};
 const de_GetFederationTokenResponse = (output, context) => {
     const contents = {};
     if (output[_C] != null) {
@@ -869,6 +931,7 @@ const SHARED_HEADERS = {
 const _ = "2011-06-15";
 const _A = "Action";
 const _AKI = "AccessKeyId";
+const _AP = "AssumedPrincipal";
 const _AR = "AssumeRole";
 const _ARI = "AssumedRoleId";
 const _ARU = "AssumedRoleUser";
@@ -890,6 +953,7 @@ const _FU = "FederatedUser";
 const _FUI = "FederatedUserId";
 const _GAKI = "GetAccessKeyInfo";
 const _GCI = "GetCallerIdentity";
+const _GDAT = "GetDelegatedAccessToken";
 const _GFT = "GetFederationToken";
 const _GST = "GetSessionToken";
 const _I = "Issuer";
@@ -916,6 +980,7 @@ const _ST = "SubjectType";
 const _STe = "SessionToken";
 const _T = "Tags";
 const _TC = "TokenCode";
+const _TIT = "TradeInToken";
 const _TP = "TargetPrincipal";
 const _TPA = "TaskPolicyArn";
 const _TTK = "TransitiveTagKeys";

package/dist-types/STS.d.ts

@@ -6,6 +6,7 @@ import { AssumeRootCommandInput, AssumeRootCommandOutput } from "./commands/Assu
 import { DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput } from "./commands/DecodeAuthorizationMessageCommand";
 import { GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput } from "./commands/GetAccessKeyInfoCommand";
 import { GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput } from "./commands/GetCallerIdentityCommand";
+import { GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput } from "./commands/GetDelegatedAccessTokenCommand";
 import { GetFederationTokenCommandInput, GetFederationTokenCommandOutput } from "./commands/GetFederationTokenCommand";
 import { GetSessionTokenCommandInput, GetSessionTokenCommandOutput } from "./commands/GetSessionTokenCommand";
 import { STSClient } from "./STSClient";
@@ -53,6 +54,12 @@ export interface STS {
     getCallerIdentity(args: GetCallerIdentityCommandInput, options?: __HttpHandlerOptions): Promise<GetCallerIdentityCommandOutput>;
     getCallerIdentity(args: GetCallerIdentityCommandInput, cb: (err: any, data?: GetCallerIdentityCommandOutput) => void): void;
     getCallerIdentity(args: GetCallerIdentityCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetCallerIdentityCommandOutput) => void): void;
+    /**
+     * @see {@link GetDelegatedAccessTokenCommand}
+     */
+    getDelegatedAccessToken(args: GetDelegatedAccessTokenCommandInput, options?: __HttpHandlerOptions): Promise<GetDelegatedAccessTokenCommandOutput>;
+    getDelegatedAccessToken(args: GetDelegatedAccessTokenCommandInput, cb: (err: any, data?: GetDelegatedAccessTokenCommandOutput) => void): void;
+    getDelegatedAccessToken(args: GetDelegatedAccessTokenCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: GetDelegatedAccessTokenCommandOutput) => void): void;
     /**
      * @see {@link GetFederationTokenCommand}
      */

package/dist-types/STSClient.d.ts

@@ -14,6 +14,7 @@ import { AssumeRootCommandInput, AssumeRootCommandOutput } from "./commands/Assu
 import { DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput } from "./commands/DecodeAuthorizationMessageCommand";
 import { GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput } from "./commands/GetAccessKeyInfoCommand";
 import { GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput } from "./commands/GetCallerIdentityCommand";
+import { GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput } from "./commands/GetDelegatedAccessTokenCommand";
 import { GetFederationTokenCommandInput, GetFederationTokenCommandOutput } from "./commands/GetFederationTokenCommand";
 import { GetSessionTokenCommandInput, GetSessionTokenCommandOutput } from "./commands/GetSessionTokenCommand";
 import { ClientInputEndpointParameters, ClientResolvedEndpointParameters, EndpointParameters } from "./endpoint/EndpointParameters";
@@ -22,11 +23,11 @@ export { __Client };
 /**
  * @public
  */
-export type ServiceInputTypes = AssumeRoleCommandInput | AssumeRoleWithSAMLCommandInput | AssumeRoleWithWebIdentityCommandInput | AssumeRootCommandInput | DecodeAuthorizationMessageCommandInput | GetAccessKeyInfoCommandInput | GetCallerIdentityCommandInput | GetFederationTokenCommandInput | GetSessionTokenCommandInput;
+export type ServiceInputTypes = AssumeRoleCommandInput | AssumeRoleWithSAMLCommandInput | AssumeRoleWithWebIdentityCommandInput | AssumeRootCommandInput | DecodeAuthorizationMessageCommandInput | GetAccessKeyInfoCommandInput | GetCallerIdentityCommandInput | GetDelegatedAccessTokenCommandInput | GetFederationTokenCommandInput | GetSessionTokenCommandInput;
 /**
  * @public
  */
-export type ServiceOutputTypes = AssumeRoleCommandOutput | AssumeRoleWithSAMLCommandOutput | AssumeRoleWithWebIdentityCommandOutput | AssumeRootCommandOutput | DecodeAuthorizationMessageCommandOutput | GetAccessKeyInfoCommandOutput | GetCallerIdentityCommandOutput | GetFederationTokenCommandOutput | GetSessionTokenCommandOutput;
+export type ServiceOutputTypes = AssumeRoleCommandOutput | AssumeRoleWithSAMLCommandOutput | AssumeRoleWithWebIdentityCommandOutput | AssumeRootCommandOutput | DecodeAuthorizationMessageCommandOutput | GetAccessKeyInfoCommandOutput | GetCallerIdentityCommandOutput | GetDelegatedAccessTokenCommandOutput | GetFederationTokenCommandOutput | GetSessionTokenCommandOutput;
 /**
  * @public
  */

package/dist-types/commands/AssumeRoleCommand.d.ts

@@ -200,7 +200,7 @@ declare const AssumeRoleCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  *
@@ -213,7 +213,7 @@ declare const AssumeRoleCommand_base: {
  * //
  * const input = {
  *   ExternalId: "123ABC",
- *   Policy: `{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:ListAllMyBuckets","Resource":"*"}]}`,
+ *   Policy: "escaped-JSON-IAM-POLICY",
  *   RoleArn: "arn:aws:iam::123456789012:role/demo",
  *   RoleSessionName: "testAssumeRoleSession",
  *   Tags: [

package/dist-types/commands/AssumeRoleWithSAMLCommand.d.ts

@@ -37,6 +37,10 @@ declare const AssumeRoleWithSAMLCommand_base: {
  *          <p>The temporary security credentials returned by this operation consist of an access key
  *          ID, a secret access key, and a security token. Applications can use these temporary
  *          security credentials to sign calls to Amazon Web Services services.</p>
+ *          <note>
+ *             <p>AssumeRoleWithSAML will not work on IAM Identity Center managed roles. These roles' names start
+ *             with <code>AWSReservedSSO_</code>.</p>
+ *          </note>
  *          <p>
  *             <b>Session Duration</b>
  *          </p>
@@ -238,7 +242,7 @@ declare const AssumeRoleWithSAMLCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  *

package/dist-types/commands/AssumeRoleWithWebIdentityCommand.d.ts

@@ -90,7 +90,8 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *          </p>
  *          <p>(Optional) You can configure your IdP to pass attributes into your web identity token as
  *          session tags. Each session tag consists of a key name and an associated value. For more
- *          information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
+ *          information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_adding-assume-role-idp">Passing
+ *             session tags using AssumeRoleWithWebIdentity</a> in the
  *             <i>IAM User Guide</i>.</p>
  *          <p>You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
  *          characters and the values can’t exceed 256 characters. For these and additional limits, see
@@ -232,7 +233,7 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  *
@@ -245,7 +246,7 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  * //
  * const input = {
  *   DurationSeconds: 3600,
- *   Policy: `{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:ListAllMyBuckets","Resource":"*"}]}`,
+ *   Policy: "escaped-JSON-IAM-POLICY",
  *   ProviderId: "www.amazon.com",
  *   RoleArn: "arn:aws:iam::123456789012:role/FederatedWebIdentityRole",
  *   RoleSessionName: "app1",

package/dist-types/commands/AssumeRootCommand.d.ts

@@ -28,7 +28,9 @@ declare const AssumeRootCommand_base: {
 };
 /**
  * <p>Returns a set of short term credentials you can use to perform privileged tasks on a
- *          member account in your organization.</p>
+ *          member account in your organization. You must use credentials from an Organizations management
+ *          account or a delegated administrator account for IAM to call <code>AssumeRoot</code>. You
+ *          cannot use root user credentials to make this call.</p>
  *          <p>Before you can launch a privileged session, you must have centralized root access in
  *          your organization. For steps to enable this feature, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html">Centralize root access for
  *             member accounts</a> in the <i>IAM User Guide</i>.</p>
@@ -39,6 +41,11 @@ declare const AssumeRootCommand_base: {
  *          <p>You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a
  *          session. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html">Track privileged tasks
  *             in CloudTrail</a> in the <i>IAM User Guide</i>.</p>
+ *          <p>When granting access to privileged tasks you should only grant the necessary permissions
+ *          required to perform that task. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html">Security best practices in
+ *          IAM</a>. In addition, you can use <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html">service control
+ *             policies</a> (SCPs) to manage and limit permissions in your organization. See <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html">General examples</a> in the <i>Organizations User
+ *             Guide</i> for more information on SCPs.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -81,7 +88,7 @@ declare const AssumeRootCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  *

package/dist-types/commands/GetDelegatedAccessTokenCommand.d.ts

@@ -0,0 +1,91 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { GetDelegatedAccessTokenRequest, GetDelegatedAccessTokenResponse } from "../models/models_0";
+import { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link GetDelegatedAccessTokenCommand}.
+ */
+export interface GetDelegatedAccessTokenCommandInput extends GetDelegatedAccessTokenRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link GetDelegatedAccessTokenCommand}.
+ */
+export interface GetDelegatedAccessTokenCommandOutput extends GetDelegatedAccessTokenResponse, __MetadataBearer {
+}
+declare const GetDelegatedAccessTokenCommand_base: {
+    new (input: GetDelegatedAccessTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (input: GetDelegatedAccessTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>This API is currently unavailable for general use.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, GetDelegatedAccessTokenCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, GetDelegatedAccessTokenCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * // import type { STSClientConfig } from "@aws-sdk/client-sts";
+ * const config = {}; // type is STSClientConfig
+ * const client = new STSClient(config);
+ * const input = { // GetDelegatedAccessTokenRequest
+ *   TradeInToken: "STRING_VALUE", // required
+ * };
+ * const command = new GetDelegatedAccessTokenCommand(input);
+ * const response = await client.send(command);
+ * // { // GetDelegatedAccessTokenResponse
+ * //   Credentials: { // Credentials
+ * //     AccessKeyId: "STRING_VALUE", // required
+ * //     SecretAccessKey: "STRING_VALUE", // required
+ * //     SessionToken: "STRING_VALUE", // required
+ * //     Expiration: new Date("TIMESTAMP"), // required
+ * //   },
+ * //   PackedPolicySize: Number("int"),
+ * //   AssumedPrincipal: "STRING_VALUE",
+ * // };
+ *
+ * ```
+ *
+ * @param GetDelegatedAccessTokenCommandInput - {@link GetDelegatedAccessTokenCommandInput}
+ * @returns {@link GetDelegatedAccessTokenCommandOutput}
+ * @see {@link GetDelegatedAccessTokenCommandInput} for command's `input` shape.
+ * @see {@link GetDelegatedAccessTokenCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ * @throws {@link ExpiredTradeInTokenException} (client fault)
+ *  <p></p>
+ *
+ * @throws {@link RegionDisabledException} (client fault)
+ *  <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
+ *
+ * @throws {@link STSServiceException}
+ * <p>Base exception class for all service exceptions from STS service.</p>
+ *
+ *
+ * @public
+ */
+export declare class GetDelegatedAccessTokenCommand extends GetDelegatedAccessTokenCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: GetDelegatedAccessTokenRequest;
+            output: GetDelegatedAccessTokenResponse;
+        };
+        sdk: {
+            input: GetDelegatedAccessTokenCommandInput;
+            output: GetDelegatedAccessTokenCommandOutput;
+        };
+    };
+}

package/dist-types/commands/GetFederationTokenCommand.d.ts

@@ -182,7 +182,7 @@ declare const GetFederationTokenCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  *
@@ -196,7 +196,7 @@ declare const GetFederationTokenCommand_base: {
  * const input = {
  *   DurationSeconds: 3600,
  *   Name: "testFedUserSession",
- *   Policy: `{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:ListAllMyBuckets","Resource":"*"}]}`,
+ *   Policy: "escaped-JSON-IAM-POLICY",
  *   Tags: [
  *     {
  *       Key: "Project",

package/dist-types/commands/GetSessionTokenCommand.d.ts

@@ -121,7 +121,7 @@ declare const GetSessionTokenCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  *

package/dist-types/commands/index.d.ts

@@ -5,5 +5,6 @@ export * from "./AssumeRootCommand";
 export * from "./DecodeAuthorizationMessageCommand";
 export * from "./GetAccessKeyInfoCommand";
 export * from "./GetCallerIdentityCommand";
+export * from "./GetDelegatedAccessTokenCommand";
 export * from "./GetFederationTokenCommand";
 export * from "./GetSessionTokenCommand";

package/dist-types/models/models_0.d.ts

@@ -100,9 +100,9 @@ export interface AssumeRoleRequest {
      *          assume the role. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname">
      *                <code>sts:RoleSessionName</code>
      *             </a>.</p>
-     *          <p>The regex used to validate this parameter is a string of characters
-     *     consisting of upper- and lower-case alphanumeric characters with no spaces. You can
-     *     also include underscores or any of the following characters: =,.@-</p>
+     *          <p>The regex used to validate this parameter is a string of
+     *     characters consisting of upper- and lower-case alphanumeric characters with no spaces.
+     *     You can also include underscores or any of the following characters: +=,.@-</p>
      * @public
      */
     RoleSessionName: string | undefined;
@@ -241,7 +241,7 @@ export interface AssumeRoleRequest {
      *             <i>IAM User Guide</i>.</p>
      *          <p>The regex used to validate this parameter is a string of
      *     characters consisting of upper- and lower-case alphanumeric characters with no spaces.
-     *     You can also include underscores or any of the following characters: =,.@:/-</p>
+     *     You can also include underscores or any of the following characters: +=,.@:\/-</p>
      * @public
      */
     ExternalId?: string | undefined;
@@ -252,9 +252,9 @@ export interface AssumeRoleRequest {
      *          the serial number for a hardware device (such as <code>GAHT12345678</code>) or an Amazon
      *          Resource Name (ARN) for a virtual device (such as
      *             <code>arn:aws:iam::123456789012:mfa/user</code>).</p>
-     *          <p>The regex used to validate this parameter is a string of characters
-     *     consisting of upper- and lower-case alphanumeric characters with no spaces. You can
-     *     also include underscores or any of the following characters: =,.@-</p>
+     *          <p>The regex used to validate this parameter is a string of
+     *     characters consisting of upper- and lower-case alphanumeric characters with no spaces.
+     *     You can also include underscores or any of the following characters: +=/:,.@-</p>
      * @public
      */
     SerialNumber?: string | undefined;
@@ -427,7 +427,7 @@ export declare class PackedPolicyTooLargeException extends __BaseException {
 /**
  * <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  * @public
@@ -907,8 +907,10 @@ export interface AssumeRootRequest {
     TargetPrincipal: string | undefined;
     /**
      * <p>The identity based policy that scopes the session to the privileged tasks that can be
-     *          performed. You can use one of following Amazon Web Services managed policies to scope root session
-     *          actions.</p>
+     *          performed. You must
+     *
+     *          use one of following Amazon Web Services managed policies to scope root session
+     *          actions:</p>
      *          <ul>
      *             <li>
      *                <p>
@@ -1065,6 +1067,48 @@ export interface GetCallerIdentityResponse {
      */
     Arn?: string | undefined;
 }
+/**
+ * <p></p>
+ * @public
+ */
+export declare class ExpiredTradeInTokenException extends __BaseException {
+    readonly name: "ExpiredTradeInTokenException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ExpiredTradeInTokenException, __BaseException>);
+}
+/**
+ * @public
+ */
+export interface GetDelegatedAccessTokenRequest {
+    /**
+     * <p></p>
+     * @public
+     */
+    TradeInToken: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetDelegatedAccessTokenResponse {
+    /**
+     * <p>Amazon Web Services credentials for API authentication.</p>
+     * @public
+     */
+    Credentials?: Credentials | undefined;
+    /**
+     * <p></p>
+     * @public
+     */
+    PackedPolicySize?: number | undefined;
+    /**
+     * <p></p>
+     * @public
+     */
+    AssumedPrincipal?: string | undefined;
+}
 /**
  * @public
  */
@@ -1316,6 +1360,14 @@ export declare const AssumeRoleWithWebIdentityResponseFilterSensitiveLog: (obj:
  * @internal
  */
 export declare const AssumeRootResponseFilterSensitiveLog: (obj: AssumeRootResponse) => any;
+/**
+ * @internal
+ */
+export declare const GetDelegatedAccessTokenRequestFilterSensitiveLog: (obj: GetDelegatedAccessTokenRequest) => any;
+/**
+ * @internal
+ */
+export declare const GetDelegatedAccessTokenResponseFilterSensitiveLog: (obj: GetDelegatedAccessTokenResponse) => any;
 /**
  * @internal
  */

package/dist-types/protocols/Aws_query.d.ts

@@ -7,6 +7,7 @@ import { AssumeRootCommandInput, AssumeRootCommandOutput } from "../commands/Ass
 import { DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput } from "../commands/DecodeAuthorizationMessageCommand";
 import { GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput } from "../commands/GetAccessKeyInfoCommand";
 import { GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput } from "../commands/GetCallerIdentityCommand";
+import { GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput } from "../commands/GetDelegatedAccessTokenCommand";
 import { GetFederationTokenCommandInput, GetFederationTokenCommandOutput } from "../commands/GetFederationTokenCommand";
 import { GetSessionTokenCommandInput, GetSessionTokenCommandOutput } from "../commands/GetSessionTokenCommand";
 /**
@@ -37,6 +38,10 @@ export declare const se_GetAccessKeyInfoCommand: (input: GetAccessKeyInfoCommand
  * serializeAws_queryGetCallerIdentityCommand
  */
 export declare const se_GetCallerIdentityCommand: (input: GetCallerIdentityCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
+/**
+ * serializeAws_queryGetDelegatedAccessTokenCommand
+ */
+export declare const se_GetDelegatedAccessTokenCommand: (input: GetDelegatedAccessTokenCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 /**
  * serializeAws_queryGetFederationTokenCommand
  */
@@ -73,6 +78,10 @@ export declare const de_GetAccessKeyInfoCommand: (output: __HttpResponse, contex
  * deserializeAws_queryGetCallerIdentityCommand
  */
 export declare const de_GetCallerIdentityCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<GetCallerIdentityCommandOutput>;
+/**
+ * deserializeAws_queryGetDelegatedAccessTokenCommand
+ */
+export declare const de_GetDelegatedAccessTokenCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<GetDelegatedAccessTokenCommandOutput>;
 /**
  * deserializeAws_queryGetFederationTokenCommand
  */

package/dist-types/ts3.4/STS.d.ts

@@ -27,6 +27,10 @@ import {
   GetCallerIdentityCommandInput,
   GetCallerIdentityCommandOutput,
 } from "./commands/GetCallerIdentityCommand";
+import {
+  GetDelegatedAccessTokenCommandInput,
+  GetDelegatedAccessTokenCommandOutput,
+} from "./commands/GetDelegatedAccessTokenCommand";
 import {
   GetFederationTokenCommandInput,
   GetFederationTokenCommandOutput,
@@ -129,6 +133,19 @@ export interface STS {
     options: __HttpHandlerOptions,
     cb: (err: any, data?: GetCallerIdentityCommandOutput) => void
   ): void;
+  getDelegatedAccessToken(
+    args: GetDelegatedAccessTokenCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<GetDelegatedAccessTokenCommandOutput>;
+  getDelegatedAccessToken(
+    args: GetDelegatedAccessTokenCommandInput,
+    cb: (err: any, data?: GetDelegatedAccessTokenCommandOutput) => void
+  ): void;
+  getDelegatedAccessToken(
+    args: GetDelegatedAccessTokenCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetDelegatedAccessTokenCommandOutput) => void
+  ): void;
   getFederationToken(
     args: GetFederationTokenCommandInput,
     options?: __HttpHandlerOptions

package/dist-types/ts3.4/STSClient.d.ts

@@ -73,6 +73,10 @@ import {
   GetCallerIdentityCommandInput,
   GetCallerIdentityCommandOutput,
 } from "./commands/GetCallerIdentityCommand";
+import {
+  GetDelegatedAccessTokenCommandInput,
+  GetDelegatedAccessTokenCommandOutput,
+} from "./commands/GetDelegatedAccessTokenCommand";
 import {
   GetFederationTokenCommandInput,
   GetFederationTokenCommandOutput,
@@ -96,6 +100,7 @@ export type ServiceInputTypes =
   | DecodeAuthorizationMessageCommandInput
   | GetAccessKeyInfoCommandInput
   | GetCallerIdentityCommandInput
+  | GetDelegatedAccessTokenCommandInput
   | GetFederationTokenCommandInput
   | GetSessionTokenCommandInput;
 export type ServiceOutputTypes =
@@ -106,6 +111,7 @@ export type ServiceOutputTypes =
   | DecodeAuthorizationMessageCommandOutput
   | GetAccessKeyInfoCommandOutput
   | GetCallerIdentityCommandOutput
+  | GetDelegatedAccessTokenCommandOutput
   | GetFederationTokenCommandOutput
   | GetSessionTokenCommandOutput;
 export interface ClientDefaults

package/dist-types/ts3.4/commands/GetDelegatedAccessTokenCommand.d.ts

@@ -0,0 +1,51 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import {
+  GetDelegatedAccessTokenRequest,
+  GetDelegatedAccessTokenResponse,
+} from "../models/models_0";
+import {
+  ServiceInputTypes,
+  ServiceOutputTypes,
+  STSClientResolvedConfig,
+} from "../STSClient";
+export { __MetadataBearer };
+export { $Command };
+export interface GetDelegatedAccessTokenCommandInput
+  extends GetDelegatedAccessTokenRequest {}
+export interface GetDelegatedAccessTokenCommandOutput
+  extends GetDelegatedAccessTokenResponse,
+    __MetadataBearer {}
+declare const GetDelegatedAccessTokenCommand_base: {
+  new (
+    input: GetDelegatedAccessTokenCommandInput
+  ): import("@smithy/smithy-client").CommandImpl<
+    GetDelegatedAccessTokenCommandInput,
+    GetDelegatedAccessTokenCommandOutput,
+    STSClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  new (
+    input: GetDelegatedAccessTokenCommandInput
+  ): import("@smithy/smithy-client").CommandImpl<
+    GetDelegatedAccessTokenCommandInput,
+    GetDelegatedAccessTokenCommandOutput,
+    STSClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+export declare class GetDelegatedAccessTokenCommand extends GetDelegatedAccessTokenCommand_base {
+  protected static __types: {
+    api: {
+      input: GetDelegatedAccessTokenRequest;
+      output: GetDelegatedAccessTokenResponse;
+    };
+    sdk: {
+      input: GetDelegatedAccessTokenCommandInput;
+      output: GetDelegatedAccessTokenCommandOutput;
+    };
+  };
+}

package/dist-types/ts3.4/commands/index.d.ts

@@ -5,5 +5,6 @@ export * from "./AssumeRootCommand";
 export * from "./DecodeAuthorizationMessageCommand";
 export * from "./GetAccessKeyInfoCommand";
 export * from "./GetCallerIdentityCommand";
+export * from "./GetDelegatedAccessTokenCommand";
 export * from "./GetFederationTokenCommand";
 export * from "./GetSessionTokenCommand";

package/dist-types/ts3.4/models/models_0.d.ts

@@ -167,6 +167,21 @@ export interface GetCallerIdentityResponse {
   Account?: string | undefined;
   Arn?: string | undefined;
 }
+export declare class ExpiredTradeInTokenException extends __BaseException {
+  readonly name: "ExpiredTradeInTokenException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<ExpiredTradeInTokenException, __BaseException>
+  );
+}
+export interface GetDelegatedAccessTokenRequest {
+  TradeInToken: string | undefined;
+}
+export interface GetDelegatedAccessTokenResponse {
+  Credentials?: Credentials | undefined;
+  PackedPolicySize?: number | undefined;
+  AssumedPrincipal?: string | undefined;
+}
 export interface GetFederationTokenRequest {
   Name: string | undefined;
   Policy?: string | undefined;
@@ -210,6 +225,12 @@ export declare const AssumeRoleWithWebIdentityResponseFilterSensitiveLog: (
 export declare const AssumeRootResponseFilterSensitiveLog: (
   obj: AssumeRootResponse
 ) => any;
+export declare const GetDelegatedAccessTokenRequestFilterSensitiveLog: (
+  obj: GetDelegatedAccessTokenRequest
+) => any;
+export declare const GetDelegatedAccessTokenResponseFilterSensitiveLog: (
+  obj: GetDelegatedAccessTokenResponse
+) => any;
 export declare const GetFederationTokenResponseFilterSensitiveLog: (
   obj: GetFederationTokenResponse
 ) => any;

package/dist-types/ts3.4/protocols/Aws_query.d.ts

@@ -31,6 +31,10 @@ import {
   GetCallerIdentityCommandInput,
   GetCallerIdentityCommandOutput,
 } from "../commands/GetCallerIdentityCommand";
+import {
+  GetDelegatedAccessTokenCommandInput,
+  GetDelegatedAccessTokenCommandOutput,
+} from "../commands/GetDelegatedAccessTokenCommand";
 import {
   GetFederationTokenCommandInput,
   GetFederationTokenCommandOutput,
@@ -67,6 +71,10 @@ export declare const se_GetCallerIdentityCommand: (
   input: GetCallerIdentityCommandInput,
   context: __SerdeContext
 ) => Promise<__HttpRequest>;
+export declare const se_GetDelegatedAccessTokenCommand: (
+  input: GetDelegatedAccessTokenCommandInput,
+  context: __SerdeContext
+) => Promise<__HttpRequest>;
 export declare const se_GetFederationTokenCommand: (
   input: GetFederationTokenCommandInput,
   context: __SerdeContext
@@ -103,6 +111,10 @@ export declare const de_GetCallerIdentityCommand: (
   output: __HttpResponse,
   context: __SerdeContext
 ) => Promise<GetCallerIdentityCommandOutput>;
+export declare const de_GetDelegatedAccessTokenCommand: (
+  output: __HttpResponse,
+  context: __SerdeContext
+) => Promise<GetDelegatedAccessTokenCommandOutput>;
 export declare const de_GetFederationTokenCommand: (
   output: __HttpResponse,
   context: __SerdeContext

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-sts",
   "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native",
-  "version": "3.927.0",
+  "version": "3.928.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-sts",
@@ -22,17 +22,17 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/core": "3.927.0",
-    "@aws-sdk/credential-provider-node": "3.927.0",
+    "@aws-sdk/core": "3.928.0",
+    "@aws-sdk/credential-provider-node": "3.928.0",
     "@aws-sdk/middleware-host-header": "3.922.0",
     "@aws-sdk/middleware-logger": "3.922.0",
     "@aws-sdk/middleware-recursion-detection": "3.922.0",
-    "@aws-sdk/middleware-user-agent": "3.927.0",
+    "@aws-sdk/middleware-user-agent": "3.928.0",
     "@aws-sdk/region-config-resolver": "3.925.0",
     "@aws-sdk/types": "3.922.0",
     "@aws-sdk/util-endpoints": "3.922.0",
     "@aws-sdk/util-user-agent-browser": "3.922.0",
-    "@aws-sdk/util-user-agent-node": "3.927.0",
+    "@aws-sdk/util-user-agent-node": "3.928.0",
     "@smithy/config-resolver": "^4.4.2",
     "@smithy/core": "^3.17.2",
     "@smithy/fetch-http-handler": "^5.3.5",