@aws-sdk/credential-providers 3.499.0 → 3.502.0

package/README.md

@@ -28,6 +28,9 @@ A collection of all credential providers, with default clients.
 
 ## `fromCognitoIdentity()`
 
+- Uses `@aws-sdk/client-cognito-identity`
+- Available in browsers & native apps
+
 The function `fromCognitoIdentity()` returns `CredentialsProvider` that retrieves credentials for
 the provided identity ID. See [GetCredentialsForIdentity API][getcredentialsforidentity_api]
 for more information.
@@ -63,6 +66,9 @@ const client = new FooClient({
 
 ## `fromCognitoIdentityPool()`
 
+- Uses `@aws-sdk/client-cognito-identity`
+- Available in browsers & native apps
+
 The function `fromCognitoIdentityPool()` returns `AwsCredentialIdentityProvider` that calls [GetId API][getid_api]
 to obtain an `identityId`, then generates temporary AWS credentials with
 [GetCredentialsForIdentity API][getcredentialsforidentity_api], see
@@ -108,6 +114,9 @@ const client = new FooClient({
 
 ## `fromTemporaryCredentials()`
 
+- Uses `@aws-sdk/client-sts`
+- Available in browsers & native apps
+
 The function `fromTemporaryCredentials` returns `AwsCredentialIdentityProvider` that retrieves temporary
 credentials from [STS AssumeRole API][assumerole_api].
 
@@ -147,6 +156,9 @@ const client = new FooClient({
 
 ## `fromWebToken()`
 
+- Uses `@aws-sdk/client-sts`
+- Available in browsers & native apps
+
 The function `fromWebToken` returns `AwsCredentialIdentityProvider` that gets credentials calling
 [STS AssumeRoleWithWebIdentity API][assumerolewithwebidentity_api]
 
@@ -210,6 +222,8 @@ provider, see the documentation for the identity provider.
 
 ## `fromContainerMetadata()` and `fromInstanceMetadata()`
 
+- Not available in browsers & native apps
+
 `fromContainerMetadata` and `fromInstanceMetadata` will create `AwsCredentialIdentityProvider` functions that
 read from the ECS container metadata service and the EC2 instance metadata service, respectively.
 
@@ -260,6 +274,8 @@ Please see [Configure the instance metadata service][config_instance_metadata] f
 
 ## `fromHttp()`
 
+- Available in browsers & native apps, without the EC2 and Container metadata components.
+
 This creates a provider function that makes a `GET` request to
 any provided HTTPS URL. A limited set of HTTP destinations are also accepted.
 
@@ -359,6 +375,10 @@ const client = new FooClient({
 
 ## `fromIni()`
 
+- May use `@aws-sdk/client-sso` or `@aws-sdk/client-sts` depending
+  on how the file is configured.
+- Not available in browsers & native apps.
+
 `fromIni` creates `AwsCredentialIdentityProvider` functions that read from a shared credentials file at
 `~/.aws/credentials` and a shared configuration file at `~/.aws/config`. Both files are expected to
 be INI formatted with section names corresponding to profiles. Sections in the credentials file are
@@ -485,6 +505,8 @@ See [`fromSSO()`](#fromsso) fro more information
 
 ## `fromEnv()`
 
+- Not available in browser & native apps
+
 ```javascript
 import { fromEnv } from "@aws-sdk/credential-providers"; // ES6 import
 // const { fromEnv } = require("@aws-sdk/credential-providers"); // CommonJS import
@@ -510,6 +532,8 @@ contains a falsy value, the promise returned by the `fromEnv` function will be r
 
 ## `fromProcess()`
 
+- Not available in browsers & native apps
+
 ```javascript
 import { fromProcess } from "@aws-sdk/credential-providers"; // ES6 import
 // const { fromProcess } = require("@aws-sdk/credential-providers"); // CommonJS import
@@ -566,6 +590,9 @@ credential_process = /usr/local/bin/awscreds dev
 
 ## `fromTokenFile()`
 
+- Uses `@aws-sdk/client-sts`
+- Not available in browsers & native apps
+
 The function `fromTokenFile` returns `AwsCredentialIdentityProvider` that reads credentials as follows:
 
 - Reads file location of where the OIDC token is stored from either provided option
@@ -598,6 +625,9 @@ const client = new FooClient({
 
 ## `fromSSO()`
 
+- Uses `@aws-sdk/client-sso` & `@aws-sdk/client-sso-oidc`
+- Not available in browsers & native apps
+
 > This credential provider **ONLY** supports profiles using the SSO credential. If you have a
 > profile that assumes a role which derived from the SSO credential, you should use the
 > [`fromIni()`](#fromini), or `@aws-sdk/credential-provider-node` package.
@@ -718,6 +748,10 @@ sso_start_url = https://d-abc123.awsapps.com/start
 
 ## `fromNodeProviderChain()`
 
+- May use `@aws-sdk/client-sts`, `@aws-sdk/client-sso`, etc. depending on
+  which link in the chain finally resolves credentials.
+- Not available in browsers & native apps
+
 The credential provider used as default in the Node.js clients, but with default role assumers so
 you don't need to import them from STS client and supply them manually. You normally don't need
 to use this explicitly in the client constructor. It is useful for utility functions requiring

package/dist-cjs/fromCognitoIdentity.js

@@ -1,13 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromCognitoIdentity = void 0;
-const client_cognito_identity_1 = require("@aws-sdk/client-cognito-identity");
 const credential_provider_cognito_identity_1 = require("@aws-sdk/credential-provider-cognito-identity");
-const fromCognitoIdentity = (options) => {
-    var _a;
-    return (0, credential_provider_cognito_identity_1.fromCognitoIdentity)({
-        ...options,
-        client: new client_cognito_identity_1.CognitoIdentityClient((_a = options.clientConfig) !== null && _a !== void 0 ? _a : {}),
-    });
-};
+const fromCognitoIdentity = (options) => (0, credential_provider_cognito_identity_1.fromCognitoIdentity)({
+    ...options,
+});
 exports.fromCognitoIdentity = fromCognitoIdentity;

package/dist-cjs/fromCognitoIdentityPool.js

@@ -1,13 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromCognitoIdentityPool = void 0;
-const client_cognito_identity_1 = require("@aws-sdk/client-cognito-identity");
 const credential_provider_cognito_identity_1 = require("@aws-sdk/credential-provider-cognito-identity");
-const fromCognitoIdentityPool = (options) => {
-    var _a;
-    return (0, credential_provider_cognito_identity_1.fromCognitoIdentityPool)({
-        ...options,
-        client: new client_cognito_identity_1.CognitoIdentityClient((_a = options.clientConfig) !== null && _a !== void 0 ? _a : {}),
-    });
-};
+const fromCognitoIdentityPool = (options) => (0, credential_provider_cognito_identity_1.fromCognitoIdentityPool)({
+    ...options,
+});
 exports.fromCognitoIdentityPool = fromCognitoIdentityPool;

package/dist-cjs/fromContainerMetadata.js

@@ -2,5 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromContainerMetadata = void 0;
 const credential_provider_imds_1 = require("@smithy/credential-provider-imds");
-const fromContainerMetadata = (init) => (0, credential_provider_imds_1.fromContainerMetadata)(init);
+const fromContainerMetadata = (init) => {
+    var _a;
+    (_a = init === null || init === void 0 ? void 0 : init.logger) === null || _a === void 0 ? void 0 : _a.debug("@smithy/credential-provider-imds", "fromContainerMetadata");
+    return (0, credential_provider_imds_1.fromContainerMetadata)(init);
+};
 exports.fromContainerMetadata = fromContainerMetadata;

package/dist-cjs/fromEnv.js

@@ -2,5 +2,5 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromEnv = void 0;
 const credential_provider_env_1 = require("@aws-sdk/credential-provider-env");
-const fromEnv = () => (0, credential_provider_env_1.fromEnv)();
+const fromEnv = (init) => (0, credential_provider_env_1.fromEnv)(init);
 exports.fromEnv = fromEnv;

package/dist-cjs/fromIni.js

@@ -1,14 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromIni = void 0;
-const client_sts_1 = require("@aws-sdk/client-sts");
 const credential_provider_ini_1 = require("@aws-sdk/credential-provider-ini");
-const fromIni = (init = {}) => {
-    var _a, _b;
-    return (0, credential_provider_ini_1.fromIni)({
-        ...init,
-        roleAssumer: (_a = init.roleAssumer) !== null && _a !== void 0 ? _a : (0, client_sts_1.getDefaultRoleAssumer)(init.clientConfig, init.clientPlugins),
-        roleAssumerWithWebIdentity: (_b = init.roleAssumerWithWebIdentity) !== null && _b !== void 0 ? _b : (0, client_sts_1.getDefaultRoleAssumerWithWebIdentity)(init.clientConfig, init.clientPlugins),
-    });
-};
+const fromIni = (init = {}) => (0, credential_provider_ini_1.fromIni)({
+    ...init,
+});
 exports.fromIni = fromIni;

package/dist-cjs/fromInstanceMetadata.js

@@ -2,5 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromInstanceMetadata = void 0;
 const credential_provider_imds_1 = require("@smithy/credential-provider-imds");
-const fromInstanceMetadata = (init) => (0, credential_provider_imds_1.fromInstanceMetadata)(init);
+const fromInstanceMetadata = (init) => {
+    var _a;
+    (_a = init === null || init === void 0 ? void 0 : init.logger) === null || _a === void 0 ? void 0 : _a.debug("@smithy/credential-provider-imds", "fromInstanceMetadata");
+    return (0, credential_provider_imds_1.fromInstanceMetadata)(init);
+};
 exports.fromInstanceMetadata = fromInstanceMetadata;

package/dist-cjs/fromNodeProviderChain.js

@@ -1,14 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromNodeProviderChain = void 0;
-const client_sts_1 = require("@aws-sdk/client-sts");
 const credential_provider_node_1 = require("@aws-sdk/credential-provider-node");
-const fromNodeProviderChain = (init = {}) => {
-    var _a, _b;
-    return (0, credential_provider_node_1.defaultProvider)({
-        ...init,
-        roleAssumer: (_a = init.roleAssumer) !== null && _a !== void 0 ? _a : (0, client_sts_1.getDefaultRoleAssumer)(init.clientConfig, init.clientPlugins),
-        roleAssumerWithWebIdentity: (_b = init.roleAssumerWithWebIdentity) !== null && _b !== void 0 ? _b : (0, client_sts_1.getDefaultRoleAssumerWithWebIdentity)(init.clientConfig, init.clientPlugins),
-    });
-};
+const fromNodeProviderChain = (init = {}) => (0, credential_provider_node_1.defaultProvider)({
+    ...init,
+});
 exports.fromNodeProviderChain = fromNodeProviderChain;

package/dist-cjs/fromSSO.js

@@ -1,7 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromSSO = void 0;
-const client_sso_1 = require("@aws-sdk/client-sso");
 const credential_provider_sso_1 = require("@aws-sdk/credential-provider-sso");
-const fromSSO = (init = {}) => (0, credential_provider_sso_1.fromSSO)({ ...{ ssoClient: init.clientConfig ? new client_sso_1.SSOClient(init.clientConfig) : undefined }, ...init });
+const fromSSO = (init = {}) => {
+    return (0, credential_provider_sso_1.fromSSO)({ ...init });
+};
 exports.fromSSO = fromSSO;

package/dist-cjs/fromTemporaryCredentials.js

@@ -1,27 +1,28 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromTemporaryCredentials = void 0;
-const client_sts_1 = require("@aws-sdk/client-sts");
 const property_provider_1 = require("@smithy/property-provider");
 const fromTemporaryCredentials = (options) => {
     let stsClient;
     return async () => {
-        var _a;
-        const params = { ...options.params, RoleSessionName: (_a = options.params.RoleSessionName) !== null && _a !== void 0 ? _a : "aws-sdk-js-" + Date.now() };
+        var _a, _b;
+        (_a = options.logger) === null || _a === void 0 ? void 0 : _a.debug("@aws-sdk/credential-providers", "fromTemporaryCredentials (STS)");
+        const params = { ...options.params, RoleSessionName: (_b = options.params.RoleSessionName) !== null && _b !== void 0 ? _b : "aws-sdk-js-" + Date.now() };
         if (params === null || params === void 0 ? void 0 : params.SerialNumber) {
             if (!options.mfaCodeProvider) {
                 throw new property_provider_1.CredentialsProviderError(`Temporary credential requires multi-factor authentication,` + ` but no MFA code callback was provided.`, false);
             }
             params.TokenCode = await options.mfaCodeProvider(params === null || params === void 0 ? void 0 : params.SerialNumber);
         }
+        const { AssumeRoleCommand, STSClient } = await Promise.resolve().then(() => __importStar(require("./loadSts")));
         if (!stsClient)
-            stsClient = new client_sts_1.STSClient({ ...options.clientConfig, credentials: options.masterCredentials });
+            stsClient = new STSClient({ ...options.clientConfig, credentials: options.masterCredentials });
         if (options.clientPlugins) {
             for (const plugin of options.clientPlugins) {
                 stsClient.middlewareStack.use(plugin);
             }
         }
-        const { Credentials } = await stsClient.send(new client_sts_1.AssumeRoleCommand(params));
+        const { Credentials } = await stsClient.send(new AssumeRoleCommand(params));
         if (!Credentials || !Credentials.AccessKeyId || !Credentials.SecretAccessKey) {
             throw new property_provider_1.CredentialsProviderError(`Invalid response from STS.assumeRole call with role ${params.RoleArn}`);
         }

package/dist-cjs/fromTokenFile.js

@@ -1,13 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromTokenFile = void 0;
-const client_sts_1 = require("@aws-sdk/client-sts");
 const credential_provider_web_identity_1 = require("@aws-sdk/credential-provider-web-identity");
-const fromTokenFile = (init = {}) => {
-    var _a;
-    return (0, credential_provider_web_identity_1.fromTokenFile)({
-        ...init,
-        roleAssumerWithWebIdentity: (_a = init.roleAssumerWithWebIdentity) !== null && _a !== void 0 ? _a : (0, client_sts_1.getDefaultRoleAssumerWithWebIdentity)(init.clientConfig, init.clientPlugins),
-    });
-};
+const fromTokenFile = (init = {}) => (0, credential_provider_web_identity_1.fromTokenFile)({
+    ...init,
+});
 exports.fromTokenFile = fromTokenFile;

package/dist-cjs/fromWebToken.js

@@ -1,13 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromWebToken = void 0;
-const client_sts_1 = require("@aws-sdk/client-sts");
 const credential_provider_web_identity_1 = require("@aws-sdk/credential-provider-web-identity");
-const fromWebToken = (init) => {
-    var _a;
-    return (0, credential_provider_web_identity_1.fromWebToken)({
-        ...init,
-        roleAssumerWithWebIdentity: (_a = init.roleAssumerWithWebIdentity) !== null && _a !== void 0 ? _a : (0, client_sts_1.getDefaultRoleAssumerWithWebIdentity)(init.clientConfig, init.clientPlugins),
-    });
-};
+const fromWebToken = (init) => (0, credential_provider_web_identity_1.fromWebToken)({
+    ...init,
+});
 exports.fromWebToken = fromWebToken;

package/dist-cjs/loadSts.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.STSClient = exports.AssumeRoleCommand = void 0;
+const client_sts_1 = require("@aws-sdk/client-sts");
+Object.defineProperty(exports, "AssumeRoleCommand", { enumerable: true, get: function () { return client_sts_1.AssumeRoleCommand; } });
+Object.defineProperty(exports, "STSClient", { enumerable: true, get: function () { return client_sts_1.STSClient; } });

package/dist-es/fromCognitoIdentity.js

@@ -1,6 +1,4 @@
-import { CognitoIdentityClient } from "@aws-sdk/client-cognito-identity";
 import { fromCognitoIdentity as _fromCognitoIdentity, } from "@aws-sdk/credential-provider-cognito-identity";
 export const fromCognitoIdentity = (options) => _fromCognitoIdentity({
     ...options,
-    client: new CognitoIdentityClient(options.clientConfig ?? {}),
 });

package/dist-es/fromCognitoIdentityPool.js

@@ -1,6 +1,4 @@
-import { CognitoIdentityClient } from "@aws-sdk/client-cognito-identity";
 import { fromCognitoIdentityPool as _fromCognitoIdentityPool, } from "@aws-sdk/credential-provider-cognito-identity";
 export const fromCognitoIdentityPool = (options) => _fromCognitoIdentityPool({
     ...options,
-    client: new CognitoIdentityClient(options.clientConfig ?? {}),
 });

package/dist-es/fromContainerMetadata.js

@@ -1,2 +1,5 @@
 import { fromContainerMetadata as _fromContainerMetadata, } from "@smithy/credential-provider-imds";
-export const fromContainerMetadata = (init) => _fromContainerMetadata(init);
+export const fromContainerMetadata = (init) => {
+    init?.logger?.debug("@smithy/credential-provider-imds", "fromContainerMetadata");
+    return _fromContainerMetadata(init);
+};

package/dist-es/fromEnv.js

@@ -1,2 +1,2 @@
 import { fromEnv as _fromEnv } from "@aws-sdk/credential-provider-env";
-export const fromEnv = () => _fromEnv();
+export const fromEnv = (init) => _fromEnv(init);

package/dist-es/fromIni.js

@@ -1,7 +1,4 @@
-import { getDefaultRoleAssumer, getDefaultRoleAssumerWithWebIdentity } from "@aws-sdk/client-sts";
 import { fromIni as _fromIni } from "@aws-sdk/credential-provider-ini";
 export const fromIni = (init = {}) => _fromIni({
     ...init,
-    roleAssumer: init.roleAssumer ?? getDefaultRoleAssumer(init.clientConfig, init.clientPlugins),
-    roleAssumerWithWebIdentity: init.roleAssumerWithWebIdentity ?? getDefaultRoleAssumerWithWebIdentity(init.clientConfig, init.clientPlugins),
 });

package/dist-es/fromInstanceMetadata.js

@@ -1,2 +1,5 @@
 import { fromInstanceMetadata as _fromInstanceMetadata, } from "@smithy/credential-provider-imds";
-export const fromInstanceMetadata = (init) => _fromInstanceMetadata(init);
+export const fromInstanceMetadata = (init) => {
+    init?.logger?.debug("@smithy/credential-provider-imds", "fromInstanceMetadata");
+    return _fromInstanceMetadata(init);
+};

package/dist-es/fromNodeProviderChain.js

@@ -1,7 +1,4 @@
-import { getDefaultRoleAssumer, getDefaultRoleAssumerWithWebIdentity } from "@aws-sdk/client-sts";
 import { defaultProvider } from "@aws-sdk/credential-provider-node";
 export const fromNodeProviderChain = (init = {}) => defaultProvider({
     ...init,
-    roleAssumer: init.roleAssumer ?? getDefaultRoleAssumer(init.clientConfig, init.clientPlugins),
-    roleAssumerWithWebIdentity: init.roleAssumerWithWebIdentity ?? getDefaultRoleAssumerWithWebIdentity(init.clientConfig, init.clientPlugins),
 });

package/dist-es/fromSSO.js

@@ -1,3 +1,4 @@
-import { SSOClient } from "@aws-sdk/client-sso";
 import { fromSSO as _fromSSO } from "@aws-sdk/credential-provider-sso";
-export const fromSSO = (init = {}) => _fromSSO({ ...{ ssoClient: init.clientConfig ? new SSOClient(init.clientConfig) : undefined }, ...init });
+export const fromSSO = (init = {}) => {
+    return _fromSSO({ ...init });
+};

package/dist-es/fromTemporaryCredentials.js

@@ -1,8 +1,8 @@
-import { AssumeRoleCommand, STSClient } from "@aws-sdk/client-sts";
 import { CredentialsProviderError } from "@smithy/property-provider";
 export const fromTemporaryCredentials = (options) => {
     let stsClient;
     return async () => {
+        options.logger?.debug("@aws-sdk/credential-providers", "fromTemporaryCredentials (STS)");
         const params = { ...options.params, RoleSessionName: options.params.RoleSessionName ?? "aws-sdk-js-" + Date.now() };
         if (params?.SerialNumber) {
             if (!options.mfaCodeProvider) {
@@ -10,6 +10,7 @@ export const fromTemporaryCredentials = (options) => {
             }
             params.TokenCode = await options.mfaCodeProvider(params?.SerialNumber);
         }
+        const { AssumeRoleCommand, STSClient } = await import("./loadSts");
         if (!stsClient)
             stsClient = new STSClient({ ...options.clientConfig, credentials: options.masterCredentials });
         if (options.clientPlugins) {

package/dist-es/fromTokenFile.js

@@ -1,6 +1,4 @@
-import { getDefaultRoleAssumerWithWebIdentity } from "@aws-sdk/client-sts";
-import { fromTokenFile as _fromTokenFile, } from "@aws-sdk/credential-provider-web-identity";
+import { fromTokenFile as _fromTokenFile } from "@aws-sdk/credential-provider-web-identity";
 export const fromTokenFile = (init = {}) => _fromTokenFile({
     ...init,
-    roleAssumerWithWebIdentity: init.roleAssumerWithWebIdentity ?? getDefaultRoleAssumerWithWebIdentity(init.clientConfig, init.clientPlugins),
 });

package/dist-es/fromWebToken.js

@@ -1,6 +1,4 @@
-import { getDefaultRoleAssumerWithWebIdentity } from "@aws-sdk/client-sts";
-import { fromWebToken as _fromWebToken, } from "@aws-sdk/credential-provider-web-identity";
+import { fromWebToken as _fromWebToken } from "@aws-sdk/credential-provider-web-identity";
 export const fromWebToken = (init) => _fromWebToken({
     ...init,
-    roleAssumerWithWebIdentity: init.roleAssumerWithWebIdentity ?? getDefaultRoleAssumerWithWebIdentity(init.clientConfig, init.clientPlugins),
 });

package/dist-es/loadSts.js

@@ -0,0 +1,2 @@
+import { AssumeRoleCommand, STSClient } from "@aws-sdk/client-sts";
+export { AssumeRoleCommand, STSClient };

package/dist-types/fromCognitoIdentity.d.ts

@@ -1,4 +1,4 @@
-import { CognitoIdentityClientConfig } from "@aws-sdk/client-cognito-identity";
+import type { CognitoIdentityClientConfig } from "@aws-sdk/client-cognito-identity";
 import { CognitoIdentityCredentialProvider as _CognitoIdentityCredentialProvider, FromCognitoIdentityParameters as _FromCognitoIdentityParameters } from "@aws-sdk/credential-provider-cognito-identity";
 export interface FromCognitoIdentityParameters extends Omit<_FromCognitoIdentityParameters, "client"> {
     /**

package/dist-types/fromCognitoIdentityPool.d.ts

@@ -1,4 +1,4 @@
-import { CognitoIdentityClientConfig } from "@aws-sdk/client-cognito-identity";
+import type { CognitoIdentityClientConfig } from "@aws-sdk/client-cognito-identity";
 import { CognitoIdentityCredentialProvider, FromCognitoIdentityPoolParameters as _FromCognitoIdentityPoolParameters } from "@aws-sdk/credential-provider-cognito-identity";
 export interface FromCognitoIdentityPoolParameters extends Omit<_FromCognitoIdentityPoolParameters, "client"> {
     clientConfig?: CognitoIdentityClientConfig;

package/dist-types/fromContainerMetadata.d.ts

@@ -1,6 +1,7 @@
+import type { CredentialProviderOptions } from "@aws-sdk/types";
 import { RemoteProviderInit as _RemoteProviderInit } from "@smithy/credential-provider-imds";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
-export interface RemoteProviderInit extends _RemoteProviderInit {
+export interface RemoteProviderInit extends _RemoteProviderInit, CredentialProviderOptions {
 }
 /**
  * Create a credential provider function that reads from ECS container metadata service.

package/dist-types/fromEnv.d.ts

@@ -1,3 +1,4 @@
+import { FromEnvInit } from "@aws-sdk/credential-provider-env";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
 /**
  * Create a credential provider that reads credentials from the following environment variables:
@@ -23,4 +24,4 @@ import { AwsCredentialIdentityProvider } from "@smithy/types";
  * });
  * ```
  */
-export declare const fromEnv: () => AwsCredentialIdentityProvider;
+export declare const fromEnv: (init?: FromEnvInit) => AwsCredentialIdentityProvider;

package/dist-types/fromIni.d.ts

@@ -1,10 +1,5 @@
-import { STSClientConfig } from "@aws-sdk/client-sts";
-import { FromIniInit as _FromIniInit } from "@aws-sdk/credential-provider-ini";
-import { AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
-export interface FromIniInit extends _FromIniInit {
-    clientConfig?: STSClientConfig;
-    clientPlugins?: Pluggable<any, any>[];
-}
+import { FromIniInit } from "@aws-sdk/credential-provider-ini";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
 /**
  * Creates a credential provider function that reads from a shared credentials file at `~/.aws/credentials` and a
  * shared configuration file at `~/.aws/config`. Both files are expected to be INI formatted with section names

package/dist-types/fromInstanceMetadata.d.ts

@@ -1,3 +1,4 @@
+import type { CredentialProviderOptions } from "@aws-sdk/types";
 import { RemoteProviderConfig as _RemoteProviderInit } from "@smithy/credential-provider-imds";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
 /**
@@ -19,4 +20,4 @@ import { AwsCredentialIdentityProvider } from "@smithy/types";
  * });
  * ```
  */
-export declare const fromInstanceMetadata: (init?: _RemoteProviderInit) => AwsCredentialIdentityProvider;
+export declare const fromInstanceMetadata: (init?: _RemoteProviderInit & CredentialProviderOptions) => AwsCredentialIdentityProvider;

package/dist-types/fromNodeProviderChain.d.ts

@@ -1,10 +1,5 @@
-import { STSClientConfig } from "@aws-sdk/client-sts";
 import { DefaultProviderInit } from "@aws-sdk/credential-provider-node";
-import { AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
-export interface fromNodeProviderChainInit extends DefaultProviderInit {
-    clientConfig?: STSClientConfig;
-    clientPlugins?: Pluggable<any, any>[];
-}
+import type { AwsCredentialIdentityProvider } from "@smithy/types";
 /**
  * This is the same credential provider as {@link defaultProvider|the default provider for Node.js SDK},
  * but with default role assumers so you don't need to import them from
@@ -30,4 +25,4 @@ export interface fromNodeProviderChainInit extends DefaultProviderInit {
  * })
  * ```
  */
-export declare const fromNodeProviderChain: (init?: fromNodeProviderChainInit) => AwsCredentialIdentityProvider;
+export declare const fromNodeProviderChain: (init?: DefaultProviderInit) => AwsCredentialIdentityProvider;

package/dist-types/fromProcess.d.ts

@@ -1,7 +1,5 @@
-import { FromProcessInit as _FromProcessInit } from "@aws-sdk/credential-provider-process";
+import { FromProcessInit } from "@aws-sdk/credential-provider-process";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
-export interface FromProcessInit extends _FromProcessInit {
-}
 /**
  * Creates a credential provider function that executes a given process and attempt to read its standard output to
  * receive a JSON payload containing the credentials.

package/dist-types/fromSSO.d.ts

@@ -1,9 +1,5 @@
-import { SSOClientConfig } from "@aws-sdk/client-sso";
-import { FromSSOInit as _FromSSOInit } from "@aws-sdk/credential-provider-sso";
+import { FromSSOInit } from "@aws-sdk/credential-provider-sso";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
-export interface FromSSOInit extends Omit<_FromSSOInit, "client"> {
-    clientConfig?: SSOClientConfig;
-}
 /**
  * Creates a credential provider function that reads from the _resolved_ access token from local disk then requests
  * temporary AWS credentials.

package/dist-types/fromTemporaryCredentials.d.ts

@@ -1,6 +1,7 @@
-import { AssumeRoleCommandInput, STSClientConfig } from "@aws-sdk/client-sts";
+import type { AssumeRoleCommandInput, STSClientConfig } from "@aws-sdk/client-sts";
+import type { CredentialProviderOptions } from "@aws-sdk/types";
 import { AwsCredentialIdentity, AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
-export interface FromTemporaryCredentialsOptions {
+export interface FromTemporaryCredentialsOptions extends CredentialProviderOptions {
     params: Omit<AssumeRoleCommandInput, "RoleSessionName"> & {
         RoleSessionName?: string;
     };

package/dist-types/fromTokenFile.d.ts

@@ -1,10 +1,5 @@
-import { STSClientConfig } from "@aws-sdk/client-sts";
-import { FromTokenFileInit as _FromTokenFileInit } from "@aws-sdk/credential-provider-web-identity";
-import { AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
-export interface FromTokenFileInit extends _FromTokenFileInit {
-    clientConfig?: STSClientConfig;
-    clientPlugins?: Pluggable<any, any>[];
-}
+import { FromTokenFileInit } from "@aws-sdk/credential-provider-web-identity";
+import type { AwsCredentialIdentityProvider } from "@smithy/types";
 /**
  * Creates a credential provider function that reads OIDC token from given file, then call STS.AssumeRoleWithWebIdentity
  * API. The configurations must be specified in environmental variables:

package/dist-types/fromWebToken.d.ts

@@ -1,10 +1,5 @@
-import { STSClientConfig } from "@aws-sdk/client-sts";
-import { FromWebTokenInit as _FromWebTokenInit } from "@aws-sdk/credential-provider-web-identity";
-import { AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
-export interface FromWebTokenInit extends _FromWebTokenInit {
-    clientConfig?: STSClientConfig;
-    clientPlugins?: Pluggable<any, any>[];
-}
+import { FromWebTokenInit } from "@aws-sdk/credential-provider-web-identity";
+import type { AwsCredentialIdentityProvider } from "@smithy/types";
 /**
  * Creates a credential provider function that gets credentials calling STS
  * AssumeRoleWithWebIdentity API.

package/dist-types/loadSts.d.ts

@@ -0,0 +1,2 @@
+import { AssumeRoleCommand, STSClient } from "@aws-sdk/client-sts";
+export { AssumeRoleCommand, STSClient };

package/dist-types/ts3.4/fromContainerMetadata.d.ts

@@ -1,6 +1,9 @@
+import { CredentialProviderOptions } from "@aws-sdk/types";
 import { RemoteProviderInit as _RemoteProviderInit } from "@smithy/credential-provider-imds";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
-export interface RemoteProviderInit extends _RemoteProviderInit {}
+export interface RemoteProviderInit
+  extends _RemoteProviderInit,
+    CredentialProviderOptions {}
 export declare const fromContainerMetadata: (
   init?: RemoteProviderInit
 ) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromEnv.d.ts

@@ -1,2 +1,5 @@
+import { FromEnvInit } from "@aws-sdk/credential-provider-env";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
-export declare const fromEnv: () => AwsCredentialIdentityProvider;
+export declare const fromEnv: (
+  init?: FromEnvInit
+) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromIni.d.ts

@@ -1,10 +1,5 @@
-import { STSClientConfig } from "@aws-sdk/client-sts";
-import { FromIniInit as _FromIniInit } from "@aws-sdk/credential-provider-ini";
-import { AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
-export interface FromIniInit extends _FromIniInit {
-  clientConfig?: STSClientConfig;
-  clientPlugins?: Pluggable<any, any>[];
-}
+import { FromIniInit } from "@aws-sdk/credential-provider-ini";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
 export declare const fromIni: (
   init?: FromIniInit
 ) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromInstanceMetadata.d.ts

@@ -1,5 +1,6 @@
+import { CredentialProviderOptions } from "@aws-sdk/types";
 import { RemoteProviderConfig as _RemoteProviderInit } from "@smithy/credential-provider-imds";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
 export declare const fromInstanceMetadata: (
-  init?: _RemoteProviderInit
+  init?: _RemoteProviderInit & CredentialProviderOptions
 ) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromNodeProviderChain.d.ts

@@ -1,10 +1,5 @@
-import { STSClientConfig } from "@aws-sdk/client-sts";
 import { DefaultProviderInit } from "@aws-sdk/credential-provider-node";
-import { AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
-export interface fromNodeProviderChainInit extends DefaultProviderInit {
-  clientConfig?: STSClientConfig;
-  clientPlugins?: Pluggable<any, any>[];
-}
+import { AwsCredentialIdentityProvider } from "@smithy/types";
 export declare const fromNodeProviderChain: (
-  init?: fromNodeProviderChainInit
+  init?: DefaultProviderInit
 ) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromProcess.d.ts

@@ -1,6 +1,5 @@
-import { FromProcessInit as _FromProcessInit } from "@aws-sdk/credential-provider-process";
+import { FromProcessInit } from "@aws-sdk/credential-provider-process";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
-export interface FromProcessInit extends _FromProcessInit {}
 export declare const fromProcess: (
   init?: FromProcessInit
 ) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromSSO.d.ts

@@ -1,10 +1,5 @@
-import { SSOClientConfig } from "@aws-sdk/client-sso";
-import { FromSSOInit as _FromSSOInit } from "@aws-sdk/credential-provider-sso";
+import { FromSSOInit } from "@aws-sdk/credential-provider-sso";
 import { AwsCredentialIdentityProvider } from "@smithy/types";
-export interface FromSSOInit
-  extends Pick<_FromSSOInit, Exclude<keyof _FromSSOInit, "client">> {
-  clientConfig?: SSOClientConfig;
-}
 export declare const fromSSO: (
   init?: FromSSOInit
 ) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromTemporaryCredentials.d.ts

@@ -1,10 +1,12 @@
 import { AssumeRoleCommandInput, STSClientConfig } from "@aws-sdk/client-sts";
+import { CredentialProviderOptions } from "@aws-sdk/types";
 import {
   AwsCredentialIdentity,
   AwsCredentialIdentityProvider,
   Pluggable,
 } from "@smithy/types";
-export interface FromTemporaryCredentialsOptions {
+export interface FromTemporaryCredentialsOptions
+  extends CredentialProviderOptions {
   params: Pick<
     AssumeRoleCommandInput,
     Exclude<keyof AssumeRoleCommandInput, "RoleSessionName">

package/dist-types/ts3.4/fromTokenFile.d.ts

@@ -1,10 +1,5 @@
-import { STSClientConfig } from "@aws-sdk/client-sts";
-import { FromTokenFileInit as _FromTokenFileInit } from "@aws-sdk/credential-provider-web-identity";
-import { AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
-export interface FromTokenFileInit extends _FromTokenFileInit {
-  clientConfig?: STSClientConfig;
-  clientPlugins?: Pluggable<any, any>[];
-}
+import { FromTokenFileInit } from "@aws-sdk/credential-provider-web-identity";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
 export declare const fromTokenFile: (
   init?: FromTokenFileInit
 ) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromWebToken.d.ts

@@ -1,10 +1,5 @@
-import { STSClientConfig } from "@aws-sdk/client-sts";
-import { FromWebTokenInit as _FromWebTokenInit } from "@aws-sdk/credential-provider-web-identity";
-import { AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
-export interface FromWebTokenInit extends _FromWebTokenInit {
-  clientConfig?: STSClientConfig;
-  clientPlugins?: Pluggable<any, any>[];
-}
+import { FromWebTokenInit } from "@aws-sdk/credential-provider-web-identity";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
 export declare const fromWebToken: (
   init: FromWebTokenInit
 ) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/loadSts.d.ts

@@ -0,0 +1,2 @@
+import { AssumeRoleCommand, STSClient } from "@aws-sdk/client-sts";
+export { AssumeRoleCommand, STSClient };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-providers",
-  "version": "3.499.0",
+  "version": "3.502.0",
   "description": "A collection of credential providers, without requiring service clients like STS, Cognito",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",
@@ -28,18 +28,18 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@aws-sdk/client-cognito-identity": "3.499.0",
-    "@aws-sdk/client-sso": "3.496.0",
-    "@aws-sdk/client-sts": "3.499.0",
-    "@aws-sdk/credential-provider-cognito-identity": "3.499.0",
-    "@aws-sdk/credential-provider-env": "3.496.0",
-    "@aws-sdk/credential-provider-http": "3.496.0",
-    "@aws-sdk/credential-provider-ini": "3.496.0",
-    "@aws-sdk/credential-provider-node": "3.499.0",
-    "@aws-sdk/credential-provider-process": "3.496.0",
-    "@aws-sdk/credential-provider-sso": "3.496.0",
-    "@aws-sdk/credential-provider-web-identity": "3.496.0",
-    "@aws-sdk/types": "3.496.0",
+    "@aws-sdk/client-cognito-identity": "3.502.0",
+    "@aws-sdk/client-sso": "3.502.0",
+    "@aws-sdk/client-sts": "3.502.0",
+    "@aws-sdk/credential-provider-cognito-identity": "3.502.0",
+    "@aws-sdk/credential-provider-env": "3.502.0",
+    "@aws-sdk/credential-provider-http": "3.502.0",
+    "@aws-sdk/credential-provider-ini": "3.502.0",
+    "@aws-sdk/credential-provider-node": "3.502.0",
+    "@aws-sdk/credential-provider-process": "3.502.0",
+    "@aws-sdk/credential-provider-sso": "3.502.0",
+    "@aws-sdk/credential-provider-web-identity": "3.502.0",
+    "@aws-sdk/types": "3.502.0",
     "@smithy/credential-provider-imds": "^2.2.1",
     "@smithy/property-provider": "^2.1.1",
     "@smithy/types": "^2.9.1",