@aws-sdk/credential-providers 3.504.0 → 3.504.1

package/dist-cjs/fromTemporaryCredentials.js

@@ -1,4 +1,27 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.fromTemporaryCredentials = void 0;
 const property_provider_1 = require("@smithy/property-provider");

package/dist-types/ts3.4/fromCognitoIdentity.d.ts

@@ -1,17 +1,45 @@
-import { CognitoIdentityClientConfig } from "@aws-sdk/client-cognito-identity";
-import {
-  CognitoIdentityCredentialProvider as _CognitoIdentityCredentialProvider,
-  FromCognitoIdentityParameters as _FromCognitoIdentityParameters,
-} from "@aws-sdk/credential-provider-cognito-identity";
-export interface FromCognitoIdentityParameters
-  extends Pick<
-    _FromCognitoIdentityParameters,
-    Exclude<keyof _FromCognitoIdentityParameters, "client">
-  > {
-  clientConfig?: CognitoIdentityClientConfig;
-}
-export type CognitoIdentityCredentialProvider =
-  _CognitoIdentityCredentialProvider;
-export declare const fromCognitoIdentity: (
-  options: FromCognitoIdentityParameters
-) => _CognitoIdentityCredentialProvider;
+import { CognitoIdentityClientConfig } from "@aws-sdk/client-cognito-identity";
+import { CognitoIdentityCredentialProvider as _CognitoIdentityCredentialProvider, FromCognitoIdentityParameters as _FromCognitoIdentityParameters } from "@aws-sdk/credential-provider-cognito-identity";
+export interface FromCognitoIdentityParameters extends Pick<_FromCognitoIdentityParameters, Exclude<keyof _FromCognitoIdentityParameters, "client">> {
+    /**
+     * Custom client configuration if you need overwrite default Cognito Identity client configuration.
+     */
+    clientConfig?: CognitoIdentityClientConfig;
+}
+export type CognitoIdentityCredentialProvider = _CognitoIdentityCredentialProvider;
+/**
+ * Creates a credential provider function that reetrieves temporary AWS credentials using Amazon Cognito's
+ * `GetCredentialsForIdentity` operation.
+ *
+ * Results from this function call are not cached internally.
+ *
+ * ```javascript
+ * import { fromCognitoIdentity } from "@aws-sdk/credential-providers"; // ES6 import
+ * // const { fromCognitoIdentity } = require("@aws-sdk/credential-providers"); // CommonJS import
+ *
+ * const client = new FooClient({
+ *   region,
+ *   credentials: fromCognitoIdentity({
+ *     // Required. The unique identifier for the identity against which credentials
+ *     // will be issued.
+ *     identityId: "us-east-1:128d0a74-c82f-4553-916d-90053e4a8b0f"
+ *     // optional. The ARN of the role to be assumed when multiple roles were
+ *     // received in the token from the identity provider.
+ *     customRoleArn: "arn:aws:iam::1234567890:role/MYAPP-CognitoIdentity"
+ *     // Optional. A set of name-value pairs that map provider names to provider
+ *     // tokens. Required when using identities associated with external identity
+ *     // providers such as Facebook.
+ *     logins: {
+ *       "graph.facebook.com": "FBTOKEN",
+ *       "www.amazon.com": "AMAZONTOKEN",
+ *       "accounts.google.com": "GOOGLETOKEN",
+ *       "api.twitter.com": "TWITTERTOKEN'",
+ *       "www.digits.com": "DIGITSTOKEN"
+ *     },
+ *     // Optional. Custom client configuration if you need overwrite default Cognito Identity client configuration.
+ *     clientConfig: { region }
+ *   }),
+ * });
+ * ```
+ */
+export declare const fromCognitoIdentity: (options: FromCognitoIdentityParameters) => _CognitoIdentityCredentialProvider;

package/dist-types/ts3.4/fromCognitoIdentityPool.d.ts

@@ -1,15 +1,46 @@
-import { CognitoIdentityClientConfig } from "@aws-sdk/client-cognito-identity";
-import {
-  CognitoIdentityCredentialProvider,
-  FromCognitoIdentityPoolParameters as _FromCognitoIdentityPoolParameters,
-} from "@aws-sdk/credential-provider-cognito-identity";
-export interface FromCognitoIdentityPoolParameters
-  extends Pick<
-    _FromCognitoIdentityPoolParameters,
-    Exclude<keyof _FromCognitoIdentityPoolParameters, "client">
-  > {
-  clientConfig?: CognitoIdentityClientConfig;
-}
-export declare const fromCognitoIdentityPool: (
-  options: FromCognitoIdentityPoolParameters
-) => CognitoIdentityCredentialProvider;
+import { CognitoIdentityClientConfig } from "@aws-sdk/client-cognito-identity";
+import { CognitoIdentityCredentialProvider, FromCognitoIdentityPoolParameters as _FromCognitoIdentityPoolParameters } from "@aws-sdk/credential-provider-cognito-identity";
+export interface FromCognitoIdentityPoolParameters extends Pick<_FromCognitoIdentityPoolParameters, Exclude<keyof _FromCognitoIdentityPoolParameters, "client">> {
+    clientConfig?: CognitoIdentityClientConfig;
+}
+/**
+ * Creates a credential provider function that retrieves or generates a unique identifier using Amazon Cognito's `GetId`
+ * operation, then generates temporary AWS credentials using Amazon Cognito's `GetCredentialsForIdentity` operation.
+ *
+ * Results from `GetId` are cached internally, but results from `GetCredentialsForIdentity` are not.
+ *
+ * ```javascript
+ * import { fromCognitoIdentityPool } from "@aws-sdk/credential-providers"; // ES6 import
+ * // const { fromCognitoIdentityPool } = require("@aws-sdk/credential-providers"); // CommonJS import
+ *
+ * const client = new FooClient({
+ *   region,
+ *   credentials: fromCognitoIdentityPool({
+ *     // Required. The unique identifier for the identity pool from which an identity should be retrieved or generated.
+ *     identityPoolId: "us-east-1:1699ebc0-7900-4099-b910-2df94f52a030";
+ *     // Optional. A standard AWS account ID (9+ digits)
+ *     accountId: "123456789",
+ *     // Optional. A cache in which to store resolved Cognito IdentityIds.
+ *     cache: custom_storage,
+ *     // Optional. A unique identifier for the user used to cache Cognito IdentityIds on a per-user basis.
+ *     userIdentifier: "user_0",
+ *     // optional. The ARN of the role to be assumed when multiple roles were
+ *     // received in the token from the identity provider.
+ *     customRoleArn: "arn:aws:iam::1234567890:role/MYAPP-CognitoIdentity"
+ *     // Optional. A set of name-value pairs that map provider names to provider
+ *     // tokens. Required when using identities associated with external identity
+ *     // providers such as Facebook.
+ *     logins: {
+ *       'graph.facebook.com': 'FBTOKEN',
+ *       'www.amazon.com': 'AMAZONTOKEN',
+ *       'accounts.google.com': 'GOOGLETOKEN',
+ *       'api.twitter.com': 'TWITTERTOKEN',
+ *       'www.digits.com': 'DIGITSTOKEN'
+ *     },
+ *     // Optional. Custom client configuration if you need overwrite default Cognito Identity client configuration.
+ *     client: new CognitoIdentityClient({ region })
+ *   }),
+ * });
+ * ```
+ */
+export declare const fromCognitoIdentityPool: (options: FromCognitoIdentityPoolParameters) => CognitoIdentityCredentialProvider;

package/dist-types/ts3.4/fromContainerMetadata.d.ts

@@ -1,9 +1,25 @@
-import { CredentialProviderOptions } from "@aws-sdk/types";
-import { RemoteProviderInit as _RemoteProviderInit } from "@smithy/credential-provider-imds";
-import { AwsCredentialIdentityProvider } from "@smithy/types";
-export interface RemoteProviderInit
-  extends _RemoteProviderInit,
-    CredentialProviderOptions {}
-export declare const fromContainerMetadata: (
-  init?: RemoteProviderInit
-) => AwsCredentialIdentityProvider;
+import { CredentialProviderOptions } from "@aws-sdk/types";
+import { RemoteProviderInit as _RemoteProviderInit } from "@smithy/credential-provider-imds";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
+export interface RemoteProviderInit extends _RemoteProviderInit, CredentialProviderOptions {
+}
+/**
+ * Create a credential provider function that reads from ECS container metadata service.
+ *
+ * ```javascript
+ * import { fromContainerMetadata } from "@aws-sdk/credential-providers"; // ES6 import
+ * // const { fromContainerMetadata } = require("@aws-sdk/credential-providers"); // CommonJS import
+ *
+ * const foo = new FooClient({
+ *   credentials: fromContainerMetadata({
+ *     // Optional. The connection timeout (in milliseconds) to apply to any remote requests. If not specified, a default value
+ *     // of`1000` (one second) is used.
+ *     timeout: 1000,
+ *     // Optional. The maximum number of times any HTTP connections should be retried. If not specified, a default value of `0`
+ *     // will be used.
+ *     maxRetries: 0,
+ *   }),
+ * });
+ * ```
+ */
+export declare const fromContainerMetadata: (init?: RemoteProviderInit) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromEnv.d.ts

@@ -1,5 +1,27 @@
-import { FromEnvInit } from "@aws-sdk/credential-provider-env";
-import { AwsCredentialIdentityProvider } from "@smithy/types";
-export declare const fromEnv: (
-  init?: FromEnvInit
-) => AwsCredentialIdentityProvider;
+import { FromEnvInit } from "@aws-sdk/credential-provider-env";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
+/**
+ * Create a credential provider that reads credentials from the following environment variables:
+ *
+ * - `AWS_ACCESS_KEY_ID` - The access key for your AWS account.
+ * - `AWS_SECRET_ACCESS_KEY` - The secret key for your AWS account.
+ * - `AWS_SESSION_TOKEN` - The session key for your AWS account. This is only
+ *   needed when you are using temporary credentials.
+ * - `AWS_CREDENTIAL_EXPIRATION` - The expiration time of the credentials contained
+ *   in the environment variables described above. This value must be in a format
+ *   compatible with the [ISO-8601 standard](https://en.wikipedia.org/wiki/ISO_8601)
+ *   and is only needed when you are using temporary credentials.
+ *
+ * If either the `AWS_ACCESS_KEY_ID` or `AWS_SECRET_ACCESS_KEY` environment variable is not set or contains a falsy
+ * value, the promise returned by the `fromEnv` function will be rejected.
+ *
+ * ```javascript
+ * import { fromEnv } from "@aws-sdk/credential-providers"; // ES6 import
+ * // const { fromEnv } = require("@aws-sdk/credential-providers"); // CommonJS import
+ *
+ * const client = new DynamoDBClient({
+ *   credentials: fromEnv(),
+ * });
+ * ```
+ */
+export declare const fromEnv: (init?: FromEnvInit) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromIni.d.ts

@@ -1,5 +1,42 @@
-import { FromIniInit } from "@aws-sdk/credential-provider-ini";
-import { AwsCredentialIdentityProvider } from "@smithy/types";
-export declare const fromIni: (
-  init?: FromIniInit
-) => AwsCredentialIdentityProvider;
+import { FromIniInit } from "@aws-sdk/credential-provider-ini";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
+/**
+ * Creates a credential provider function that reads from a shared credentials file at `~/.aws/credentials` and a
+ * shared configuration file at `~/.aws/config`. Both files are expected to be INI formatted with section names
+ * corresponding to profiles. Sections in the credentials file are treated as profile names, whereas profile sections in
+ * the config file must have the format of`[profile profile-name]`, except for the default profile.
+ *
+ * Profiles that appear in both files will not be merged, and the version that appears in the credentials file will be
+ * given precedence over the profile found in the config file.
+ *
+ * ```javascript
+ * import { fromIni } from "@aws-sdk/credential-providers"; // ES6 import
+ * // const { fromIni } = require("@aws-sdk/credential-providers"); // CommonJS import
+ *
+ * const client = new FooClient({
+ *   credentials: fromIni({
+ *     // Optional. The configuration profile to use. If not specified, the provider will use the value in the
+ *     // `AWS_PROFILE` environment variable or a default of `default`.
+ *     profile: "profile",
+ *     // Optional. The path to the shared credentials file. If not specified, the provider will use the value in the
+ *     // `AWS_SHARED_CREDENTIALS_FILE` environment variable or a default of `~/.aws/credentials`.
+ *     filepath: "~/.aws/credentials",
+ *     // Optional. The path to the shared config file. If not specified, the provider will use the value in the
+ *     // `AWS_CONFIG_FILE` environment variable or a default of `~/.aws/config`.
+ *     configFilepath: "~/.aws/config",
+ *     // Optional. A function that returns a a promise fulfilled with an MFA token code for the provided MFA Serial
+ *     // code. If a profile requires an MFA code and `mfaCodeProvider` is not a valid function, the credential provider
+ *     // promise will be rejected.
+ *     mfaCodeProvider: async (mfaSerial) => {
+ *       return "token";
+ *     },
+ *     // Optional. Custom STS client configurations overriding the default ones.
+ *     clientConfig: { region },
+ *     // Optional. Custom STS client middleware plugin to modify the client default behavior.
+ *     // e.g. adding custom headers.
+ *     clientPlugins: [addFooHeadersPlugin],
+ *   }),
+ * });
+ * ```
+ */
+export declare const fromIni: (init?: FromIniInit) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromInstanceMetadata.d.ts

@@ -1,6 +1,23 @@
-import { CredentialProviderOptions } from "@aws-sdk/types";
-import { RemoteProviderConfig as _RemoteProviderInit } from "@smithy/credential-provider-imds";
-import { AwsCredentialIdentityProvider } from "@smithy/types";
-export declare const fromInstanceMetadata: (
-  init?: _RemoteProviderInit & CredentialProviderOptions
-) => AwsCredentialIdentityProvider;
+import { CredentialProviderOptions } from "@aws-sdk/types";
+import { RemoteProviderConfig as _RemoteProviderInit } from "@smithy/credential-provider-imds";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
+/**
+ * Creates a credential provider function that reads from the EC2 instance metadata service.
+ *
+ * ```javascript
+ * import { fromInstanceMetadata } from "@aws-sdk/credential-providers"; // ES6 import
+ * // const { fromInstanceMetadata } = require("@aws-sdk/credential-providers"); // CommonJS import
+ *
+ * const client = new DynamoDBClient({
+ *   credentials: fromInstanceMetadata({
+ *     // Optional. The connection timeout (in milliseconds) to apply to any remote requests. If not specified, a
+ *     // default value of`1000` (one second) is used.
+ *     timeout: 1000,
+ *     // Optional. The maximum number of times any HTTP connections should be retried. If not specified, a default
+ *     // value of `0` will be used.
+ *     maxRetries: 0,
+ *   }),
+ * });
+ * ```
+ */
+export declare const fromInstanceMetadata: (init?: _RemoteProviderInit & CredentialProviderOptions) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromNodeProviderChain.d.ts

@@ -1,5 +1,28 @@
-import { DefaultProviderInit } from "@aws-sdk/credential-provider-node";
-import { AwsCredentialIdentityProvider } from "@smithy/types";
-export declare const fromNodeProviderChain: (
-  init?: DefaultProviderInit
-) => AwsCredentialIdentityProvider;
+import { DefaultProviderInit } from "@aws-sdk/credential-provider-node";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
+/**
+ * This is the same credential provider as {@link defaultProvider|the default provider for Node.js SDK},
+ * but with default role assumers so you don't need to import them from
+ * STS client and supply them manually.
+ *
+ * You normally don't need to use this explicitly in the client constructor.
+ * It is useful for utility functions requiring credentials like S3 presigner,
+ * or RDS signer.
+ *
+ * ```js
+ * import { fromNodeProviderChain } from "@aws-sdk/credential-providers"; // ES6 import
+ * // const { fromNodeProviderChain } = require("@aws-sdk/credential-providers") // CommonJS import
+ *
+ * const credentialProvider = fromNodeProviderChain({
+ *   //...any input of fromEnv(), fromSSO(), fromTokenFile(), fromIni(),
+ *   // fromProcess(), fromInstanceMetadata(), fromContainerMetadata()
+ *
+ *   // Optional. Custom STS client configurations overriding the default ones.
+ *   clientConfig: { region },
+ *   // Optional. Custom STS client middleware plugin to modify the client default behavior.
+ *   // e.g. adding custom headers.
+ *   clientPlugins: [addFooHeadersPlugin],
+ * })
+ * ```
+ */
+export declare const fromNodeProviderChain: (init?: DefaultProviderInit) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromProcess.d.ts

@@ -1,5 +1,26 @@
-import { FromProcessInit } from "@aws-sdk/credential-provider-process";
-import { AwsCredentialIdentityProvider } from "@smithy/types";
-export declare const fromProcess: (
-  init?: FromProcessInit
-) => AwsCredentialIdentityProvider;
+import { FromProcessInit } from "@aws-sdk/credential-provider-process";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
+/**
+ * Creates a credential provider function that executes a given process and attempt to read its standard output to
+ * receive a JSON payload containing the credentials.
+ *
+ * ```javascript
+ * import { fromProcess } from "@aws-sdk/credential-providers"; // ES6 import
+ * // const { fromProcess } = require("@aws-sdk/credential-providers"); // CommonJS import
+ *
+ * const client = new FooClient({
+ *   credentials: fromProcess({
+ *     // Optional. The configuration profile to use. If not specified, the provider will use the value in the
+ *     // `AWS_PROFILE` environment variable or a default of `default`.
+ *     profile: "profile",
+ *     // Optional. The path to the shared credentials file. If not specified, the provider will use the value in the
+ *     // `AWS_SHARED_CREDENTIALS_FILE` environment variable or a default of `~/.aws/credentials`.
+ *     filepath: "~/.aws/credentials",
+ *     // Optional. The path to the shared config file. If not specified, the provider will use the value in the
+ *     // `AWS_CONFIG_FILE` environment variable or a default of `~/.aws/config`.
+ *     configFilepath: "~/.aws/config",
+ *   }),
+ * });
+ * ```
+ */
+export declare const fromProcess: (init?: FromProcessInit) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromSSO.d.ts

@@ -1,5 +1,44 @@
-import { FromSSOInit } from "@aws-sdk/credential-provider-sso";
-import { AwsCredentialIdentityProvider } from "@smithy/types";
-export declare const fromSSO: (
-  init?: FromSSOInit
-) => AwsCredentialIdentityProvider;
+import { FromSSOInit } from "@aws-sdk/credential-provider-sso";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
+/**
+ * Creates a credential provider function that reads from the _resolved_ access token from local disk then requests
+ * temporary AWS credentials.
+ *
+ * You can create the `AwsCredentialIdentityProvider` functions using the inline SSO parameters(`ssoStartUrl`, `ssoAccountId`,
+ * `ssoRegion`, `ssoRoleName`) or load them from [AWS SDKs and Tools shared configuration and credentials files](https://docs.aws.amazon.com/credref/latest/refdocs/creds-config-files.html).
+ * Profiles in the `credentials` file are given precedence over profiles in the `config` file.
+ *
+ * ```javascript
+ * import { fromSSO } from "@aws-sdk/credential-providers"; // ES6 import
+ * // const { fromSSO } = require(@aws-sdk/credential-providers") // CommonJS import
+ *
+ * const client = new FooClient({
+ *   credentials: fromSSO({
+ *     // Optional. The configuration profile to use. If not specified, the provider will use the value in the
+ *     // `AWS_PROFILE` environment variable or `default` by default.
+ *     profile: "my-sso-profile",
+ *     // Optional. The path to the shared credentials file. If not specified, the provider will use the value in the
+ *     // `AWS_SHARED_CREDENTIALS_FILE` environment variable or a default of `~/.aws/credentials`.
+ *     filepath: "~/.aws/credentials",
+ *     // Optional. The path to the shared config file. If not specified, the provider will use the value in the
+ *     // `AWS_CONFIG_FILE` environment variable or a default of `~/.aws/config`.
+ *     configFilepath: "~/.aws/config",
+ *     // Optional. The URL to the AWS SSO service. Required if any of the `sso*` options(except for `ssoClient`) is
+ *     // provided.
+ *     ssoStartUrl: "https://d-abc123.awsapps.com/start",
+ *     // Optional. The ID of the AWS account to use for temporary credentials. Required if any of the `sso*`
+ *     // options(except for `ssoClient`) is provided.
+ *     ssoAccountId: "1234567890",
+ *     // Optional. The AWS region to use for temporary credentials. Required if any of the `sso*` options(except for
+ *     // `ssoClient`) is provided.
+ *     ssoRegion: "us-east-1",
+ *     // Optional. The name of the AWS role to assume. Required if any of the `sso*` options(except for `ssoClient`) is
+ *     // provided.
+ *     ssoRoleName: "SampleRole",
+ *     // Optional. Overwrite the configuration used construct the SSO service client.
+ *     clientConfig: { region },
+ *   }),
+ * });
+ * ```
+ */
+export declare const fromSSO: (init?: FromSSOInit) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromTemporaryCredentials.d.ts

@@ -1,23 +1,53 @@
-import { AssumeRoleCommandInput, STSClientConfig } from "@aws-sdk/client-sts";
-import { CredentialProviderOptions } from "@aws-sdk/types";
-import {
-  AwsCredentialIdentity,
-  AwsCredentialIdentityProvider,
-  Pluggable,
-} from "@smithy/types";
-export interface FromTemporaryCredentialsOptions
-  extends CredentialProviderOptions {
-  params: Pick<
-    AssumeRoleCommandInput,
-    Exclude<keyof AssumeRoleCommandInput, "RoleSessionName">
-  > & {
-    RoleSessionName?: string;
-  };
-  masterCredentials?: AwsCredentialIdentity | AwsCredentialIdentityProvider;
-  clientConfig?: STSClientConfig;
-  clientPlugins?: Pluggable<any, any>[];
-  mfaCodeProvider?: (mfaSerial: string) => Promise<string>;
-}
-export declare const fromTemporaryCredentials: (
-  options: FromTemporaryCredentialsOptions
-) => AwsCredentialIdentityProvider;
+import { AssumeRoleCommandInput, STSClientConfig } from "@aws-sdk/client-sts";
+import { CredentialProviderOptions } from "@aws-sdk/types";
+import { AwsCredentialIdentity, AwsCredentialIdentityProvider, Pluggable } from "@smithy/types";
+export interface FromTemporaryCredentialsOptions extends CredentialProviderOptions {
+    params: Pick<AssumeRoleCommandInput, Exclude<keyof AssumeRoleCommandInput, "RoleSessionName">> & {
+        RoleSessionName?: string;
+    };
+    masterCredentials?: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+    clientConfig?: STSClientConfig;
+    clientPlugins?: Pluggable<any, any>[];
+    mfaCodeProvider?: (mfaSerial: string) => Promise<string>;
+}
+/**
+ * Creates a credential provider function that retrieves temporary credentials from STS AssumeRole API.
+ *
+ * ```javascript
+ * import { fromTemporaryCredentials } from "@aws-sdk/credential-providers"; // ES6 import
+ * // const { fromTemporaryCredentials } = require("@aws-sdk/credential-providers"); // CommonJS import
+ *
+ * const client = new FooClient({
+ *   region,
+ *   credentials: fromTemporaryCredentials(
+ *     // Optional. The master credentials used to get and refresh temporary credentials from AWS STS. If skipped, it uses
+ *     // the default credential resolved by internal STS client.
+ *     masterCredentials: fromTemporaryCredentials({
+ *       params: { RoleArn: "arn:aws:iam::1234567890:role/RoleA" }
+ *     }),
+ *     // Required. Options passed to STS AssumeRole operation.
+ *     params: {
+ *       // Required. ARN of role to assume.
+ *       RoleArn: "arn:aws:iam::1234567890:role/RoleB",
+ *       // Optional. An identifier for the assumed role session. If skipped, it generates a random session name with
+ *       // prefix of 'aws-sdk-js-'.
+ *       RoleSessionName: "aws-sdk-js-123",
+ *       // Optional. The duration, in seconds, of the role session.
+ *       DurationSeconds: 3600
+ *       //... For more options see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
+ *     },
+ *     // Optional. Custom STS client configurations overriding the default ones.
+ *     clientConfig: { region },
+ *     // Optional. Custom STS client middleware plugin to modify the client default behavior.
+ *     // e.g. adding custom headers.
+ *     clientPlugins: [addFooHeadersPlugin],
+ *     // Optional. A function that returns a promise fulfilled with an MFA token code for the provided MFA Serial code.
+ *     // Required if `params` has `SerialNumber` config.
+ *     mfaCodeProvider: async mfaSerial => {
+ *       return "token"
+ *     }
+ *   ),
+ * });
+ * ```
+ */
+export declare const fromTemporaryCredentials: (options: FromTemporaryCredentialsOptions) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromTokenFile.d.ts

@@ -1,5 +1,31 @@
-import { FromTokenFileInit } from "@aws-sdk/credential-provider-web-identity";
-import { AwsCredentialIdentityProvider } from "@smithy/types";
-export declare const fromTokenFile: (
-  init?: FromTokenFileInit
-) => AwsCredentialIdentityProvider;
+import { FromTokenFileInit } from "@aws-sdk/credential-provider-web-identity";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
+/**
+ * Creates a credential provider function that reads OIDC token from given file, then call STS.AssumeRoleWithWebIdentity
+ * API. The configurations must be specified in environmental variables:
+ *
+ * - Reads file location of where the OIDC token is stored from either provided option `webIdentityTokenFile` or
+ *   environment variable `AWS_WEB_IDENTITY_TOKEN_FILE`.
+ * - Reads IAM role wanting to be assumed from either provided option `roleArn` or environment variable `AWS_ROLE_ARN`.
+ * - Reads optional role session name to be used to distinguish sessions from provided option `roleSessionName` or
+ *   environment variable `AWS_ROLE_SESSION_NAME`.
+ *   If session name is not defined, it comes up with a role session name.
+ * - Reads OIDC token from file on disk.
+ * - Calls sts:AssumeRoleWithWebIdentity via `roleAssumerWithWebIdentity` option to get credentials.
+ *
+ * ```javascript
+ * import { fromTokenFile } from "@aws-sdk/credential-providers"; // ES6 import
+ * // const { fromTokenFile } = require("@aws-sdk/credential-providers"); // CommonJS import
+ *
+ * const client = new FooClient({
+ *   credentials: fromTokenFile({
+ *     // Optional. STS client config to make the assume role request.
+ *     clientConfig: { region }
+ *     // Optional. Custom STS client middleware plugin to modify the client default behavior.
+ *     // e.g. adding custom headers.
+ *     clientPlugins: [addFooHeadersPlugin],
+ *   });
+ * });
+ * ```
+ */
+export declare const fromTokenFile: (init?: FromTokenFileInit) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/fromWebToken.d.ts

@@ -1,5 +1,40 @@
-import { FromWebTokenInit } from "@aws-sdk/credential-provider-web-identity";
-import { AwsCredentialIdentityProvider } from "@smithy/types";
-export declare const fromWebToken: (
-  init: FromWebTokenInit
-) => AwsCredentialIdentityProvider;
+import { FromWebTokenInit } from "@aws-sdk/credential-provider-web-identity";
+import { AwsCredentialIdentityProvider } from "@smithy/types";
+/**
+ * Creates a credential provider function that gets credentials calling STS
+ * AssumeRoleWithWebIdentity API.
+ *
+ * ```javascript
+ * import { fromWebToken } from "@aws-sdk/credential-providers"; // ES6 import
+ * // const { fromWebToken } = require("@aws-sdk/credential-providers"); // CommonJS import
+ *
+ * const dynamodb = new DynamoDBClient({
+ *   region,
+ *   credentials: fromWebToken({
+ *     // Required. ARN of the role that the caller is assuming.
+ *     roleArn: "arn:aws:iam::1234567890:role/RoleA",
+ *     // Required. The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider.
+ *     webIdentityToken: await openIdProvider()
+ *     // Optional. Custom STS client configurations overriding the default ones.
+ *     clientConfig: { region }
+ *     // Optional. Custom STS client middleware plugin to modify the client default behavior.
+ *     // e.g. adding custom headers.
+ *     clientPlugins: [addFooHeadersPlugin],
+ *     // Optional. A function that assumes a role with web identity and returns a promise fulfilled with credentials for
+ *     // the assumed role.
+ *     roleAssumerWithWebIdentity,
+ *     // Optional. An identifier for the assumed role session.
+ *     roleSessionName: "session_123",
+ *     // Optional. The fully qualified host component of the domain name of the identity provider.
+ *     providerId: "graph.facebook.com",
+ *     // Optional. ARNs of the IAM managed policies that you want to use as managed session.
+ *     policyArns: [{arn: "arn:aws:iam::1234567890:policy/SomePolicy"}],
+ *     // Optional. An IAM policy in JSON format that you want to use as an inline session policy.
+ *     policy: "JSON_STRING",
+ *     // Optional. The duration, in seconds, of the role session. Default to 3600.
+ *     durationSeconds: 7200
+ *   }),
+ * });
+ * ```
+ */
+export declare const fromWebToken: (init: FromWebTokenInit) => AwsCredentialIdentityProvider;

package/dist-types/ts3.4/index.browser.d.ts

@@ -1,9 +1,6 @@
-export * from "./fromCognitoIdentity";
-export * from "./fromCognitoIdentityPool";
-export { fromHttp } from "@aws-sdk/credential-provider-http";
-export {
-  FromHttpOptions,
-  HttpProviderCredentials,
-} from "@aws-sdk/credential-provider-http";
-export * from "./fromTemporaryCredentials";
-export * from "./fromWebToken";
+export * from "./fromCognitoIdentity";
+export * from "./fromCognitoIdentityPool";
+export { fromHttp } from "@aws-sdk/credential-provider-http";
+export { FromHttpOptions, HttpProviderCredentials } from "@aws-sdk/credential-provider-http";
+export * from "./fromTemporaryCredentials";
+export * from "./fromWebToken";

package/dist-types/ts3.4/index.d.ts

@@ -1,17 +1,13 @@
-export * from "./fromCognitoIdentity";
-export * from "./fromCognitoIdentityPool";
-export * from "./fromContainerMetadata";
-export * from "./fromEnv";
-export {
-  fromHttp,
-  FromHttpOptions,
-  HttpProviderCredentials,
-} from "@aws-sdk/credential-provider-http";
-export * from "./fromIni";
-export * from "./fromInstanceMetadata";
-export * from "./fromNodeProviderChain";
-export * from "./fromProcess";
-export * from "./fromSSO";
-export * from "./fromTemporaryCredentials";
-export * from "./fromTokenFile";
-export * from "./fromWebToken";
+export * from "./fromCognitoIdentity";
+export * from "./fromCognitoIdentityPool";
+export * from "./fromContainerMetadata";
+export * from "./fromEnv";
+export { fromHttp, FromHttpOptions, HttpProviderCredentials } from "@aws-sdk/credential-provider-http";
+export * from "./fromIni";
+export * from "./fromInstanceMetadata";
+export * from "./fromNodeProviderChain";
+export * from "./fromProcess";
+export * from "./fromSSO";
+export * from "./fromTemporaryCredentials";
+export * from "./fromTokenFile";
+export * from "./fromWebToken";

package/dist-types/ts3.4/loadSts.d.ts

@@ -1,2 +1,2 @@
-import { AssumeRoleCommand, STSClient } from "@aws-sdk/client-sts";
-export { AssumeRoleCommand, STSClient };
+import { AssumeRoleCommand, STSClient } from "@aws-sdk/client-sts";
+export { AssumeRoleCommand, STSClient };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aws-sdk/credential-providers",
-  "version": "3.504.0",
+  "version": "3.504.1",
   "description": "A collection of credential providers, without requiring service clients like STS, Cognito",
   "main": "./dist-cjs/index.js",
   "module": "./dist-es/index.js",