@aws-sdk/nested-clients 3.730.0

package/dist-types/submodules/sts/STSClient.d.ts

@@ -0,0 +1,192 @@
+import { HostHeaderInputConfig, HostHeaderResolvedConfig } from "@aws-sdk/middleware-host-header";
+import { UserAgentInputConfig, UserAgentResolvedConfig } from "@aws-sdk/middleware-user-agent";
+import { RegionInputConfig, RegionResolvedConfig } from "@smithy/config-resolver";
+import { EndpointInputConfig, EndpointResolvedConfig } from "@smithy/middleware-endpoint";
+import { RetryInputConfig, RetryResolvedConfig } from "@smithy/middleware-retry";
+import { HttpHandlerUserInput as __HttpHandlerUserInput } from "@smithy/protocol-http";
+import { Client as __Client, DefaultsMode as __DefaultsMode, SmithyConfiguration as __SmithyConfiguration, SmithyResolvedConfiguration as __SmithyResolvedConfiguration } from "@smithy/smithy-client";
+import { AwsCredentialIdentityProvider, BodyLengthCalculator as __BodyLengthCalculator, CheckOptionalClientConfig as __CheckOptionalClientConfig, ChecksumConstructor as __ChecksumConstructor, Decoder as __Decoder, Encoder as __Encoder, HashConstructor as __HashConstructor, HttpHandlerOptions as __HttpHandlerOptions, Logger as __Logger, Provider as __Provider, Provider, StreamCollector as __StreamCollector, UrlParser as __UrlParser, UserAgent as __UserAgent } from "@smithy/types";
+import { HttpAuthSchemeInputConfig, HttpAuthSchemeResolvedConfig } from "./auth/httpAuthSchemeProvider";
+import { AssumeRoleCommandInput, AssumeRoleCommandOutput } from "./commands/AssumeRoleCommand";
+import { AssumeRoleWithWebIdentityCommandInput, AssumeRoleWithWebIdentityCommandOutput } from "./commands/AssumeRoleWithWebIdentityCommand";
+import { ClientInputEndpointParameters, ClientResolvedEndpointParameters, EndpointParameters } from "./endpoint/EndpointParameters";
+import { RuntimeExtension, RuntimeExtensionsConfig } from "./runtimeExtensions";
+export { __Client };
+/**
+ * @public
+ */
+export type ServiceInputTypes = AssumeRoleCommandInput | AssumeRoleWithWebIdentityCommandInput;
+/**
+ * @public
+ */
+export type ServiceOutputTypes = AssumeRoleCommandOutput | AssumeRoleWithWebIdentityCommandOutput;
+/**
+ * @public
+ */
+export interface ClientDefaults extends Partial<__SmithyConfiguration<__HttpHandlerOptions>> {
+    /**
+     * The HTTP handler to use or its constructor options. Fetch in browser and Https in Nodejs.
+     */
+    requestHandler?: __HttpHandlerUserInput;
+    /**
+     * A constructor for a class implementing the {@link @smithy/types#ChecksumConstructor} interface
+     * that computes the SHA-256 HMAC or checksum of a string or binary buffer.
+     * @internal
+     */
+    sha256?: __ChecksumConstructor | __HashConstructor;
+    /**
+     * The function that will be used to convert strings into HTTP endpoints.
+     * @internal
+     */
+    urlParser?: __UrlParser;
+    /**
+     * A function that can calculate the length of a request body.
+     * @internal
+     */
+    bodyLengthChecker?: __BodyLengthCalculator;
+    /**
+     * A function that converts a stream into an array of bytes.
+     * @internal
+     */
+    streamCollector?: __StreamCollector;
+    /**
+     * The function that will be used to convert a base64-encoded string to a byte array.
+     * @internal
+     */
+    base64Decoder?: __Decoder;
+    /**
+     * The function that will be used to convert binary data to a base64-encoded string.
+     * @internal
+     */
+    base64Encoder?: __Encoder;
+    /**
+     * The function that will be used to convert a UTF8-encoded string to a byte array.
+     * @internal
+     */
+    utf8Decoder?: __Decoder;
+    /**
+     * The function that will be used to convert binary data to a UTF-8 encoded string.
+     * @internal
+     */
+    utf8Encoder?: __Encoder;
+    /**
+     * The runtime environment.
+     * @internal
+     */
+    runtime?: string;
+    /**
+     * Disable dynamically changing the endpoint of the client based on the hostPrefix
+     * trait of an operation.
+     */
+    disableHostPrefix?: boolean;
+    /**
+     * Unique service identifier.
+     * @internal
+     */
+    serviceId?: string;
+    /**
+     * Enables IPv6/IPv4 dualstack endpoint.
+     */
+    useDualstackEndpoint?: boolean | __Provider<boolean>;
+    /**
+     * Enables FIPS compatible endpoints.
+     */
+    useFipsEndpoint?: boolean | __Provider<boolean>;
+    /**
+     * The AWS region to which this client will send requests
+     */
+    region?: string | __Provider<string>;
+    /**
+     * Setting a client profile is similar to setting a value for the
+     * AWS_PROFILE environment variable. Setting a profile on a client
+     * in code only affects the single client instance, unlike AWS_PROFILE.
+     *
+     * When set, and only for environments where an AWS configuration
+     * file exists, fields configurable by this file will be retrieved
+     * from the specified profile within that file.
+     * Conflicting code configuration and environment variables will
+     * still have higher priority.
+     *
+     * For client credential resolution that involves checking the AWS
+     * configuration file, the client's profile (this value) will be
+     * used unless a different profile is set in the credential
+     * provider options.
+     *
+     */
+    profile?: string;
+    /**
+     * The provider populating default tracking information to be sent with `user-agent`, `x-amz-user-agent` header
+     * @internal
+     */
+    defaultUserAgentProvider?: Provider<__UserAgent>;
+    /**
+     * Default credentials provider; Not available in browser runtime.
+     * @deprecated
+     * @internal
+     */
+    credentialDefaultProvider?: (input: any) => AwsCredentialIdentityProvider;
+    /**
+     * Value for how many times a request will be made at most in case of retry.
+     */
+    maxAttempts?: number | __Provider<number>;
+    /**
+     * Specifies which retry algorithm to use.
+     * @see https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-smithy-util-retry/Enum/RETRY_MODES/
+     *
+     */
+    retryMode?: string | __Provider<string>;
+    /**
+     * Optional logger for logging debug/info/warn/error.
+     */
+    logger?: __Logger;
+    /**
+     * Optional extensions
+     */
+    extensions?: RuntimeExtension[];
+    /**
+     * The {@link @smithy/smithy-client#DefaultsMode} that will be used to determine how certain default configuration options are resolved in the SDK.
+     */
+    defaultsMode?: __DefaultsMode | __Provider<__DefaultsMode>;
+}
+/**
+ * @public
+ */
+export type STSClientConfigType = Partial<__SmithyConfiguration<__HttpHandlerOptions>> & ClientDefaults & UserAgentInputConfig & RetryInputConfig & RegionInputConfig & HostHeaderInputConfig & EndpointInputConfig<EndpointParameters> & HttpAuthSchemeInputConfig & ClientInputEndpointParameters;
+/**
+ * @public
+ *
+ *  The configuration interface of STSClient class constructor that set the region, credentials and other options.
+ */
+export interface STSClientConfig extends STSClientConfigType {
+}
+/**
+ * @public
+ */
+export type STSClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOptions> & Required<ClientDefaults> & RuntimeExtensionsConfig & UserAgentResolvedConfig & RetryResolvedConfig & RegionResolvedConfig & HostHeaderResolvedConfig & EndpointResolvedConfig<EndpointParameters> & HttpAuthSchemeResolvedConfig & ClientResolvedEndpointParameters;
+/**
+ * @public
+ *
+ *  The resolved configuration interface of STSClient class. This is resolved and normalized from the {@link STSClientConfig | constructor configuration interface}.
+ */
+export interface STSClientResolvedConfig extends STSClientResolvedConfigType {
+}
+/**
+ * <fullname>Security Token Service</fullname>
+ *          <p>Security Token Service (STS) enables you to request temporary, limited-privilege
+ *       credentials for users. This guide provides descriptions of the STS API. For
+ *       more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p>
+ * @public
+ */
+export declare class STSClient extends __Client<__HttpHandlerOptions, ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig> {
+    /**
+     * The resolved configuration of STSClient class. This is resolved and normalized from the {@link STSClientConfig | constructor configuration interface}.
+     */
+    readonly config: STSClientResolvedConfig;
+    constructor(...[configuration]: __CheckOptionalClientConfig<STSClientConfig>);
+    /**
+     * Destroy underlying resources, like sockets. It's usually not necessary to do this.
+     * However in Node.js, it's best to explicitly shut down the client's agent when it is no longer needed.
+     * Otherwise, sockets might stay open for quite a long time before the server terminates them.
+     */
+    destroy(): void;
+}

package/dist-types/submodules/sts/auth/httpAuthExtensionConfiguration.d.ts

@@ -0,0 +1,29 @@
+import { AwsCredentialIdentity, AwsCredentialIdentityProvider, HttpAuthScheme } from "@smithy/types";
+import { STSHttpAuthSchemeProvider } from "./httpAuthSchemeProvider";
+/**
+ * @internal
+ */
+export interface HttpAuthExtensionConfiguration {
+    setHttpAuthScheme(httpAuthScheme: HttpAuthScheme): void;
+    httpAuthSchemes(): HttpAuthScheme[];
+    setHttpAuthSchemeProvider(httpAuthSchemeProvider: STSHttpAuthSchemeProvider): void;
+    httpAuthSchemeProvider(): STSHttpAuthSchemeProvider;
+    setCredentials(credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider): void;
+    credentials(): AwsCredentialIdentity | AwsCredentialIdentityProvider | undefined;
+}
+/**
+ * @internal
+ */
+export type HttpAuthRuntimeConfig = Partial<{
+    httpAuthSchemes: HttpAuthScheme[];
+    httpAuthSchemeProvider: STSHttpAuthSchemeProvider;
+    credentials: AwsCredentialIdentity | AwsCredentialIdentityProvider;
+}>;
+/**
+ * @internal
+ */
+export declare const getHttpAuthExtensionConfiguration: (runtimeConfig: HttpAuthRuntimeConfig) => HttpAuthExtensionConfiguration;
+/**
+ * @internal
+ */
+export declare const resolveHttpAuthRuntimeConfig: (config: HttpAuthExtensionConfiguration) => HttpAuthRuntimeConfig;

package/dist-types/submodules/sts/auth/httpAuthSchemeProvider.d.ts

@@ -0,0 +1,71 @@
+import { AwsSdkSigV4AuthInputConfig, AwsSdkSigV4AuthResolvedConfig, AwsSdkSigV4PreviouslyResolved } from "@aws-sdk/core";
+import { Client, HandlerExecutionContext, HttpAuthScheme, HttpAuthSchemeParameters, HttpAuthSchemeParametersProvider, HttpAuthSchemeProvider } from "@smithy/types";
+import { STSClientResolvedConfig } from "../STSClient";
+/**
+ * @internal
+ */
+export interface STSHttpAuthSchemeParameters extends HttpAuthSchemeParameters {
+    region?: string;
+}
+/**
+ * @internal
+ */
+export interface STSHttpAuthSchemeParametersProvider extends HttpAuthSchemeParametersProvider<STSClientResolvedConfig, HandlerExecutionContext, STSHttpAuthSchemeParameters, object> {
+}
+/**
+ * @internal
+ */
+export declare const defaultSTSHttpAuthSchemeParametersProvider: (config: STSClientResolvedConfig, context: HandlerExecutionContext, input: object) => Promise<STSHttpAuthSchemeParameters>;
+/**
+ * @internal
+ */
+export interface STSHttpAuthSchemeProvider extends HttpAuthSchemeProvider<STSHttpAuthSchemeParameters> {
+}
+/**
+ * @internal
+ */
+export declare const defaultSTSHttpAuthSchemeProvider: STSHttpAuthSchemeProvider;
+export interface StsAuthInputConfig {
+}
+export interface StsAuthResolvedConfig {
+    /**
+     * Reference to STSClient class constructor.
+     * @internal
+     */
+    stsClientCtor: new (clientConfig: any) => Client<any, any, any>;
+}
+export declare const resolveStsAuthConfig: <T>(input: T & StsAuthInputConfig) => T & StsAuthResolvedConfig;
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeInputConfig extends StsAuthInputConfig, AwsSdkSigV4AuthInputConfig {
+    /**
+     * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+     * @internal
+     */
+    httpAuthSchemes?: HttpAuthScheme[];
+    /**
+     * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+     * @internal
+     */
+    httpAuthSchemeProvider?: STSHttpAuthSchemeProvider;
+}
+/**
+ * @internal
+ */
+export interface HttpAuthSchemeResolvedConfig extends StsAuthResolvedConfig, AwsSdkSigV4AuthResolvedConfig {
+    /**
+     * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
+     * @internal
+     */
+    readonly httpAuthSchemes: HttpAuthScheme[];
+    /**
+     * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
+     * @internal
+     */
+    readonly httpAuthSchemeProvider: STSHttpAuthSchemeProvider;
+}
+/**
+ * @internal
+ */
+export declare const resolveHttpAuthSchemeConfig: <T>(config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved) => T & HttpAuthSchemeResolvedConfig;

package/dist-types/submodules/sts/commands/AssumeRoleCommand.d.ts

@@ -0,0 +1,222 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { AssumeRoleRequest, AssumeRoleResponse } from "../models/models_0";
+import { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link AssumeRoleCommand}.
+ */
+export interface AssumeRoleCommandInput extends AssumeRoleRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link AssumeRoleCommand}.
+ */
+export interface AssumeRoleCommandOutput extends AssumeRoleResponse, __MetadataBearer {
+}
+declare const AssumeRoleCommand_base: {
+    new (input: AssumeRoleCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRoleCommandInput, AssumeRoleCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (__0_0: AssumeRoleCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRoleCommandInput, AssumeRoleCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Returns a set of temporary security credentials that you can use to access Amazon Web Services
+ *          resources. These temporary credentials consist of an access key ID, a secret access key,
+ *          and a security token. Typically, you use <code>AssumeRole</code> within your account or for
+ *          cross-account access. For a comparison of <code>AssumeRole</code> with other API operations
+ *          that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
+ *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
+ *             credentials</a> in the <i>IAM User Guide</i>.</p>
+ *          <p>
+ *             <b>Permissions</b>
+ *          </p>
+ *          <p>The temporary security credentials created by <code>AssumeRole</code> can be used to
+ *          make API calls to any Amazon Web Services service with the following exception: You cannot call the
+ *          Amazon Web Services STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API
+ *          operations.</p>
+ *          <p>(Optional) You can pass inline or managed session policies to this operation. You can
+ *          pass a single JSON policy document to use as an inline session policy. You can also specify
+ *          up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies.
+ *          The plaintext that you use for both inline and managed session policies can't exceed 2,048
+ *          characters. Passing policies to this operation returns new
+ *          temporary credentials. The resulting session's permissions are the intersection of the
+ *          role's identity-based policy and the session policies. You can use the role's temporary
+ *          credentials in subsequent Amazon Web Services API calls to access resources in the account that owns
+ *          the role. You cannot use session policies to grant more permissions than those allowed
+ *          by the identity-based policy of the role that is being assumed. For more information, see
+ *             <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
+ *             Policies</a> in the <i>IAM User Guide</i>.</p>
+ *          <p>When you create a role, you create two policies: a role trust policy that specifies
+ *             <i>who</i> can assume the role, and a permissions policy that specifies
+ *             <i>what</i> can be done with the role. You specify the trusted principal
+ *          that is allowed to assume the role in the role trust policy.</p>
+ *          <p>To assume a role from a different account, your Amazon Web Services account must be trusted by the
+ *          role. The trust relationship is defined in the role's trust policy when the role is
+ *          created. That trust policy states which accounts are allowed to delegate that access to
+ *          users in the account. </p>
+ *          <p>A user who wants to access a role in a different account must also have permissions that
+ *          are delegated from the account administrator. The administrator must attach a policy that
+ *          allows the user to call <code>AssumeRole</code> for the ARN of the role in the other
+ *          account.</p>
+ *          <p>To allow a user to assume a role in the same account, you can do either of the
+ *          following:</p>
+ *          <ul>
+ *             <li>
+ *                <p>Attach a policy to the user that allows the user to call <code>AssumeRole</code>
+ *                (as long as the role's trust policy trusts the account).</p>
+ *             </li>
+ *             <li>
+ *                <p>Add the user as a principal directly in the role's trust policy.</p>
+ *             </li>
+ *          </ul>
+ *          <p>You can do either because the role’s trust policy acts as an IAM resource-based
+ *          policy. When a resource-based policy grants access to a principal in the same account, no
+ *          additional identity-based policy is required. For more information about trust policies and
+ *          resource-based policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html">IAM Policies</a> in the
+ *             <i>IAM User Guide</i>.</p>
+ *          <p>
+ *             <b>Tags</b>
+ *          </p>
+ *          <p>(Optional) You can pass tag key-value pairs to your session. These tags are called
+ *          session tags. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
+ *             <i>IAM User Guide</i>.</p>
+ *          <p>An administrator must grant you the permissions necessary to pass session tags. The
+ *          administrator can also create granular permissions to allow you to pass only specific
+ *          session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
+ *             for Attribute-Based Access Control</a> in the
+ *          <i>IAM User Guide</i>.</p>
+ *          <p>You can set the session tags as transitive. Transitive tags persist during role
+ *          chaining. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining">Chaining Roles
+ *             with Session Tags</a> in the <i>IAM User Guide</i>.</p>
+ *          <p>
+ *             <b>Using MFA with AssumeRole</b>
+ *          </p>
+ *          <p>(Optional) You can include multi-factor authentication (MFA) information when you call
+ *             <code>AssumeRole</code>. This is useful for cross-account scenarios to ensure that the
+ *          user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that
+ *          scenario, the trust policy of the role being assumed includes a condition that tests for
+ *          MFA authentication. If the caller does not include valid MFA information, the request to
+ *          assume the role is denied. The condition in a trust policy that tests for MFA
+ *          authentication might look like the following example.</p>
+ *          <p>
+ *             <code>"Condition": \{"Bool": \{"aws:MultiFactorAuthPresent": true\}\}</code>
+ *          </p>
+ *          <p>For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html">Configuring MFA-Protected API Access</a>
+ *          in the <i>IAM User Guide</i> guide.</p>
+ *          <p>To use MFA with <code>AssumeRole</code>, you pass values for the
+ *             <code>SerialNumber</code> and <code>TokenCode</code> parameters. The
+ *             <code>SerialNumber</code> value identifies the user's hardware or virtual MFA device.
+ *          The <code>TokenCode</code> is the time-based one-time password (TOTP) that the MFA device
+ *          produces. </p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, AssumeRoleCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, AssumeRoleCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * const client = new STSClient(config);
+ * const input = { // AssumeRoleRequest
+ *   RoleArn: "STRING_VALUE", // required
+ *   RoleSessionName: "STRING_VALUE", // required
+ *   PolicyArns: [ // policyDescriptorListType
+ *     { // PolicyDescriptorType
+ *       arn: "STRING_VALUE",
+ *     },
+ *   ],
+ *   Policy: "STRING_VALUE",
+ *   DurationSeconds: Number("int"),
+ *   Tags: [ // tagListType
+ *     { // Tag
+ *       Key: "STRING_VALUE", // required
+ *       Value: "STRING_VALUE", // required
+ *     },
+ *   ],
+ *   TransitiveTagKeys: [ // tagKeyListType
+ *     "STRING_VALUE",
+ *   ],
+ *   ExternalId: "STRING_VALUE",
+ *   SerialNumber: "STRING_VALUE",
+ *   TokenCode: "STRING_VALUE",
+ *   SourceIdentity: "STRING_VALUE",
+ *   ProvidedContexts: [ // ProvidedContextsListType
+ *     { // ProvidedContext
+ *       ProviderArn: "STRING_VALUE",
+ *       ContextAssertion: "STRING_VALUE",
+ *     },
+ *   ],
+ * };
+ * const command = new AssumeRoleCommand(input);
+ * const response = await client.send(command);
+ * // { // AssumeRoleResponse
+ * //   Credentials: { // Credentials
+ * //     AccessKeyId: "STRING_VALUE", // required
+ * //     SecretAccessKey: "STRING_VALUE", // required
+ * //     SessionToken: "STRING_VALUE", // required
+ * //     Expiration: new Date("TIMESTAMP"), // required
+ * //   },
+ * //   AssumedRoleUser: { // AssumedRoleUser
+ * //     AssumedRoleId: "STRING_VALUE", // required
+ * //     Arn: "STRING_VALUE", // required
+ * //   },
+ * //   PackedPolicySize: Number("int"),
+ * //   SourceIdentity: "STRING_VALUE",
+ * // };
+ *
+ * ```
+ *
+ * @param AssumeRoleCommandInput - {@link AssumeRoleCommandInput}
+ * @returns {@link AssumeRoleCommandOutput}
+ * @see {@link AssumeRoleCommandInput} for command's `input` shape.
+ * @see {@link AssumeRoleCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ * @throws {@link ExpiredTokenException} (client fault)
+ *  <p>The web identity token that was passed is expired or is not valid. Get a new identity
+ *             token from the identity provider and then retry the request.</p>
+ *
+ * @throws {@link MalformedPolicyDocumentException} (client fault)
+ *  <p>The request was rejected because the policy document was malformed. The error message
+ *             describes the specific error.</p>
+ *
+ * @throws {@link PackedPolicyTooLargeException} (client fault)
+ *  <p>The request was rejected because the total packed size of the session policies and
+ *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
+ *             document, session policy ARNs, and session tags into a packed binary format that has a
+ *             separate limit. The error message indicates by percentage how close the policies and
+ *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
+ *             the <i>IAM User Guide</i>.</p>
+ *          <p>You could receive this error even though you meet other defined session policy and
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
+ *
+ * @throws {@link RegionDisabledException} (client fault)
+ *  <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
+ *
+ * @throws {@link STSServiceException}
+ * <p>Base exception class for all service exceptions from STS service.</p>
+ *
+ * @public
+ */
+export declare class AssumeRoleCommand extends AssumeRoleCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: AssumeRoleRequest;
+            output: AssumeRoleResponse;
+        };
+        sdk: {
+            input: AssumeRoleCommandInput;
+            output: AssumeRoleCommandOutput;
+        };
+    };
+}