@cdk8s/awscdk-resolver 0.0.198 → 0.0.200

package/node_modules/@aws-sdk/client-sts/dist-es/protocols/Aws_query.js

@@ -33,6 +33,16 @@ export const se_AssumeRoleWithWebIdentityCommand = async (input, context) => {
     });
     return buildHttpRpcRequest(context, headers, "/", undefined, body);
 };
+export const se_AssumeRootCommand = async (input, context) => {
+    const headers = SHARED_HEADERS;
+    let body;
+    body = buildFormUrlencodedString({
+        ...se_AssumeRootRequest(input, context),
+        [_A]: _ARs,
+        [_V]: _,
+    });
+    return buildHttpRpcRequest(context, headers, "/", undefined, body);
+};
 export const se_DecodeAuthorizationMessageCommand = async (input, context) => {
     const headers = SHARED_HEADERS;
     let body;
@@ -122,6 +132,19 @@ export const de_AssumeRoleWithWebIdentityCommand = async (output, context) => {
     };
     return response;
 };
+export const de_AssumeRootCommand = async (output, context) => {
+    if (output.statusCode >= 300) {
+        return de_CommandError(output, context);
+    }
+    const data = await parseBody(output.body, context);
+    let contents = {};
+    contents = de_AssumeRootResponse(data.AssumeRootResult, context);
+    const response = {
+        $metadata: deserializeMetadata(output),
+        ...contents,
+    };
+    return response;
+};
 export const de_DecodeAuthorizationMessageCommand = async (output, context) => {
     if (output.statusCode >= 300) {
         return de_CommandError(output, context);
@@ -428,6 +451,23 @@ const se_AssumeRoleWithWebIdentityRequest = (input, context) => {
     }
     return entries;
 };
+const se_AssumeRootRequest = (input, context) => {
+    const entries = {};
+    if (input[_TP] != null) {
+        entries[_TP] = input[_TP];
+    }
+    if (input[_TPA] != null) {
+        const memberEntries = se_PolicyDescriptorType(input[_TPA], context);
+        Object.entries(memberEntries).forEach(([key, value]) => {
+            const loc = `TaskPolicyArn.${key}`;
+            entries[loc] = value;
+        });
+    }
+    if (input[_DS] != null) {
+        entries[_DS] = input[_DS];
+    }
+    return entries;
+};
 const se_DecodeAuthorizationMessageRequest = (input, context) => {
     const entries = {};
     if (input[_EM] != null) {
@@ -658,6 +698,16 @@ const de_AssumeRoleWithWebIdentityResponse = (output, context) => {
     }
     return contents;
 };
+const de_AssumeRootResponse = (output, context) => {
+    const contents = {};
+    if (output[_C] != null) {
+        contents[_C] = de_Credentials(output[_C], context);
+    }
+    if (output[_SI] != null) {
+        contents[_SI] = __expectString(output[_SI]);
+    }
+    return contents;
+};
 const de_Credentials = (output, context) => {
     const contents = {};
     if (output[_AKI] != null) {
@@ -824,6 +874,7 @@ const _ARI = "AssumedRoleId";
 const _ARU = "AssumedRoleUser";
 const _ARWSAML = "AssumeRoleWithSAML";
 const _ARWWI = "AssumeRoleWithWebIdentity";
+const _ARs = "AssumeRoot";
 const _Ac = "Account";
 const _Ar = "Arn";
 const _Au = "Audience";
@@ -865,6 +916,8 @@ const _ST = "SubjectType";
 const _STe = "SessionToken";
 const _T = "Tags";
 const _TC = "TokenCode";
+const _TP = "TargetPrincipal";
+const _TPA = "TaskPolicyArn";
 const _TTK = "TransitiveTagKeys";
 const _UI = "UserId";
 const _V = "Version";

package/node_modules/@aws-sdk/client-sts/dist-types/STS.d.ts

@@ -2,6 +2,7 @@ import { HttpHandlerOptions as __HttpHandlerOptions } from "@smithy/types";
 import { AssumeRoleCommandInput, AssumeRoleCommandOutput } from "./commands/AssumeRoleCommand";
 import { AssumeRoleWithSAMLCommandInput, AssumeRoleWithSAMLCommandOutput } from "./commands/AssumeRoleWithSAMLCommand";
 import { AssumeRoleWithWebIdentityCommandInput, AssumeRoleWithWebIdentityCommandOutput } from "./commands/AssumeRoleWithWebIdentityCommand";
+import { AssumeRootCommandInput, AssumeRootCommandOutput } from "./commands/AssumeRootCommand";
 import { DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput } from "./commands/DecodeAuthorizationMessageCommand";
 import { GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput } from "./commands/GetAccessKeyInfoCommand";
 import { GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput } from "./commands/GetCallerIdentityCommand";
@@ -27,6 +28,12 @@ export interface STS {
     assumeRoleWithWebIdentity(args: AssumeRoleWithWebIdentityCommandInput, options?: __HttpHandlerOptions): Promise<AssumeRoleWithWebIdentityCommandOutput>;
     assumeRoleWithWebIdentity(args: AssumeRoleWithWebIdentityCommandInput, cb: (err: any, data?: AssumeRoleWithWebIdentityCommandOutput) => void): void;
     assumeRoleWithWebIdentity(args: AssumeRoleWithWebIdentityCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AssumeRoleWithWebIdentityCommandOutput) => void): void;
+    /**
+     * @see {@link AssumeRootCommand}
+     */
+    assumeRoot(args: AssumeRootCommandInput, options?: __HttpHandlerOptions): Promise<AssumeRootCommandOutput>;
+    assumeRoot(args: AssumeRootCommandInput, cb: (err: any, data?: AssumeRootCommandOutput) => void): void;
+    assumeRoot(args: AssumeRootCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: AssumeRootCommandOutput) => void): void;
     /**
      * @see {@link DecodeAuthorizationMessageCommand}
      */

package/node_modules/@aws-sdk/client-sts/dist-types/STSClient.d.ts

@@ -10,6 +10,7 @@ import { HttpAuthSchemeInputConfig, HttpAuthSchemeResolvedConfig } from "./auth/
 import { AssumeRoleCommandInput, AssumeRoleCommandOutput } from "./commands/AssumeRoleCommand";
 import { AssumeRoleWithSAMLCommandInput, AssumeRoleWithSAMLCommandOutput } from "./commands/AssumeRoleWithSAMLCommand";
 import { AssumeRoleWithWebIdentityCommandInput, AssumeRoleWithWebIdentityCommandOutput } from "./commands/AssumeRoleWithWebIdentityCommand";
+import { AssumeRootCommandInput, AssumeRootCommandOutput } from "./commands/AssumeRootCommand";
 import { DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput } from "./commands/DecodeAuthorizationMessageCommand";
 import { GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput } from "./commands/GetAccessKeyInfoCommand";
 import { GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput } from "./commands/GetCallerIdentityCommand";
@@ -21,11 +22,11 @@ export { __Client };
 /**
  * @public
  */
-export type ServiceInputTypes = AssumeRoleCommandInput | AssumeRoleWithSAMLCommandInput | AssumeRoleWithWebIdentityCommandInput | DecodeAuthorizationMessageCommandInput | GetAccessKeyInfoCommandInput | GetCallerIdentityCommandInput | GetFederationTokenCommandInput | GetSessionTokenCommandInput;
+export type ServiceInputTypes = AssumeRoleCommandInput | AssumeRoleWithSAMLCommandInput | AssumeRoleWithWebIdentityCommandInput | AssumeRootCommandInput | DecodeAuthorizationMessageCommandInput | GetAccessKeyInfoCommandInput | GetCallerIdentityCommandInput | GetFederationTokenCommandInput | GetSessionTokenCommandInput;
 /**
  * @public
  */
-export type ServiceOutputTypes = AssumeRoleCommandOutput | AssumeRoleWithSAMLCommandOutput | AssumeRoleWithWebIdentityCommandOutput | DecodeAuthorizationMessageCommandOutput | GetAccessKeyInfoCommandOutput | GetCallerIdentityCommandOutput | GetFederationTokenCommandOutput | GetSessionTokenCommandOutput;
+export type ServiceOutputTypes = AssumeRoleCommandOutput | AssumeRoleWithSAMLCommandOutput | AssumeRoleWithWebIdentityCommandOutput | AssumeRootCommandOutput | DecodeAuthorizationMessageCommandOutput | GetAccessKeyInfoCommandOutput | GetCallerIdentityCommandOutput | GetFederationTokenCommandOutput | GetSessionTokenCommandOutput;
 /**
  * @public
  */

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRoleCommand.d.ts

@@ -32,8 +32,8 @@ declare const AssumeRoleCommand_base: {
  *          and a security token. Typically, you use <code>AssumeRole</code> within your account or for
  *          cross-account access. For a comparison of <code>AssumeRole</code> with other API operations
  *          that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
- *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
+ *             credentials</a> in the <i>IAM User Guide</i>.</p>
  *          <p>
  *             <b>Permissions</b>
  *          </p>
@@ -41,11 +41,11 @@ declare const AssumeRoleCommand_base: {
  *          make API calls to any Amazon Web Services service with the following exception: You cannot call the
  *          Amazon Web Services STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API
  *          operations.</p>
- *          <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to
- *          this operation. You can pass a single JSON policy document to use as an inline session
- *          policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as
- *          managed session policies. The plaintext that you use for both inline and managed session
- *          policies can't exceed 2,048 characters. Passing policies to this operation returns new
+ *          <p>(Optional) You can pass inline or managed session policies to this operation. You can
+ *          pass a single JSON policy document to use as an inline session policy. You can also specify
+ *          up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies.
+ *          The plaintext that you use for both inline and managed session policies can't exceed 2,048
+ *          characters. Passing policies to this operation returns new
  *          temporary credentials. The resulting session's permissions are the intersection of the
  *          role's identity-based policy and the session policies. You can use the role's temporary
  *          credentials in subsequent Amazon Web Services API calls to access resources in the account that owns
@@ -192,15 +192,15 @@ declare const AssumeRoleCommand_base: {
  *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
  *             the <i>IAM User Guide</i>.</p>
  *          <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
- *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate STS
- *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
- *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                     Guide</i>.</p>
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRoleWithSAMLCommand.d.ts

@@ -32,8 +32,8 @@ declare const AssumeRoleWithSAMLCommand_base: {
  *          enterprise identity store or directory to role-based Amazon Web Services access without user-specific
  *          credentials or configuration. For a comparison of <code>AssumeRoleWithSAML</code> with the
  *          other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
- *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
+ *             credentials</a> in the <i>IAM User Guide</i>.</p>
  *          <p>The temporary security credentials returned by this operation consist of an access key
  *          ID, a secret access key, and a security token. Applications can use these temporary
  *          security credentials to sign calls to Amazon Web Services services.</p>
@@ -230,15 +230,15 @@ declare const AssumeRoleWithSAMLCommand_base: {
  *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
  *             the <i>IAM User Guide</i>.</p>
  *          <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
- *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate STS
- *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
- *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                     Guide</i>.</p>
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRoleWithWebIdentityCommand.d.ts

@@ -47,8 +47,8 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *          using a token from the web identity provider. For a comparison of
  *             <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce
  *          temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
- *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
+ *             credentials</a> in the <i>IAM User Guide</i>.</p>
  *          <p>The temporary security credentials returned by this API consist of an access key ID, a
  *          secret access key, and a security token. Applications can use these temporary security
  *          credentials to sign calls to Amazon Web Services service API operations.</p>
@@ -60,8 +60,7 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *          optional <code>DurationSeconds</code> parameter to specify the duration of your session.
  *          You can provide a value from 900 seconds (15 minutes) up to the maximum session duration
  *          setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how
- *          to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session">View the
- *             Maximum Session Duration Setting for a Role</a> in the
+ *          to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration">Update the maximum session duration for a role </a> in the
  *             <i>IAM User Guide</i>. The maximum session duration limit applies when
  *          you use the <code>AssumeRole*</code> API operations or the <code>assume-role*</code> CLI
  *          commands. However the limit does not apply when you use those operations to create a
@@ -130,7 +129,7 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *             or a pairwise identifier, as <a href="http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes">suggested
  *                in the OIDC specification</a>.</p>
  *          </important>
- *          <p>For more information about how to use web identity federation and the
+ *          <p>For more information about how to use OIDC federation and the
  *             <code>AssumeRoleWithWebIdentity</code> API, see the following resources: </p>
  *          <ul>
  *             <li>
@@ -139,25 +138,11 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *             </li>
  *             <li>
  *                <p>
- *                   <a href="https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/"> Web Identity Federation Playground</a>. Walk through the process of
- *                authenticating through Login with Amazon, Facebook, or Google, getting temporary
- *                security credentials, and then using those credentials to make a request to Amazon Web Services.
- *             </p>
- *             </li>
- *             <li>
- *                <p>
  *                   <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits
  *                contain sample apps that show how to invoke the identity providers. The toolkits then
  *                show how to use the information from these providers to get and use temporary
  *                security credentials. </p>
  *             </li>
- *             <li>
- *                <p>
- *                   <a href="http://aws.amazon.com/articles/web-identity-federation-with-mobile-applications">Web Identity
- *                   Federation with Mobile Applications</a>. This article discusses web identity
- *                federation and shows an example of how to use web identity federation to get access
- *                to content in Amazon S3. </p>
- *             </li>
  *          </ul>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
@@ -211,11 +196,11 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *             token from the identity provider and then retry the request.</p>
  *
  * @throws {@link IDPCommunicationErrorException} (client fault)
- *  <p>The request could not be fulfilled because the identity provider (IDP) that
- *             was asked to verify the incoming identity token could not be reached. This is often a
- *             transient error caused by network conditions. Retry the request a limited number of
- *             times so that you don't exceed the request rate. If the error persists, the
- *             identity provider might be down or not responding.</p>
+ *  <p>The request could not be fulfilled because the identity provider (IDP) that was asked
+ *             to verify the incoming identity token could not be reached. This is often a transient
+ *             error caused by network conditions. Retry the request a limited number of times so that
+ *             you don't exceed the request rate. If the error persists, the identity provider might be
+ *             down or not responding.</p>
  *
  * @throws {@link IDPRejectedClaimException} (client fault)
  *  <p>The identity provider (IdP) reported that authentication failed. This might be because
@@ -239,15 +224,15 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
  *             the <i>IAM User Guide</i>.</p>
  *          <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
- *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate STS
- *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
- *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                     Guide</i>.</p>
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRootCommand.d.ts

@@ -0,0 +1,129 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { AssumeRootRequest, AssumeRootResponse } from "../models/models_0";
+import { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link AssumeRootCommand}.
+ */
+export interface AssumeRootCommandInput extends AssumeRootRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link AssumeRootCommand}.
+ */
+export interface AssumeRootCommandOutput extends AssumeRootResponse, __MetadataBearer {
+}
+declare const AssumeRootCommand_base: {
+    new (input: AssumeRootCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRootCommandInput, AssumeRootCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (__0_0: AssumeRootCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRootCommandInput, AssumeRootCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Returns a set of short term credentials you can use to perform privileged tasks in a
+ *          member account.</p>
+ *          <p>Before you can launch a privileged session, you must have enabled centralized root
+ *          access in your organization. For steps to enable this feature, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html">Centralize root access for member accounts</a> in the <i>IAM User
+ *             Guide</i>.</p>
+ *          <note>
+ *             <p>The global endpoint is not supported for AssumeRoot. You must send this request to a
+ *             Regional STS endpoint. For more information, see <a href="https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html#sts-endpoints">Endpoints</a>.</p>
+ *          </note>
+ *          <p>You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a
+ *          session. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html">Track privileged tasks
+ *             in CloudTrail</a> in the <i>IAM User Guide</i>.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, AssumeRootCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, AssumeRootCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * const client = new STSClient(config);
+ * const input = { // AssumeRootRequest
+ *   TargetPrincipal: "STRING_VALUE", // required
+ *   TaskPolicyArn: { // PolicyDescriptorType
+ *     arn: "STRING_VALUE",
+ *   },
+ *   DurationSeconds: Number("int"),
+ * };
+ * const command = new AssumeRootCommand(input);
+ * const response = await client.send(command);
+ * // { // AssumeRootResponse
+ * //   Credentials: { // Credentials
+ * //     AccessKeyId: "STRING_VALUE", // required
+ * //     SecretAccessKey: "STRING_VALUE", // required
+ * //     SessionToken: "STRING_VALUE", // required
+ * //     Expiration: new Date("TIMESTAMP"), // required
+ * //   },
+ * //   SourceIdentity: "STRING_VALUE",
+ * // };
+ *
+ * ```
+ *
+ * @param AssumeRootCommandInput - {@link AssumeRootCommandInput}
+ * @returns {@link AssumeRootCommandOutput}
+ * @see {@link AssumeRootCommandInput} for command's `input` shape.
+ * @see {@link AssumeRootCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ * @throws {@link ExpiredTokenException} (client fault)
+ *  <p>The web identity token that was passed is expired or is not valid. Get a new identity
+ *             token from the identity provider and then retry the request.</p>
+ *
+ * @throws {@link RegionDisabledException} (client fault)
+ *  <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
+ *
+ * @throws {@link STSServiceException}
+ * <p>Base exception class for all service exceptions from STS service.</p>
+ *
+ * @public
+ * @example To launch a privileged session
+ * ```javascript
+ * // The following command retrieves a set of short-term credentials you can use to unlock an S3 bucket for a member account by removing the bucket policy.
+ * const input = {
+ *   "DurationSeconds": 900,
+ *   "TargetPrincipal": "111122223333",
+ *   "TaskPolicyArn": {
+ *     "arn": "arn:aws:iam::aws:policy/root-task/S3UnlockBucketPolicy"
+ *   }
+ * };
+ * const command = new AssumeRootCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "Credentials": {
+ *     "AccessKeyId": "ASIAJEXAMPLEXEG2JICEA",
+ *     "Expiration": "2024-11-15T00:05:07Z",
+ *     "SecretAccessKey": "9drTJvcXLB89EXAMPLELB8923FB892xMFI",
+ *     "SessionToken": "AQoXdzELDDY//////////wEaoAK1wvxJY12r2IrDFT2IvAzTCn3zHoZ7YNtpiQLF0MqZye/qwjzP2iEXAMPLEbw/m3hsj8VBTkPORGvr9jM5sgP+w9IZWZnU+LWhmg+a5fDi2oTGUYcdg9uexQ4mtCHIHfi4citgqZTgco40Yqr4lIlo4V2b2Dyauk0eYFNebHtYlFVgAUj+7Indz3LU0aTWk1WKIjHmmMCIoTkyYp/k7kUG7moeEYKSitwQIi6Gjn+nyzM+PtoA3685ixzv0R7i5rjQi0YE0lf1oeie3bDiNHncmzosRM6SFiPzSvp6h/32xQuZsjcypmwsPSDtTPYcs0+YN/8BRi2/IcrxSpnWEXAMPLEXSDFTAQAM6Dl9zR0tXoybnlrZIwMLlMi1Kcgo5OytwU="
+ *   },
+ *   "SourceIdentity": "Alice"
+ * }
+ * *\/
+ * // example id: to-launch-a-privileged-session-1731335424565
+ * ```
+ *
+ */
+export declare class AssumeRootCommand extends AssumeRootCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: AssumeRootRequest;
+            output: AssumeRootResponse;
+        };
+        sdk: {
+            input: AssumeRootCommandInput;
+            output: AssumeRootCommandOutput;
+        };
+    };
+}

package/node_modules/@aws-sdk/client-sts/dist-types/commands/DecodeAuthorizationMessageCommand.d.ts

@@ -88,8 +88,8 @@ declare const DecodeAuthorizationMessageCommand_base: {
  *
  * @throws {@link InvalidAuthorizationMessageException} (client fault)
  *  <p>The error returned if the message passed to <code>DecodeAuthorizationMessage</code>
- *             was invalid. This can happen if the token contains invalid characters, such as
- *             linebreaks. </p>
+ *             was invalid. This can happen if the token contains invalid characters, such as line
+ *             breaks, or if the message has expired.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/node_modules/@aws-sdk/client-sts/dist-types/commands/GetFederationTokenCommand.d.ts

@@ -36,8 +36,8 @@ declare const GetFederationTokenCommand_base: {
  *          contexts where those credentials can be safeguarded, usually in a server-based application.
  *          For a comparison of <code>GetFederationToken</code> with the other API operations that
  *          produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
- *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
+ *             credentials</a> in the <i>IAM User Guide</i>.</p>
  *          <p>Although it is possible to call <code>GetFederationToken</code> using the security
  *          credentials of an Amazon Web Services account root user rather than an IAM user that you
  *          create for the purpose of a proxy application, we do not recommend it. For more
@@ -174,15 +174,15 @@ declare const GetFederationTokenCommand_base: {
  *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
  *             the <i>IAM User Guide</i>.</p>
  *          <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
- *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate STS
- *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
- *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                     Guide</i>.</p>
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/node_modules/@aws-sdk/client-sts/dist-types/commands/GetSessionTokenCommand.d.ts

@@ -38,8 +38,8 @@ declare const GetSessionTokenCommand_base: {
  *          calls to API operations that require MFA authentication. An incorrect MFA code causes the
  *          API to return an access denied error. For a comparison of <code>GetSessionToken</code> with
  *          the other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting
- *             Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
- *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *             Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
+ *             credentials</a> in the <i>IAM User Guide</i>.</p>
  *          <note>
  *             <p>No permissions are required for users to perform this operation. The purpose of the
  *                <code>sts:GetSessionToken</code> operation is to authenticate the user using MFA. You
@@ -118,10 +118,10 @@ declare const GetSessionTokenCommand_base: {
  *
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate STS
- *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
- *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                     Guide</i>.</p>
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/node_modules/@aws-sdk/client-sts/dist-types/commands/index.d.ts

@@ -1,6 +1,7 @@
 export * from "./AssumeRoleCommand";
 export * from "./AssumeRoleWithSAMLCommand";
 export * from "./AssumeRoleWithWebIdentityCommand";
+export * from "./AssumeRootCommand";
 export * from "./DecodeAuthorizationMessageCommand";
 export * from "./GetAccessKeyInfoCommand";
 export * from "./GetCallerIdentityCommand";