@cdk8s/awscdk-resolver 0.0.199 → 0.0.200

package/node_modules/@aws-sdk/client-sts/dist-types/models/models_0.d.ts

@@ -95,6 +95,11 @@ export interface AssumeRoleRequest {
      *          session name is also used in the ARN of the assumed role principal. This means that
      *          subsequent cross-account API requests that use the temporary security credentials will
      *          expose the role session name to the external account in their CloudTrail logs.</p>
+     *          <p>For security purposes, administrators can view this field in <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#cloudtrail-integration_signin-tempcreds">CloudTrail logs</a> to help identify who performed an action in Amazon Web Services. Your
+     *          administrator might require that you specify your user name as the session name when you
+     *          assume the role. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname">
+     *                <code>sts:RoleSessionName</code>
+     *             </a>.</p>
      *          <p>The regex used to validate this parameter is a string of characters
      *     consisting of upper- and lower-case alphanumeric characters with no spaces. You can
      *     also include underscores or any of the following characters: =,.@-</p>
@@ -148,6 +153,8 @@ export interface AssumeRoleRequest {
      *                <code>PackedPolicySize</code> response element indicates by percentage how close the
      *             policies and tags for your request are to the upper size limit.</p>
      *          </note>
+     *          <p>For more information about role session permissions, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
+     *             policies</a>.</p>
      * @public
      */
     Policy?: string | undefined;
@@ -164,9 +171,7 @@ export interface AssumeRoleRequest {
      *          specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum
      *          session duration setting for your role. However, if you assume a role using role chaining
      *          and provide a <code>DurationSeconds</code> parameter value greater than one hour, the
-     *          operation fails. To learn how to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session">View the
-     *             Maximum Session Duration Setting for a Role</a> in the
-     *             <i>IAM User Guide</i>.</p>
+     *          operation fails. To learn how to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration">Update the maximum session duration for a role</a>.</p>
      *          <p>By default, the value is set to <code>3600</code> seconds. </p>
      *          <note>
      *             <p>The <code>DurationSeconds</code> parameter is separate from the duration of a console
@@ -216,8 +221,8 @@ export interface AssumeRoleRequest {
      *          as transitive, the corresponding key and value passes to subsequent sessions in a role
      *          chain. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining">Chaining Roles
      *             with Session Tags</a> in the <i>IAM User Guide</i>.</p>
-     *          <p>This parameter is optional. When you set session tags as transitive, the session policy
-     *          and session tags packed binary limit is not affected.</p>
+     *          <p>This parameter is optional. The transitive status of a session tag does not impact its
+     *          packed binary size.</p>
      *          <p>If you choose not to specify a transitive tag key, then no tags are passed from this
      *          session to any subsequent sessions.</p>
      * @public
@@ -265,13 +270,15 @@ export interface AssumeRoleRequest {
     TokenCode?: string | undefined;
     /**
      * <p>The source identity specified by the principal that is calling the
-     *             <code>AssumeRole</code> operation.</p>
+     *             <code>AssumeRole</code> operation. The source identity value persists across <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-role-chaining">chained role</a> sessions.</p>
      *          <p>You can require users to specify a source identity when they assume a role. You do this
-     *          by using the <code>sts:SourceIdentity</code> condition key in a role trust policy. You can
-     *          use source identity information in CloudTrail logs to determine who took actions with a role.
-     *          You can use the <code>aws:SourceIdentity</code> condition key to further control access to
-     *          Amazon Web Services resources based on the value of source identity. For more information about using
-     *          source identity, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html">Monitor and control
+     *          by using the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceidentity">
+     *                <code>sts:SourceIdentity</code>
+     *             </a> condition key in a role trust policy. You
+     *          can use source identity information in CloudTrail logs to determine who took actions with a
+     *          role. You can use the <code>aws:SourceIdentity</code> condition key to further control
+     *          access to Amazon Web Services resources based on the value of source identity. For more information about
+     *          using source identity, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html">Monitor and control
      *             actions taken with assumed roles</a> in the
      *          <i>IAM User Guide</i>.</p>
      *          <p>The regex used to validate this parameter is a string of characters consisting of upper-
@@ -405,8 +412,8 @@ export declare class MalformedPolicyDocumentException extends __BaseException {
  *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
  *             the <i>IAM User Guide</i>.</p>
  *          <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
- *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  * @public
  */
 export declare class PackedPolicyTooLargeException extends __BaseException {
@@ -419,10 +426,10 @@ export declare class PackedPolicyTooLargeException extends __BaseException {
 }
 /**
  * <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate STS
- *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
- *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                     Guide</i>.</p>
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  * @public
  */
 export declare class RegionDisabledException extends __BaseException {
@@ -495,6 +502,8 @@ export interface AssumeRoleWithSAMLRequest {
      *          character to the end of the valid character list (\u0020 through \u00FF). It can also
      *          include the tab (\u0009), linefeed (\u000A), and carriage return (\u000D)
      *          characters.</p>
+     *          <p>For more information about role session permissions, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
+     *             policies</a>.</p>
      *          <note>
      *             <p>An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs,
      *             and session tags into a packed binary format that has a separate limit. Your request can
@@ -612,14 +621,16 @@ export interface AssumeRoleWithSAMLResponse {
      */
     NameQualifier?: string | undefined;
     /**
-     * <p>The value in the <code>SourceIdentity</code> attribute in the SAML assertion. </p>
+     * <p>The value in the <code>SourceIdentity</code> attribute in the SAML assertion. The source
+     *          identity value persists across <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-role-chaining">chained role</a>
+     *          sessions.</p>
      *          <p>You can require users to set a source identity value when they assume a role. You do
      *          this by using the <code>sts:SourceIdentity</code> condition key in a role trust policy.
      *          That way, actions that are taken with the role are associated with that user. After the
      *          source identity is set, the value cannot be changed. It is present in the request for all
-     *          actions that are taken by the role and persists across <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining">chained
-     *             role</a> sessions. You can configure your SAML identity provider to use an attribute
-     *          associated with your users, like user name or email, as the source identity when calling
+     *          actions that are taken by the role and persists across <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#id_roles_terms-and-concepts">chained role</a>
+     *          sessions. You can configure your SAML identity provider to use an attribute associated with
+     *          your users, like user name or email, as the source identity when calling
      *             <code>AssumeRoleWithSAML</code>. You do this by adding an attribute to the SAML
      *          assertion. For more information about using source identity, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html">Monitor and control
      *             actions taken with assumed roles</a> in the
@@ -665,6 +676,16 @@ export declare class InvalidIdentityTokenException extends __BaseException {
 export interface AssumeRoleWithWebIdentityRequest {
     /**
      * <p>The Amazon Resource Name (ARN) of the role that the caller is assuming.</p>
+     *          <note>
+     *             <p>Additional considerations apply to Amazon Cognito identity pools that assume <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies-cross-account-resource-access.html">cross-account IAM roles</a>. The trust policies of these roles must accept the
+     *                <code>cognito-identity.amazonaws.com</code> service principal and must contain the
+     *                <code>cognito-identity.amazonaws.com:aud</code> condition key to restrict role
+     *             assumption to users from your intended identity pools. A policy that trusts Amazon Cognito
+     *             identity pools without this condition creates a risk that a user from an unintended
+     *             identity pool can assume the role. For more information, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/iam-roles.html#trust-policies"> Trust policies for
+     *                IAM roles in Basic (Classic) authentication </a> in the <i>Amazon Cognito
+     *                Developer Guide</i>.</p>
+     *          </note>
      * @public
      */
     RoleArn: string | undefined;
@@ -674,6 +695,11 @@ export interface AssumeRoleWithWebIdentityRequest {
      *          security credentials that your application will use are associated with that user. This
      *          session name is included as part of the ARN and assumed role ID in the
      *             <code>AssumedRoleUser</code> response element.</p>
+     *          <p>For security purposes, administrators can view this field in <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#cloudtrail-integration_signin-tempcreds">CloudTrail logs</a> to help identify who performed an action in Amazon Web Services. Your
+     *          administrator might require that you specify your user name as the session name when you
+     *          assume the role. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname">
+     *                <code>sts:RoleSessionName</code>
+     *             </a>.</p>
      *          <p>The regex used to validate this parameter is a string of characters
      *     consisting of upper- and lower-case alphanumeric characters with no spaces. You can
      *     also include underscores or any of the following characters: =,.@-</p>
@@ -684,7 +710,8 @@ export interface AssumeRoleWithWebIdentityRequest {
      * <p>The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity
      *          provider. Your application must get this token by authenticating the user who is using your
      *          application with a web identity provider before the application makes an
-     *             <code>AssumeRoleWithWebIdentity</code> call. Only tokens with RSA algorithms (RS256) are
+     *             <code>AssumeRoleWithWebIdentity</code> call. Timestamps in the token must be formatted
+     *          as either an integer or a long integer. Only tokens with RSA algorithms (RS256) are
      *          supported.</p>
      * @public
      */
@@ -739,6 +766,8 @@ export interface AssumeRoleWithWebIdentityRequest {
      *          character to the end of the valid character list (\u0020 through \u00FF). It can also
      *          include the tab (\u0009), linefeed (\u000A), and carriage return (\u000D)
      *          characters.</p>
+     *          <p>For more information about role session permissions, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
+     *             policies</a>.</p>
      *          <note>
      *             <p>An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs,
      *             and session tags into a packed binary format that has a separate limit. Your request can
@@ -836,9 +865,9 @@ export interface AssumeRoleWithWebIdentityResponse {
      *          this by using the <code>sts:SourceIdentity</code> condition key in a role trust policy.
      *          That way, actions that are taken with the role are associated with that user. After the
      *          source identity is set, the value cannot be changed. It is present in the request for all
-     *          actions that are taken by the role and persists across <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining">chained
-     *             role</a> sessions. You can configure your identity provider to use an attribute
-     *          associated with your users, like user name or email, as the source identity when calling
+     *          actions that are taken by the role and persists across <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#id_roles_terms-and-concepts">chained role</a>
+     *          sessions. You can configure your identity provider to use an attribute associated with your
+     *          users, like user name or email, as the source identity when calling
      *             <code>AssumeRoleWithWebIdentity</code>. You do this by adding a claim to the JSON web
      *          token. To learn more about OIDC tokens and claims, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html">Using Tokens with User Pools</a> in the <i>Amazon Cognito Developer Guide</i>.
      *          For more information about using source identity, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html">Monitor and control
@@ -852,11 +881,11 @@ export interface AssumeRoleWithWebIdentityResponse {
     SourceIdentity?: string | undefined;
 }
 /**
- * <p>The request could not be fulfilled because the identity provider (IDP) that
- *             was asked to verify the incoming identity token could not be reached. This is often a
- *             transient error caused by network conditions. Retry the request a limited number of
- *             times so that you don't exceed the request rate. If the error persists, the
- *             identity provider might be down or not responding.</p>
+ * <p>The request could not be fulfilled because the identity provider (IDP) that was asked
+ *             to verify the incoming identity token could not be reached. This is often a transient
+ *             error caused by network conditions. Retry the request a limited number of times so that
+ *             you don't exceed the request rate. If the error persists, the identity provider might be
+ *             down or not responding.</p>
  * @public
  */
 export declare class IDPCommunicationErrorException extends __BaseException {
@@ -867,6 +896,87 @@ export declare class IDPCommunicationErrorException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<IDPCommunicationErrorException, __BaseException>);
 }
+/**
+ * @public
+ */
+export interface AssumeRootRequest {
+    /**
+     * <p>The member account principal ARN or account ID.</p>
+     * @public
+     */
+    TargetPrincipal: string | undefined;
+    /**
+     * <p>The identity based policy that scopes the session to the privileged tasks that can be
+     *          performed. You can use one of following Amazon Web Services managed policies to scope
+     *          root session actions. You can add additional customer managed policies to further limit the
+     *          permissions for the root session.</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials">IAMAuditRootUserCredentials</a>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword">IAMCreateRootUserPassword</a>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials">IAMDeleteRootUserCredentials</a>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy">S3UnlockBucketPolicy</a>
+     *                </p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy">SQSUnlockQueuePolicy</a>
+     *                </p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    TaskPolicyArn: PolicyDescriptorType | undefined;
+    /**
+     * <p>The duration, in seconds, of the privileged session. The value can range from 0 seconds
+     *          up to the maximum session duration of 900 seconds (15 minutes). If you specify a value
+     *          higher than this setting, the operation fails.</p>
+     *          <p>By default, the value is set to <code>900</code> seconds.</p>
+     * @public
+     */
+    DurationSeconds?: number | undefined;
+}
+/**
+ * @public
+ */
+export interface AssumeRootResponse {
+    /**
+     * <p>The temporary security credentials, which include an access key ID, a secret access key,
+     *          and a security token.</p>
+     *          <note>
+     *             <p>The size of the security token that STS API operations return is not fixed. We
+     *         strongly recommend that you make no assumptions about the maximum size.</p>
+     *          </note>
+     * @public
+     */
+    Credentials?: Credentials | undefined;
+    /**
+     * <p>The source identity specified by the principal that is calling the
+     *             <code>AssumeRoot</code> operation.</p>
+     *          <p>You can use the <code>aws:SourceIdentity</code> condition key to control access based on
+     *          the value of source identity. For more information about using source identity, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html">Monitor and control
+     *             actions taken with assumed roles</a> in the
+     *          <i>IAM User Guide</i>.</p>
+     *          <p>The regex used to validate this parameter is a string of characters consisting of upper-
+     *          and lower-case alphanumeric characters with no spaces. You can also include underscores or
+     *          any of the following characters: =,.@-</p>
+     * @public
+     */
+    SourceIdentity?: string | undefined;
+}
 /**
  * @public
  */
@@ -891,8 +1001,8 @@ export interface DecodeAuthorizationMessageResponse {
 }
 /**
  * <p>The error returned if the message passed to <code>DecodeAuthorizationMessage</code>
- *             was invalid. This can happen if the token contains invalid characters, such as
- *             linebreaks. </p>
+ *             was invalid. This can happen if the token contains invalid characters, such as line
+ *             breaks, or if the message has expired.</p>
  * @public
  */
 export declare class InvalidAuthorizationMessageException extends __BaseException {
@@ -1203,6 +1313,10 @@ export declare const AssumeRoleWithWebIdentityRequestFilterSensitiveLog: (obj: A
  * @internal
  */
 export declare const AssumeRoleWithWebIdentityResponseFilterSensitiveLog: (obj: AssumeRoleWithWebIdentityResponse) => any;
+/**
+ * @internal
+ */
+export declare const AssumeRootResponseFilterSensitiveLog: (obj: AssumeRootResponse) => any;
 /**
  * @internal
  */

package/node_modules/@aws-sdk/client-sts/dist-types/protocols/Aws_query.d.ts

@@ -3,6 +3,7 @@ import { SerdeContext as __SerdeContext } from "@smithy/types";
 import { AssumeRoleCommandInput, AssumeRoleCommandOutput } from "../commands/AssumeRoleCommand";
 import { AssumeRoleWithSAMLCommandInput, AssumeRoleWithSAMLCommandOutput } from "../commands/AssumeRoleWithSAMLCommand";
 import { AssumeRoleWithWebIdentityCommandInput, AssumeRoleWithWebIdentityCommandOutput } from "../commands/AssumeRoleWithWebIdentityCommand";
+import { AssumeRootCommandInput, AssumeRootCommandOutput } from "../commands/AssumeRootCommand";
 import { DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput } from "../commands/DecodeAuthorizationMessageCommand";
 import { GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput } from "../commands/GetAccessKeyInfoCommand";
 import { GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput } from "../commands/GetCallerIdentityCommand";
@@ -20,6 +21,10 @@ export declare const se_AssumeRoleWithSAMLCommand: (input: AssumeRoleWithSAMLCom
  * serializeAws_queryAssumeRoleWithWebIdentityCommand
  */
 export declare const se_AssumeRoleWithWebIdentityCommand: (input: AssumeRoleWithWebIdentityCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
+/**
+ * serializeAws_queryAssumeRootCommand
+ */
+export declare const se_AssumeRootCommand: (input: AssumeRootCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 /**
  * serializeAws_queryDecodeAuthorizationMessageCommand
  */
@@ -52,6 +57,10 @@ export declare const de_AssumeRoleWithSAMLCommand: (output: __HttpResponse, cont
  * deserializeAws_queryAssumeRoleWithWebIdentityCommand
  */
 export declare const de_AssumeRoleWithWebIdentityCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<AssumeRoleWithWebIdentityCommandOutput>;
+/**
+ * deserializeAws_queryAssumeRootCommand
+ */
+export declare const de_AssumeRootCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<AssumeRootCommandOutput>;
 /**
  * deserializeAws_queryDecodeAuthorizationMessageCommand
  */

package/node_modules/@aws-sdk/client-sts/dist-types/ts3.4/STS.d.ts

@@ -11,6 +11,10 @@ import {
   AssumeRoleWithWebIdentityCommandInput,
   AssumeRoleWithWebIdentityCommandOutput,
 } from "./commands/AssumeRoleWithWebIdentityCommand";
+import {
+  AssumeRootCommandInput,
+  AssumeRootCommandOutput,
+} from "./commands/AssumeRootCommand";
 import {
   DecodeAuthorizationMessageCommandInput,
   DecodeAuthorizationMessageCommandOutput,
@@ -72,6 +76,19 @@ export interface STS {
     options: __HttpHandlerOptions,
     cb: (err: any, data?: AssumeRoleWithWebIdentityCommandOutput) => void
   ): void;
+  assumeRoot(
+    args: AssumeRootCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<AssumeRootCommandOutput>;
+  assumeRoot(
+    args: AssumeRootCommandInput,
+    cb: (err: any, data?: AssumeRootCommandOutput) => void
+  ): void;
+  assumeRoot(
+    args: AssumeRootCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: AssumeRootCommandOutput) => void
+  ): void;
   decodeAuthorizationMessage(
     args: DecodeAuthorizationMessageCommandInput,
     options?: __HttpHandlerOptions

package/node_modules/@aws-sdk/client-sts/dist-types/ts3.4/STSClient.d.ts

@@ -57,6 +57,10 @@ import {
   AssumeRoleWithWebIdentityCommandInput,
   AssumeRoleWithWebIdentityCommandOutput,
 } from "./commands/AssumeRoleWithWebIdentityCommand";
+import {
+  AssumeRootCommandInput,
+  AssumeRootCommandOutput,
+} from "./commands/AssumeRootCommand";
 import {
   DecodeAuthorizationMessageCommandInput,
   DecodeAuthorizationMessageCommandOutput,
@@ -88,6 +92,7 @@ export type ServiceInputTypes =
   | AssumeRoleCommandInput
   | AssumeRoleWithSAMLCommandInput
   | AssumeRoleWithWebIdentityCommandInput
+  | AssumeRootCommandInput
   | DecodeAuthorizationMessageCommandInput
   | GetAccessKeyInfoCommandInput
   | GetCallerIdentityCommandInput
@@ -97,6 +102,7 @@ export type ServiceOutputTypes =
   | AssumeRoleCommandOutput
   | AssumeRoleWithSAMLCommandOutput
   | AssumeRoleWithWebIdentityCommandOutput
+  | AssumeRootCommandOutput
   | DecodeAuthorizationMessageCommandOutput
   | GetAccessKeyInfoCommandOutput
   | GetCallerIdentityCommandOutput

package/node_modules/@aws-sdk/client-sts/dist-types/ts3.4/commands/AssumeRootCommand.d.ts

@@ -0,0 +1,47 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { AssumeRootRequest, AssumeRootResponse } from "../models/models_0";
+import {
+  ServiceInputTypes,
+  ServiceOutputTypes,
+  STSClientResolvedConfig,
+} from "../STSClient";
+export { __MetadataBearer };
+export { $Command };
+export interface AssumeRootCommandInput extends AssumeRootRequest {}
+export interface AssumeRootCommandOutput
+  extends AssumeRootResponse,
+    __MetadataBearer {}
+declare const AssumeRootCommand_base: {
+  new (
+    input: AssumeRootCommandInput
+  ): import("@smithy/smithy-client").CommandImpl<
+    AssumeRootCommandInput,
+    AssumeRootCommandOutput,
+    STSClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  new (
+    __0_0: AssumeRootCommandInput
+  ): import("@smithy/smithy-client").CommandImpl<
+    AssumeRootCommandInput,
+    AssumeRootCommandOutput,
+    STSClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+export declare class AssumeRootCommand extends AssumeRootCommand_base {
+  protected static __types: {
+    api: {
+      input: AssumeRootRequest;
+      output: AssumeRootResponse;
+    };
+    sdk: {
+      input: AssumeRootCommandInput;
+      output: AssumeRootCommandOutput;
+    };
+  };
+}

package/node_modules/@aws-sdk/client-sts/dist-types/ts3.4/commands/index.d.ts

@@ -1,6 +1,7 @@
 export * from "./AssumeRoleCommand";
 export * from "./AssumeRoleWithSAMLCommand";
 export * from "./AssumeRoleWithWebIdentityCommand";
+export * from "./AssumeRootCommand";
 export * from "./DecodeAuthorizationMessageCommand";
 export * from "./GetAccessKeyInfoCommand";
 export * from "./GetCallerIdentityCommand";

package/node_modules/@aws-sdk/client-sts/dist-types/ts3.4/models/models_0.d.ts

@@ -130,6 +130,15 @@ export declare class IDPCommunicationErrorException extends __BaseException {
     opts: __ExceptionOptionType<IDPCommunicationErrorException, __BaseException>
   );
 }
+export interface AssumeRootRequest {
+  TargetPrincipal: string | undefined;
+  TaskPolicyArn: PolicyDescriptorType | undefined;
+  DurationSeconds?: number | undefined;
+}
+export interface AssumeRootResponse {
+  Credentials?: Credentials | undefined;
+  SourceIdentity?: string | undefined;
+}
 export interface DecodeAuthorizationMessageRequest {
   EncodedMessage: string | undefined;
 }
@@ -198,6 +207,9 @@ export declare const AssumeRoleWithWebIdentityRequestFilterSensitiveLog: (
 export declare const AssumeRoleWithWebIdentityResponseFilterSensitiveLog: (
   obj: AssumeRoleWithWebIdentityResponse
 ) => any;
+export declare const AssumeRootResponseFilterSensitiveLog: (
+  obj: AssumeRootResponse
+) => any;
 export declare const GetFederationTokenResponseFilterSensitiveLog: (
   obj: GetFederationTokenResponse
 ) => any;

package/node_modules/@aws-sdk/client-sts/dist-types/ts3.4/protocols/Aws_query.d.ts

@@ -15,6 +15,10 @@ import {
   AssumeRoleWithWebIdentityCommandInput,
   AssumeRoleWithWebIdentityCommandOutput,
 } from "../commands/AssumeRoleWithWebIdentityCommand";
+import {
+  AssumeRootCommandInput,
+  AssumeRootCommandOutput,
+} from "../commands/AssumeRootCommand";
 import {
   DecodeAuthorizationMessageCommandInput,
   DecodeAuthorizationMessageCommandOutput,
@@ -47,6 +51,10 @@ export declare const se_AssumeRoleWithWebIdentityCommand: (
   input: AssumeRoleWithWebIdentityCommandInput,
   context: __SerdeContext
 ) => Promise<__HttpRequest>;
+export declare const se_AssumeRootCommand: (
+  input: AssumeRootCommandInput,
+  context: __SerdeContext
+) => Promise<__HttpRequest>;
 export declare const se_DecodeAuthorizationMessageCommand: (
   input: DecodeAuthorizationMessageCommandInput,
   context: __SerdeContext
@@ -79,6 +87,10 @@ export declare const de_AssumeRoleWithWebIdentityCommand: (
   output: __HttpResponse,
   context: __SerdeContext
 ) => Promise<AssumeRoleWithWebIdentityCommandOutput>;
+export declare const de_AssumeRootCommand: (
+  output: __HttpResponse,
+  context: __SerdeContext
+) => Promise<AssumeRootCommandOutput>;
 export declare const de_DecodeAuthorizationMessageCommand: (
   output: __HttpResponse,
   context: __SerdeContext

package/node_modules/@aws-sdk/client-sts/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-sts",
   "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native",
-  "version": "3.691.0",
+  "version": "3.693.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-sts",
@@ -12,8 +12,8 @@
     "clean": "rimraf ./dist-* && rimraf *.tsbuildinfo",
     "extract:docs": "api-extractor run --local",
     "generate:client": "node ../../scripts/generate-clients/single-service --solo sts",
-    "test": "vitest run",
-    "test:watch": "vitest watch"
+    "test": "yarn g:vitest run",
+    "test:watch": "yarn g:vitest watch"
   },
   "main": "./dist-cjs/index.js",
   "types": "./dist-types/index.d.ts",
@@ -22,42 +22,42 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/client-sso-oidc": "3.691.0",
-    "@aws-sdk/core": "3.691.0",
-    "@aws-sdk/credential-provider-node": "3.691.0",
-    "@aws-sdk/middleware-host-header": "3.686.0",
-    "@aws-sdk/middleware-logger": "3.686.0",
-    "@aws-sdk/middleware-recursion-detection": "3.686.0",
-    "@aws-sdk/middleware-user-agent": "3.691.0",
-    "@aws-sdk/region-config-resolver": "3.686.0",
-    "@aws-sdk/types": "3.686.0",
-    "@aws-sdk/util-endpoints": "3.686.0",
-    "@aws-sdk/util-user-agent-browser": "3.686.0",
-    "@aws-sdk/util-user-agent-node": "3.691.0",
-    "@smithy/config-resolver": "^3.0.10",
-    "@smithy/core": "^2.5.1",
-    "@smithy/fetch-http-handler": "^4.0.0",
-    "@smithy/hash-node": "^3.0.8",
-    "@smithy/invalid-dependency": "^3.0.8",
-    "@smithy/middleware-content-length": "^3.0.10",
-    "@smithy/middleware-endpoint": "^3.2.1",
-    "@smithy/middleware-retry": "^3.0.25",
-    "@smithy/middleware-serde": "^3.0.8",
-    "@smithy/middleware-stack": "^3.0.8",
-    "@smithy/node-config-provider": "^3.1.9",
-    "@smithy/node-http-handler": "^3.2.5",
-    "@smithy/protocol-http": "^4.1.5",
-    "@smithy/smithy-client": "^3.4.2",
-    "@smithy/types": "^3.6.0",
-    "@smithy/url-parser": "^3.0.8",
+    "@aws-sdk/client-sso-oidc": "3.693.0",
+    "@aws-sdk/core": "3.693.0",
+    "@aws-sdk/credential-provider-node": "3.693.0",
+    "@aws-sdk/middleware-host-header": "3.693.0",
+    "@aws-sdk/middleware-logger": "3.693.0",
+    "@aws-sdk/middleware-recursion-detection": "3.693.0",
+    "@aws-sdk/middleware-user-agent": "3.693.0",
+    "@aws-sdk/region-config-resolver": "3.693.0",
+    "@aws-sdk/types": "3.692.0",
+    "@aws-sdk/util-endpoints": "3.693.0",
+    "@aws-sdk/util-user-agent-browser": "3.693.0",
+    "@aws-sdk/util-user-agent-node": "3.693.0",
+    "@smithy/config-resolver": "^3.0.11",
+    "@smithy/core": "^2.5.2",
+    "@smithy/fetch-http-handler": "^4.1.0",
+    "@smithy/hash-node": "^3.0.9",
+    "@smithy/invalid-dependency": "^3.0.9",
+    "@smithy/middleware-content-length": "^3.0.11",
+    "@smithy/middleware-endpoint": "^3.2.2",
+    "@smithy/middleware-retry": "^3.0.26",
+    "@smithy/middleware-serde": "^3.0.9",
+    "@smithy/middleware-stack": "^3.0.9",
+    "@smithy/node-config-provider": "^3.1.10",
+    "@smithy/node-http-handler": "^3.3.0",
+    "@smithy/protocol-http": "^4.1.6",
+    "@smithy/smithy-client": "^3.4.3",
+    "@smithy/types": "^3.7.0",
+    "@smithy/url-parser": "^3.0.9",
     "@smithy/util-base64": "^3.0.0",
     "@smithy/util-body-length-browser": "^3.0.0",
     "@smithy/util-body-length-node": "^3.0.0",
-    "@smithy/util-defaults-mode-browser": "^3.0.25",
-    "@smithy/util-defaults-mode-node": "^3.0.25",
-    "@smithy/util-endpoints": "^2.1.4",
-    "@smithy/util-middleware": "^3.0.8",
-    "@smithy/util-retry": "^3.0.8",
+    "@smithy/util-defaults-mode-browser": "^3.0.26",
+    "@smithy/util-defaults-mode-node": "^3.0.26",
+    "@smithy/util-endpoints": "^2.1.5",
+    "@smithy/util-middleware": "^3.0.9",
+    "@smithy/util-retry": "^3.0.9",
     "@smithy/util-utf8": "^3.0.0",
     "tslib": "^2.6.2"
   },