@cdk8s/awscdk-resolver 0.0.67 → 0.0.76

package/node_modules/@aws-sdk/client-sts/dist-types/models/models_0.d.ts

@@ -1,80 +1,80 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
 import { STSServiceException as __BaseException } from "./STSServiceException";
 /**
- * @public
  * <p>The identifiers for the temporary security credentials that the operation
  *          returns.</p>
+ * @public
  */
 export interface AssumedRoleUser {
     /**
-     * @public
      * <p>A unique identifier that contains the role ID and the role session name of the role that
      *          is being assumed. The role ID is generated by Amazon Web Services when the role is created.</p>
+     * @public
      */
     AssumedRoleId: string | undefined;
     /**
-     * @public
      * <p>The ARN of the temporary security credentials that are returned from the <a>AssumeRole</a> action. For more information about ARNs and how to use them in
      *          policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html">IAM Identifiers</a> in the
      *             <i>IAM User Guide</i>.</p>
+     * @public
      */
     Arn: string | undefined;
 }
 /**
- * @public
  * <p>A reference to the IAM managed policy that is passed as a session policy for a role
  *          session or a federated user session.</p>
+ * @public
  */
 export interface PolicyDescriptorType {
     /**
-     * @public
      * <p>The Amazon Resource Name (ARN) of the IAM managed policy to use as a session policy
      *          for the role. For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs) and Amazon Web Services
      *             Service Namespaces</a> in the <i>Amazon Web Services General Reference</i>.</p>
+     * @public
      */
     arn?: string;
 }
 /**
- * @public
  * <p>Contains information about the provided context. This includes the signed and encrypted
  *          trusted context assertion and the context provider ARN from which the trusted context
  *          assertion was generated.</p>
+ * @public
  */
 export interface ProvidedContext {
     /**
-     * @public
      * <p>The context provider ARN from which the trusted context assertion was generated.</p>
+     * @public
      */
     ProviderArn?: string;
     /**
-     * @public
      * <p>The signed and encrypted trusted context assertion generated by the context provider.
      *          The trusted context assertion is signed and encrypted by Amazon Web Services STS.</p>
+     * @public
      */
     ContextAssertion?: string;
 }
 /**
- * @public
  * <p>You can pass custom key-value pair attributes when you assume a role or federate a user.
  *          These are called session tags. You can then use the session tags to control access to
  *          resources. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Tagging Amazon Web Services STS Sessions</a> in the
  *             <i>IAM User Guide</i>.</p>
+ * @public
  */
 export interface Tag {
     /**
-     * @public
      * <p>The key for a session tag.</p>
      *          <p>You can pass up to 50 session tags. The plain text session tag keys can’t exceed 128
      *          characters. For these and additional limits, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length">IAM
      *             and STS Character Limits</a> in the <i>IAM User Guide</i>.</p>
+     * @public
      */
     Key: string | undefined;
     /**
-     * @public
      * <p>The value for a session tag.</p>
      *          <p>You can pass up to 50 session tags. The plain text session tag values can’t exceed 256
      *          characters. For these and additional limits, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length">IAM
      *             and STS Character Limits</a> in the <i>IAM User Guide</i>.</p>
+     * @public
      */
     Value: string | undefined;
 }
@@ -83,12 +83,11 @@ export interface Tag {
  */
 export interface AssumeRoleRequest {
     /**
-     * @public
      * <p>The Amazon Resource Name (ARN) of the role to assume.</p>
+     * @public
      */
     RoleArn: string | undefined;
     /**
-     * @public
      * <p>An identifier for the assumed role session.</p>
      *          <p>Use the role session name to uniquely identify a session when the same role is assumed
      *          by different principals or for different reasons. In cross-account scenarios, the role
@@ -99,10 +98,10 @@ export interface AssumeRoleRequest {
      *          <p>The regex used to validate this parameter is a string of characters
      *     consisting of upper- and lower-case alphanumeric characters with no spaces. You can
      *     also include underscores or any of the following characters: =,.@-</p>
+     * @public
      */
     RoleSessionName: string | undefined;
     /**
-     * @public
      * <p>The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as
      *          managed session policies. The policies must exist in the same account as the role.</p>
      *          <p>This parameter is optional. You can provide up to 10 managed policy ARNs. However, the
@@ -124,10 +123,10 @@ export interface AssumeRoleRequest {
      *          by the identity-based policy of the role that is being assumed. For more information, see
      *             <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
      *             Policies</a> in the <i>IAM User Guide</i>.</p>
+     * @public
      */
     PolicyArns?: PolicyDescriptorType[];
     /**
-     * @public
      * <p>An IAM policy in JSON format that you want to use as an inline session policy.</p>
      *          <p>This parameter is optional. Passing policies to this operation returns new
      *          temporary credentials. The resulting session's permissions are the intersection of the
@@ -149,10 +148,10 @@ export interface AssumeRoleRequest {
      *                <code>PackedPolicySize</code> response element indicates by percentage how close the
      *             policies and tags for your request are to the upper size limit.</p>
      *          </note>
+     * @public
      */
     Policy?: string;
     /**
-     * @public
      * <p>The duration, in seconds, of the role session. The value specified can range from 900
      *          seconds (15 minutes) up to the maximum session duration set for the role. The maximum
      *          session duration setting can have a value from 1 hour to 12 hours. If you specify a value
@@ -178,10 +177,10 @@ export interface AssumeRoleRequest {
      *                that Enables Federated Users to Access the Amazon Web Services Management Console</a> in the
      *                <i>IAM User Guide</i>.</p>
      *          </note>
+     * @public
      */
     DurationSeconds?: number;
     /**
-     * @public
      * <p>A list of session tags that you want to pass. Each session tag consists of a key name
      *          and an associated value. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Tagging Amazon Web Services STS
      *             Sessions</a> in the <i>IAM User Guide</i>.</p>
@@ -209,10 +208,10 @@ export interface AssumeRoleRequest {
      *          session tag with the same key as an inherited tag, the operation fails. To view the
      *          inherited tags for a session, see the CloudTrail logs. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_ctlogs">Viewing Session Tags in CloudTrail</a> in the
      *          <i>IAM User Guide</i>.</p>
+     * @public
      */
     Tags?: Tag[];
     /**
-     * @public
      * <p>A list of keys for session tags that you want to set as transitive. If you set a tag key
      *          as transitive, the corresponding key and value passes to subsequent sessions in a role
      *          chain. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining">Chaining Roles
@@ -221,10 +220,10 @@ export interface AssumeRoleRequest {
      *          and session tags packed binary limit is not affected.</p>
      *          <p>If you choose not to specify a transitive tag key, then no tags are passed from this
      *          session to any subsequent sessions.</p>
+     * @public
      */
     TransitiveTagKeys?: string[];
     /**
-     * @public
      * <p>A unique identifier that might be required when you assume a role in another account. If
      *          the administrator of the account to which the role belongs provided you with an external
      *          ID, then provide that value in the <code>ExternalId</code> parameter. This value can be any
@@ -238,10 +237,10 @@ export interface AssumeRoleRequest {
      *          <p>The regex used to validate this parameter is a string of
      *     characters consisting of upper- and lower-case alphanumeric characters with no spaces.
      *     You can also include underscores or any of the following characters: =,.@:/-</p>
+     * @public
      */
     ExternalId?: string;
     /**
-     * @public
      * <p>The identification number of the MFA device that is associated with the user who is
      *          making the <code>AssumeRole</code> call. Specify this value if the trust policy of the role
      *          being assumed includes a condition that requires MFA authentication. The value is either
@@ -251,20 +250,20 @@ export interface AssumeRoleRequest {
      *          <p>The regex used to validate this parameter is a string of characters
      *     consisting of upper- and lower-case alphanumeric characters with no spaces. You can
      *     also include underscores or any of the following characters: =,.@-</p>
+     * @public
      */
     SerialNumber?: string;
     /**
-     * @public
      * <p>The value provided by the MFA device, if the trust policy of the role being assumed
      *          requires MFA. (In other words, if the policy includes a condition that tests for MFA). If
      *          the role being assumed requires MFA and if the <code>TokenCode</code> value is missing or
      *          expired, the <code>AssumeRole</code> call returns an "access denied" error.</p>
      *          <p>The format for this parameter, as described by its regex pattern, is a sequence of six
      *          numeric digits.</p>
+     * @public
      */
     TokenCode?: string;
     /**
-     * @public
      * <p>The source identity specified by the principal that is calling the
      *             <code>AssumeRole</code> operation.</p>
      *          <p>You can require users to specify a source identity when they assume a role. You do this
@@ -279,10 +278,10 @@ export interface AssumeRoleRequest {
      *          and lower-case alphanumeric characters with no spaces. You can also include underscores or
      *          any of the following characters: =,.@-. You cannot use a value that begins with the text
      *             <code>aws:</code>. This prefix is reserved for Amazon Web Services internal use.</p>
+     * @public
      */
     SourceIdentity?: string;
     /**
-     * @public
      * <p>A list of previously acquired trusted context assertions in the format of a JSON array.
      *          The trusted context assertion is signed and encrypted by Amazon Web Services STS.</p>
      *          <p>The following is an example of a <code>ProvidedContext</code> value that includes a
@@ -291,70 +290,70 @@ export interface AssumeRoleRequest {
      *          <p>
      *             <code>[\{"ProviderArn":"arn:aws:iam::aws:contextProvider/IdentityCenter","ContextAssertion":"trusted-context-assertion"\}]</code>
      *          </p>
+     * @public
      */
     ProvidedContexts?: ProvidedContext[];
 }
 /**
- * @public
  * <p>Amazon Web Services credentials for API authentication.</p>
+ * @public
  */
 export interface Credentials {
     /**
-     * @public
      * <p>The access key ID that identifies the temporary security credentials.</p>
+     * @public
      */
     AccessKeyId: string | undefined;
     /**
-     * @public
      * <p>The secret access key that can be used to sign requests.</p>
+     * @public
      */
     SecretAccessKey: string | undefined;
     /**
-     * @public
      * <p>The token that users must pass to the service API to use the temporary
      *          credentials.</p>
+     * @public
      */
     SessionToken: string | undefined;
     /**
-     * @public
      * <p>The date on which the current credentials expire.</p>
+     * @public
      */
     Expiration: Date | undefined;
 }
 /**
- * @public
  * <p>Contains the response to a successful <a>AssumeRole</a> request, including
  *       temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests. </p>
+ * @public
  */
 export interface AssumeRoleResponse {
     /**
-     * @public
      * <p>The temporary security credentials, which include an access key ID, a secret access key,
      *          and a security (or session) token.</p>
      *          <note>
      *             <p>The size of the security token that STS API operations return is not fixed. We
      *         strongly recommend that you make no assumptions about the maximum size.</p>
      *          </note>
+     * @public
      */
     Credentials?: Credentials;
     /**
-     * @public
      * <p>The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers that you
      *          can use to refer to the resulting temporary security credentials. For example, you can
      *          reference these credentials as a principal in a resource-based policy by using the ARN or
      *          assumed role ID. The ARN and ID include the <code>RoleSessionName</code> that you specified
      *          when you called <code>AssumeRole</code>. </p>
+     * @public
      */
     AssumedRoleUser?: AssumedRoleUser;
     /**
-     * @public
      * <p>A percentage value that indicates the packed size of the session policies and session
      *       tags combined passed in the request. The request fails if the packed size is greater than 100 percent,
      *       which means the policies and tags exceeded the allowed space.</p>
+     * @public
      */
     PackedPolicySize?: number;
     /**
-     * @public
      * <p>The source identity specified by the principal that is calling the
      *             <code>AssumeRole</code> operation.</p>
      *          <p>You can require users to specify a source identity when they assume a role. You do this
@@ -368,13 +367,14 @@ export interface AssumeRoleResponse {
      *          <p>The regex used to validate this parameter is a string of characters consisting of upper-
      *          and lower-case alphanumeric characters with no spaces. You can also include underscores or
      *          any of the following characters: =,.@-</p>
+     * @public
      */
     SourceIdentity?: string;
 }
 /**
- * @public
  * <p>The web identity token that was passed is expired or is not valid. Get a new identity
  *             token from the identity provider and then retry the request.</p>
+ * @public
  */
 export declare class ExpiredTokenException extends __BaseException {
     readonly name: "ExpiredTokenException";
@@ -385,9 +385,9 @@ export declare class ExpiredTokenException extends __BaseException {
     constructor(opts: __ExceptionOptionType<ExpiredTokenException, __BaseException>);
 }
 /**
- * @public
  * <p>The request was rejected because the policy document was malformed. The error message
  *             describes the specific error.</p>
+ * @public
  */
 export declare class MalformedPolicyDocumentException extends __BaseException {
     readonly name: "MalformedPolicyDocumentException";
@@ -398,7 +398,6 @@ export declare class MalformedPolicyDocumentException extends __BaseException {
     constructor(opts: __ExceptionOptionType<MalformedPolicyDocumentException, __BaseException>);
 }
 /**
- * @public
  * <p>The request was rejected because the total packed size of the session policies and
  *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
  *             document, session policy ARNs, and session tags into a packed binary format that has a
@@ -408,6 +407,7 @@ export declare class MalformedPolicyDocumentException extends __BaseException {
  *          <p>You could receive this error even though you meet other defined session policy and
  *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
  *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ * @public
  */
 export declare class PackedPolicyTooLargeException extends __BaseException {
     readonly name: "PackedPolicyTooLargeException";
@@ -418,12 +418,12 @@ export declare class PackedPolicyTooLargeException extends __BaseException {
     constructor(opts: __ExceptionOptionType<PackedPolicyTooLargeException, __BaseException>);
 }
 /**
- * @public
  * <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate STS
  *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
  *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                     Guide</i>.</p>
+ * @public
  */
 export declare class RegionDisabledException extends __BaseException {
     readonly name: "RegionDisabledException";
@@ -438,25 +438,24 @@ export declare class RegionDisabledException extends __BaseException {
  */
 export interface AssumeRoleWithSAMLRequest {
     /**
-     * @public
      * <p>The Amazon Resource Name (ARN) of the role that the caller is assuming.</p>
+     * @public
      */
     RoleArn: string | undefined;
     /**
-     * @public
      * <p>The Amazon Resource Name (ARN) of the SAML provider in IAM that describes the
      *          IdP.</p>
+     * @public
      */
     PrincipalArn: string | undefined;
     /**
-     * @public
      * <p>The base64 encoded SAML authentication response provided by the IdP.</p>
      *          <p>For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html">Configuring a Relying Party and
      *             Adding Claims</a> in the <i>IAM User Guide</i>. </p>
+     * @public
      */
     SAMLAssertion: string | undefined;
     /**
-     * @public
      * <p>The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as
      *          managed session policies. The policies must exist in the same account as the role.</p>
      *          <p>This parameter is optional. You can provide up to 10 managed policy ARNs. However, the
@@ -478,10 +477,10 @@ export interface AssumeRoleWithSAMLRequest {
      *          by the identity-based policy of the role that is being assumed. For more information, see
      *             <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
      *             Policies</a> in the <i>IAM User Guide</i>.</p>
+     * @public
      */
     PolicyArns?: PolicyDescriptorType[];
     /**
-     * @public
      * <p>An IAM policy in JSON format that you want to use as an inline session policy.</p>
      *          <p>This parameter is optional. Passing policies to this operation returns new
      *          temporary credentials. The resulting session's permissions are the intersection of the
@@ -503,10 +502,10 @@ export interface AssumeRoleWithSAMLRequest {
      *                <code>PackedPolicySize</code> response element indicates by percentage how close the
      *             policies and tags for your request are to the upper size limit.</p>
      *          </note>
+     * @public
      */
     Policy?: string;
     /**
-     * @public
      * <p>The duration, in seconds, of the role session. Your role session lasts for the duration
      *          that you specify for the <code>DurationSeconds</code> parameter, or until the time
      *          specified in the SAML authentication response's <code>SessionNotOnOrAfter</code> value,
@@ -528,46 +527,46 @@ export interface AssumeRoleWithSAMLRequest {
      *                that Enables Federated Users to Access the Amazon Web Services Management Console</a> in the
      *                <i>IAM User Guide</i>.</p>
      *          </note>
+     * @public
      */
     DurationSeconds?: number;
 }
 /**
- * @public
  * <p>Contains the response to a successful <a>AssumeRoleWithSAML</a> request,
  *       including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests. </p>
+ * @public
  */
 export interface AssumeRoleWithSAMLResponse {
     /**
-     * @public
      * <p>The temporary security credentials, which include an access key ID, a secret access key,
      *          and a security (or session) token.</p>
      *          <note>
      *             <p>The size of the security token that STS API operations return is not fixed. We
      *         strongly recommend that you make no assumptions about the maximum size.</p>
      *          </note>
+     * @public
      */
     Credentials?: Credentials;
     /**
-     * @public
      * <p>The identifiers for the temporary security credentials that the operation
      *          returns.</p>
+     * @public
      */
     AssumedRoleUser?: AssumedRoleUser;
     /**
-     * @public
      * <p>A percentage value that indicates the packed size of the session policies and session
      *       tags combined passed in the request. The request fails if the packed size is greater than 100 percent,
      *       which means the policies and tags exceeded the allowed space.</p>
+     * @public
      */
     PackedPolicySize?: number;
     /**
-     * @public
      * <p>The value of the <code>NameID</code> element in the <code>Subject</code> element of the
      *          SAML assertion.</p>
+     * @public
      */
     Subject?: string;
     /**
-     * @public
      * <p> The format of the name ID, as defined by the <code>Format</code> attribute in the
      *             <code>NameID</code> element of the SAML assertion. Typical examples of the format are
      *             <code>transient</code> or <code>persistent</code>. </p>
@@ -576,21 +575,21 @@ export interface AssumeRoleWithSAMLResponse {
      *          example, <code>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</code> is returned as
      *             <code>transient</code>. If the format includes any other prefix, the format is returned
      *          with no modifications.</p>
+     * @public
      */
     SubjectType?: string;
     /**
-     * @public
      * <p>The value of the <code>Issuer</code> element of the SAML assertion.</p>
+     * @public
      */
     Issuer?: string;
     /**
-     * @public
      * <p> The value of the <code>Recipient</code> attribute of the
      *             <code>SubjectConfirmationData</code> element of the SAML assertion. </p>
+     * @public
      */
     Audience?: string;
     /**
-     * @public
      * <p>A hash value based on the concatenation of the following:</p>
      *          <ul>
      *             <li>
@@ -609,10 +608,10 @@ export interface AssumeRoleWithSAMLResponse {
      *          <p>
      *             <code>BASE64 ( SHA1 ( "https://example.com/saml" + "123456789012" + "/MySAMLIdP" ) )</code>
      *          </p>
+     * @public
      */
     NameQualifier?: string;
     /**
-     * @public
      * <p>The value in the <code>SourceIdentity</code> attribute in the SAML assertion. </p>
      *          <p>You can require users to set a source identity value when they assume a role. You do
      *          this by using the <code>sts:SourceIdentity</code> condition key in a role trust policy.
@@ -628,15 +627,16 @@ export interface AssumeRoleWithSAMLResponse {
      *          <p>The regex used to validate this parameter is a string of characters
      *     consisting of upper- and lower-case alphanumeric characters with no spaces. You can
      *     also include underscores or any of the following characters: =,.@-</p>
+     * @public
      */
     SourceIdentity?: string;
 }
 /**
- * @public
  * <p>The identity provider (IdP) reported that authentication failed. This might be because
  *             the claim is invalid.</p>
  *          <p>If this error is returned for the <code>AssumeRoleWithWebIdentity</code> operation, it
  *             can also mean that the claim has expired or has been explicitly revoked. </p>
+ * @public
  */
 export declare class IDPRejectedClaimException extends __BaseException {
     readonly name: "IDPRejectedClaimException";
@@ -647,9 +647,9 @@ export declare class IDPRejectedClaimException extends __BaseException {
     constructor(opts: __ExceptionOptionType<IDPRejectedClaimException, __BaseException>);
 }
 /**
- * @public
  * <p>The web identity token that was passed could not be validated by Amazon Web Services. Get a new
  *             identity token from the identity provider and then retry the request.</p>
+ * @public
  */
 export declare class InvalidIdentityTokenException extends __BaseException {
     readonly name: "InvalidIdentityTokenException";
@@ -664,12 +664,11 @@ export declare class InvalidIdentityTokenException extends __BaseException {
  */
 export interface AssumeRoleWithWebIdentityRequest {
     /**
-     * @public
      * <p>The Amazon Resource Name (ARN) of the role that the caller is assuming.</p>
+     * @public
      */
     RoleArn: string | undefined;
     /**
-     * @public
      * <p>An identifier for the assumed role session. Typically, you pass the name or identifier
      *          that is associated with the user who is using your application. That way, the temporary
      *          security credentials that your application will use are associated with that user. This
@@ -678,29 +677,29 @@ export interface AssumeRoleWithWebIdentityRequest {
      *          <p>The regex used to validate this parameter is a string of characters
      *     consisting of upper- and lower-case alphanumeric characters with no spaces. You can
      *     also include underscores or any of the following characters: =,.@-</p>
+     * @public
      */
     RoleSessionName: string | undefined;
     /**
-     * @public
      * <p>The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity
      *          provider. Your application must get this token by authenticating the user who is using your
      *          application with a web identity provider before the application makes an
      *             <code>AssumeRoleWithWebIdentity</code> call. Only tokens with RSA algorithms (RS256) are
      *          supported.</p>
+     * @public
      */
     WebIdentityToken: string | undefined;
     /**
-     * @public
      * <p>The fully qualified host component of the domain name of the OAuth 2.0 identity
      *          provider. Do not specify this value for an OpenID Connect identity provider.</p>
      *          <p>Currently <code>www.amazon.com</code> and <code>graph.facebook.com</code> are the only
      *          supported identity providers for OAuth 2.0 access tokens. Do not include URL schemes and
      *          port numbers.</p>
      *          <p>Do not specify this value for OpenID Connect ID tokens.</p>
+     * @public
      */
     ProviderId?: string;
     /**
-     * @public
      * <p>The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as
      *          managed session policies. The policies must exist in the same account as the role.</p>
      *          <p>This parameter is optional. You can provide up to 10 managed policy ARNs. However, the
@@ -722,10 +721,10 @@ export interface AssumeRoleWithWebIdentityRequest {
      *          by the identity-based policy of the role that is being assumed. For more information, see
      *             <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
      *             Policies</a> in the <i>IAM User Guide</i>.</p>
+     * @public
      */
     PolicyArns?: PolicyDescriptorType[];
     /**
-     * @public
      * <p>An IAM policy in JSON format that you want to use as an inline session policy.</p>
      *          <p>This parameter is optional. Passing policies to this operation returns new
      *          temporary credentials. The resulting session's permissions are the intersection of the
@@ -747,10 +746,10 @@ export interface AssumeRoleWithWebIdentityRequest {
      *                <code>PackedPolicySize</code> response element indicates by percentage how close the
      *             policies and tags for your request are to the upper size limit.</p>
      *          </note>
+     * @public
      */
     Policy?: string;
     /**
-     * @public
      * <p>The duration, in seconds, of the role session. The value can range from 900 seconds (15
      *          minutes) up to the maximum session duration setting for the role. This setting can have a
      *          value from 1 hour to 12 hours. If you specify a value higher than this setting, the
@@ -769,68 +768,68 @@ export interface AssumeRoleWithWebIdentityRequest {
      *                that Enables Federated Users to Access the Amazon Web Services Management Console</a> in the
      *                <i>IAM User Guide</i>.</p>
      *          </note>
+     * @public
      */
     DurationSeconds?: number;
 }
 /**
- * @public
  * <p>Contains the response to a successful <a>AssumeRoleWithWebIdentity</a>
  *       request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests. </p>
+ * @public
  */
 export interface AssumeRoleWithWebIdentityResponse {
     /**
-     * @public
      * <p>The temporary security credentials, which include an access key ID, a secret access key,
      *          and a security token.</p>
      *          <note>
      *             <p>The size of the security token that STS API operations return is not fixed. We
      *         strongly recommend that you make no assumptions about the maximum size.</p>
      *          </note>
+     * @public
      */
     Credentials?: Credentials;
     /**
-     * @public
      * <p>The unique user identifier that is returned by the identity provider. This identifier is
      *          associated with the <code>WebIdentityToken</code> that was submitted with the
      *             <code>AssumeRoleWithWebIdentity</code> call. The identifier is typically unique to the
      *          user and the application that acquired the <code>WebIdentityToken</code> (pairwise
      *          identifier). For OpenID Connect ID tokens, this field contains the value returned by the
      *          identity provider as the token's <code>sub</code> (Subject) claim. </p>
+     * @public
      */
     SubjectFromWebIdentityToken?: string;
     /**
-     * @public
      * <p>The Amazon Resource Name (ARN) and the assumed role ID, which are identifiers that you
      *          can use to refer to the resulting temporary security credentials. For example, you can
      *          reference these credentials as a principal in a resource-based policy by using the ARN or
      *          assumed role ID. The ARN and ID include the <code>RoleSessionName</code> that you specified
      *          when you called <code>AssumeRole</code>. </p>
+     * @public
      */
     AssumedRoleUser?: AssumedRoleUser;
     /**
-     * @public
      * <p>A percentage value that indicates the packed size of the session policies and session
      *       tags combined passed in the request. The request fails if the packed size is greater than 100 percent,
      *       which means the policies and tags exceeded the allowed space.</p>
+     * @public
      */
     PackedPolicySize?: number;
     /**
-     * @public
      * <p> The issuing authority of the web identity token presented. For OpenID Connect ID
      *          tokens, this contains the value of the <code>iss</code> field. For OAuth 2.0 access tokens,
      *          this contains the value of the <code>ProviderId</code> parameter that was passed in the
      *             <code>AssumeRoleWithWebIdentity</code> request.</p>
+     * @public
      */
     Provider?: string;
     /**
-     * @public
      * <p>The intended audience (also known as client ID) of the web identity token. This is
      *          traditionally the client identifier issued to the application that requested the web
      *          identity token.</p>
+     * @public
      */
     Audience?: string;
     /**
-     * @public
      * <p>The value of the source identity that is returned in the JSON web token (JWT) from the
      *          identity provider.</p>
      *          <p>You can require users to set a source identity value when they assume a role. You do
@@ -848,16 +847,17 @@ export interface AssumeRoleWithWebIdentityResponse {
      *          <p>The regex used to validate this parameter is a string of characters
      *     consisting of upper- and lower-case alphanumeric characters with no spaces. You can
      *     also include underscores or any of the following characters: =,.@-</p>
+     * @public
      */
     SourceIdentity?: string;
 }
 /**
- * @public
  * <p>The request could not be fulfilled because the identity provider (IDP) that
  *             was asked to verify the incoming identity token could not be reached. This is often a
  *             transient error caused by network conditions. Retry the request a limited number of
  *             times so that you don't exceed the request rate. If the error persists, the
  *             identity provider might be down or not responding.</p>
+ * @public
  */
 export declare class IDPCommunicationErrorException extends __BaseException {
     readonly name: "IDPCommunicationErrorException";
@@ -872,28 +872,28 @@ export declare class IDPCommunicationErrorException extends __BaseException {
  */
 export interface DecodeAuthorizationMessageRequest {
     /**
-     * @public
      * <p>The encoded message that was returned with the response.</p>
+     * @public
      */
     EncodedMessage: string | undefined;
 }
 /**
- * @public
  * <p>A document that contains additional information about the authorization status of a
  *       request from an encoded message that is returned in response to an Amazon Web Services request.</p>
+ * @public
  */
 export interface DecodeAuthorizationMessageResponse {
     /**
-     * @public
      * <p>The API returns a response with the decoded message.</p>
+     * @public
      */
     DecodedMessage?: string;
 }
 /**
- * @public
  * <p>The error returned if the message passed to <code>DecodeAuthorizationMessage</code>
  *             was invalid. This can happen if the token contains invalid characters, such as
  *             linebreaks. </p>
+ * @public
  */
 export declare class InvalidAuthorizationMessageException extends __BaseException {
     readonly name: "InvalidAuthorizationMessageException";
@@ -908,10 +908,10 @@ export declare class InvalidAuthorizationMessageException extends __BaseExceptio
  */
 export interface GetAccessKeyInfoRequest {
     /**
-     * @public
      * <p>The identifier of an access key.</p>
      *          <p>This parameter allows (through its regex pattern) a string of characters that can
      *          consist of any upper- or lowercase letter or digit.</p>
+     * @public
      */
     AccessKeyId: string | undefined;
 }
@@ -920,8 +920,8 @@ export interface GetAccessKeyInfoRequest {
  */
 export interface GetAccessKeyInfoResponse {
     /**
-     * @public
      * <p>The number used to identify the Amazon Web Services account.</p>
+     * @public
      */
     Account?: string;
 }
@@ -931,28 +931,28 @@ export interface GetAccessKeyInfoResponse {
 export interface GetCallerIdentityRequest {
 }
 /**
- * @public
  * <p>Contains the response to a successful <a>GetCallerIdentity</a> request,
  *          including information about the entity making the request.</p>
+ * @public
  */
 export interface GetCallerIdentityResponse {
     /**
-     * @public
      * <p>The unique identifier of the calling entity. The exact value depends on the type of
      *          entity that is making the call. The values returned are those listed in the <b>aws:userid</b> column in the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable">Principal
      *             table</a> found on the <b>Policy Variables</b> reference
      *          page in the <i>IAM User Guide</i>.</p>
+     * @public
      */
     UserId?: string;
     /**
-     * @public
      * <p>The Amazon Web Services account ID number of the account that owns or contains the calling
      *          entity.</p>
+     * @public
      */
     Account?: string;
     /**
-     * @public
      * <p>The Amazon Web Services ARN associated with the calling entity.</p>
+     * @public
      */
     Arn?: string;
 }
@@ -961,17 +961,16 @@ export interface GetCallerIdentityResponse {
  */
 export interface GetFederationTokenRequest {
     /**
-     * @public
      * <p>The name of the federated user. The name is used as an identifier for the temporary
      *          security credentials (such as <code>Bob</code>). For example, you can reference the
      *          federated user name in a resource-based policy, such as in an Amazon S3 bucket policy.</p>
      *          <p>The regex used to validate this parameter is a string of characters
      *     consisting of upper- and lower-case alphanumeric characters with no spaces. You can
      *     also include underscores or any of the following characters: =,.@-</p>
+     * @public
      */
     Name: string | undefined;
     /**
-     * @public
      * <p>An IAM policy in JSON format that you want to use as an inline session policy.</p>
      *          <p>You must pass an inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policy</a> to
      *          this operation. You can pass a single JSON policy document to use as an inline session
@@ -1002,10 +1001,10 @@ export interface GetFederationTokenRequest {
      *                <code>PackedPolicySize</code> response element indicates by percentage how close the
      *             policies and tags for your request are to the upper size limit.</p>
      *          </note>
+     * @public
      */
     Policy?: string;
     /**
-     * @public
      * <p>The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a
      *          managed session policy. The policies must exist in the same account as the IAM user that is requesting federated access.</p>
      *          <p>You must pass an inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policy</a> to
@@ -1035,20 +1034,20 @@ export interface GetFederationTokenRequest {
      *                <code>PackedPolicySize</code> response element indicates by percentage how close the
      *             policies and tags for your request are to the upper size limit.</p>
      *          </note>
+     * @public
      */
     PolicyArns?: PolicyDescriptorType[];
     /**
-     * @public
      * <p>The duration, in seconds, that the session should last. Acceptable durations for
      *          federation sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with
      *          43,200 seconds (12 hours) as the default. Sessions obtained using root user
      *          credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified
      *          duration is longer than one hour, the session obtained by using root user
      *          credentials defaults to one hour.</p>
+     * @public
      */
     DurationSeconds?: number;
     /**
-     * @public
      * <p>A list of session tags. Each session tag consists of a key name and an associated value.
      *          For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
      *             <i>IAM User Guide</i>.</p>
@@ -1071,57 +1070,58 @@ export interface GetFederationTokenRequest {
      *             <code>department</code>=<code>engineering</code> session tag. <code>Department</code>
      *          and <code>department</code> are not saved as separate tags, and the session tag passed in
      *          the request takes precedence over the role tag.</p>
+     * @public
      */
     Tags?: Tag[];
 }
 /**
- * @public
  * <p>Identifiers for the federated user that is associated with the credentials.</p>
+ * @public
  */
 export interface FederatedUser {
     /**
-     * @public
      * <p>The string that identifies the federated user associated with the credentials, similar
      *          to the unique ID of an IAM user.</p>
+     * @public
      */
     FederatedUserId: string | undefined;
     /**
-     * @public
      * <p>The ARN that specifies the federated user that is associated with the credentials. For
      *          more information about ARNs and how to use them in policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html">IAM
      *             Identifiers</a> in the <i>IAM User Guide</i>. </p>
+     * @public
      */
     Arn: string | undefined;
 }
 /**
- * @public
  * <p>Contains the response to a successful <a>GetFederationToken</a> request,
  *       including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests. </p>
+ * @public
  */
 export interface GetFederationTokenResponse {
     /**
-     * @public
      * <p>The temporary security credentials, which include an access key ID, a secret access key,
      *          and a security (or session) token.</p>
      *          <note>
      *             <p>The size of the security token that STS API operations return is not fixed. We
      *         strongly recommend that you make no assumptions about the maximum size.</p>
      *          </note>
+     * @public
      */
     Credentials?: Credentials;
     /**
-     * @public
      * <p>Identifiers for the federated user associated with the credentials (such as
      *             <code>arn:aws:sts::123456789012:federated-user/Bob</code> or
      *             <code>123456789012:Bob</code>). You can use the federated user's ARN in your
      *          resource-based policies, such as an Amazon S3 bucket policy. </p>
+     * @public
      */
     FederatedUser?: FederatedUser;
     /**
-     * @public
      * <p>A percentage value that indicates the packed size of the session policies and session
      *       tags combined passed in the request. The request fails if the packed size is greater than 100 percent,
      *       which means the policies and tags exceeded the allowed space.</p>
+     * @public
      */
     PackedPolicySize?: number;
 }
@@ -1130,16 +1130,15 @@ export interface GetFederationTokenResponse {
  */
 export interface GetSessionTokenRequest {
     /**
-     * @public
      * <p>The duration, in seconds, that the credentials should remain valid. Acceptable durations
      *          for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds
      *          (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for Amazon Web Services account
      *          owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer
      *          than one hour, the session for Amazon Web Services account owners defaults to one hour.</p>
+     * @public
      */
     DurationSeconds?: number;
     /**
-     * @public
      * <p>The identification number of the MFA device that is associated with the IAM user who is making the <code>GetSessionToken</code> call. Specify this value
      *          if the IAM user has a policy that requires MFA authentication. The value is
      *          either the serial number for a hardware device (such as <code>GAHT12345678</code>) or an
@@ -1148,10 +1147,10 @@ export interface GetSessionTokenRequest {
      *          <p>The regex used to validate this parameter is a string of
      *     characters consisting of upper- and lower-case alphanumeric characters with no spaces.
      *     You can also include underscores or any of the following characters: =,.@:/-</p>
+     * @public
      */
     SerialNumber?: string;
     /**
-     * @public
      * <p>The value provided by the MFA device, if MFA is required. If any policy requires the
      *             IAM user to submit an MFA code, specify this value. If MFA authentication
      *          is required, the user must provide a code when requesting a set of temporary security
@@ -1159,23 +1158,24 @@ export interface GetSessionTokenRequest {
      *          requesting resources that require MFA authentication.</p>
      *          <p>The format for this parameter, as described by its regex pattern, is a sequence of six
      *          numeric digits.</p>
+     * @public
      */
     TokenCode?: string;
 }
 /**
- * @public
  * <p>Contains the response to a successful <a>GetSessionToken</a> request,
  *       including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests. </p>
+ * @public
  */
 export interface GetSessionTokenResponse {
     /**
-     * @public
      * <p>The temporary security credentials, which include an access key ID, a secret access key,
      *          and a security (or session) token.</p>
      *          <note>
      *             <p>The size of the security token that STS API operations return is not fixed. We
      *         strongly recommend that you make no assumptions about the maximum size.</p>
      *          </note>
+     * @public
      */
     Credentials?: Credentials;
 }