npm - @cdk8s/awscdk-resolver - Versions diffs - 0.0.95 → 0.0.96 - Mend

@cdk8s/awscdk-resolver 0.0.95 → 0.0.96

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (187) hide show

package/node_modules/@aws-sdk/client-sts/dist-types/commands/GetFederationTokenCommand.d.ts ADDED Viewed

@@ -0,0 +1,230 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { GetFederationTokenRequest, GetFederationTokenResponse } from "../models/models_0";
+import { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link GetFederationTokenCommand}.
+ */
+export interface GetFederationTokenCommandInput extends GetFederationTokenRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link GetFederationTokenCommand}.
+ */
+export interface GetFederationTokenCommandOutput extends GetFederationTokenResponse, __MetadataBearer {
+}
+declare const GetFederationTokenCommand_base: {
+    new (input: GetFederationTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetFederationTokenCommandInput, GetFederationTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (__0_0: GetFederationTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetFederationTokenCommandInput, GetFederationTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Returns a set of temporary security credentials (consisting of an access key ID, a
+ *          secret access key, and a security token) for a user. A typical use is in a proxy
+ *          application that gets temporary security credentials on behalf of distributed applications
+ *          inside a corporate network.</p>
+ *          <p>You must call the <code>GetFederationToken</code> operation using the long-term security
+ *          credentials of an IAM user. As a result, this call is appropriate in
+ *          contexts where those credentials can be safeguarded, usually in a server-based application.
+ *          For a comparison of <code>GetFederationToken</code> with the other API operations that
+ *          produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
+ *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
+ *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *          <p>Although it is possible to call <code>GetFederationToken</code> using the security
+ *          credentials of an Amazon Web Services account root user rather than an IAM user that you
+ *          create for the purpose of a proxy application, we do not recommend it. For more
+ *          information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials">Safeguard your root user credentials and don't use them for everyday tasks</a> in the
+ *             <i>IAM User Guide</i>. </p>
+ *          <note>
+ *             <p>You can create a mobile-based or browser-based app that can authenticate users using
+ *             a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
+ *             Connect-compatible identity provider. In this case, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon Cognito</a> or
+ *                <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a> in the
+ *                <i>IAM User Guide</i>.</p>
+ *          </note>
+ *          <p>
+ *             <b>Session duration</b>
+ *          </p>
+ *          <p>The temporary credentials are valid for the specified duration, from 900 seconds (15
+ *          minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is
+ *          43,200 seconds (12 hours). Temporary credentials obtained by using the root user
+ *          credentials have a maximum duration of 3,600 seconds (1 hour).</p>
+ *          <p>
+ *             <b>Permissions</b>
+ *          </p>
+ *          <p>You can use the temporary credentials created by <code>GetFederationToken</code> in any
+ *          Amazon Web Services service with the following exceptions:</p>
+ *          <ul>
+ *             <li>
+ *                <p>You cannot call any IAM operations using the CLI or the Amazon Web Services API. This
+ *                limitation does not apply to console sessions.</p>
+ *             </li>
+ *             <li>
+ *                <p>You cannot call any STS operations except <code>GetCallerIdentity</code>.</p>
+ *             </li>
+ *          </ul>
+ *          <p>You can use temporary credentials for single sign-on (SSO) to the console.</p>
+ *          <p>You must pass an inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policy</a> to
+ *          this operation. You can pass a single JSON policy document to use as an inline session
+ *          policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as
+ *          managed session policies. The plaintext that you use for both inline and managed session
+ *          policies can't exceed 2,048 characters.</p>
+ *          <p>Though the session policy parameters are optional, if you do not pass a policy, then the
+ *          resulting federated user session has no permissions. When you pass session policies, the
+ *          session permissions are the intersection of the IAM user policies and the
+ *          session policies that you pass. This gives you a way to further restrict the permissions
+ *          for a federated user. You cannot use session policies to grant more permissions than those
+ *          that are defined in the permissions policy of the IAM user. For more
+ *          information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session Policies</a> in
+ *          the <i>IAM User Guide</i>. For information about using
+ *             <code>GetFederationToken</code> to create temporary security credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken">GetFederationToken—Federation Through a Custom Identity Broker</a>. </p>
+ *          <p>You can use the credentials to access a resource that has a resource-based policy. If
+ *          that policy specifically references the federated user session in the
+ *             <code>Principal</code> element of the policy, the session has the permissions allowed by
+ *          the policy. These permissions are granted in addition to the permissions granted by the
+ *          session policies.</p>
+ *          <p>
+ *             <b>Tags</b>
+ *          </p>
+ *          <p>(Optional) You can pass tag key-value pairs to your session. These are called session
+ *          tags. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
+ *             <i>IAM User Guide</i>.</p>
+ *          <note>
+ *             <p>You can create a mobile-based or browser-based app that can authenticate users using
+ *             a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
+ *             Connect-compatible identity provider. In this case, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon Cognito</a> or
+ *                <code>AssumeRoleWithWebIdentity</code>. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a> in the
+ *                <i>IAM User Guide</i>.</p>
+ *          </note>
+ *          <p>An administrator must grant you the permissions necessary to pass session tags. The
+ *          administrator can also create granular permissions to allow you to pass only specific
+ *          session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
+ *             for Attribute-Based Access Control</a> in the
+ *          <i>IAM User Guide</i>.</p>
+ *          <p>Tag key–value pairs are not case sensitive, but case is preserved. This means that you
+ *          cannot have separate <code>Department</code> and <code>department</code> tag keys. Assume
+ *          that the user that you are federating has the
+ *             <code>Department</code>=<code>Marketing</code> tag and you pass the
+ *             <code>department</code>=<code>engineering</code> session tag. <code>Department</code>
+ *          and <code>department</code> are not saved as separate tags, and the session tag passed in
+ *          the request takes precedence over the user tag.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, GetFederationTokenCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, GetFederationTokenCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * const client = new STSClient(config);
+ * const input = { // GetFederationTokenRequest
+ *   Name: "STRING_VALUE", // required
+ *   Policy: "STRING_VALUE",
+ *   PolicyArns: [ // policyDescriptorListType
+ *     { // PolicyDescriptorType
+ *       arn: "STRING_VALUE",
+ *     },
+ *   ],
+ *   DurationSeconds: Number("int"),
+ *   Tags: [ // tagListType
+ *     { // Tag
+ *       Key: "STRING_VALUE", // required
+ *       Value: "STRING_VALUE", // required
+ *     },
+ *   ],
+ * };
+ * const command = new GetFederationTokenCommand(input);
+ * const response = await client.send(command);
+ * // { // GetFederationTokenResponse
+ * //   Credentials: { // Credentials
+ * //     AccessKeyId: "STRING_VALUE", // required
+ * //     SecretAccessKey: "STRING_VALUE", // required
+ * //     SessionToken: "STRING_VALUE", // required
+ * //     Expiration: new Date("TIMESTAMP"), // required
+ * //   },
+ * //   FederatedUser: { // FederatedUser
+ * //     FederatedUserId: "STRING_VALUE", // required
+ * //     Arn: "STRING_VALUE", // required
+ * //   },
+ * //   PackedPolicySize: Number("int"),
+ * // };
+ *
+ * ```
+ *
+ * @param GetFederationTokenCommandInput - {@link GetFederationTokenCommandInput}
+ * @returns {@link GetFederationTokenCommandOutput}
+ * @see {@link GetFederationTokenCommandInput} for command's `input` shape.
+ * @see {@link GetFederationTokenCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ * @throws {@link MalformedPolicyDocumentException} (client fault)
+ *  <p>The request was rejected because the policy document was malformed. The error message
+ *             describes the specific error.</p>
+ *
+ * @throws {@link PackedPolicyTooLargeException} (client fault)
+ *  <p>The request was rejected because the total packed size of the session policies and
+ *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
+ *             document, session policy ARNs, and session tags into a packed binary format that has a
+ *             separate limit. The error message indicates by percentage how close the policies and
+ *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
+ *             the <i>IAM User Guide</i>.</p>
+ *          <p>You could receive this error even though you meet other defined session policy and
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity
+ *                 Character Limits</a> in the <i>IAM User Guide</i>.</p>
+ *
+ * @throws {@link RegionDisabledException} (client fault)
+ *  <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate STS
+ *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                     Guide</i>.</p>
+ *
+ * @throws {@link STSServiceException}
+ * <p>Base exception class for all service exceptions from STS service.</p>
+ *
+ * @public
+ * @example To get temporary credentials for a role by using GetFederationToken
+ * ```javascript
+ * //
+ * const input = {
+ *   "DurationSeconds": 3600,
+ *   "Name": "testFedUserSession",
+ *   "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Stmt1\",\"Effect\":\"Allow\",\"Action\":\"s3:ListAllMyBuckets\",\"Resource\":\"*\"}]}",
+ *   "Tags": [
+ *     {
+ *       "Key": "Project",
+ *       "Value": "Pegasus"
+ *     },
+ *     {
+ *       "Key": "Cost-Center",
+ *       "Value": "98765"
+ *     }
+ *   ]
+ * };
+ * const command = new GetFederationTokenCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "Credentials": {
+ *     "AccessKeyId": "AKIAIOSFODNN7EXAMPLE",
+ *     "Expiration": "2011-07-15T23:28:33.359Z",
+ *     "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
+ *     "SessionToken": "AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA=="
+ *   },
+ *   "FederatedUser": {
+ *     "Arn": "arn:aws:sts::123456789012:federated-user/Bob",
+ *     "FederatedUserId": "123456789012:Bob"
+ *   },
+ *   "PackedPolicySize": 8
+ * }
+ * *\/
+ * // example id: to-get-temporary-credentials-for-a-role-by-using-getfederationtoken-1480540749900
+ * ```
+ *
+ */
+export declare class GetFederationTokenCommand extends GetFederationTokenCommand_base {
+}

package/node_modules/@aws-sdk/client-sts/dist-types/commands/GetSessionTokenCommand.d.ts ADDED Viewed

@@ -0,0 +1,154 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { GetSessionTokenRequest, GetSessionTokenResponse } from "../models/models_0";
+import { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link GetSessionTokenCommand}.
+ */
+export interface GetSessionTokenCommandInput extends GetSessionTokenRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link GetSessionTokenCommand}.
+ */
+export interface GetSessionTokenCommandOutput extends GetSessionTokenResponse, __MetadataBearer {
+}
+declare const GetSessionTokenCommand_base: {
+    new (input: GetSessionTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetSessionTokenCommandInput, GetSessionTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (...[input]: [] | [GetSessionTokenCommandInput]): import("@smithy/smithy-client").CommandImpl<GetSessionTokenCommandInput, GetSessionTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Returns a set of temporary credentials for an Amazon Web Services account or IAM user.
+ *          The credentials consist of an access key ID, a secret access key, and a security token.
+ *          Typically, you use <code>GetSessionToken</code> if you want to use MFA to protect
+ *          programmatic calls to specific Amazon Web Services API operations like Amazon EC2
+ *          <code>StopInstances</code>.</p>
+ *          <p>MFA-enabled IAM users must call <code>GetSessionToken</code> and submit
+ *          an MFA code that is associated with their MFA device. Using the temporary security
+ *          credentials that the call returns, IAM users can then make programmatic
+ *          calls to API operations that require MFA authentication. An incorrect MFA code causes the
+ *          API to return an access denied error. For a comparison of <code>GetSessionToken</code> with
+ *          the other API operations that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting
+ *             Temporary Security Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison">Comparing the
+ *             Amazon Web Services STS API operations</a> in the <i>IAM User Guide</i>.</p>
+ *          <note>
+ *             <p>No permissions are required for users to perform this operation. The purpose of the
+ *                <code>sts:GetSessionToken</code> operation is to authenticate the user using MFA. You
+ *             cannot use policies to control authentication operations. For more information, see
+ *                <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getsessiontoken.html">Permissions for GetSessionToken</a> in the
+ *             <i>IAM User Guide</i>.</p>
+ *          </note>
+ *          <p>
+ *             <b>Session Duration</b>
+ *          </p>
+ *          <p>The <code>GetSessionToken</code> operation must be called by using the long-term Amazon Web Services
+ *          security credentials of an IAM user. Credentials that are created by IAM users are valid for the duration that you specify. This duration can range
+ *          from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default
+ *          of 43,200 seconds (12 hours). Credentials based on account credentials can range from 900
+ *          seconds (15 minutes) up to 3,600 seconds (1 hour), with a default of 1 hour. </p>
+ *          <p>
+ *             <b>Permissions</b>
+ *          </p>
+ *          <p>The temporary security credentials created by <code>GetSessionToken</code> can be used
+ *          to make API calls to any Amazon Web Services service with the following exceptions:</p>
+ *          <ul>
+ *             <li>
+ *                <p>You cannot call any IAM API operations unless MFA authentication information is
+ *                included in the request.</p>
+ *             </li>
+ *             <li>
+ *                <p>You cannot call any STS API <i>except</i>
+ *                   <code>AssumeRole</code> or <code>GetCallerIdentity</code>.</p>
+ *             </li>
+ *          </ul>
+ *          <p>The credentials that <code>GetSessionToken</code> returns are based on permissions
+ *          associated with the IAM user whose credentials were used to call the
+ *          operation. The temporary credentials have the same permissions as the IAM user.</p>
+ *          <note>
+ *             <p>Although it is possible to call <code>GetSessionToken</code> using the security
+ *             credentials of an Amazon Web Services account root user rather than an IAM user, we do
+ *             not recommend it. If <code>GetSessionToken</code> is called using root user
+ *             credentials, the temporary credentials have root user permissions. For more
+ *             information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#lock-away-credentials">Safeguard your root user credentials and don't use them for everyday tasks</a> in the
+ *                <i>IAM User Guide</i>
+ *             </p>
+ *          </note>
+ *          <p>For more information about using <code>GetSessionToken</code> to create temporary
+ *          credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken">Temporary
+ *             Credentials for Users in Untrusted Environments</a> in the
+ *             <i>IAM User Guide</i>. </p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, GetSessionTokenCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, GetSessionTokenCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * const client = new STSClient(config);
+ * const input = { // GetSessionTokenRequest
+ *   DurationSeconds: Number("int"),
+ *   SerialNumber: "STRING_VALUE",
+ *   TokenCode: "STRING_VALUE",
+ * };
+ * const command = new GetSessionTokenCommand(input);
+ * const response = await client.send(command);
+ * // { // GetSessionTokenResponse
+ * //   Credentials: { // Credentials
+ * //     AccessKeyId: "STRING_VALUE", // required
+ * //     SecretAccessKey: "STRING_VALUE", // required
+ * //     SessionToken: "STRING_VALUE", // required
+ * //     Expiration: new Date("TIMESTAMP"), // required
+ * //   },
+ * // };
+ *
+ * ```
+ *
+ * @param GetSessionTokenCommandInput - {@link GetSessionTokenCommandInput}
+ * @returns {@link GetSessionTokenCommandOutput}
+ * @see {@link GetSessionTokenCommandInput} for command's `input` shape.
+ * @see {@link GetSessionTokenCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ * @throws {@link RegionDisabledException} (client fault)
+ *  <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate STS
+ *             in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *                 Deactivating Amazon Web Services STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                     Guide</i>.</p>
+ *
+ * @throws {@link STSServiceException}
+ * <p>Base exception class for all service exceptions from STS service.</p>
+ *
+ * @public
+ * @example To get temporary credentials for an IAM user or an AWS account
+ * ```javascript
+ * //
+ * const input = {
+ *   "DurationSeconds": 3600,
+ *   "SerialNumber": "YourMFASerialNumber",
+ *   "TokenCode": "123456"
+ * };
+ * const command = new GetSessionTokenCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "Credentials": {
+ *     "AccessKeyId": "AKIAIOSFODNN7EXAMPLE",
+ *     "Expiration": "2011-07-11T19:55:29.611Z",
+ *     "SecretAccessKey": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
+ *     "SessionToken": "AQoEXAMPLEH4aoAH0gNCAPyJxz4BlCFFxWNE1OPTgk5TthT+FvwqnKwRcOIfrRh3c/LTo6UDdyJwOOvEVPvLXCrrrUtdnniCEXAMPLE/IvU1dYUg2RVAJBanLiHb4IgRmpRV3zrkuWJOgQs8IZZaIv2BXIa2R4OlgkBN9bkUDNCJiBeb/AXlzBBko7b15fjrBs2+cTQtpZ3CYWFXG8C5zqx37wnOE49mRl/+OtkIKGO7fAE"
+ *   }
+ * }
+ * *\/
+ * // example id: to-get-temporary-credentials-for-an-iam-user-or-an-aws-account-1480540814038
+ * ```
+ *
+ */
+export declare class GetSessionTokenCommand extends GetSessionTokenCommand_base {
+}

package/node_modules/@aws-sdk/client-sts/dist-types/commands/index.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+export * from "./AssumeRoleCommand";
+export * from "./AssumeRoleWithSAMLCommand";
+export * from "./AssumeRoleWithWebIdentityCommand";
+export * from "./DecodeAuthorizationMessageCommand";
+export * from "./GetAccessKeyInfoCommand";
+export * from "./GetCallerIdentityCommand";
+export * from "./GetFederationTokenCommand";
+export * from "./GetSessionTokenCommand";

package/node_modules/@aws-sdk/client-sts/dist-types/defaultRoleAssumers.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { Pluggable } from "@smithy/types";
+import { DefaultCredentialProvider, RoleAssumer, RoleAssumerWithWebIdentity, STSRoleAssumerOptions } from "./defaultStsRoleAssumers";
+import { ServiceInputTypes, ServiceOutputTypes } from "./STSClient";
+/**
+ * The default role assumer that used by credential providers when sts:AssumeRole API is needed.
+ */
+export declare const getDefaultRoleAssumer: (stsOptions?: STSRoleAssumerOptions, stsPlugins?: Pluggable<ServiceInputTypes, ServiceOutputTypes>[]) => RoleAssumer;
+/**
+ * The default role assumer that used by credential providers when sts:AssumeRoleWithWebIdentity API is needed.
+ */
+export declare const getDefaultRoleAssumerWithWebIdentity: (stsOptions?: STSRoleAssumerOptions, stsPlugins?: Pluggable<ServiceInputTypes, ServiceOutputTypes>[]) => RoleAssumerWithWebIdentity;
+/**
+ * The default credential providers depend STS client to assume role with desired API: sts:assumeRole,
+ * sts:assumeRoleWithWebIdentity, etc. This function decorates the default credential provider with role assumers which
+ * encapsulates the process of calling STS commands. This can only be imported by AWS client packages to avoid circular
+ * dependencies.
+ *
+ * @internal
+ *
+ * @deprecated this is no longer needed. Use the defaultProvider directly,
+ * which will load STS if needed.
+ */
+export declare const decorateDefaultCredentialProvider: (provider: DefaultCredentialProvider) => DefaultCredentialProvider;

package/node_modules/@aws-sdk/client-sts/dist-types/defaultStsRoleAssumers.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+import type { CredentialProviderOptions } from "@aws-sdk/types";
+import { AwsCredentialIdentity, Logger, Provider } from "@smithy/types";
+import { AssumeRoleCommandInput } from "./commands/AssumeRoleCommand";
+import { AssumeRoleWithWebIdentityCommandInput } from "./commands/AssumeRoleWithWebIdentityCommand";
+import type { STSClient, STSClientConfig } from "./STSClient";
+/**
+ * @public
+ */
+export type STSRoleAssumerOptions = Pick<STSClientConfig, "logger" | "region" | "requestHandler"> & {
+    credentialProviderLogger?: Logger;
+    parentClientConfig?: CredentialProviderOptions["parentClientConfig"];
+};
+/**
+ * @internal
+ */
+export type RoleAssumer = (sourceCreds: AwsCredentialIdentity, params: AssumeRoleCommandInput) => Promise<AwsCredentialIdentity>;
+/**
+ * The default role assumer that used by credential providers when sts:AssumeRole API is needed.
+ * @internal
+ */
+export declare const getDefaultRoleAssumer: (stsOptions: STSRoleAssumerOptions, stsClientCtor: new (options: STSClientConfig) => STSClient) => RoleAssumer;
+/**
+ * @internal
+ */
+export type RoleAssumerWithWebIdentity = (params: AssumeRoleWithWebIdentityCommandInput) => Promise<AwsCredentialIdentity>;
+/**
+ * The default role assumer that used by credential providers when sts:AssumeRoleWithWebIdentity API is needed.
+ * @internal
+ */
+export declare const getDefaultRoleAssumerWithWebIdentity: (stsOptions: STSRoleAssumerOptions, stsClientCtor: new (options: STSClientConfig) => STSClient) => RoleAssumerWithWebIdentity;
+/**
+ * @internal
+ */
+export type DefaultCredentialProvider = (input: any) => Provider<AwsCredentialIdentity>;
+/**
+ * The default credential providers depend STS client to assume role with desired API: sts:assumeRole,
+ * sts:assumeRoleWithWebIdentity, etc. This function decorates the default credential provider with role assumers which
+ * encapsulates the process of calling STS commands. This can only be imported by AWS client packages to avoid circular
+ * dependencies.
+ *
+ * @internal
+ */
+export declare const decorateDefaultCredentialProvider: (provider: DefaultCredentialProvider) => DefaultCredentialProvider;

package/node_modules/@aws-sdk/client-sts/dist-types/endpoint/EndpointParameters.d.ts ADDED Viewed

@@ -0,0 +1,46 @@
+import { Endpoint, EndpointParameters as __EndpointParameters, EndpointV2, Provider } from "@smithy/types";
+/**
+ * @public
+ */
+export interface ClientInputEndpointParameters {
+    region?: string | Provider<string>;
+    useDualstackEndpoint?: boolean | Provider<boolean>;
+    useFipsEndpoint?: boolean | Provider<boolean>;
+    endpoint?: string | Provider<string> | Endpoint | Provider<Endpoint> | EndpointV2 | Provider<EndpointV2>;
+    useGlobalEndpoint?: boolean | Provider<boolean>;
+}
+export type ClientResolvedEndpointParameters = ClientInputEndpointParameters & {
+    defaultSigningName: string;
+};
+export declare const resolveClientEndpointParameters: <T>(options: T & ClientInputEndpointParameters) => T & ClientInputEndpointParameters & {
+    defaultSigningName: string;
+};
+export declare const commonParams: {
+    readonly UseGlobalEndpoint: {
+        readonly type: "builtInParams";
+        readonly name: "useGlobalEndpoint";
+    };
+    readonly UseFIPS: {
+        readonly type: "builtInParams";
+        readonly name: "useFipsEndpoint";
+    };
+    readonly Endpoint: {
+        readonly type: "builtInParams";
+        readonly name: "endpoint";
+    };
+    readonly Region: {
+        readonly type: "builtInParams";
+        readonly name: "region";
+    };
+    readonly UseDualStack: {
+        readonly type: "builtInParams";
+        readonly name: "useDualstackEndpoint";
+    };
+};
+export interface EndpointParameters extends __EndpointParameters {
+    Region?: string;
+    UseDualStack?: boolean;
+    UseFIPS?: boolean;
+    Endpoint?: string;
+    UseGlobalEndpoint?: boolean;
+}

package/node_modules/@aws-sdk/client-sts/dist-types/endpoint/endpointResolver.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { EndpointV2, Logger } from "@smithy/types";
+import { EndpointParameters } from "./EndpointParameters";
+export declare const defaultEndpointResolver: (endpointParams: EndpointParameters, context?: {
+    logger?: Logger;
+}) => EndpointV2;

package/node_modules/@aws-sdk/client-sts/dist-types/endpoint/ruleset.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { RuleSetObject } from "@smithy/types";
2	+ export declare const ruleSet: RuleSetObject;

package/node_modules/@aws-sdk/client-sts/dist-types/extensionConfiguration.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { AwsRegionExtensionConfiguration } from "@aws-sdk/types";
+import { HttpHandlerExtensionConfiguration } from "@smithy/protocol-http";
+import { DefaultExtensionConfiguration } from "@smithy/types";
+import { HttpAuthExtensionConfiguration } from "./auth/httpAuthExtensionConfiguration";
+/**
+ * @internal
+ */
+export interface STSExtensionConfiguration extends HttpHandlerExtensionConfiguration, DefaultExtensionConfiguration, AwsRegionExtensionConfiguration, HttpAuthExtensionConfiguration {
+}

package/node_modules/@aws-sdk/client-sts/dist-types/index.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * <fullname>Security Token Service</fullname>
+ *          <p>Security Token Service (STS) enables you to request temporary, limited-privilege
+ *       credentials for users. This guide provides descriptions of the STS API. For
+ *       more information about using this service, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html">Temporary Security Credentials</a>.</p>
+ *
+ * @packageDocumentation
+ */
+export * from "./STSClient";
+export * from "./STS";
+export { ClientInputEndpointParameters } from "./endpoint/EndpointParameters";
+export { RuntimeExtension } from "./runtimeExtensions";
+export { STSExtensionConfiguration } from "./extensionConfiguration";
+export * from "./commands";
+export * from "./models";
+export * from "./defaultRoleAssumers";
+export { STSServiceException } from "./models/STSServiceException";

package/node_modules/@aws-sdk/client-sts/dist-types/models/STSServiceException.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { ServiceException as __ServiceException, ServiceExceptionOptions as __ServiceExceptionOptions } from "@smithy/smithy-client";
+export { __ServiceException, __ServiceExceptionOptions };
+/**
+ * @public
+ *
+ * Base exception class for all service exceptions from STS service.
+ */
+export declare class STSServiceException extends __ServiceException {
+    /**
+     * @internal
+     */
+    constructor(options: __ServiceExceptionOptions);
+}

package/node_modules/@aws-sdk/client-sts/dist-types/models/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from "./models_0";