@jjrawlins/cdk-iam-policy-builder-helper 0.0.77 → 0.0.79

package/node_modules/@aws-sdk/client-iam/dist-types/models/models_1.d.ts

@@ -1,6 +1,301 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
 import { IAMServiceException as __BaseException } from "./IAMServiceException";
-import { AssertionEncryptionModeType, ContextEntry, Role, ServerCertificateMetadata, SigningCertificate, SSHPublicKey, StatusType, Tag } from "./models_0";
+import { AssertionEncryptionModeType, GlobalEndpointTokenVersion, Role, ServerCertificateMetadata, SigningCertificate, SSHPublicKey, StatusType, Tag } from "./models_0";
+/**
+ * @public
+ */
+export interface SetSecurityTokenServicePreferencesRequest {
+    /**
+     * <p>The version of the global endpoint token. Version 1 tokens are valid only in Amazon Web Services Regions that are available by default. These tokens do not work in
+     *             manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid
+     *             in all Regions. However, version 2 tokens are longer and might affect systems where you
+     *             temporarily store tokens.</p>
+     *          <p>For information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+     *                 deactivating STS in an Amazon Web Services Region</a> in the
+     *                 <i>IAM User Guide</i>.</p>
+     * @public
+     */
+    GlobalEndpointTokenVersion: GlobalEndpointTokenVersion | undefined;
+}
+/**
+ * <p>The request failed because a provided policy could not be successfully evaluated. An
+ *       additional detailed message indicates the source of the failure.</p>
+ * @public
+ */
+export declare class PolicyEvaluationException extends __BaseException {
+    readonly name: "PolicyEvaluationException";
+    readonly $fault: "server";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<PolicyEvaluationException, __BaseException>);
+}
+/**
+ * @public
+ * @enum
+ */
+export declare const ContextKeyTypeEnum: {
+    readonly BINARY: "binary";
+    readonly BINARY_LIST: "binaryList";
+    readonly BOOLEAN: "boolean";
+    readonly BOOLEAN_LIST: "booleanList";
+    readonly DATE: "date";
+    readonly DATE_LIST: "dateList";
+    readonly IP: "ip";
+    readonly IP_LIST: "ipList";
+    readonly NUMERIC: "numeric";
+    readonly NUMERIC_LIST: "numericList";
+    readonly STRING: "string";
+    readonly STRING_LIST: "stringList";
+};
+/**
+ * @public
+ */
+export type ContextKeyTypeEnum = (typeof ContextKeyTypeEnum)[keyof typeof ContextKeyTypeEnum];
+/**
+ * <p>Contains information about a condition context key. It includes the name of the key and
+ *          specifies the value (or values, if the context key supports multiple values) to use in the
+ *          simulation. This information is used when evaluating the <code>Condition</code> elements of
+ *          the input policies.</p>
+ *          <p>This data type is used as an input parameter to <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulateCustomPolicy.html">SimulateCustomPolicy</a>
+ *          and <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_SimulatePrincipalPolicy.html">SimulatePrincipalPolicy</a>.</p>
+ * @public
+ */
+export interface ContextEntry {
+    /**
+     * <p>The full name of a condition context key, including the service prefix. For example,
+     *             <code>aws:SourceIp</code> or <code>s3:VersionId</code>.</p>
+     * @public
+     */
+    ContextKeyName?: string | undefined;
+    /**
+     * <p>The value (or values, if the condition context key supports multiple values) to provide
+     *          to the simulation when the key is referenced by a <code>Condition</code> element in an
+     *          input policy.</p>
+     * @public
+     */
+    ContextKeyValues?: string[] | undefined;
+    /**
+     * <p>The data type of the value (or values) specified in the <code>ContextKeyValues</code>
+     *          parameter.</p>
+     * @public
+     */
+    ContextKeyType?: ContextKeyTypeEnum | undefined;
+}
+/**
+ * @public
+ */
+export interface SimulateCustomPolicyRequest {
+    /**
+     * <p>A list of policy documents to include in the simulation. Each document is specified as
+     *             a string containing the complete, valid JSON text of an IAM policy. Do not include any
+     *             resource-based policies in this parameter. Any resource-based policy must be submitted
+     *             with the <code>ResourcePolicy</code> parameter. The policies cannot be "scope-down"
+     *             policies, such as you could include in a call to <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html">GetFederationToken</a> or one of
+     *             the <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html">AssumeRole</a> API operations. In other words, do not use policies designed to
+     *             restrict what a user can do while using the temporary credentials.</p>
+     *          <p>The maximum length of the policy document that you can pass in this operation,
+     *             including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
+     *          <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
+     *     used to validate this parameter is a string of characters consisting of the following:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Any printable ASCII
+     *     character ranging from the space character (<code>\u0020</code>) through the end of the ASCII character range</p>
+     *             </li>
+     *             <li>
+     *                <p>The printable characters in the Basic Latin and  Latin-1 Supplement character set
+     *     (through <code>\u00FF</code>)</p>
+     *             </li>
+     *             <li>
+     *                <p>The special characters tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and
+     *     carriage return (<code>\u000D</code>)</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    PolicyInputList: string[] | undefined;
+    /**
+     * <p>The IAM permissions boundary policy to simulate. The permissions boundary sets the
+     *             maximum permissions that an IAM entity can have. You can input only one permissions
+     *             boundary when you pass a policy to this operation. For more information about
+     *             permissions boundaries, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html">Permissions boundaries for IAM
+     *                 entities</a> in the <i>IAM User Guide</i>. The policy input is
+     *             specified as a string that contains the complete, valid JSON text of a permissions
+     *             boundary policy.</p>
+     *          <p>The maximum length of the policy document that you can pass in this operation,
+     *             including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
+     *          <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
+     *     used to validate this parameter is a string of characters consisting of the following:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Any printable ASCII
+     *     character ranging from the space character (<code>\u0020</code>) through the end of the ASCII character range</p>
+     *             </li>
+     *             <li>
+     *                <p>The printable characters in the Basic Latin and  Latin-1 Supplement character set
+     *     (through <code>\u00FF</code>)</p>
+     *             </li>
+     *             <li>
+     *                <p>The special characters tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and
+     *     carriage return (<code>\u000D</code>)</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    PermissionsBoundaryPolicyInputList?: string[] | undefined;
+    /**
+     * <p>A list of names of API operations to evaluate in the simulation. Each operation is
+     *             evaluated against each resource. Each operation must include the service identifier,
+     *             such as <code>iam:CreateUser</code>. This operation does not support using wildcards (*)
+     *             in an action name.</p>
+     * @public
+     */
+    ActionNames: string[] | undefined;
+    /**
+     * <p>A list of ARNs of Amazon Web Services resources to include in the simulation. If this parameter is
+     *             not provided, then the value defaults to <code>*</code> (all resources). Each API in the
+     *                 <code>ActionNames</code> parameter is evaluated for each resource in this list. The
+     *             simulation determines the access result (allowed or denied) of each combination and
+     *             reports it in the response. You can simulate resources that don't exist in your
+     *             account.</p>
+     *          <p>The simulation does not automatically retrieve policies for the specified resources.
+     *             If you want to include a resource policy in the simulation, then you must include the
+     *             policy as a string in the <code>ResourcePolicy</code> parameter.</p>
+     *          <p>If you include a <code>ResourcePolicy</code>, then it must be applicable to all of the
+     *             resources included in the simulation or you receive an invalid input error.</p>
+     *          <p>For more information about ARNs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> in the <i>Amazon Web Services General Reference</i>.</p>
+     *          <note>
+     *             <p>Simulation of resource-based policies isn't supported for IAM roles.</p>
+     *          </note>
+     * @public
+     */
+    ResourceArns?: string[] | undefined;
+    /**
+     * <p>A resource-based policy to include in the simulation provided as a string. Each
+     *             resource in the simulation is treated as if it had this policy attached. You can include
+     *             only one resource-based policy in a simulation.</p>
+     *          <p>The maximum length of the policy document that you can pass in this operation,
+     *             including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length">IAM and STS character quotas</a>.</p>
+     *          <p>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a>
+     *     used to validate this parameter is a string of characters consisting of the following:</p>
+     *          <ul>
+     *             <li>
+     *                <p>Any printable ASCII
+     *     character ranging from the space character (<code>\u0020</code>) through the end of the ASCII character range</p>
+     *             </li>
+     *             <li>
+     *                <p>The printable characters in the Basic Latin and  Latin-1 Supplement character set
+     *     (through <code>\u00FF</code>)</p>
+     *             </li>
+     *             <li>
+     *                <p>The special characters tab (<code>\u0009</code>), line feed (<code>\u000A</code>), and
+     *     carriage return (<code>\u000D</code>)</p>
+     *             </li>
+     *          </ul>
+     *          <note>
+     *             <p>Simulation of resource-based policies isn't supported for IAM roles.</p>
+     *          </note>
+     * @public
+     */
+    ResourcePolicy?: string | undefined;
+    /**
+     * <p>An ARN representing the Amazon Web Services account ID that specifies the owner of any simulated
+     *             resource that does not identify its owner in the resource ARN. Examples of resource ARNs
+     *             include an S3 bucket or object. If <code>ResourceOwner</code> is specified, it is also
+     *             used as the account owner of any <code>ResourcePolicy</code> included in the simulation.
+     *             If the <code>ResourceOwner</code> parameter is not specified, then the owner of the
+     *             resources and the resource policy defaults to the account of the identity provided in
+     *                 <code>CallerArn</code>. This parameter is required only if you specify a
+     *             resource-based policy and account that owns the resource is different from the account
+     *             that owns the simulated calling user <code>CallerArn</code>.</p>
+     *          <p>The ARN for an account uses the following syntax:
+     *                     <code>arn:aws:iam::<i>AWS-account-ID</i>:root</code>. For example,
+     *             to represent the account with the 112233445566 ID, use the following ARN:
+     *                 <code>arn:aws:iam::112233445566-ID:root</code>. </p>
+     * @public
+     */
+    ResourceOwner?: string | undefined;
+    /**
+     * <p>The ARN of the IAM user that you want to use as the simulated caller of the API
+     *             operations. <code>CallerArn</code> is required if you include a
+     *                 <code>ResourcePolicy</code> so that the policy's <code>Principal</code> element has
+     *             a value to use in evaluating the policy.</p>
+     *          <p>You can specify only the ARN of an IAM user. You cannot specify the ARN of an
+     *             assumed role, federated user, or a service principal.</p>
+     * @public
+     */
+    CallerArn?: string | undefined;
+    /**
+     * <p>A list of context keys and corresponding values for the simulation to use. Whenever a
+     *             context key is evaluated in one of the simulated IAM permissions policies, the
+     *             corresponding value is supplied.</p>
+     * @public
+     */
+    ContextEntries?: ContextEntry[] | undefined;
+    /**
+     * <p>Specifies the type of simulation to run. Different API operations that support
+     *             resource-based policies require different combinations of resources. By specifying the
+     *             type of simulation to run, you enable the policy simulator to enforce the presence of
+     *             the required resources to ensure reliable simulation results. If your simulation does
+     *             not match one of the following scenarios, then you can omit this parameter. The
+     *             following list shows each of the supported scenario values and the resources that you
+     *             must define to run the simulation.</p>
+     *          <p>Each of the Amazon EC2 scenarios requires that you specify instance, image, and security
+     *             group resources. If your scenario includes an EBS volume, then you must specify that
+     *             volume as a resource. If the Amazon EC2 scenario includes VPC, then you must supply the
+     *             network interface resource. If it includes an IP subnet, then you must specify the
+     *             subnet resource. For more information on the Amazon EC2 scenario options, see <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html">Supported platforms</a> in the <i>Amazon EC2 User Guide</i>.</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <b>EC2-VPC-InstanceStore</b>
+     *                </p>
+     *                <p>instance, image, security group, network interface</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>EC2-VPC-InstanceStore-Subnet</b>
+     *                </p>
+     *                <p>instance, image, security group, network interface, subnet</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>EC2-VPC-EBS</b>
+     *                </p>
+     *                <p>instance, image, security group, network interface, volume</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>EC2-VPC-EBS-Subnet</b>
+     *                </p>
+     *                <p>instance, image, security group, network interface, subnet, volume</p>
+     *             </li>
+     *          </ul>
+     * @public
+     */
+    ResourceHandlingOption?: string | undefined;
+    /**
+     * <p>Use this only when paginating results to indicate the
+     *     maximum number of items you want in the response. If additional items exist beyond the maximum
+     *     you specify, the <code>IsTruncated</code> response element is <code>true</code>.</p>
+     *          <p>If you do not include this parameter, the number of items defaults to 100. Note that
+     *     IAM might return fewer results, even when there are more results available. In that case, the
+     *     <code>IsTruncated</code> response element returns <code>true</code>, and <code>Marker</code>
+     *     contains a value to include in the subsequent call that tells the service where to continue
+     *     from.</p>
+     * @public
+     */
+    MaxItems?: number | undefined;
+    /**
+     * <p>Use this parameter only when paginating results and only after
+     *     you receive a response indicating that the results are truncated. Set it to the value of the
+     *     <code>Marker</code> element in the response that you received to indicate where the next call
+     *     should start.</p>
+     * @public
+     */
+    Marker?: string | undefined;
+}
 /**
  * @public
  * @enum

package/node_modules/@aws-sdk/client-iam/dist-types/protocols/Aws_query.d.ts

@@ -9,6 +9,7 @@ import { AttachUserPolicyCommandInput, AttachUserPolicyCommandOutput } from "../
 import { ChangePasswordCommandInput, ChangePasswordCommandOutput } from "../commands/ChangePasswordCommand";
 import { CreateAccessKeyCommandInput, CreateAccessKeyCommandOutput } from "../commands/CreateAccessKeyCommand";
 import { CreateAccountAliasCommandInput, CreateAccountAliasCommandOutput } from "../commands/CreateAccountAliasCommand";
+import { CreateDelegationRequestCommandInput, CreateDelegationRequestCommandOutput } from "../commands/CreateDelegationRequestCommand";
 import { CreateGroupCommandInput, CreateGroupCommandOutput } from "../commands/CreateGroupCommand";
 import { CreateInstanceProfileCommandInput, CreateInstanceProfileCommandOutput } from "../commands/CreateInstanceProfileCommand";
 import { CreateLoginProfileCommandInput, CreateLoginProfileCommandOutput } from "../commands/CreateLoginProfileCommand";
@@ -200,6 +201,10 @@ export declare const se_CreateAccessKeyCommand: (input: CreateAccessKeyCommandIn
  * serializeAws_queryCreateAccountAliasCommand
  */
 export declare const se_CreateAccountAliasCommand: (input: CreateAccountAliasCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
+/**
+ * serializeAws_queryCreateDelegationRequestCommand
+ */
+export declare const se_CreateDelegationRequestCommand: (input: CreateDelegationRequestCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 /**
  * serializeAws_queryCreateGroupCommand
  */
@@ -856,6 +861,10 @@ export declare const de_CreateAccessKeyCommand: (output: __HttpResponse, context
  * deserializeAws_queryCreateAccountAliasCommand
  */
 export declare const de_CreateAccountAliasCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<CreateAccountAliasCommandOutput>;
+/**
+ * deserializeAws_queryCreateDelegationRequestCommand
+ */
+export declare const de_CreateDelegationRequestCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<CreateDelegationRequestCommandOutput>;
 /**
  * deserializeAws_queryCreateGroupCommand
  */

package/node_modules/@aws-sdk/client-iam/dist-types/ts3.4/IAM.d.ts

@@ -35,6 +35,10 @@ import {
   CreateAccountAliasCommandInput,
   CreateAccountAliasCommandOutput,
 } from "./commands/CreateAccountAliasCommand";
+import {
+  CreateDelegationRequestCommandInput,
+  CreateDelegationRequestCommandOutput,
+} from "./commands/CreateDelegationRequestCommand";
 import {
   CreateGroupCommandInput,
   CreateGroupCommandOutput,
@@ -781,6 +785,19 @@ export interface IAM {
     options: __HttpHandlerOptions,
     cb: (err: any, data?: CreateAccountAliasCommandOutput) => void
   ): void;
+  createDelegationRequest(
+    args: CreateDelegationRequestCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<CreateDelegationRequestCommandOutput>;
+  createDelegationRequest(
+    args: CreateDelegationRequestCommandInput,
+    cb: (err: any, data?: CreateDelegationRequestCommandOutput) => void
+  ): void;
+  createDelegationRequest(
+    args: CreateDelegationRequestCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: CreateDelegationRequestCommandOutput) => void
+  ): void;
   createGroup(
     args: CreateGroupCommandInput,
     options?: __HttpHandlerOptions

package/node_modules/@aws-sdk/client-iam/dist-types/ts3.4/IAMClient.d.ts

@@ -81,6 +81,10 @@ import {
   CreateAccountAliasCommandInput,
   CreateAccountAliasCommandOutput,
 } from "./commands/CreateAccountAliasCommand";
+import {
+  CreateDelegationRequestCommandInput,
+  CreateDelegationRequestCommandOutput,
+} from "./commands/CreateDelegationRequestCommand";
 import {
   CreateGroupCommandInput,
   CreateGroupCommandOutput,
@@ -718,6 +722,7 @@ export type ServiceInputTypes =
   | ChangePasswordCommandInput
   | CreateAccessKeyCommandInput
   | CreateAccountAliasCommandInput
+  | CreateDelegationRequestCommandInput
   | CreateGroupCommandInput
   | CreateInstanceProfileCommandInput
   | CreateLoginProfileCommandInput
@@ -883,6 +888,7 @@ export type ServiceOutputTypes =
   | ChangePasswordCommandOutput
   | CreateAccessKeyCommandOutput
   | CreateAccountAliasCommandOutput
+  | CreateDelegationRequestCommandOutput
   | CreateGroupCommandOutput
   | CreateInstanceProfileCommandOutput
   | CreateLoginProfileCommandOutput

package/node_modules/@aws-sdk/client-iam/dist-types/ts3.4/commands/CreateDelegationRequestCommand.d.ts

@@ -0,0 +1,51 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import {
+  IAMClientResolvedConfig,
+  ServiceInputTypes,
+  ServiceOutputTypes,
+} from "../IAMClient";
+import {
+  CreateDelegationRequestRequest,
+  CreateDelegationRequestResponse,
+} from "../models/models_0";
+export { __MetadataBearer };
+export { $Command };
+export interface CreateDelegationRequestCommandInput
+  extends CreateDelegationRequestRequest {}
+export interface CreateDelegationRequestCommandOutput
+  extends CreateDelegationRequestResponse,
+    __MetadataBearer {}
+declare const CreateDelegationRequestCommand_base: {
+  new (
+    input: CreateDelegationRequestCommandInput
+  ): import("@smithy/smithy-client").CommandImpl<
+    CreateDelegationRequestCommandInput,
+    CreateDelegationRequestCommandOutput,
+    IAMClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  new (
+    input: CreateDelegationRequestCommandInput
+  ): import("@smithy/smithy-client").CommandImpl<
+    CreateDelegationRequestCommandInput,
+    CreateDelegationRequestCommandOutput,
+    IAMClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+export declare class CreateDelegationRequestCommand extends CreateDelegationRequestCommand_base {
+  protected static __types: {
+    api: {
+      input: CreateDelegationRequestRequest;
+      output: CreateDelegationRequestResponse;
+    };
+    sdk: {
+      input: CreateDelegationRequestCommandInput;
+      output: CreateDelegationRequestCommandOutput;
+    };
+  };
+}

package/node_modules/@aws-sdk/client-iam/dist-types/ts3.4/commands/SetSecurityTokenServicePreferencesCommand.d.ts

@@ -5,7 +5,7 @@ import {
   ServiceInputTypes,
   ServiceOutputTypes,
 } from "../IAMClient";
-import { SetSecurityTokenServicePreferencesRequest } from "../models/models_0";
+import { SetSecurityTokenServicePreferencesRequest } from "../models/models_1";
 export { __MetadataBearer };
 export { $Command };
 export interface SetSecurityTokenServicePreferencesCommandInput

package/node_modules/@aws-sdk/client-iam/dist-types/ts3.4/commands/SimulateCustomPolicyCommand.d.ts

@@ -5,8 +5,10 @@ import {
   ServiceInputTypes,
   ServiceOutputTypes,
 } from "../IAMClient";
-import { SimulateCustomPolicyRequest } from "../models/models_0";
-import { SimulatePolicyResponse } from "../models/models_1";
+import {
+  SimulateCustomPolicyRequest,
+  SimulatePolicyResponse,
+} from "../models/models_1";
 export { __MetadataBearer };
 export { $Command };
 export interface SimulateCustomPolicyCommandInput

package/node_modules/@aws-sdk/client-iam/dist-types/ts3.4/commands/index.d.ts

@@ -7,6 +7,7 @@ export * from "./AttachUserPolicyCommand";
 export * from "./ChangePasswordCommand";
 export * from "./CreateAccessKeyCommand";
 export * from "./CreateAccountAliasCommand";
+export * from "./CreateDelegationRequestCommand";
 export * from "./CreateGroupCommand";
 export * from "./CreateInstanceProfileCommand";
 export * from "./CreateLoginProfileCommand";

package/node_modules/@aws-sdk/client-iam/dist-types/ts3.4/models/models_0.d.ts

@@ -198,6 +198,36 @@ export interface CreateAccessKeyResponse {
 export interface CreateAccountAliasRequest {
   AccountAlias: string | undefined;
 }
+export declare const PolicyParameterTypeEnum: {
+  readonly STRING: "string";
+  readonly STRING_LIST: "stringList";
+};
+export type PolicyParameterTypeEnum =
+  (typeof PolicyParameterTypeEnum)[keyof typeof PolicyParameterTypeEnum];
+export interface PolicyParameter {
+  Name?: string | undefined;
+  Values?: string[] | undefined;
+  Type?: PolicyParameterTypeEnum | undefined;
+}
+export interface DelegationPermission {
+  PolicyTemplateArn?: string | undefined;
+  Parameters?: PolicyParameter[] | undefined;
+}
+export interface CreateDelegationRequestRequest {
+  OwnerAccountId?: string | undefined;
+  Description: string | undefined;
+  Permissions: DelegationPermission | undefined;
+  RequestMessage?: string | undefined;
+  RequestorWorkflowId: string | undefined;
+  RedirectUrl?: string | undefined;
+  NotificationChannel: string | undefined;
+  SessionDuration: number | undefined;
+  OnlySendByOwner?: boolean | undefined;
+}
+export interface CreateDelegationRequestResponse {
+  ConsoleDeepLink?: string | undefined;
+  DelegationRequestId?: string | undefined;
+}
 export interface CreateGroupRequest {
   Path?: string | undefined;
   GroupName: string | undefined;
@@ -1592,50 +1622,6 @@ export declare const GlobalEndpointTokenVersion: {
 };
 export type GlobalEndpointTokenVersion =
   (typeof GlobalEndpointTokenVersion)[keyof typeof GlobalEndpointTokenVersion];
-export interface SetSecurityTokenServicePreferencesRequest {
-  GlobalEndpointTokenVersion: GlobalEndpointTokenVersion | undefined;
-}
-export declare class PolicyEvaluationException extends __BaseException {
-  readonly name: "PolicyEvaluationException";
-  readonly $fault: "server";
-  constructor(
-    opts: __ExceptionOptionType<PolicyEvaluationException, __BaseException>
-  );
-}
-export declare const ContextKeyTypeEnum: {
-  readonly BINARY: "binary";
-  readonly BINARY_LIST: "binaryList";
-  readonly BOOLEAN: "boolean";
-  readonly BOOLEAN_LIST: "booleanList";
-  readonly DATE: "date";
-  readonly DATE_LIST: "dateList";
-  readonly IP: "ip";
-  readonly IP_LIST: "ipList";
-  readonly NUMERIC: "numeric";
-  readonly NUMERIC_LIST: "numericList";
-  readonly STRING: "string";
-  readonly STRING_LIST: "stringList";
-};
-export type ContextKeyTypeEnum =
-  (typeof ContextKeyTypeEnum)[keyof typeof ContextKeyTypeEnum];
-export interface ContextEntry {
-  ContextKeyName?: string | undefined;
-  ContextKeyValues?: string[] | undefined;
-  ContextKeyType?: ContextKeyTypeEnum | undefined;
-}
-export interface SimulateCustomPolicyRequest {
-  PolicyInputList: string[] | undefined;
-  PermissionsBoundaryPolicyInputList?: string[] | undefined;
-  ActionNames: string[] | undefined;
-  ResourceArns?: string[] | undefined;
-  ResourcePolicy?: string | undefined;
-  ResourceOwner?: string | undefined;
-  CallerArn?: string | undefined;
-  ContextEntries?: ContextEntry[] | undefined;
-  ResourceHandlingOption?: string | undefined;
-  MaxItems?: number | undefined;
-  Marker?: string | undefined;
-}
 export declare const AccessKeyFilterSensitiveLog: (obj: AccessKey) => any;
 export declare const ChangePasswordRequestFilterSensitiveLog: (
   obj: ChangePasswordRequest

package/node_modules/@aws-sdk/client-iam/dist-types/ts3.4/models/models_1.d.ts

@@ -2,7 +2,7 @@ import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-cli
 import { IAMServiceException as __BaseException } from "./IAMServiceException";
 import {
   AssertionEncryptionModeType,
-  ContextEntry,
+  GlobalEndpointTokenVersion,
   Role,
   ServerCertificateMetadata,
   SigningCertificate,
@@ -10,6 +10,50 @@ import {
   StatusType,
   Tag,
 } from "./models_0";
+export interface SetSecurityTokenServicePreferencesRequest {
+  GlobalEndpointTokenVersion: GlobalEndpointTokenVersion | undefined;
+}
+export declare class PolicyEvaluationException extends __BaseException {
+  readonly name: "PolicyEvaluationException";
+  readonly $fault: "server";
+  constructor(
+    opts: __ExceptionOptionType<PolicyEvaluationException, __BaseException>
+  );
+}
+export declare const ContextKeyTypeEnum: {
+  readonly BINARY: "binary";
+  readonly BINARY_LIST: "binaryList";
+  readonly BOOLEAN: "boolean";
+  readonly BOOLEAN_LIST: "booleanList";
+  readonly DATE: "date";
+  readonly DATE_LIST: "dateList";
+  readonly IP: "ip";
+  readonly IP_LIST: "ipList";
+  readonly NUMERIC: "numeric";
+  readonly NUMERIC_LIST: "numericList";
+  readonly STRING: "string";
+  readonly STRING_LIST: "stringList";
+};
+export type ContextKeyTypeEnum =
+  (typeof ContextKeyTypeEnum)[keyof typeof ContextKeyTypeEnum];
+export interface ContextEntry {
+  ContextKeyName?: string | undefined;
+  ContextKeyValues?: string[] | undefined;
+  ContextKeyType?: ContextKeyTypeEnum | undefined;
+}
+export interface SimulateCustomPolicyRequest {
+  PolicyInputList: string[] | undefined;
+  PermissionsBoundaryPolicyInputList?: string[] | undefined;
+  ActionNames: string[] | undefined;
+  ResourceArns?: string[] | undefined;
+  ResourcePolicy?: string | undefined;
+  ResourceOwner?: string | undefined;
+  CallerArn?: string | undefined;
+  ContextEntries?: ContextEntry[] | undefined;
+  ResourceHandlingOption?: string | undefined;
+  MaxItems?: number | undefined;
+  Marker?: string | undefined;
+}
 export declare const PolicyEvaluationDecisionType: {
   readonly ALLOWED: "allowed";
   readonly EXPLICIT_DENY: "explicitDeny";

package/node_modules/@aws-sdk/client-iam/dist-types/ts3.4/protocols/Aws_query.d.ts

@@ -39,6 +39,10 @@ import {
   CreateAccountAliasCommandInput,
   CreateAccountAliasCommandOutput,
 } from "../commands/CreateAccountAliasCommand";
+import {
+  CreateDelegationRequestCommandInput,
+  CreateDelegationRequestCommandOutput,
+} from "../commands/CreateDelegationRequestCommand";
 import {
   CreateGroupCommandInput,
   CreateGroupCommandOutput,
@@ -695,6 +699,10 @@ export declare const se_CreateAccountAliasCommand: (
   input: CreateAccountAliasCommandInput,
   context: __SerdeContext
 ) => Promise<__HttpRequest>;
+export declare const se_CreateDelegationRequestCommand: (
+  input: CreateDelegationRequestCommandInput,
+  context: __SerdeContext
+) => Promise<__HttpRequest>;
 export declare const se_CreateGroupCommand: (
   input: CreateGroupCommandInput,
   context: __SerdeContext
@@ -1351,6 +1359,10 @@ export declare const de_CreateAccountAliasCommand: (
   output: __HttpResponse,
   context: __SerdeContext
 ) => Promise<CreateAccountAliasCommandOutput>;
+export declare const de_CreateDelegationRequestCommand: (
+  output: __HttpResponse,
+  context: __SerdeContext
+) => Promise<CreateDelegationRequestCommandOutput>;
 export declare const de_CreateGroupCommand: (
   output: __HttpResponse,
   context: __SerdeContext