npm - cdk-lambda-subminute - Versions diffs - 2.0.300 → 2.0.302 - Mend

cdk-lambda-subminute 2.0.300 → 2.0.302

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (116) hide show

package/node_modules/aws-sdk/clients/ssooidc.d.ts CHANGED Viewed

@@ -12,13 +12,21 @@ declare class SSOOIDC extends Service {
   constructor(options?: SSOOIDC.Types.ClientConfiguration)
   config: Config & SSOOIDC.Types.ClientConfiguration;
   /**
-   * Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account.
+   * Creates and returns access and refresh tokens for clients that are authenticated using client secrets. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.
    */
   createToken(params: SSOOIDC.Types.CreateTokenRequest, callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenResponse) => void): Request<SSOOIDC.Types.CreateTokenResponse, AWSError>;
   /**
-   * Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account.
+   * Creates and returns access and refresh tokens for clients that are authenticated using client secrets. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.
    */
   createToken(callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenResponse) => void): Request<SSOOIDC.Types.CreateTokenResponse, AWSError>;
+  /**
+   * Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.
+   */
+  createTokenWithIAM(params: SSOOIDC.Types.CreateTokenWithIAMRequest, callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenWithIAMResponse) => void): Request<SSOOIDC.Types.CreateTokenWithIAMResponse, AWSError>;
+  /**
+   * Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.
+   */
+  createTokenWithIAM(callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenWithIAMResponse) => void): Request<SSOOIDC.Types.CreateTokenWithIAMResponse, AWSError>;
   /**
    * Registers a client with IAM Identity Center. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.
    */
@@ -38,6 +46,7 @@ declare class SSOOIDC extends Service {
 }
 declare namespace SSOOIDC {
   export type AccessToken = string;
+  export type Assertion = string;
   export type AuthCode = string;
   export type ClientId = string;
   export type ClientName = string;
@@ -45,7 +54,7 @@ declare namespace SSOOIDC {
   export type ClientType = string;
   export interface CreateTokenRequest {
     /**
-     * The unique identifier string for each client. This value should come from the persisted result of the RegisterClient API.
+     * The unique identifier string for the client or application. This value comes from the result of the RegisterClient API.
      */
     clientId: ClientId;
     /**
@@ -53,37 +62,37 @@ declare namespace SSOOIDC {
      */
     clientSecret: ClientSecret;
     /**
-     * Supports grant types for the authorization code, refresh token, and device code request. For device code requests, specify the following value:  urn:ietf:params:oauth:grant-type:device_code   For information about how to obtain the device code, see the StartDeviceAuthorization topic.
+     * Supports the following OAuth grant types: Device Code and Refresh Token. Specify either of the following values, depending on the grant type that you want: * Device Code - urn:ietf:params:oauth:grant-type:device_code  * Refresh Token - refresh_token  For information about how to obtain the device code, see the StartDeviceAuthorization topic.
      */
     grantType: GrantType;
     /**
-     * Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the StartDeviceAuthorization API.
+     * Used only when calling this API for the Device Code grant type. This short-term code is used to identify this authorization request. This comes from the result of the StartDeviceAuthorization API.
      */
     deviceCode?: DeviceCode;
     /**
-     * The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token.
+     * Used only when calling this API for the Authorization Code grant type. The short-term code is used to identify this authorization request. This grant type is currently unsupported for the CreateToken API.
      */
     code?: AuthCode;
     /**
-     * Currently, refreshToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference. The token used to obtain an access token in the event that the access token is invalid or expired.
+     * Used only when calling this API for the Refresh Token grant type. This token is used to refresh short-term tokens, such as the access token, that might expire. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.
      */
     refreshToken?: RefreshToken;
     /**
-     * The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.
+     * The list of scopes for which authorization is requested. The access token that is issued is limited to the scopes that are granted. If this value is not specified, IAM Identity Center authorizes all scopes that are configured for the client during the call to RegisterClient.
      */
     scope?: Scopes;
     /**
-     * The location of the application that will receive the authorization code. Users authorize the service to send the request to this location.
+     * Used only when calling this API for the Authorization Code grant type. This value specifies the location of the client or application that has registered to receive the authorization code.
      */
     redirectUri?: URI;
   }
   export interface CreateTokenResponse {
     /**
-     * An opaque token to access IAM Identity Center resources assigned to a user.
+     * A bearer token to access AWS accounts and applications assigned to a user.
      */
     accessToken?: AccessToken;
     /**
-     * Used to notify the client that the returned token is an access token. The supported type is BearerToken.
+     * Used to notify the client that the returned token is an access token. The supported token type is Bearer.
      */
     tokenType?: TokenType;
     /**
@@ -91,14 +100,86 @@ declare namespace SSOOIDC {
      */
     expiresIn?: ExpirationInSeconds;
     /**
-     * Currently, refreshToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference. A token that, if present, can be used to refresh a previously issued access token that might have expired.
+     * A token that, if present, can be used to refresh a previously issued access token that might have expired. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.
      */
     refreshToken?: RefreshToken;
     /**
-     * Currently, idToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference. The identifier of the user that associated with the access token, if present.
+     * The idToken is not implemented or supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference. A JSON Web Token (JWT) that identifies who is associated with the issued access token.
      */
     idToken?: IdToken;
   }
+  export interface CreateTokenWithIAMRequest {
+    /**
+     * The unique identifier string for the client or application. This value is an application ARN that has OAuth grants configured.
+     */
+    clientId: ClientId;
+    /**
+     * Supports the following OAuth grant types: Authorization Code, Refresh Token, JWT Bearer, and Token Exchange. Specify one of the following values, depending on the grant type that you want: * Authorization Code - authorization_code  * Refresh Token - refresh_token  * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer  * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange
+     */
+    grantType: GrantType;
+    /**
+     * Used only when calling this API for the Authorization Code grant type. This short-term code is used to identify this authorization request. The code is obtained through a redirect from IAM Identity Center to a redirect URI persisted in the Authorization Code GrantOptions for the application.
+     */
+    code?: AuthCode;
+    /**
+     * Used only when calling this API for the Refresh Token grant type. This token is used to refresh short-term tokens, such as the access token, that might expire. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.
+     */
+    refreshToken?: RefreshToken;
+    /**
+     * Used only when calling this API for the JWT Bearer grant type. This value specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize a trusted token issuer, configure the JWT Bearer GrantOptions for the application.
+     */
+    assertion?: Assertion;
+    /**
+     * The list of scopes for which authorization is requested. The access token that is issued is limited to the scopes that are granted. If the value is not specified, IAM Identity Center authorizes all scopes configured for the application, including the following default scopes: openid, aws, sts:identity_context.
+     */
+    scope?: Scopes;
+    /**
+     * Used only when calling this API for the Authorization Code grant type. This value specifies the location of the client or application that has registered to receive the authorization code.
+     */
+    redirectUri?: URI;
+    /**
+     * Used only when calling this API for the Token Exchange grant type. This value specifies the subject of the exchange. The value of the subject token must be an access token issued by IAM Identity Center to a different client or application. The access token must have authorized scopes that indicate the requested application as a target audience.
+     */
+    subjectToken?: SubjectToken;
+    /**
+     * Used only when calling this API for the Token Exchange grant type. This value specifies the type of token that is passed as the subject of the exchange. The following value is supported: * Access Token - urn:ietf:params:oauth:token-type:access_token
+     */
+    subjectTokenType?: TokenTypeURI;
+    /**
+     * Used only when calling this API for the Token Exchange grant type. This value specifies the type of token that the requester can receive. The following values are supported: * Access Token - urn:ietf:params:oauth:token-type:access_token  * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
+     */
+    requestedTokenType?: TokenTypeURI;
+  }
+  export interface CreateTokenWithIAMResponse {
+    /**
+     * A bearer token to access AWS accounts and applications assigned to a user.
+     */
+    accessToken?: AccessToken;
+    /**
+     * Used to notify the requester that the returned token is an access token. The supported token type is Bearer.
+     */
+    tokenType?: TokenType;
+    /**
+     * Indicates the time in seconds when an access token will expire.
+     */
+    expiresIn?: ExpirationInSeconds;
+    /**
+     * A token that, if present, can be used to refresh a previously issued access token that might have expired. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.
+     */
+    refreshToken?: RefreshToken;
+    /**
+     * A JSON Web Token (JWT) that identifies the user associated with the issued access token.
+     */
+    idToken?: IdToken;
+    /**
+     * Indicates the type of tokens that are issued by IAM Identity Center. The following values are supported:  * Access Token - urn:ietf:params:oauth:token-type:access_token  * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token
+     */
+    issuedTokenType?: TokenTypeURI;
+    /**
+     * The list of scopes for which authorization is granted. The access token that is issued is limited to the scopes that are granted.
+     */
+    scope?: Scopes;
+  }
   export type DeviceCode = string;
   export type ExpirationInSeconds = number;
   export type GrantType = string;
@@ -138,11 +219,11 @@ declare namespace SSOOIDC {
      */
     clientSecretExpiresAt?: LongTimeStampType;
     /**
-     * The endpoint where the client can request authorization.
+     * An endpoint that the client can use to request authorization.
      */
     authorizationEndpoint?: URI;
     /**
-     * The endpoint where the client can get an access token.
+     * An endpoint that the client can use to create tokens.
      */
     tokenEndpoint?: URI;
   }
@@ -158,7 +239,7 @@ declare namespace SSOOIDC {
      */
     clientSecret: ClientSecret;
     /**
-     * The URL for the AWS access portal. For more information, see Using the AWS access portal in the IAM Identity Center User Guide.
+     * The URL for the Amazon Web Services access portal. For more information, see Using the Amazon Web Services access portal in the IAM Identity Center User Guide.
      */
     startUrl: URI;
   }
@@ -188,7 +269,9 @@ declare namespace SSOOIDC {
      */
     interval?: IntervalInSeconds;
   }
+  export type SubjectToken = string;
   export type TokenType = string;
+  export type TokenTypeURI = string;
   export type URI = string;
   export type UserCode = string;
   /**

package/node_modules/aws-sdk/clients/sts.d.ts CHANGED Viewed

@@ -123,7 +123,7 @@ declare namespace STS {
      */
     SourceIdentity?: sourceIdentityType;
     /**
-     * Reserved for future use.
+     * A list of previously acquired trusted context assertions in the format of a JSON array. The trusted context assertion is signed and encrypted by Amazon Web Services STS. The following is an example of a ProvidedContext value that includes a single trusted context assertion and the ARN of the context provider from which the trusted context assertion was generated.  [{"ProviderArn":"arn:aws:iam::aws:contextProvider/identitycenter","ContextAssertion":"trusted-context-assertion"}]
      */
     ProvidedContexts?: ProvidedContextsListType;
   }
@@ -414,11 +414,11 @@ declare namespace STS {
   }
   export interface ProvidedContext {
     /**
-     * Reserved for future use.
+     * The context provider ARN from which the trusted context assertion was generated.
      */
     ProviderArn?: arnType;
     /**
-     * Reserved for future use.
+     * The signed and encrypted trusted context assertion generated by the context provider. The trusted context assertion is signed and encrypted by Amazon Web Services STS.
      */
     ContextAssertion?: contextAssertionType;
   }

package/node_modules/aws-sdk/clients/transfer.d.ts CHANGED Viewed

@@ -782,6 +782,10 @@ declare namespace Transfer {
      * Specifies the log groups to which your server logs are sent. To specify a log group, you must provide the ARN for an existing log group. In this case, the format of the log group is as follows:  arn:aws:logs:region-name:amazon-account-id:log-group:log-group-name:*  For example, arn:aws:logs:us-east-1:111122223333:log-group:mytestgroup:*  If you have previously specified a log group for a server, you can clear it, and in effect turn off structured logging, by providing an empty value for this parameter in an update-server call. For example:  update-server --server-id s-1234567890abcdef0 --structured-log-destinations
      */
     StructuredLogDestinations?: StructuredLogDestinations;
+    /**
+     * Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target.
+     */
+    S3StorageOptions?: S3StorageOptions;
   }
   export interface CreateServerResponse {
     /**
@@ -1522,6 +1526,10 @@ declare namespace Transfer {
      * Specifies the log groups to which your server logs are sent. To specify a log group, you must provide the ARN for an existing log group. In this case, the format of the log group is as follows:  arn:aws:logs:region-name:amazon-account-id:log-group:log-group-name:*  For example, arn:aws:logs:us-east-1:111122223333:log-group:mytestgroup:*  If you have previously specified a log group for a server, you can clear it, and in effect turn off structured logging, by providing an empty value for this parameter in an update-server call. For example:  update-server --server-id s-1234567890abcdef0 --structured-log-destinations
      */
     StructuredLogDestinations?: StructuredLogDestinations;
+    /**
+     * Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target.
+     */
+    S3StorageOptions?: S3StorageOptions;
   }
   export interface DescribedUser {
     /**
@@ -1593,6 +1601,7 @@ declare namespace Transfer {
   }
   export type Description = string;
   export type DirectoryId = string;
+  export type DirectoryListingOptimization = "ENABLED"|"DISABLED"|string;
   export type Domain = "S3"|"EFS"|string;
   export interface EfsFileLocation {
     /**
@@ -1692,9 +1701,13 @@ declare namespace Transfer {
      */
     Entry: MapEntry;
     /**
-     * Represents the map target that is used in a HomeDirectorymapEntry.
+     * Represents the map target that is used in a HomeDirectoryMapEntry.
      */
     Target: MapTarget;
+    /**
+     * Specifies the type of mapping. Set the type to FILE if you want the mapping to point to a file, or DIRECTORY for the directory to point to a directory.  By default, home directory mappings have a Type of DIRECTORY when you create a Transfer Family server. You would need to explicitly set Type to FILE if you want a mapping to have a file target.
+     */
+    Type?: MapType;
   }
   export type HomeDirectoryMappings = HomeDirectoryMapEntry[];
   export type HomeDirectoryType = "PATH"|"LOGICAL"|string;
@@ -2375,6 +2388,7 @@ declare namespace Transfer {
   }
   export type MapEntry = string;
   export type MapTarget = string;
+  export type MapType = "FILE"|"DIRECTORY"|string;
   export type MaxResults = number;
   export type MdnResponse = "SYNC"|"NONE"|string;
   export type MdnSigningAlg = "SHA256"|"SHA384"|"SHA512"|"SHA1"|"NONE"|"DEFAULT"|string;
@@ -2460,6 +2474,12 @@ declare namespace Transfer {
     Key?: S3Key;
   }
   export type S3Key = string;
+  export interface S3StorageOptions {
+    /**
+     * Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target.
+     */
+    DirectoryListingOptimization?: DirectoryListingOptimization;
+  }
   export interface S3Tag {
     /**
      * The name assigned to the tag that you create.
@@ -2936,6 +2956,10 @@ declare namespace Transfer {
      * Specifies the log groups to which your server logs are sent. To specify a log group, you must provide the ARN for an existing log group. In this case, the format of the log group is as follows:  arn:aws:logs:region-name:amazon-account-id:log-group:log-group-name:*  For example, arn:aws:logs:us-east-1:111122223333:log-group:mytestgroup:*  If you have previously specified a log group for a server, you can clear it, and in effect turn off structured logging, by providing an empty value for this parameter in an update-server call. For example:  update-server --server-id s-1234567890abcdef0 --structured-log-destinations
      */
     StructuredLogDestinations?: StructuredLogDestinations;
+    /**
+     * Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default. By default, home directory mappings have a TYPE of DIRECTORY. If you enable this option, you would then need to explicitly set the HomeDirectoryMapEntry Type to FILE if you want a mapping to have a file target.
+     */
+    S3StorageOptions?: S3StorageOptions;
   }
   export interface UpdateServerResponse {
     /**