cdk-lambda-subminute 2.0.301 → 2.0.302

package/node_modules/aws-sdk/clients/redshift.d.ts

@@ -188,6 +188,14 @@ declare class Redshift extends Service {
    * Creates an HSM configuration that contains the information required by an Amazon Redshift cluster to store and use database encryption keys in a Hardware Security Module (HSM). After creating the HSM configuration, you can specify it as a parameter when creating a cluster. The cluster will then store its encryption keys in the HSM. In addition to creating an HSM configuration, you must also create an HSM client certificate. For more information, go to Hardware Security Modules in the Amazon Redshift Cluster Management Guide.
    */
   createHsmConfiguration(callback?: (err: AWSError, data: Redshift.Types.CreateHsmConfigurationResult) => void): Request<Redshift.Types.CreateHsmConfigurationResult, AWSError>;
+  /**
+   * Creates an Amazon Redshift application for use with IAM Identity Center.
+   */
+  createRedshiftIdcApplication(params: Redshift.Types.CreateRedshiftIdcApplicationMessage, callback?: (err: AWSError, data: Redshift.Types.CreateRedshiftIdcApplicationResult) => void): Request<Redshift.Types.CreateRedshiftIdcApplicationResult, AWSError>;
+  /**
+   * Creates an Amazon Redshift application for use with IAM Identity Center.
+   */
+  createRedshiftIdcApplication(callback?: (err: AWSError, data: Redshift.Types.CreateRedshiftIdcApplicationResult) => void): Request<Redshift.Types.CreateRedshiftIdcApplicationResult, AWSError>;
   /**
    * Creates a scheduled action. A scheduled action contains a schedule and an Amazon Redshift API action. For example, you can create a schedule of when to run the ResizeCluster API operation. 
    */
@@ -332,6 +340,14 @@ declare class Redshift extends Service {
    * Deletes a partner integration from a cluster. Data can still flow to the cluster until the integration is deleted at the partner's website.
    */
   deletePartner(callback?: (err: AWSError, data: Redshift.Types.PartnerIntegrationOutputMessage) => void): Request<Redshift.Types.PartnerIntegrationOutputMessage, AWSError>;
+  /**
+   * Deletes an Amazon Redshift IAM Identity Center application.
+   */
+  deleteRedshiftIdcApplication(params: Redshift.Types.DeleteRedshiftIdcApplicationMessage, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
+  /**
+   * Deletes an Amazon Redshift IAM Identity Center application.
+   */
+  deleteRedshiftIdcApplication(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
    * Deletes the resource policy for a specified resource.
    */
@@ -604,6 +620,14 @@ declare class Redshift extends Service {
    * Returns information about the partner integrations defined for a cluster.
    */
   describePartners(callback?: (err: AWSError, data: Redshift.Types.DescribePartnersOutputMessage) => void): Request<Redshift.Types.DescribePartnersOutputMessage, AWSError>;
+  /**
+   * Lists the Amazon Redshift IAM Identity Center applications.
+   */
+  describeRedshiftIdcApplications(params: Redshift.Types.DescribeRedshiftIdcApplicationsMessage, callback?: (err: AWSError, data: Redshift.Types.DescribeRedshiftIdcApplicationsResult) => void): Request<Redshift.Types.DescribeRedshiftIdcApplicationsResult, AWSError>;
+  /**
+   * Lists the Amazon Redshift IAM Identity Center applications.
+   */
+  describeRedshiftIdcApplications(callback?: (err: AWSError, data: Redshift.Types.DescribeRedshiftIdcApplicationsResult) => void): Request<Redshift.Types.DescribeRedshiftIdcApplicationsResult, AWSError>;
   /**
    * Returns exchange status details and associated metadata for a reserved-node exchange. Statuses include such values as in progress and requested.
    */
@@ -880,6 +904,14 @@ declare class Redshift extends Service {
    * Modifies an existing Amazon Redshift event notification subscription.
    */
   modifyEventSubscription(callback?: (err: AWSError, data: Redshift.Types.ModifyEventSubscriptionResult) => void): Request<Redshift.Types.ModifyEventSubscriptionResult, AWSError>;
+  /**
+   * Changes an existing Amazon Redshift IAM Identity Center application.
+   */
+  modifyRedshiftIdcApplication(params: Redshift.Types.ModifyRedshiftIdcApplicationMessage, callback?: (err: AWSError, data: Redshift.Types.ModifyRedshiftIdcApplicationResult) => void): Request<Redshift.Types.ModifyRedshiftIdcApplicationResult, AWSError>;
+  /**
+   * Changes an existing Amazon Redshift IAM Identity Center application.
+   */
+  modifyRedshiftIdcApplication(callback?: (err: AWSError, data: Redshift.Types.ModifyRedshiftIdcApplicationResult) => void): Request<Redshift.Types.ModifyRedshiftIdcApplicationResult, AWSError>;
   /**
    * Modifies a scheduled action. 
    */
@@ -1244,6 +1276,18 @@ declare namespace Redshift {
   export interface AuthorizeSnapshotAccessResult {
     Snapshot?: Snapshot;
   }
+  export type AuthorizedAudienceList = String[];
+  export interface AuthorizedTokenIssuer {
+    /**
+     * The ARN for the authorized token issuer for integrating Amazon Redshift with IDC Identity Center.
+     */
+    TrustedTokenIssuerArn?: String;
+    /**
+     * The list of audiences for the authorized token issuer for integrating Amazon Redshift with IDC Identity Center.
+     */
+    AuthorizedAudiencesList?: AuthorizedAudienceList;
+  }
+  export type AuthorizedTokenIssuerList = AuthorizedTokenIssuer[];
   export interface AvailabilityZone {
     /**
      * The name of the availability zone.
@@ -2067,6 +2111,10 @@ declare namespace Redshift {
      * If true, Amazon Redshift will deploy the cluster in two Availability Zones (AZ).
      */
     MultiAZ?: BooleanOptional;
+    /**
+     * The Amazon resource name (ARN) of the Amazon Redshift IAM Identity Center application.
+     */
+    RedshiftIdcApplicationArn?: String;
   }
   export interface CreateClusterParameterGroupMessage {
     /**
@@ -2288,6 +2336,39 @@ declare namespace Redshift {
   export interface CreateHsmConfigurationResult {
     HsmConfiguration?: HsmConfiguration;
   }
+  export interface CreateRedshiftIdcApplicationMessage {
+    /**
+     * The Amazon resource name (ARN) of the IAM Identity Center instance where Amazon Redshift creates a new managed application.
+     */
+    IdcInstanceArn: String;
+    /**
+     * The name of the Redshift application in IAM Identity Center.
+     */
+    RedshiftIdcApplicationName: RedshiftIdcApplicationName;
+    /**
+     * The namespace for the Amazon Redshift IAM Identity Center application instance. It determines which managed application verifies the connection token.
+     */
+    IdentityNamespace?: IdentityNamespaceString;
+    /**
+     * The display name for the Amazon Redshift IAM Identity Center application instance. It appears in the console.
+     */
+    IdcDisplayName: IdcDisplayNameString;
+    /**
+     * The IAM role ARN for the Amazon Redshift IAM Identity Center application instance. It has the required permissions to be assumed and invoke the IDC Identity Center API.
+     */
+    IamRoleArn: String;
+    /**
+     * The token issuer list for the Amazon Redshift IAM Identity Center application instance.
+     */
+    AuthorizedTokenIssuerList?: AuthorizedTokenIssuerList;
+    /**
+     * A collection of service integrations for the Redshift IAM Identity Center application.
+     */
+    ServiceIntegrations?: ServiceIntegrationList;
+  }
+  export interface CreateRedshiftIdcApplicationResult {
+    RedshiftIdcApplication?: RedshiftIdcApplication;
+  }
   export interface CreateScheduledActionMessage {
     /**
      * The name of the scheduled action. The name must be unique within an account. For more information about this parameter, see ScheduledAction. 
@@ -2641,6 +2722,12 @@ declare namespace Redshift {
      */
     HsmConfigurationIdentifier: String;
   }
+  export interface DeleteRedshiftIdcApplicationMessage {
+    /**
+     * The ARN for a deleted Amazon Redshift IAM Identity Center application.
+     */
+    RedshiftIdcApplicationArn: String;
+  }
   export interface DeleteResourcePolicyMessage {
     /**
      * The Amazon Resource Name (ARN) of the resource of which its resource policy is deleted.
@@ -3270,6 +3357,30 @@ declare namespace Redshift {
      */
     PartnerIntegrationInfoList?: PartnerIntegrationInfoList;
   }
+  export interface DescribeRedshiftIdcApplicationsMessage {
+    /**
+     * The ARN for the Redshift application that integrates with IAM Identity Center.
+     */
+    RedshiftIdcApplicationArn?: String;
+    /**
+     * The maximum number of response records to return in each call. If the number of remaining response records exceeds the specified MaxRecords value, a value is returned in a marker field of the response. You can retrieve the next set of records by retrying the command with the returned marker value.
+     */
+    MaxRecords?: IntegerOptional;
+    /**
+     * A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned marker value in the Marker parameter and retrying the command. If the Marker field is empty, all response records have been retrieved for the request. 
+     */
+    Marker?: String;
+  }
+  export interface DescribeRedshiftIdcApplicationsResult {
+    /**
+     * The list of Amazon Redshift IAM Identity Center applications.
+     */
+    RedshiftIdcApplications?: RedshiftIdcApplicationList;
+    /**
+     * A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned marker value in the Marker parameter and retrying the command. If the Marker field is empty, all response records have been retrieved for the request. 
+     */
+    Marker?: String;
+  }
   export interface DescribeReservedNodeExchangeStatusInputMessage {
     /**
      * The identifier of the source reserved node in a reserved-node exchange request.
@@ -4071,6 +4182,8 @@ declare namespace Redshift {
   }
   export type IPRangeList = IPRange[];
   export type IamRoleArnList = String[];
+  export type IdcDisplayNameString = string;
+  export type IdentityNamespaceString = string;
   export type ImportTablesCompleted = String[];
   export type ImportTablesInProgress = String[];
   export type ImportTablesNotStarted = String[];
@@ -4124,6 +4237,19 @@ declare namespace Redshift {
     ErrorMessage?: String;
   }
   export type IntegrationErrorList = IntegrationError[];
+  export interface LakeFormationQuery {
+    /**
+     * Determines whether the query scope is enabled or disabled.
+     */
+    Authorization: ServiceAuthorization;
+  }
+  export interface LakeFormationScopeUnion {
+    /**
+     * The Lake Formation scope.
+     */
+    LakeFormationQuery?: LakeFormationQuery;
+  }
+  export type LakeFormationServiceIntegrations = LakeFormationScopeUnion[];
   export type LogDestinationType = "s3"|"cloudwatch"|string;
   export type LogTypeList = String[];
   export interface LoggingStatus {
@@ -4530,6 +4656,35 @@ declare namespace Redshift {
   export interface ModifyEventSubscriptionResult {
     EventSubscription?: EventSubscription;
   }
+  export interface ModifyRedshiftIdcApplicationMessage {
+    /**
+     * The ARN for the Redshift application that integrates with IAM Identity Center.
+     */
+    RedshiftIdcApplicationArn: String;
+    /**
+     * The namespace for the Amazon Redshift IAM Identity Center application to change. It determines which managed application verifies the connection token.
+     */
+    IdentityNamespace?: IdentityNamespaceString;
+    /**
+     * The IAM role ARN associated with the Amazon Redshift IAM Identity Center application to change. It has the required permissions to be assumed and invoke the IDC Identity Center API.
+     */
+    IamRoleArn?: String;
+    /**
+     * The display name for the Amazon Redshift IAM Identity Center application to change. It appears on the console.
+     */
+    IdcDisplayName?: IdcDisplayNameString;
+    /**
+     * The authorized token issuer list for the Amazon Redshift IAM Identity Center application to change.
+     */
+    AuthorizedTokenIssuerList?: AuthorizedTokenIssuerList;
+    /**
+     * A collection of service integrations associated with the application.
+     */
+    ServiceIntegrations?: ServiceIntegrationList;
+  }
+  export interface ModifyRedshiftIdcApplicationResult {
+    RedshiftIdcApplication?: RedshiftIdcApplication;
+  }
   export interface ModifyScheduledActionMessage {
     /**
      * The name of the scheduled action to modify. 
@@ -4910,6 +5065,50 @@ declare namespace Redshift {
     RecurringChargeFrequency?: String;
   }
   export type RecurringChargeList = RecurringCharge[];
+  export interface RedshiftIdcApplication {
+    /**
+     * The ARN for the IAM Identity Center instance that Redshift integrates with.
+     */
+    IdcInstanceArn?: String;
+    /**
+     * The name of the Redshift application in IAM Identity Center.
+     */
+    RedshiftIdcApplicationName?: RedshiftIdcApplicationName;
+    /**
+     * The ARN for the Redshift application that integrates with IAM Identity Center.
+     */
+    RedshiftIdcApplicationArn?: String;
+    /**
+     * The identity namespace for the Amazon Redshift IAM Identity Center application. It determines which managed application verifies the connection token.
+     */
+    IdentityNamespace?: IdentityNamespaceString;
+    /**
+     * The display name for the Amazon Redshift IAM Identity Center application. It appears on the console.
+     */
+    IdcDisplayName?: IdcDisplayNameString;
+    /**
+     * The ARN for the Amazon Redshift IAM Identity Center application. It has the required permissions to be assumed and invoke the IDC Identity Center API.
+     */
+    IamRoleArn?: String;
+    /**
+     * The ARN for the Amazon Redshift IAM Identity Center application.
+     */
+    IdcManagedApplicationArn?: String;
+    /**
+     * The onboarding status for the Amazon Redshift IAM Identity Center application.
+     */
+    IdcOnboardStatus?: String;
+    /**
+     * The authorized token issuer list for the Amazon Redshift IAM Identity Center application.
+     */
+    AuthorizedTokenIssuerList?: AuthorizedTokenIssuerList;
+    /**
+     * A list of service integrations for the Redshift IAM Identity Center application.
+     */
+    ServiceIntegrations?: ServiceIntegrationList;
+  }
+  export type RedshiftIdcApplicationList = RedshiftIdcApplication[];
+  export type RedshiftIdcApplicationName = string;
   export interface RejectDataShareMessage {
     /**
      * The Amazon Resource Name (ARN) of the datashare to reject.
@@ -5620,6 +5819,14 @@ declare namespace Redshift {
     ClusterNodes?: ClusterNodesList;
   }
   export type SensitiveString = string;
+  export type ServiceAuthorization = "Enabled"|"Disabled"|string;
+  export type ServiceIntegrationList = ServiceIntegrationsUnion[];
+  export interface ServiceIntegrationsUnion {
+    /**
+     * A list of scopes set up for Lake Formation integration.
+     */
+    LakeFormation?: LakeFormationServiceIntegrations;
+  }
   export interface Snapshot {
     /**
      * The snapshot identifier that is provided in the request.

package/node_modules/aws-sdk/clients/redshiftserverless.d.ts

@@ -527,6 +527,10 @@ declare namespace RedshiftServerless {
      * The name of the namespace.
      */
     namespaceName: NamespaceName;
+    /**
+     * The ARN for the Redshift application that integrates with IAM Identity Center.
+     */
+    redshiftIdcApplicationArn?: RedshiftIdcApplicationArn;
     /**
      * A list of tag instances.
      */
@@ -1338,6 +1342,7 @@ declare namespace RedshiftServerless {
     workgroupName?: WorkgroupName;
   }
   export type RecoveryPointList = RecoveryPoint[];
+  export type RedshiftIdcApplicationArn = string;
   export interface ResourcePolicy {
     /**
      * The resource policy.

package/node_modules/aws-sdk/clients/s3.d.ts

@@ -742,11 +742,11 @@ declare class S3 extends S3Customizations {
    */
   putObjectTagging(callback?: (err: AWSError, data: S3.Types.PutObjectTaggingOutput) => void): Request<S3.Types.PutObjectTaggingOutput, AWSError>;
   /**
-   * Creates or modifies the PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.  When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an object, it checks the PublicAccessBlock configuration for both the bucket (or the bucket that contains the object) and the bucket owner's account. If the PublicAccessBlock configurations are different between the bucket and the account, S3 uses the most restrictive combination of the bucket-level and account-level settings.  For more information about when Amazon S3 considers a bucket or an object public, see The Meaning of "Public". The following operations are related to PutPublicAccessBlock:    GetPublicAccessBlock     DeletePublicAccessBlock     GetBucketPolicyStatus     Using Amazon S3 Block Public Access   
+   * Creates or modifies the PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.  When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an object, it checks the PublicAccessBlock configuration for both the bucket (or the bucket that contains the object) and the bucket owner's account. If the PublicAccessBlock configurations are different between the bucket and the account, Amazon S3 uses the most restrictive combination of the bucket-level and account-level settings.  For more information about when Amazon S3 considers a bucket or an object public, see The Meaning of "Public". The following operations are related to PutPublicAccessBlock:    GetPublicAccessBlock     DeletePublicAccessBlock     GetBucketPolicyStatus     Using Amazon S3 Block Public Access   
    */
   putPublicAccessBlock(params: S3.Types.PutPublicAccessBlockRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**
-   * Creates or modifies the PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.  When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an object, it checks the PublicAccessBlock configuration for both the bucket (or the bucket that contains the object) and the bucket owner's account. If the PublicAccessBlock configurations are different between the bucket and the account, S3 uses the most restrictive combination of the bucket-level and account-level settings.  For more information about when Amazon S3 considers a bucket or an object public, see The Meaning of "Public". The following operations are related to PutPublicAccessBlock:    GetPublicAccessBlock     DeletePublicAccessBlock     GetBucketPolicyStatus     Using Amazon S3 Block Public Access   
+   * Creates or modifies the PublicAccessBlock configuration for an Amazon S3 bucket. To use this operation, you must have the s3:PutBucketPublicAccessBlock permission. For more information about Amazon S3 permissions, see Specifying Permissions in a Policy.  When Amazon S3 evaluates the PublicAccessBlock configuration for a bucket or an object, it checks the PublicAccessBlock configuration for both the bucket (or the bucket that contains the object) and the bucket owner's account. If the PublicAccessBlock configurations are different between the bucket and the account, Amazon S3 uses the most restrictive combination of the bucket-level and account-level settings.  For more information about when Amazon S3 considers a bucket or an object public, see The Meaning of "Public". The following operations are related to PutPublicAccessBlock:    GetPublicAccessBlock     DeletePublicAccessBlock     GetBucketPolicyStatus     Using Amazon S3 Block Public Access   
    */
   putPublicAccessBlock(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
   /**

package/node_modules/aws-sdk/clients/ssoadmin.d.ts

@@ -869,7 +869,7 @@ declare namespace SSOAdmin {
   export type AuthenticationMethods = AuthenticationMethodItem[];
   export interface AuthorizationCodeGrant {
     /**
-     * ~~~[ TODO: ADD DESCRIPTION HERE ]~~~
+     * A list of URIs that are valid locations to redirect a user's browser after the user is authorized.
      */
     RedirectUris?: RedirectUris;
   }
@@ -1611,21 +1611,29 @@ declare namespace SSOAdmin {
   }
   export interface Grant {
     /**
-     * ~~~[ TODO: ADD DESCRIPTION HERE ]~~~
+     * Configuration options for the authorization_code grant type.
      */
     AuthorizationCode?: AuthorizationCodeGrant;
     /**
-     * ~~~[ TODO: ADD DESCRIPTION HERE ]~~~
+     * Configuration options for the urn:ietf:params:oauth:grant-type:jwt-bearer grant type.
      */
     JwtBearer?: JwtBearerGrant;
+    /**
+     * Configuration options for the refresh_token grant type.
+     */
+    RefreshToken?: RefreshTokenGrant;
+    /**
+     * Configuration options for the urn:ietf:params:oauth:grant-type:token-exchange grant type.
+     */
+    TokenExchange?: TokenExchangeGrant;
   }
   export interface GrantItem {
     /**
-     * ~~~[ TODO: ADD DESCRIPTION HERE ]~~~
+     * The configuration structure for the selected grant.
      */
     Grant: Grant;
     /**
-     * ~~~[ TODO: ADD DESCRIPTION HERE ]~~~
+     * The type of the selected grant.
      */
     GrantType: GrantType;
   }
@@ -1680,7 +1688,7 @@ declare namespace SSOAdmin {
   export type JwksRetrievalOption = "OPEN_ID_DISCOVERY"|string;
   export interface JwtBearerGrant {
     /**
-     * ~~~[ TODO: ADD DESCRIPTION HERE ]~~~
+     * A list of allowed token issuers trusted by the Identity Center instances for this application.
      */
     AuthorizedTokenIssuers?: AuthorizedTokenIssuers;
   }
@@ -2495,6 +2503,8 @@ declare namespace SSOAdmin {
   }
   export type Reason = string;
   export type RedirectUris = URI[];
+  export interface RefreshTokenGrant {
+  }
   export type RelayState = string;
   export interface ResourceServerConfig {
     /**
@@ -2574,6 +2584,8 @@ declare namespace SSOAdmin {
   export type TargetId = string;
   export type TargetType = "AWS_ACCOUNT"|string;
   export type Token = string;
+  export interface TokenExchangeGrant {
+  }
   export type TokenIssuerAudience = string;
   export type TokenIssuerAudiences = TokenIssuerAudience[];
   export type TrustedTokenIssuerArn = string;

package/node_modules/aws-sdk/clients/ssooidc.d.ts

@@ -12,13 +12,21 @@ declare class SSOOIDC extends Service {
   constructor(options?: SSOOIDC.Types.ClientConfiguration)
   config: Config & SSOOIDC.Types.ClientConfiguration;
   /**
-   * Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account.
+   * Creates and returns access and refresh tokens for clients that are authenticated using client secrets. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.
    */
   createToken(params: SSOOIDC.Types.CreateTokenRequest, callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenResponse) => void): Request<SSOOIDC.Types.CreateTokenResponse, AWSError>;
   /**
-   * Creates and returns an access token for the authorized client. The access token issued will be used to fetch short-term credentials for the assigned roles in the AWS account.
+   * Creates and returns access and refresh tokens for clients that are authenticated using client secrets. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.
    */
   createToken(callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenResponse) => void): Request<SSOOIDC.Types.CreateTokenResponse, AWSError>;
+  /**
+   * Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.
+   */
+  createTokenWithIAM(params: SSOOIDC.Types.CreateTokenWithIAMRequest, callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenWithIAMResponse) => void): Request<SSOOIDC.Types.CreateTokenWithIAMResponse, AWSError>;
+  /**
+   * Creates and returns access and refresh tokens for clients and applications that are authenticated using IAM entities. The access token can be used to fetch short-term credentials for the assigned AWS accounts or to access application APIs using bearer authentication.
+   */
+  createTokenWithIAM(callback?: (err: AWSError, data: SSOOIDC.Types.CreateTokenWithIAMResponse) => void): Request<SSOOIDC.Types.CreateTokenWithIAMResponse, AWSError>;
   /**
    * Registers a client with IAM Identity Center. This allows clients to initiate device authorization. The output should be persisted for reuse through many authentication requests.
    */
@@ -38,6 +46,7 @@ declare class SSOOIDC extends Service {
 }
 declare namespace SSOOIDC {
   export type AccessToken = string;
+  export type Assertion = string;
   export type AuthCode = string;
   export type ClientId = string;
   export type ClientName = string;
@@ -45,7 +54,7 @@ declare namespace SSOOIDC {
   export type ClientType = string;
   export interface CreateTokenRequest {
     /**
-     * The unique identifier string for each client. This value should come from the persisted result of the RegisterClient API.
+     * The unique identifier string for the client or application. This value comes from the result of the RegisterClient API.
      */
     clientId: ClientId;
     /**
@@ -53,37 +62,37 @@ declare namespace SSOOIDC {
      */
     clientSecret: ClientSecret;
     /**
-     * Supports grant types for the authorization code, refresh token, and device code request. For device code requests, specify the following value:  urn:ietf:params:oauth:grant-type:device_code   For information about how to obtain the device code, see the StartDeviceAuthorization topic.
+     * Supports the following OAuth grant types: Device Code and Refresh Token. Specify either of the following values, depending on the grant type that you want: * Device Code - urn:ietf:params:oauth:grant-type:device_code  * Refresh Token - refresh_token  For information about how to obtain the device code, see the StartDeviceAuthorization topic.
      */
     grantType: GrantType;
     /**
-     * Used only when calling this API for the device code grant type. This short-term code is used to identify this authentication attempt. This should come from an in-memory reference to the result of the StartDeviceAuthorization API.
+     * Used only when calling this API for the Device Code grant type. This short-term code is used to identify this authorization request. This comes from the result of the StartDeviceAuthorization API.
      */
     deviceCode?: DeviceCode;
     /**
-     * The authorization code received from the authorization service. This parameter is required to perform an authorization grant request to get access to a token.
+     * Used only when calling this API for the Authorization Code grant type. The short-term code is used to identify this authorization request. This grant type is currently unsupported for the CreateToken API.
      */
     code?: AuthCode;
     /**
-     * Currently, refreshToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference. The token used to obtain an access token in the event that the access token is invalid or expired.
+     * Used only when calling this API for the Refresh Token grant type. This token is used to refresh short-term tokens, such as the access token, that might expire. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.
      */
     refreshToken?: RefreshToken;
     /**
-     * The list of scopes that is defined by the client. Upon authorization, this list is used to restrict permissions when granting an access token.
+     * The list of scopes for which authorization is requested. The access token that is issued is limited to the scopes that are granted. If this value is not specified, IAM Identity Center authorizes all scopes that are configured for the client during the call to RegisterClient.
      */
     scope?: Scopes;
     /**
-     * The location of the application that will receive the authorization code. Users authorize the service to send the request to this location.
+     * Used only when calling this API for the Authorization Code grant type. This value specifies the location of the client or application that has registered to receive the authorization code.
      */
     redirectUri?: URI;
   }
   export interface CreateTokenResponse {
     /**
-     * An opaque token to access IAM Identity Center resources assigned to a user.
+     * A bearer token to access AWS accounts and applications assigned to a user.
      */
     accessToken?: AccessToken;
     /**
-     * Used to notify the client that the returned token is an access token. The supported type is BearerToken.
+     * Used to notify the client that the returned token is an access token. The supported token type is Bearer.
      */
     tokenType?: TokenType;
     /**
@@ -91,14 +100,86 @@ declare namespace SSOOIDC {
      */
     expiresIn?: ExpirationInSeconds;
     /**
-     * Currently, refreshToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference. A token that, if present, can be used to refresh a previously issued access token that might have expired.
+     * A token that, if present, can be used to refresh a previously issued access token that might have expired. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.
      */
     refreshToken?: RefreshToken;
     /**
-     * Currently, idToken is not yet implemented and is not supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference. The identifier of the user that associated with the access token, if present.
+     * The idToken is not implemented or supported. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference. A JSON Web Token (JWT) that identifies who is associated with the issued access token. 
      */
     idToken?: IdToken;
   }
+  export interface CreateTokenWithIAMRequest {
+    /**
+     * The unique identifier string for the client or application. This value is an application ARN that has OAuth grants configured.
+     */
+    clientId: ClientId;
+    /**
+     * Supports the following OAuth grant types: Authorization Code, Refresh Token, JWT Bearer, and Token Exchange. Specify one of the following values, depending on the grant type that you want: * Authorization Code - authorization_code  * Refresh Token - refresh_token  * JWT Bearer - urn:ietf:params:oauth:grant-type:jwt-bearer  * Token Exchange - urn:ietf:params:oauth:grant-type:token-exchange 
+     */
+    grantType: GrantType;
+    /**
+     * Used only when calling this API for the Authorization Code grant type. This short-term code is used to identify this authorization request. The code is obtained through a redirect from IAM Identity Center to a redirect URI persisted in the Authorization Code GrantOptions for the application.
+     */
+    code?: AuthCode;
+    /**
+     * Used only when calling this API for the Refresh Token grant type. This token is used to refresh short-term tokens, such as the access token, that might expire. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.
+     */
+    refreshToken?: RefreshToken;
+    /**
+     * Used only when calling this API for the JWT Bearer grant type. This value specifies the JSON Web Token (JWT) issued by a trusted token issuer. To authorize a trusted token issuer, configure the JWT Bearer GrantOptions for the application.
+     */
+    assertion?: Assertion;
+    /**
+     * The list of scopes for which authorization is requested. The access token that is issued is limited to the scopes that are granted. If the value is not specified, IAM Identity Center authorizes all scopes configured for the application, including the following default scopes: openid, aws, sts:identity_context.
+     */
+    scope?: Scopes;
+    /**
+     * Used only when calling this API for the Authorization Code grant type. This value specifies the location of the client or application that has registered to receive the authorization code. 
+     */
+    redirectUri?: URI;
+    /**
+     * Used only when calling this API for the Token Exchange grant type. This value specifies the subject of the exchange. The value of the subject token must be an access token issued by IAM Identity Center to a different client or application. The access token must have authorized scopes that indicate the requested application as a target audience.
+     */
+    subjectToken?: SubjectToken;
+    /**
+     * Used only when calling this API for the Token Exchange grant type. This value specifies the type of token that is passed as the subject of the exchange. The following value is supported: * Access Token - urn:ietf:params:oauth:token-type:access_token 
+     */
+    subjectTokenType?: TokenTypeURI;
+    /**
+     * Used only when calling this API for the Token Exchange grant type. This value specifies the type of token that the requester can receive. The following values are supported: * Access Token - urn:ietf:params:oauth:token-type:access_token  * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token 
+     */
+    requestedTokenType?: TokenTypeURI;
+  }
+  export interface CreateTokenWithIAMResponse {
+    /**
+     * A bearer token to access AWS accounts and applications assigned to a user.
+     */
+    accessToken?: AccessToken;
+    /**
+     * Used to notify the requester that the returned token is an access token. The supported token type is Bearer.
+     */
+    tokenType?: TokenType;
+    /**
+     * Indicates the time in seconds when an access token will expire.
+     */
+    expiresIn?: ExpirationInSeconds;
+    /**
+     * A token that, if present, can be used to refresh a previously issued access token that might have expired. For more information about the features and limitations of the current IAM Identity Center OIDC implementation, see Considerations for Using this Guide in the IAM Identity Center OIDC API Reference.
+     */
+    refreshToken?: RefreshToken;
+    /**
+     * A JSON Web Token (JWT) that identifies the user associated with the issued access token. 
+     */
+    idToken?: IdToken;
+    /**
+     * Indicates the type of tokens that are issued by IAM Identity Center. The following values are supported:  * Access Token - urn:ietf:params:oauth:token-type:access_token  * Refresh Token - urn:ietf:params:oauth:token-type:refresh_token 
+     */
+    issuedTokenType?: TokenTypeURI;
+    /**
+     * The list of scopes for which authorization is granted. The access token that is issued is limited to the scopes that are granted.
+     */
+    scope?: Scopes;
+  }
   export type DeviceCode = string;
   export type ExpirationInSeconds = number;
   export type GrantType = string;
@@ -138,11 +219,11 @@ declare namespace SSOOIDC {
      */
     clientSecretExpiresAt?: LongTimeStampType;
     /**
-     * The endpoint where the client can request authorization.
+     * An endpoint that the client can use to request authorization.
      */
     authorizationEndpoint?: URI;
     /**
-     * The endpoint where the client can get an access token.
+     * An endpoint that the client can use to create tokens.
      */
     tokenEndpoint?: URI;
   }
@@ -158,7 +239,7 @@ declare namespace SSOOIDC {
      */
     clientSecret: ClientSecret;
     /**
-     * The URL for the AWS access portal. For more information, see Using the AWS access portal in the IAM Identity Center User Guide.
+     * The URL for the Amazon Web Services access portal. For more information, see Using the Amazon Web Services access portal in the IAM Identity Center User Guide.
      */
     startUrl: URI;
   }
@@ -188,7 +269,9 @@ declare namespace SSOOIDC {
      */
     interval?: IntervalInSeconds;
   }
+  export type SubjectToken = string;
   export type TokenType = string;
+  export type TokenTypeURI = string;
   export type URI = string;
   export type UserCode = string;
   /**

package/node_modules/aws-sdk/clients/sts.d.ts

@@ -123,7 +123,7 @@ declare namespace STS {
      */
     SourceIdentity?: sourceIdentityType;
     /**
-     * Reserved for future use.
+     * A list of previously acquired trusted context assertions in the format of a JSON array. The trusted context assertion is signed and encrypted by Amazon Web Services STS. The following is an example of a ProvidedContext value that includes a single trusted context assertion and the ARN of the context provider from which the trusted context assertion was generated.  [{"ProviderArn":"arn:aws:iam::aws:contextProvider/identitycenter","ContextAssertion":"trusted-context-assertion"}] 
      */
     ProvidedContexts?: ProvidedContextsListType;
   }
@@ -414,11 +414,11 @@ declare namespace STS {
   }
   export interface ProvidedContext {
     /**
-     * Reserved for future use.
+     * The context provider ARN from which the trusted context assertion was generated.
      */
     ProviderArn?: arnType;
     /**
-     * Reserved for future use.
+     * The signed and encrypted trusted context assertion generated by the context provider. The trusted context assertion is signed and encrypted by Amazon Web Services STS.
      */
     ContextAssertion?: contextAssertionType;
   }