p6-cdk-s3-protector 0.0.41 → 0.0.43

package/node_modules/@aws-sdk/client-sts/dist-types/STSClient.d.ts

@@ -14,6 +14,7 @@ import { AssumeRootCommandInput, AssumeRootCommandOutput } from "./commands/Assu
 import { DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput } from "./commands/DecodeAuthorizationMessageCommand";
 import { GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput } from "./commands/GetAccessKeyInfoCommand";
 import { GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput } from "./commands/GetCallerIdentityCommand";
+import { GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput } from "./commands/GetDelegatedAccessTokenCommand";
 import { GetFederationTokenCommandInput, GetFederationTokenCommandOutput } from "./commands/GetFederationTokenCommand";
 import { GetSessionTokenCommandInput, GetSessionTokenCommandOutput } from "./commands/GetSessionTokenCommand";
 import { ClientInputEndpointParameters, ClientResolvedEndpointParameters, EndpointParameters } from "./endpoint/EndpointParameters";
@@ -22,11 +23,11 @@ export { __Client };
 /**
  * @public
  */
-export type ServiceInputTypes = AssumeRoleCommandInput | AssumeRoleWithSAMLCommandInput | AssumeRoleWithWebIdentityCommandInput | AssumeRootCommandInput | DecodeAuthorizationMessageCommandInput | GetAccessKeyInfoCommandInput | GetCallerIdentityCommandInput | GetFederationTokenCommandInput | GetSessionTokenCommandInput;
+export type ServiceInputTypes = AssumeRoleCommandInput | AssumeRoleWithSAMLCommandInput | AssumeRoleWithWebIdentityCommandInput | AssumeRootCommandInput | DecodeAuthorizationMessageCommandInput | GetAccessKeyInfoCommandInput | GetCallerIdentityCommandInput | GetDelegatedAccessTokenCommandInput | GetFederationTokenCommandInput | GetSessionTokenCommandInput;
 /**
  * @public
  */
-export type ServiceOutputTypes = AssumeRoleCommandOutput | AssumeRoleWithSAMLCommandOutput | AssumeRoleWithWebIdentityCommandOutput | AssumeRootCommandOutput | DecodeAuthorizationMessageCommandOutput | GetAccessKeyInfoCommandOutput | GetCallerIdentityCommandOutput | GetFederationTokenCommandOutput | GetSessionTokenCommandOutput;
+export type ServiceOutputTypes = AssumeRoleCommandOutput | AssumeRoleWithSAMLCommandOutput | AssumeRoleWithWebIdentityCommandOutput | AssumeRootCommandOutput | DecodeAuthorizationMessageCommandOutput | GetAccessKeyInfoCommandOutput | GetCallerIdentityCommandOutput | GetDelegatedAccessTokenCommandOutput | GetFederationTokenCommandOutput | GetSessionTokenCommandOutput;
 /**
  * @public
  */

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRoleCommand.d.ts

@@ -200,7 +200,7 @@ declare const AssumeRoleCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  *
@@ -213,7 +213,7 @@ declare const AssumeRoleCommand_base: {
  * //
  * const input = {
  *   ExternalId: "123ABC",
- *   Policy: `{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:ListAllMyBuckets","Resource":"*"}]}`,
+ *   Policy: "escaped-JSON-IAM-POLICY",
  *   RoleArn: "arn:aws:iam::123456789012:role/demo",
  *   RoleSessionName: "testAssumeRoleSession",
  *   Tags: [

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRoleWithSAMLCommand.d.ts

@@ -37,6 +37,10 @@ declare const AssumeRoleWithSAMLCommand_base: {
  *          <p>The temporary security credentials returned by this operation consist of an access key
  *          ID, a secret access key, and a security token. Applications can use these temporary
  *          security credentials to sign calls to Amazon Web Services services.</p>
+ *          <note>
+ *             <p>AssumeRoleWithSAML will not work on IAM Identity Center managed roles. These roles' names start
+ *             with <code>AWSReservedSSO_</code>.</p>
+ *          </note>
  *          <p>
  *             <b>Session Duration</b>
  *          </p>
@@ -238,7 +242,7 @@ declare const AssumeRoleWithSAMLCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  *

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRoleWithWebIdentityCommand.d.ts

@@ -90,7 +90,8 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  *          </p>
  *          <p>(Optional) You can configure your IdP to pass attributes into your web identity token as
  *          session tags. Each session tag consists of a key name and an associated value. For more
- *          information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
+ *          information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_adding-assume-role-idp">Passing
+ *             session tags using AssumeRoleWithWebIdentity</a> in the
  *             <i>IAM User Guide</i>.</p>
  *          <p>You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
  *          characters and the values can’t exceed 256 characters. For these and additional limits, see
@@ -232,7 +233,7 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  *
@@ -245,7 +246,7 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  * //
  * const input = {
  *   DurationSeconds: 3600,
- *   Policy: `{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:ListAllMyBuckets","Resource":"*"}]}`,
+ *   Policy: "escaped-JSON-IAM-POLICY",
  *   ProviderId: "www.amazon.com",
  *   RoleArn: "arn:aws:iam::123456789012:role/FederatedWebIdentityRole",
  *   RoleSessionName: "app1",

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRootCommand.d.ts

@@ -28,7 +28,9 @@ declare const AssumeRootCommand_base: {
 };
 /**
  * <p>Returns a set of short term credentials you can use to perform privileged tasks on a
- *          member account in your organization.</p>
+ *          member account in your organization. You must use credentials from an Organizations management
+ *          account or a delegated administrator account for IAM to call <code>AssumeRoot</code>. You
+ *          cannot use root user credentials to make this call.</p>
  *          <p>Before you can launch a privileged session, you must have centralized root access in
  *          your organization. For steps to enable this feature, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html">Centralize root access for
  *             member accounts</a> in the <i>IAM User Guide</i>.</p>
@@ -39,6 +41,11 @@ declare const AssumeRootCommand_base: {
  *          <p>You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a
  *          session. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html">Track privileged tasks
  *             in CloudTrail</a> in the <i>IAM User Guide</i>.</p>
+ *          <p>When granting access to privileged tasks you should only grant the necessary permissions
+ *          required to perform that task. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html">Security best practices in
+ *          IAM</a>. In addition, you can use <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html">service control
+ *             policies</a> (SCPs) to manage and limit permissions in your organization. See <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_general.html">General examples</a> in the <i>Organizations User
+ *             Guide</i> for more information on SCPs.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -81,7 +88,7 @@ declare const AssumeRootCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  *

package/node_modules/@aws-sdk/client-sts/dist-types/commands/GetDelegatedAccessTokenCommand.d.ts

@@ -0,0 +1,91 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { GetDelegatedAccessTokenRequest, GetDelegatedAccessTokenResponse } from "../models/models_0";
+import { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link GetDelegatedAccessTokenCommand}.
+ */
+export interface GetDelegatedAccessTokenCommandInput extends GetDelegatedAccessTokenRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link GetDelegatedAccessTokenCommand}.
+ */
+export interface GetDelegatedAccessTokenCommandOutput extends GetDelegatedAccessTokenResponse, __MetadataBearer {
+}
+declare const GetDelegatedAccessTokenCommand_base: {
+    new (input: GetDelegatedAccessTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (input: GetDelegatedAccessTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>This API is currently unavailable for general use.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, GetDelegatedAccessTokenCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, GetDelegatedAccessTokenCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * // import type { STSClientConfig } from "@aws-sdk/client-sts";
+ * const config = {}; // type is STSClientConfig
+ * const client = new STSClient(config);
+ * const input = { // GetDelegatedAccessTokenRequest
+ *   TradeInToken: "STRING_VALUE", // required
+ * };
+ * const command = new GetDelegatedAccessTokenCommand(input);
+ * const response = await client.send(command);
+ * // { // GetDelegatedAccessTokenResponse
+ * //   Credentials: { // Credentials
+ * //     AccessKeyId: "STRING_VALUE", // required
+ * //     SecretAccessKey: "STRING_VALUE", // required
+ * //     SessionToken: "STRING_VALUE", // required
+ * //     Expiration: new Date("TIMESTAMP"), // required
+ * //   },
+ * //   PackedPolicySize: Number("int"),
+ * //   AssumedPrincipal: "STRING_VALUE",
+ * // };
+ *
+ * ```
+ *
+ * @param GetDelegatedAccessTokenCommandInput - {@link GetDelegatedAccessTokenCommandInput}
+ * @returns {@link GetDelegatedAccessTokenCommandOutput}
+ * @see {@link GetDelegatedAccessTokenCommandInput} for command's `input` shape.
+ * @see {@link GetDelegatedAccessTokenCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ * @throws {@link ExpiredTradeInTokenException} (client fault)
+ *  <p></p>
+ *
+ * @throws {@link RegionDisabledException} (client fault)
+ *  <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
+ *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
+ *                 Guide</i>.</p>
+ *
+ * @throws {@link STSServiceException}
+ * <p>Base exception class for all service exceptions from STS service.</p>
+ *
+ *
+ * @public
+ */
+export declare class GetDelegatedAccessTokenCommand extends GetDelegatedAccessTokenCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: GetDelegatedAccessTokenRequest;
+            output: GetDelegatedAccessTokenResponse;
+        };
+        sdk: {
+            input: GetDelegatedAccessTokenCommandInput;
+            output: GetDelegatedAccessTokenCommandOutput;
+        };
+    };
+}

package/node_modules/@aws-sdk/client-sts/dist-types/commands/GetFederationTokenCommand.d.ts

@@ -182,7 +182,7 @@ declare const GetFederationTokenCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  *
@@ -196,7 +196,7 @@ declare const GetFederationTokenCommand_base: {
  * const input = {
  *   DurationSeconds: 3600,
  *   Name: "testFedUserSession",
- *   Policy: `{"Version":"2012-10-17","Statement":[{"Sid":"Stmt1","Effect":"Allow","Action":"s3:ListAllMyBuckets","Resource":"*"}]}`,
+ *   Policy: "escaped-JSON-IAM-POLICY",
  *   Tags: [
  *     {
  *       Key: "Project",

package/node_modules/@aws-sdk/client-sts/dist-types/commands/GetSessionTokenCommand.d.ts

@@ -121,7 +121,7 @@ declare const GetSessionTokenCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  *

package/node_modules/@aws-sdk/client-sts/dist-types/commands/index.d.ts

@@ -5,5 +5,6 @@ export * from "./AssumeRootCommand";
 export * from "./DecodeAuthorizationMessageCommand";
 export * from "./GetAccessKeyInfoCommand";
 export * from "./GetCallerIdentityCommand";
+export * from "./GetDelegatedAccessTokenCommand";
 export * from "./GetFederationTokenCommand";
 export * from "./GetSessionTokenCommand";

package/node_modules/@aws-sdk/client-sts/dist-types/models/models_0.d.ts

@@ -100,9 +100,9 @@ export interface AssumeRoleRequest {
      *          assume the role. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_rolesessionname">
      *                <code>sts:RoleSessionName</code>
      *             </a>.</p>
-     *          <p>The regex used to validate this parameter is a string of characters
-     *     consisting of upper- and lower-case alphanumeric characters with no spaces. You can
-     *     also include underscores or any of the following characters: =,.@-</p>
+     *          <p>The regex used to validate this parameter is a string of
+     *     characters consisting of upper- and lower-case alphanumeric characters with no spaces.
+     *     You can also include underscores or any of the following characters: +=,.@-</p>
      * @public
      */
     RoleSessionName: string | undefined;
@@ -241,7 +241,7 @@ export interface AssumeRoleRequest {
      *             <i>IAM User Guide</i>.</p>
      *          <p>The regex used to validate this parameter is a string of
      *     characters consisting of upper- and lower-case alphanumeric characters with no spaces.
-     *     You can also include underscores or any of the following characters: =,.@:/-</p>
+     *     You can also include underscores or any of the following characters: +=,.@:\/-</p>
      * @public
      */
     ExternalId?: string | undefined;
@@ -252,9 +252,9 @@ export interface AssumeRoleRequest {
      *          the serial number for a hardware device (such as <code>GAHT12345678</code>) or an Amazon
      *          Resource Name (ARN) for a virtual device (such as
      *             <code>arn:aws:iam::123456789012:mfa/user</code>).</p>
-     *          <p>The regex used to validate this parameter is a string of characters
-     *     consisting of upper- and lower-case alphanumeric characters with no spaces. You can
-     *     also include underscores or any of the following characters: =,.@-</p>
+     *          <p>The regex used to validate this parameter is a string of
+     *     characters consisting of upper- and lower-case alphanumeric characters with no spaces.
+     *     You can also include underscores or any of the following characters: +=/:,.@-</p>
      * @public
      */
     SerialNumber?: string | undefined;
@@ -427,7 +427,7 @@ export declare class PackedPolicyTooLargeException extends __BaseException {
 /**
  * <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html">Activating and
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
  *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
  *                 Guide</i>.</p>
  * @public
@@ -907,8 +907,10 @@ export interface AssumeRootRequest {
     TargetPrincipal: string | undefined;
     /**
      * <p>The identity based policy that scopes the session to the privileged tasks that can be
-     *          performed. You can use one of following Amazon Web Services managed policies to scope root session
-     *          actions.</p>
+     *          performed. You must
+     *
+     *          use one of following Amazon Web Services managed policies to scope root session
+     *          actions:</p>
      *          <ul>
      *             <li>
      *                <p>
@@ -1065,6 +1067,48 @@ export interface GetCallerIdentityResponse {
      */
     Arn?: string | undefined;
 }
+/**
+ * <p></p>
+ * @public
+ */
+export declare class ExpiredTradeInTokenException extends __BaseException {
+    readonly name: "ExpiredTradeInTokenException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ExpiredTradeInTokenException, __BaseException>);
+}
+/**
+ * @public
+ */
+export interface GetDelegatedAccessTokenRequest {
+    /**
+     * <p></p>
+     * @public
+     */
+    TradeInToken: string | undefined;
+}
+/**
+ * @public
+ */
+export interface GetDelegatedAccessTokenResponse {
+    /**
+     * <p>Amazon Web Services credentials for API authentication.</p>
+     * @public
+     */
+    Credentials?: Credentials | undefined;
+    /**
+     * <p></p>
+     * @public
+     */
+    PackedPolicySize?: number | undefined;
+    /**
+     * <p></p>
+     * @public
+     */
+    AssumedPrincipal?: string | undefined;
+}
 /**
  * @public
  */
@@ -1316,6 +1360,14 @@ export declare const AssumeRoleWithWebIdentityResponseFilterSensitiveLog: (obj:
  * @internal
  */
 export declare const AssumeRootResponseFilterSensitiveLog: (obj: AssumeRootResponse) => any;
+/**
+ * @internal
+ */
+export declare const GetDelegatedAccessTokenRequestFilterSensitiveLog: (obj: GetDelegatedAccessTokenRequest) => any;
+/**
+ * @internal
+ */
+export declare const GetDelegatedAccessTokenResponseFilterSensitiveLog: (obj: GetDelegatedAccessTokenResponse) => any;
 /**
  * @internal
  */

package/node_modules/@aws-sdk/client-sts/dist-types/protocols/Aws_query.d.ts

@@ -7,6 +7,7 @@ import { AssumeRootCommandInput, AssumeRootCommandOutput } from "../commands/Ass
 import { DecodeAuthorizationMessageCommandInput, DecodeAuthorizationMessageCommandOutput } from "../commands/DecodeAuthorizationMessageCommand";
 import { GetAccessKeyInfoCommandInput, GetAccessKeyInfoCommandOutput } from "../commands/GetAccessKeyInfoCommand";
 import { GetCallerIdentityCommandInput, GetCallerIdentityCommandOutput } from "../commands/GetCallerIdentityCommand";
+import { GetDelegatedAccessTokenCommandInput, GetDelegatedAccessTokenCommandOutput } from "../commands/GetDelegatedAccessTokenCommand";
 import { GetFederationTokenCommandInput, GetFederationTokenCommandOutput } from "../commands/GetFederationTokenCommand";
 import { GetSessionTokenCommandInput, GetSessionTokenCommandOutput } from "../commands/GetSessionTokenCommand";
 /**
@@ -37,6 +38,10 @@ export declare const se_GetAccessKeyInfoCommand: (input: GetAccessKeyInfoCommand
  * serializeAws_queryGetCallerIdentityCommand
  */
 export declare const se_GetCallerIdentityCommand: (input: GetCallerIdentityCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
+/**
+ * serializeAws_queryGetDelegatedAccessTokenCommand
+ */
+export declare const se_GetDelegatedAccessTokenCommand: (input: GetDelegatedAccessTokenCommandInput, context: __SerdeContext) => Promise<__HttpRequest>;
 /**
  * serializeAws_queryGetFederationTokenCommand
  */
@@ -73,6 +78,10 @@ export declare const de_GetAccessKeyInfoCommand: (output: __HttpResponse, contex
  * deserializeAws_queryGetCallerIdentityCommand
  */
 export declare const de_GetCallerIdentityCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<GetCallerIdentityCommandOutput>;
+/**
+ * deserializeAws_queryGetDelegatedAccessTokenCommand
+ */
+export declare const de_GetDelegatedAccessTokenCommand: (output: __HttpResponse, context: __SerdeContext) => Promise<GetDelegatedAccessTokenCommandOutput>;
 /**
  * deserializeAws_queryGetFederationTokenCommand
  */

package/node_modules/@aws-sdk/client-sts/dist-types/ts3.4/STS.d.ts

@@ -27,6 +27,10 @@ import {
   GetCallerIdentityCommandInput,
   GetCallerIdentityCommandOutput,
 } from "./commands/GetCallerIdentityCommand";
+import {
+  GetDelegatedAccessTokenCommandInput,
+  GetDelegatedAccessTokenCommandOutput,
+} from "./commands/GetDelegatedAccessTokenCommand";
 import {
   GetFederationTokenCommandInput,
   GetFederationTokenCommandOutput,
@@ -129,6 +133,19 @@ export interface STS {
     options: __HttpHandlerOptions,
     cb: (err: any, data?: GetCallerIdentityCommandOutput) => void
   ): void;
+  getDelegatedAccessToken(
+    args: GetDelegatedAccessTokenCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<GetDelegatedAccessTokenCommandOutput>;
+  getDelegatedAccessToken(
+    args: GetDelegatedAccessTokenCommandInput,
+    cb: (err: any, data?: GetDelegatedAccessTokenCommandOutput) => void
+  ): void;
+  getDelegatedAccessToken(
+    args: GetDelegatedAccessTokenCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetDelegatedAccessTokenCommandOutput) => void
+  ): void;
   getFederationToken(
     args: GetFederationTokenCommandInput,
     options?: __HttpHandlerOptions

package/node_modules/@aws-sdk/client-sts/dist-types/ts3.4/STSClient.d.ts

@@ -73,6 +73,10 @@ import {
   GetCallerIdentityCommandInput,
   GetCallerIdentityCommandOutput,
 } from "./commands/GetCallerIdentityCommand";
+import {
+  GetDelegatedAccessTokenCommandInput,
+  GetDelegatedAccessTokenCommandOutput,
+} from "./commands/GetDelegatedAccessTokenCommand";
 import {
   GetFederationTokenCommandInput,
   GetFederationTokenCommandOutput,
@@ -96,6 +100,7 @@ export type ServiceInputTypes =
   | DecodeAuthorizationMessageCommandInput
   | GetAccessKeyInfoCommandInput
   | GetCallerIdentityCommandInput
+  | GetDelegatedAccessTokenCommandInput
   | GetFederationTokenCommandInput
   | GetSessionTokenCommandInput;
 export type ServiceOutputTypes =
@@ -106,6 +111,7 @@ export type ServiceOutputTypes =
   | DecodeAuthorizationMessageCommandOutput
   | GetAccessKeyInfoCommandOutput
   | GetCallerIdentityCommandOutput
+  | GetDelegatedAccessTokenCommandOutput
   | GetFederationTokenCommandOutput
   | GetSessionTokenCommandOutput;
 export interface ClientDefaults

package/node_modules/@aws-sdk/client-sts/dist-types/ts3.4/commands/GetDelegatedAccessTokenCommand.d.ts

@@ -0,0 +1,51 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import {
+  GetDelegatedAccessTokenRequest,
+  GetDelegatedAccessTokenResponse,
+} from "../models/models_0";
+import {
+  ServiceInputTypes,
+  ServiceOutputTypes,
+  STSClientResolvedConfig,
+} from "../STSClient";
+export { __MetadataBearer };
+export { $Command };
+export interface GetDelegatedAccessTokenCommandInput
+  extends GetDelegatedAccessTokenRequest {}
+export interface GetDelegatedAccessTokenCommandOutput
+  extends GetDelegatedAccessTokenResponse,
+    __MetadataBearer {}
+declare const GetDelegatedAccessTokenCommand_base: {
+  new (
+    input: GetDelegatedAccessTokenCommandInput
+  ): import("@smithy/smithy-client").CommandImpl<
+    GetDelegatedAccessTokenCommandInput,
+    GetDelegatedAccessTokenCommandOutput,
+    STSClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  new (
+    input: GetDelegatedAccessTokenCommandInput
+  ): import("@smithy/smithy-client").CommandImpl<
+    GetDelegatedAccessTokenCommandInput,
+    GetDelegatedAccessTokenCommandOutput,
+    STSClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >;
+  getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+export declare class GetDelegatedAccessTokenCommand extends GetDelegatedAccessTokenCommand_base {
+  protected static __types: {
+    api: {
+      input: GetDelegatedAccessTokenRequest;
+      output: GetDelegatedAccessTokenResponse;
+    };
+    sdk: {
+      input: GetDelegatedAccessTokenCommandInput;
+      output: GetDelegatedAccessTokenCommandOutput;
+    };
+  };
+}

package/node_modules/@aws-sdk/client-sts/dist-types/ts3.4/commands/index.d.ts

@@ -5,5 +5,6 @@ export * from "./AssumeRootCommand";
 export * from "./DecodeAuthorizationMessageCommand";
 export * from "./GetAccessKeyInfoCommand";
 export * from "./GetCallerIdentityCommand";
+export * from "./GetDelegatedAccessTokenCommand";
 export * from "./GetFederationTokenCommand";
 export * from "./GetSessionTokenCommand";

package/node_modules/@aws-sdk/client-sts/dist-types/ts3.4/models/models_0.d.ts

@@ -167,6 +167,21 @@ export interface GetCallerIdentityResponse {
   Account?: string | undefined;
   Arn?: string | undefined;
 }
+export declare class ExpiredTradeInTokenException extends __BaseException {
+  readonly name: "ExpiredTradeInTokenException";
+  readonly $fault: "client";
+  constructor(
+    opts: __ExceptionOptionType<ExpiredTradeInTokenException, __BaseException>
+  );
+}
+export interface GetDelegatedAccessTokenRequest {
+  TradeInToken: string | undefined;
+}
+export interface GetDelegatedAccessTokenResponse {
+  Credentials?: Credentials | undefined;
+  PackedPolicySize?: number | undefined;
+  AssumedPrincipal?: string | undefined;
+}
 export interface GetFederationTokenRequest {
   Name: string | undefined;
   Policy?: string | undefined;
@@ -210,6 +225,12 @@ export declare const AssumeRoleWithWebIdentityResponseFilterSensitiveLog: (
 export declare const AssumeRootResponseFilterSensitiveLog: (
   obj: AssumeRootResponse
 ) => any;
+export declare const GetDelegatedAccessTokenRequestFilterSensitiveLog: (
+  obj: GetDelegatedAccessTokenRequest
+) => any;
+export declare const GetDelegatedAccessTokenResponseFilterSensitiveLog: (
+  obj: GetDelegatedAccessTokenResponse
+) => any;
 export declare const GetFederationTokenResponseFilterSensitiveLog: (
   obj: GetFederationTokenResponse
 ) => any;

package/node_modules/@aws-sdk/client-sts/dist-types/ts3.4/protocols/Aws_query.d.ts

@@ -31,6 +31,10 @@ import {
   GetCallerIdentityCommandInput,
   GetCallerIdentityCommandOutput,
 } from "../commands/GetCallerIdentityCommand";
+import {
+  GetDelegatedAccessTokenCommandInput,
+  GetDelegatedAccessTokenCommandOutput,
+} from "../commands/GetDelegatedAccessTokenCommand";
 import {
   GetFederationTokenCommandInput,
   GetFederationTokenCommandOutput,
@@ -67,6 +71,10 @@ export declare const se_GetCallerIdentityCommand: (
   input: GetCallerIdentityCommandInput,
   context: __SerdeContext
 ) => Promise<__HttpRequest>;
+export declare const se_GetDelegatedAccessTokenCommand: (
+  input: GetDelegatedAccessTokenCommandInput,
+  context: __SerdeContext
+) => Promise<__HttpRequest>;
 export declare const se_GetFederationTokenCommand: (
   input: GetFederationTokenCommandInput,
   context: __SerdeContext
@@ -103,6 +111,10 @@ export declare const de_GetCallerIdentityCommand: (
   output: __HttpResponse,
   context: __SerdeContext
 ) => Promise<GetCallerIdentityCommandOutput>;
+export declare const de_GetDelegatedAccessTokenCommand: (
+  output: __HttpResponse,
+  context: __SerdeContext
+) => Promise<GetDelegatedAccessTokenCommandOutput>;
 export declare const de_GetFederationTokenCommand: (
   output: __HttpResponse,
   context: __SerdeContext

package/node_modules/@aws-sdk/client-sts/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-sts",
   "description": "AWS SDK for JavaScript Sts Client for Node.js, Browser and React Native",
-  "version": "3.927.0",
+  "version": "3.928.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "node ../../scripts/compilation/inline client-sts",
@@ -22,17 +22,17 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "5.2.0",
     "@aws-crypto/sha256-js": "5.2.0",
-    "@aws-sdk/core": "3.927.0",
-    "@aws-sdk/credential-provider-node": "3.927.0",
+    "@aws-sdk/core": "3.928.0",
+    "@aws-sdk/credential-provider-node": "3.928.0",
     "@aws-sdk/middleware-host-header": "3.922.0",
     "@aws-sdk/middleware-logger": "3.922.0",
     "@aws-sdk/middleware-recursion-detection": "3.922.0",
-    "@aws-sdk/middleware-user-agent": "3.927.0",
+    "@aws-sdk/middleware-user-agent": "3.928.0",
     "@aws-sdk/region-config-resolver": "3.925.0",
     "@aws-sdk/types": "3.922.0",
     "@aws-sdk/util-endpoints": "3.922.0",
     "@aws-sdk/util-user-agent-browser": "3.922.0",
-    "@aws-sdk/util-user-agent-node": "3.927.0",
+    "@aws-sdk/util-user-agent-node": "3.928.0",
     "@smithy/config-resolver": "^4.4.2",
     "@smithy/core": "^3.17.2",
     "@smithy/fetch-http-handler": "^5.3.5",

package/node_modules/@aws-sdk/core/dist-types/submodules/protocols/cbor/AwsSmithyRpcV2CborProtocol.d.ts

@@ -3,7 +3,7 @@ import type { EndpointBearer, HandlerExecutionContext, HttpRequest, HttpResponse
 /**
  * Extends the Smithy implementation to add AwsQueryCompatibility support.
  *
- * @alpha
+ * @public
  */
 export declare class AwsSmithyRpcV2CborProtocol extends SmithyRpcV2CborProtocol {
     private readonly awsQueryCompatible;

package/node_modules/@aws-sdk/core/dist-types/submodules/protocols/json/AwsJson1_0Protocol.d.ts

@@ -1,6 +1,6 @@
 import { AwsJsonRpcProtocol } from "./AwsJsonRpcProtocol";
 /**
- * @alpha
+ * @public
  * @see https://smithy.io/2.0/aws/protocols/aws-json-1_1-protocol.html#differences-between-awsjson1-0-and-awsjson1-1
  */
 export declare class AwsJson1_0Protocol extends AwsJsonRpcProtocol {