p6-cdk-s3-protector 0.0.48 → 0.0.50

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRoleWithSAMLCommand.d.ts

@@ -242,9 +242,8 @@ declare const AssumeRoleWithSAMLCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRoleWithWebIdentityCommand.d.ts

@@ -233,9 +233,8 @@ declare const AssumeRoleWithWebIdentityCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/node_modules/@aws-sdk/client-sts/dist-types/commands/AssumeRootCommand.d.ts

@@ -88,9 +88,8 @@ declare const AssumeRootCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/node_modules/@aws-sdk/client-sts/dist-types/commands/GetDelegatedAccessTokenCommand.d.ts

@@ -27,7 +27,10 @@ declare const GetDelegatedAccessTokenCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>This API is currently unavailable for general use.</p>
+ * <p>Exchanges a trade-in token for temporary Amazon Web Services credentials with the permissions
+ *          associated with the assumed principal. This operation allows you to obtain credentials for
+ *          a specific principal based on a trade-in token, enabling delegation of access to Amazon Web Services
+ *          resources.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -61,14 +64,25 @@ declare const GetDelegatedAccessTokenCommand_base: {
  * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
  *
  * @throws {@link ExpiredTradeInTokenException} (client fault)
- *  <p></p>
+ *  <p>The trade-in token provided in the request has expired and can no longer be exchanged
+ *             for credentials. Request a new token and retry the operation.</p>
+ *
+ * @throws {@link PackedPolicyTooLargeException} (client fault)
+ *  <p>The request was rejected because the total packed size of the session policies and
+ *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
+ *             document, session policy ARNs, and session tags into a packed binary format that has a
+ *             separate limit. The error message indicates by percentage how close the policies and
+ *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
+ *             the <i>IAM User Guide</i>.</p>
+ *          <p>You could receive this error even though you meet other defined session policy and
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
  *
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/node_modules/@aws-sdk/client-sts/dist-types/commands/GetFederationTokenCommand.d.ts

@@ -182,9 +182,8 @@ declare const GetFederationTokenCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/node_modules/@aws-sdk/client-sts/dist-types/commands/GetSessionTokenCommand.d.ts

@@ -121,9 +121,8 @@ declare const GetSessionTokenCommand_base: {
  * @throws {@link RegionDisabledException} (client fault)
  *  <p>STS is not activated in the requested region for the account that is being asked to
  *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
  *
  * @throws {@link STSServiceException}
  * <p>Base exception class for all service exceptions from STS service.</p>

package/node_modules/@aws-sdk/client-sts/dist-types/commands/GetWebIdentityTokenCommand.d.ts

@@ -0,0 +1,98 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { GetWebIdentityTokenRequest, GetWebIdentityTokenResponse } from "../models/models_0";
+import { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link GetWebIdentityTokenCommand}.
+ */
+export interface GetWebIdentityTokenCommandInput extends GetWebIdentityTokenRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link GetWebIdentityTokenCommand}.
+ */
+export interface GetWebIdentityTokenCommandOutput extends GetWebIdentityTokenResponse, __MetadataBearer {
+}
+declare const GetWebIdentityTokenCommand_base: {
+    new (input: GetWebIdentityTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetWebIdentityTokenCommandInput, GetWebIdentityTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (input: GetWebIdentityTokenCommandInput): import("@smithy/smithy-client").CommandImpl<GetWebIdentityTokenCommandInput, GetWebIdentityTokenCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Returns a signed JSON Web Token (JWT) that represents the calling Amazon Web Services identity.
+ *          The returned JWT can be used to authenticate with external services that support OIDC discovery.
+ *          The token is signed by Amazon Web Services STS and can be publicly verified using the verification keys published at the issuer's JWKS endpoint.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { STSClient, GetWebIdentityTokenCommand } from "@aws-sdk/client-sts"; // ES Modules import
+ * // const { STSClient, GetWebIdentityTokenCommand } = require("@aws-sdk/client-sts"); // CommonJS import
+ * // import type { STSClientConfig } from "@aws-sdk/client-sts";
+ * const config = {}; // type is STSClientConfig
+ * const client = new STSClient(config);
+ * const input = { // GetWebIdentityTokenRequest
+ *   Audience: [ // webIdentityTokenAudienceListType // required
+ *     "STRING_VALUE",
+ *   ],
+ *   DurationSeconds: Number("int"),
+ *   SigningAlgorithm: "STRING_VALUE", // required
+ *   Tags: [ // tagListType
+ *     { // Tag
+ *       Key: "STRING_VALUE", // required
+ *       Value: "STRING_VALUE", // required
+ *     },
+ *   ],
+ * };
+ * const command = new GetWebIdentityTokenCommand(input);
+ * const response = await client.send(command);
+ * // { // GetWebIdentityTokenResponse
+ * //   WebIdentityToken: "STRING_VALUE",
+ * //   Expiration: new Date("TIMESTAMP"),
+ * // };
+ *
+ * ```
+ *
+ * @param GetWebIdentityTokenCommandInput - {@link GetWebIdentityTokenCommandInput}
+ * @returns {@link GetWebIdentityTokenCommandOutput}
+ * @see {@link GetWebIdentityTokenCommandInput} for command's `input` shape.
+ * @see {@link GetWebIdentityTokenCommandOutput} for command's `response` shape.
+ * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
+ *
+ * @throws {@link JWTPayloadSizeExceededException} (client fault)
+ *  <p>The requested token payload size exceeds the maximum allowed size. Reduce the number of request tags included in the <code>GetWebIdentityToken</code> API call to reduce the token payload size.</p>
+ *
+ * @throws {@link OutboundWebIdentityFederationDisabledException} (client fault)
+ *  <p>The outbound web identity federation feature is not enabled for this account. To use
+ *             this feature, you must first enable it through the Amazon Web Services Management Console or API.</p>
+ *
+ * @throws {@link SessionDurationEscalationException} (client fault)
+ *  <p>The requested token duration would extend the session beyond its original expiration time.
+ *             You cannot use this operation to extend the lifetime of a session beyond what was granted when the session was originally created.</p>
+ *
+ * @throws {@link STSServiceException}
+ * <p>Base exception class for all service exceptions from STS service.</p>
+ *
+ *
+ * @public
+ */
+export declare class GetWebIdentityTokenCommand extends GetWebIdentityTokenCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: GetWebIdentityTokenRequest;
+            output: GetWebIdentityTokenResponse;
+        };
+        sdk: {
+            input: GetWebIdentityTokenCommandInput;
+            output: GetWebIdentityTokenCommandOutput;
+        };
+    };
+}

package/node_modules/@aws-sdk/client-sts/dist-types/commands/index.d.ts

@@ -8,3 +8,4 @@ export * from "./GetCallerIdentityCommand";
 export * from "./GetDelegatedAccessTokenCommand";
 export * from "./GetFederationTokenCommand";
 export * from "./GetSessionTokenCommand";
+export * from "./GetWebIdentityTokenCommand";

package/node_modules/@aws-sdk/client-sts/dist-types/index.d.ts

@@ -12,6 +12,7 @@ export { ClientInputEndpointParameters } from "./endpoint/EndpointParameters";
 export type { RuntimeExtension } from "./runtimeExtensions";
 export type { STSExtensionConfiguration } from "./extensionConfiguration";
 export * from "./commands";
-export * from "./models";
+export * from "./models/errors";
+export type * from "./models/models_0";
 export * from "./defaultRoleAssumers";
 export { STSServiceException } from "./models/STSServiceException";

package/node_modules/@aws-sdk/client-sts/dist-types/models/errors.d.ts

@@ -0,0 +1,172 @@
+import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
+import { STSServiceException as __BaseException } from "./STSServiceException";
+/**
+ * <p>The web identity token that was passed is expired or is not valid. Get a new identity
+ *             token from the identity provider and then retry the request.</p>
+ * @public
+ */
+export declare class ExpiredTokenException extends __BaseException {
+    readonly name: "ExpiredTokenException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ExpiredTokenException, __BaseException>);
+}
+/**
+ * <p>The request was rejected because the policy document was malformed. The error message
+ *             describes the specific error.</p>
+ * @public
+ */
+export declare class MalformedPolicyDocumentException extends __BaseException {
+    readonly name: "MalformedPolicyDocumentException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<MalformedPolicyDocumentException, __BaseException>);
+}
+/**
+ * <p>The request was rejected because the total packed size of the session policies and
+ *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
+ *             document, session policy ARNs, and session tags into a packed binary format that has a
+ *             separate limit. The error message indicates by percentage how close the policies and
+ *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
+ *             the <i>IAM User Guide</i>.</p>
+ *          <p>You could receive this error even though you meet other defined session policy and
+ *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
+ *                 Guide</i>.</p>
+ * @public
+ */
+export declare class PackedPolicyTooLargeException extends __BaseException {
+    readonly name: "PackedPolicyTooLargeException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<PackedPolicyTooLargeException, __BaseException>);
+}
+/**
+ * <p>STS is not activated in the requested region for the account that is being asked to
+ *             generate credentials. The account administrator must use the IAM console to activate
+ *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM
+ *                 User Guide</i>.</p>
+ * @public
+ */
+export declare class RegionDisabledException extends __BaseException {
+    readonly name: "RegionDisabledException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<RegionDisabledException, __BaseException>);
+}
+/**
+ * <p>The identity provider (IdP) reported that authentication failed. This might be because
+ *             the claim is invalid.</p>
+ *          <p>If this error is returned for the <code>AssumeRoleWithWebIdentity</code> operation, it
+ *             can also mean that the claim has expired or has been explicitly revoked. </p>
+ * @public
+ */
+export declare class IDPRejectedClaimException extends __BaseException {
+    readonly name: "IDPRejectedClaimException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<IDPRejectedClaimException, __BaseException>);
+}
+/**
+ * <p>The web identity token that was passed could not be validated by Amazon Web Services. Get a new
+ *             identity token from the identity provider and then retry the request.</p>
+ * @public
+ */
+export declare class InvalidIdentityTokenException extends __BaseException {
+    readonly name: "InvalidIdentityTokenException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<InvalidIdentityTokenException, __BaseException>);
+}
+/**
+ * <p>The request could not be fulfilled because the identity provider (IDP) that was asked
+ *             to verify the incoming identity token could not be reached. This is often a transient
+ *             error caused by network conditions. Retry the request a limited number of times so that
+ *             you don't exceed the request rate. If the error persists, the identity provider might be
+ *             down or not responding.</p>
+ * @public
+ */
+export declare class IDPCommunicationErrorException extends __BaseException {
+    readonly name: "IDPCommunicationErrorException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<IDPCommunicationErrorException, __BaseException>);
+}
+/**
+ * <p>The error returned if the message passed to <code>DecodeAuthorizationMessage</code>
+ *             was invalid. This can happen if the token contains invalid characters, such as line
+ *             breaks, or if the message has expired.</p>
+ * @public
+ */
+export declare class InvalidAuthorizationMessageException extends __BaseException {
+    readonly name: "InvalidAuthorizationMessageException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<InvalidAuthorizationMessageException, __BaseException>);
+}
+/**
+ * <p>The trade-in token provided in the request has expired and can no longer be exchanged
+ *             for credentials. Request a new token and retry the operation.</p>
+ * @public
+ */
+export declare class ExpiredTradeInTokenException extends __BaseException {
+    readonly name: "ExpiredTradeInTokenException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<ExpiredTradeInTokenException, __BaseException>);
+}
+/**
+ * <p>The requested token payload size exceeds the maximum allowed size. Reduce the number of request tags included in the <code>GetWebIdentityToken</code> API call to reduce the token payload size.</p>
+ * @public
+ */
+export declare class JWTPayloadSizeExceededException extends __BaseException {
+    readonly name: "JWTPayloadSizeExceededException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<JWTPayloadSizeExceededException, __BaseException>);
+}
+/**
+ * <p>The outbound web identity federation feature is not enabled for this account. To use
+ *             this feature, you must first enable it through the Amazon Web Services Management Console or API.</p>
+ * @public
+ */
+export declare class OutboundWebIdentityFederationDisabledException extends __BaseException {
+    readonly name: "OutboundWebIdentityFederationDisabledException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<OutboundWebIdentityFederationDisabledException, __BaseException>);
+}
+/**
+ * <p>The requested token duration would extend the session beyond its original expiration time.
+ *             You cannot use this operation to extend the lifetime of a session beyond what was granted when the session was originally created.</p>
+ * @public
+ */
+export declare class SessionDurationEscalationException extends __BaseException {
+    readonly name: "SessionDurationEscalationException";
+    readonly $fault: "client";
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<SessionDurationEscalationException, __BaseException>);
+}

package/node_modules/@aws-sdk/client-sts/dist-types/models/models_0.d.ts

@@ -1,5 +1,3 @@
-import { ExceptionOptionType as __ExceptionOptionType } from "@smithy/smithy-client";
-import { STSServiceException as __BaseException } from "./STSServiceException";
 /**
  * <p>The identifiers for the temporary security credentials that the operation
  *          returns.</p>
@@ -378,68 +376,6 @@ export interface AssumeRoleResponse {
      */
     SourceIdentity?: string | undefined;
 }
-/**
- * <p>The web identity token that was passed is expired or is not valid. Get a new identity
- *             token from the identity provider and then retry the request.</p>
- * @public
- */
-export declare class ExpiredTokenException extends __BaseException {
-    readonly name: "ExpiredTokenException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ExpiredTokenException, __BaseException>);
-}
-/**
- * <p>The request was rejected because the policy document was malformed. The error message
- *             describes the specific error.</p>
- * @public
- */
-export declare class MalformedPolicyDocumentException extends __BaseException {
-    readonly name: "MalformedPolicyDocumentException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<MalformedPolicyDocumentException, __BaseException>);
-}
-/**
- * <p>The request was rejected because the total packed size of the session policies and
- *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
- *             document, session policy ARNs, and session tags into a packed binary format that has a
- *             separate limit. The error message indicates by percentage how close the policies and
- *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
- *             the <i>IAM User Guide</i>.</p>
- *          <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
- *                 Guide</i>.</p>
- * @public
- */
-export declare class PackedPolicyTooLargeException extends __BaseException {
-    readonly name: "PackedPolicyTooLargeException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<PackedPolicyTooLargeException, __BaseException>);
-}
-/**
- * <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
- * @public
- */
-export declare class RegionDisabledException extends __BaseException {
-    readonly name: "RegionDisabledException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<RegionDisabledException, __BaseException>);
-}
 /**
  * @public
  */
@@ -642,34 +578,6 @@ export interface AssumeRoleWithSAMLResponse {
      */
     SourceIdentity?: string | undefined;
 }
-/**
- * <p>The identity provider (IdP) reported that authentication failed. This might be because
- *             the claim is invalid.</p>
- *          <p>If this error is returned for the <code>AssumeRoleWithWebIdentity</code> operation, it
- *             can also mean that the claim has expired or has been explicitly revoked. </p>
- * @public
- */
-export declare class IDPRejectedClaimException extends __BaseException {
-    readonly name: "IDPRejectedClaimException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<IDPRejectedClaimException, __BaseException>);
-}
-/**
- * <p>The web identity token that was passed could not be validated by Amazon Web Services. Get a new
- *             identity token from the identity provider and then retry the request.</p>
- * @public
- */
-export declare class InvalidIdentityTokenException extends __BaseException {
-    readonly name: "InvalidIdentityTokenException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<InvalidIdentityTokenException, __BaseException>);
-}
 /**
  * @public
  */
@@ -880,22 +788,6 @@ export interface AssumeRoleWithWebIdentityResponse {
      */
     SourceIdentity?: string | undefined;
 }
-/**
- * <p>The request could not be fulfilled because the identity provider (IDP) that was asked
- *             to verify the incoming identity token could not be reached. This is often a transient
- *             error caused by network conditions. Retry the request a limited number of times so that
- *             you don't exceed the request rate. If the error persists, the identity provider might be
- *             down or not responding.</p>
- * @public
- */
-export declare class IDPCommunicationErrorException extends __BaseException {
-    readonly name: "IDPCommunicationErrorException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<IDPCommunicationErrorException, __BaseException>);
-}
 /**
  * @public
  */
@@ -1000,20 +892,6 @@ export interface DecodeAuthorizationMessageResponse {
      */
     DecodedMessage?: string | undefined;
 }
-/**
- * <p>The error returned if the message passed to <code>DecodeAuthorizationMessage</code>
- *             was invalid. This can happen if the token contains invalid characters, such as line
- *             breaks, or if the message has expired.</p>
- * @public
- */
-export declare class InvalidAuthorizationMessageException extends __BaseException {
-    readonly name: "InvalidAuthorizationMessageException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<InvalidAuthorizationMessageException, __BaseException>);
-}
 /**
  * @public
  */
@@ -1067,24 +945,13 @@ export interface GetCallerIdentityResponse {
      */
     Arn?: string | undefined;
 }
-/**
- * <p></p>
- * @public
- */
-export declare class ExpiredTradeInTokenException extends __BaseException {
-    readonly name: "ExpiredTradeInTokenException";
-    readonly $fault: "client";
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<ExpiredTradeInTokenException, __BaseException>);
-}
 /**
  * @public
  */
 export interface GetDelegatedAccessTokenRequest {
     /**
-     * <p></p>
+     * <p>The token to exchange for temporary Amazon Web Services credentials. This token must be valid and
+     *          unexpired at the time of the request.</p>
      * @public
      */
     TradeInToken: string | undefined;
@@ -1099,12 +966,16 @@ export interface GetDelegatedAccessTokenResponse {
      */
     Credentials?: Credentials | undefined;
     /**
-     * <p></p>
+     * <p>The percentage of the maximum policy size that is used by the session policy. The policy
+     *          size is calculated as the sum of all the session policies and permission boundaries
+     *          attached to the session. If the packed size exceeds 100%, the request fails.</p>
      * @public
      */
     PackedPolicySize?: number | undefined;
     /**
-     * <p></p>
+     * <p>The Amazon Resource Name (ARN) of the principal that was assumed when obtaining the
+     *          delegated access token. This ARN identifies the IAM entity whose permissions are granted
+     *          by the temporary credentials.</p>
      * @public
      */
     AssumedPrincipal?: string | undefined;
@@ -1332,3 +1203,56 @@ export interface GetSessionTokenResponse {
      */
     Credentials?: Credentials | undefined;
 }
+/**
+ * @public
+ */
+export interface GetWebIdentityTokenRequest {
+    /**
+     * <p>The intended recipient of the web identity token. This value populates the
+     *             <code>aud</code> claim in the JWT and should identify the service or application that
+     *          will validate and use the token. The external service should verify this claim to ensure the token was intended for their use.</p>
+     * @public
+     */
+    Audience: string[] | undefined;
+    /**
+     * <p>The duration, in seconds, for which the JSON Web Token (JWT) will remain valid.
+     *          The value can range from 60 seconds (1 minute) to 3600 seconds (1 hour). If not specified,
+     *          the default duration is 300 seconds (5 minutes). The token is designed to be short-lived and
+     *          should be used for proof of identity, then exchanged for credentials or short-lived tokens in the external service.</p>
+     * @public
+     */
+    DurationSeconds?: number | undefined;
+    /**
+     * <p>The cryptographic algorithm to use for signing the JSON Web Token (JWT). Valid values are
+     *          RS256 (RSA with SHA-256) and ES384 (ECDSA using P-384 curve with SHA-384). </p>
+     * @public
+     */
+    SigningAlgorithm: string | undefined;
+    /**
+     * <p>An optional list of tags to include in the JSON Web Token (JWT). These tags are added as custom
+     *          claims to the JWT and can be used by the downstream service for authorization decisions. </p>
+     * @public
+     */
+    Tags?: Tag[] | undefined;
+}
+/**
+ * @public
+ */
+export interface GetWebIdentityTokenResponse {
+    /**
+     * <p>A signed JSON Web Token (JWT) that represents the caller's Amazon Web Services identity. The token contains
+     *          standard JWT claims such as subject, audience, expiration time, and additional identity attributes
+     *          added by STS as custom claims. You can also add your own custom claims to the token by passing tags
+     *          as request parameters to the <code>GetWebIdentityToken</code> API. The token is signed using the specified signing
+     *          algorithm and can be verified using the verification keys available at the issuer's JWKS endpoint.</p>
+     * @public
+     */
+    WebIdentityToken?: string | undefined;
+    /**
+     * <p>The date and time when the web identity token expires, in UTC. The expiration is
+     *          determined by adding the <code>DurationSeconds</code> value to the time the token was
+     *          issued. After this time, the token should no longer be considered valid.</p>
+     * @public
+     */
+    Expiration?: Date | undefined;
+}