p6-cdk-s3-protector 0.0.49 → 0.0.50

package/node_modules/@aws-sdk/token-providers/node_modules/@aws-sdk/nested-clients/dist-types/submodules/sts/auth/httpAuthSchemeProvider.d.ts

@@ -1,85 +0,0 @@
-import { AwsSdkSigV4AuthInputConfig, AwsSdkSigV4AuthResolvedConfig, AwsSdkSigV4PreviouslyResolved } from "@aws-sdk/core";
-import { Client, HandlerExecutionContext, HttpAuthScheme, HttpAuthSchemeParameters, HttpAuthSchemeParametersProvider, HttpAuthSchemeProvider, Provider } from "@smithy/types";
-import { STSClientResolvedConfig } from "../STSClient";
-/**
- * @internal
- */
-export interface STSHttpAuthSchemeParameters extends HttpAuthSchemeParameters {
-    region?: string;
-}
-/**
- * @internal
- */
-export interface STSHttpAuthSchemeParametersProvider extends HttpAuthSchemeParametersProvider<STSClientResolvedConfig, HandlerExecutionContext, STSHttpAuthSchemeParameters, object> {
-}
-/**
- * @internal
- */
-export declare const defaultSTSHttpAuthSchemeParametersProvider: (config: STSClientResolvedConfig, context: HandlerExecutionContext, input: object) => Promise<STSHttpAuthSchemeParameters>;
-/**
- * @internal
- */
-export interface STSHttpAuthSchemeProvider extends HttpAuthSchemeProvider<STSHttpAuthSchemeParameters> {
-}
-/**
- * @internal
- */
-export declare const defaultSTSHttpAuthSchemeProvider: STSHttpAuthSchemeProvider;
-export interface StsAuthInputConfig {
-}
-export interface StsAuthResolvedConfig {
-    /**
-     * Reference to STSClient class constructor.
-     * @internal
-     */
-    stsClientCtor: new (clientConfig: any) => Client<any, any, any>;
-}
-export declare const resolveStsAuthConfig: <T>(input: T & StsAuthInputConfig) => T & StsAuthResolvedConfig;
-/**
- * @public
- */
-export interface HttpAuthSchemeInputConfig extends StsAuthInputConfig, AwsSdkSigV4AuthInputConfig {
-    /**
-     * A comma-separated list of case-sensitive auth scheme names.
-     * An auth scheme name is a fully qualified auth scheme ID with the namespace prefix trimmed.
-     * For example, the auth scheme with ID aws.auth#sigv4 is named sigv4.
-     * @public
-     */
-    authSchemePreference?: string[] | Provider<string[]>;
-    /**
-     * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
-     * @internal
-     */
-    httpAuthSchemes?: HttpAuthScheme[];
-    /**
-     * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
-     * @internal
-     */
-    httpAuthSchemeProvider?: STSHttpAuthSchemeProvider;
-}
-/**
- * @internal
- */
-export interface HttpAuthSchemeResolvedConfig extends StsAuthResolvedConfig, AwsSdkSigV4AuthResolvedConfig {
-    /**
-     * A comma-separated list of case-sensitive auth scheme names.
-     * An auth scheme name is a fully qualified auth scheme ID with the namespace prefix trimmed.
-     * For example, the auth scheme with ID aws.auth#sigv4 is named sigv4.
-     * @public
-     */
-    readonly authSchemePreference: Provider<string[]>;
-    /**
-     * Configuration of HttpAuthSchemes for a client which provides default identity providers and signers per auth scheme.
-     * @internal
-     */
-    readonly httpAuthSchemes: HttpAuthScheme[];
-    /**
-     * Configuration of an HttpAuthSchemeProvider for a client which resolves which HttpAuthScheme to use.
-     * @internal
-     */
-    readonly httpAuthSchemeProvider: STSHttpAuthSchemeProvider;
-}
-/**
- * @internal
- */
-export declare const resolveHttpAuthSchemeConfig: <T>(config: T & HttpAuthSchemeInputConfig & AwsSdkSigV4PreviouslyResolved) => T & HttpAuthSchemeResolvedConfig;

package/node_modules/@aws-sdk/token-providers/node_modules/@aws-sdk/nested-clients/dist-types/submodules/sts/commands/AssumeRoleCommand.d.ts

@@ -1,271 +0,0 @@
-import { Command as $Command } from "@smithy/smithy-client";
-import { MetadataBearer as __MetadataBearer } from "@smithy/types";
-import { AssumeRoleRequest, AssumeRoleResponse } from "../models/models_0";
-import { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
-/**
- * @public
- */
-export type { __MetadataBearer };
-export { $Command };
-/**
- * @public
- *
- * The input for {@link AssumeRoleCommand}.
- */
-export interface AssumeRoleCommandInput extends AssumeRoleRequest {
-}
-/**
- * @public
- *
- * The output of {@link AssumeRoleCommand}.
- */
-export interface AssumeRoleCommandOutput extends AssumeRoleResponse, __MetadataBearer {
-}
-declare const AssumeRoleCommand_base: {
-    new (input: AssumeRoleCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRoleCommandInput, AssumeRoleCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
-    new (input: AssumeRoleCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRoleCommandInput, AssumeRoleCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
-    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
-};
-/**
- * <p>Returns a set of temporary security credentials that you can use to access Amazon Web Services
- *          resources. These temporary credentials consist of an access key ID, a secret access key,
- *          and a security token. Typically, you use <code>AssumeRole</code> within your account or for
- *          cross-account access. For a comparison of <code>AssumeRole</code> with other API operations
- *          that produce temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
- *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
- *             credentials</a> in the <i>IAM User Guide</i>.</p>
- *          <p>
- *             <b>Permissions</b>
- *          </p>
- *          <p>The temporary security credentials created by <code>AssumeRole</code> can be used to
- *          make API calls to any Amazon Web Services service with the following exception: You cannot call the
- *          Amazon Web Services STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API
- *          operations.</p>
- *          <p>(Optional) You can pass inline or managed session policies to this operation. You can
- *          pass a single JSON policy document to use as an inline session policy. You can also specify
- *          up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies.
- *          The plaintext that you use for both inline and managed session policies can't exceed 2,048
- *          characters. Passing policies to this operation returns new
- *          temporary credentials. The resulting session's permissions are the intersection of the
- *          role's identity-based policy and the session policies. You can use the role's temporary
- *          credentials in subsequent Amazon Web Services API calls to access resources in the account that owns
- *          the role. You cannot use session policies to grant more permissions than those allowed
- *          by the identity-based policy of the role that is being assumed. For more information, see
- *             <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
- *             Policies</a> in the <i>IAM User Guide</i>.</p>
- *          <p>When you create a role, you create two policies: a role trust policy that specifies
- *             <i>who</i> can assume the role, and a permissions policy that specifies
- *             <i>what</i> can be done with the role. You specify the trusted principal
- *          that is allowed to assume the role in the role trust policy.</p>
- *          <p>To assume a role from a different account, your Amazon Web Services account must be trusted by the
- *          role. The trust relationship is defined in the role's trust policy when the role is
- *          created. That trust policy states which accounts are allowed to delegate that access to
- *          users in the account. </p>
- *          <p>A user who wants to access a role in a different account must also have permissions that
- *          are delegated from the account administrator. The administrator must attach a policy that
- *          allows the user to call <code>AssumeRole</code> for the ARN of the role in the other
- *          account.</p>
- *          <p>To allow a user to assume a role in the same account, you can do either of the
- *          following:</p>
- *          <ul>
- *             <li>
- *                <p>Attach a policy to the user that allows the user to call <code>AssumeRole</code>
- *                (as long as the role's trust policy trusts the account).</p>
- *             </li>
- *             <li>
- *                <p>Add the user as a principal directly in the role's trust policy.</p>
- *             </li>
- *          </ul>
- *          <p>You can do either because the role’s trust policy acts as an IAM resource-based
- *          policy. When a resource-based policy grants access to a principal in the same account, no
- *          additional identity-based policy is required. For more information about trust policies and
- *          resource-based policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html">IAM Policies</a> in the
- *             <i>IAM User Guide</i>.</p>
- *          <p>
- *             <b>Tags</b>
- *          </p>
- *          <p>(Optional) You can pass tag key-value pairs to your session. These tags are called
- *          session tags. For more information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in the
- *             <i>IAM User Guide</i>.</p>
- *          <p>An administrator must grant you the permissions necessary to pass session tags. The
- *          administrator can also create granular permissions to allow you to pass only specific
- *          session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
- *             for Attribute-Based Access Control</a> in the
- *          <i>IAM User Guide</i>.</p>
- *          <p>You can set the session tags as transitive. Transitive tags persist during role
- *          chaining. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining">Chaining Roles
- *             with Session Tags</a> in the <i>IAM User Guide</i>.</p>
- *          <p>
- *             <b>Using MFA with AssumeRole</b>
- *          </p>
- *          <p>(Optional) You can include multi-factor authentication (MFA) information when you call
- *             <code>AssumeRole</code>. This is useful for cross-account scenarios to ensure that the
- *          user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that
- *          scenario, the trust policy of the role being assumed includes a condition that tests for
- *          MFA authentication. If the caller does not include valid MFA information, the request to
- *          assume the role is denied. The condition in a trust policy that tests for MFA
- *          authentication might look like the following example.</p>
- *          <p>
- *             <code>"Condition": \{"Bool": \{"aws:MultiFactorAuthPresent": true\}\}</code>
- *          </p>
- *          <p>For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/MFAProtectedAPI.html">Configuring MFA-Protected API Access</a>
- *          in the <i>IAM User Guide</i> guide.</p>
- *          <p>To use MFA with <code>AssumeRole</code>, you pass values for the
- *             <code>SerialNumber</code> and <code>TokenCode</code> parameters. The
- *             <code>SerialNumber</code> value identifies the user's hardware or virtual MFA device.
- *          The <code>TokenCode</code> is the time-based one-time password (TOTP) that the MFA device
- *          produces. </p>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { STSClient, AssumeRoleCommand } from "@aws-sdk/client-sts"; // ES Modules import
- * // const { STSClient, AssumeRoleCommand } = require("@aws-sdk/client-sts"); // CommonJS import
- * // import type { STSClientConfig } from "@aws-sdk/client-sts";
- * const config = {}; // type is STSClientConfig
- * const client = new STSClient(config);
- * const input = { // AssumeRoleRequest
- *   RoleArn: "STRING_VALUE", // required
- *   RoleSessionName: "STRING_VALUE", // required
- *   PolicyArns: [ // policyDescriptorListType
- *     { // PolicyDescriptorType
- *       arn: "STRING_VALUE",
- *     },
- *   ],
- *   Policy: "STRING_VALUE",
- *   DurationSeconds: Number("int"),
- *   Tags: [ // tagListType
- *     { // Tag
- *       Key: "STRING_VALUE", // required
- *       Value: "STRING_VALUE", // required
- *     },
- *   ],
- *   TransitiveTagKeys: [ // tagKeyListType
- *     "STRING_VALUE",
- *   ],
- *   ExternalId: "STRING_VALUE",
- *   SerialNumber: "STRING_VALUE",
- *   TokenCode: "STRING_VALUE",
- *   SourceIdentity: "STRING_VALUE",
- *   ProvidedContexts: [ // ProvidedContextsListType
- *     { // ProvidedContext
- *       ProviderArn: "STRING_VALUE",
- *       ContextAssertion: "STRING_VALUE",
- *     },
- *   ],
- * };
- * const command = new AssumeRoleCommand(input);
- * const response = await client.send(command);
- * // { // AssumeRoleResponse
- * //   Credentials: { // Credentials
- * //     AccessKeyId: "STRING_VALUE", // required
- * //     SecretAccessKey: "STRING_VALUE", // required
- * //     SessionToken: "STRING_VALUE", // required
- * //     Expiration: new Date("TIMESTAMP"), // required
- * //   },
- * //   AssumedRoleUser: { // AssumedRoleUser
- * //     AssumedRoleId: "STRING_VALUE", // required
- * //     Arn: "STRING_VALUE", // required
- * //   },
- * //   PackedPolicySize: Number("int"),
- * //   SourceIdentity: "STRING_VALUE",
- * // };
- *
- * ```
- *
- * @param AssumeRoleCommandInput - {@link AssumeRoleCommandInput}
- * @returns {@link AssumeRoleCommandOutput}
- * @see {@link AssumeRoleCommandInput} for command's `input` shape.
- * @see {@link AssumeRoleCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
- *
- * @throws {@link ExpiredTokenException} (client fault)
- *  <p>The web identity token that was passed is expired or is not valid. Get a new identity
- *             token from the identity provider and then retry the request.</p>
- *
- * @throws {@link MalformedPolicyDocumentException} (client fault)
- *  <p>The request was rejected because the policy document was malformed. The error message
- *             describes the specific error.</p>
- *
- * @throws {@link PackedPolicyTooLargeException} (client fault)
- *  <p>The request was rejected because the total packed size of the session policies and
- *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
- *             document, session policy ARNs, and session tags into a packed binary format that has a
- *             separate limit. The error message indicates by percentage how close the policies and
- *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
- *             the <i>IAM User Guide</i>.</p>
- *          <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
- *                 Guide</i>.</p>
- *
- * @throws {@link RegionDisabledException} (client fault)
- *  <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
- *
- * @throws {@link STSServiceException}
- * <p>Base exception class for all service exceptions from STS service.</p>
- *
- *
- * @example To assume a role
- * ```javascript
- * //
- * const input = {
- *   ExternalId: "123ABC",
- *   Policy: "escaped-JSON-IAM-POLICY",
- *   RoleArn: "arn:aws:iam::123456789012:role/demo",
- *   RoleSessionName: "testAssumeRoleSession",
- *   Tags: [
- *     {
- *       Key: "Project",
- *       Value: "Unicorn"
- *     },
- *     {
- *       Key: "Team",
- *       Value: "Automation"
- *     },
- *     {
- *       Key: "Cost-Center",
- *       Value: "12345"
- *     }
- *   ],
- *   TransitiveTagKeys: [
- *     "Project",
- *     "Cost-Center"
- *   ]
- * };
- * const command = new AssumeRoleCommand(input);
- * const response = await client.send(command);
- * /* response is
- * {
- *   AssumedRoleUser: {
- *     Arn: "arn:aws:sts::123456789012:assumed-role/demo/Bob",
- *     AssumedRoleId: "ARO123EXAMPLE123:Bob"
- *   },
- *   Credentials: {
- *     AccessKeyId: "AKIAIOSFODNN7EXAMPLE",
- *     Expiration: "2011-07-15T23:28:33.359Z",
- *     SecretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
- *     SessionToken: "AQoDYXdzEPT//////////wEXAMPLEtc764bNrC9SAPBSM22wDOk4x4HIZ8j4FZTwdQWLWsKWHGBuFqwAeMicRXmxfpSPfIeoIYRqTflfKD8YUuwthAx7mSEI/qkPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xVqr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA=="
- *   },
- *   PackedPolicySize: 8
- * }
- * *\/
- * ```
- *
- * @public
- */
-export declare class AssumeRoleCommand extends AssumeRoleCommand_base {
-    /** @internal type navigation helper, not in runtime. */
-    protected static __types: {
-        api: {
-            input: AssumeRoleRequest;
-            output: AssumeRoleResponse;
-        };
-        sdk: {
-            input: AssumeRoleCommandInput;
-            output: AssumeRoleCommandOutput;
-        };
-    };
-}

package/node_modules/@aws-sdk/token-providers/node_modules/@aws-sdk/nested-clients/dist-types/submodules/sts/commands/AssumeRoleWithWebIdentityCommand.d.ts

@@ -1,291 +0,0 @@
-import { Command as $Command } from "@smithy/smithy-client";
-import { MetadataBearer as __MetadataBearer } from "@smithy/types";
-import { AssumeRoleWithWebIdentityRequest, AssumeRoleWithWebIdentityResponse } from "../models/models_0";
-import { ServiceInputTypes, ServiceOutputTypes, STSClientResolvedConfig } from "../STSClient";
-/**
- * @public
- */
-export type { __MetadataBearer };
-export { $Command };
-/**
- * @public
- *
- * The input for {@link AssumeRoleWithWebIdentityCommand}.
- */
-export interface AssumeRoleWithWebIdentityCommandInput extends AssumeRoleWithWebIdentityRequest {
-}
-/**
- * @public
- *
- * The output of {@link AssumeRoleWithWebIdentityCommand}.
- */
-export interface AssumeRoleWithWebIdentityCommandOutput extends AssumeRoleWithWebIdentityResponse, __MetadataBearer {
-}
-declare const AssumeRoleWithWebIdentityCommand_base: {
-    new (input: AssumeRoleWithWebIdentityCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRoleWithWebIdentityCommandInput, AssumeRoleWithWebIdentityCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
-    new (input: AssumeRoleWithWebIdentityCommandInput): import("@smithy/smithy-client").CommandImpl<AssumeRoleWithWebIdentityCommandInput, AssumeRoleWithWebIdentityCommandOutput, STSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
-    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
-};
-/**
- * <p>Returns a set of temporary security credentials for users who have been authenticated in
- *          a mobile or web application with a web identity provider. Example providers include the
- *          OAuth 2.0 providers Login with Amazon and Facebook, or any OpenID Connect-compatible
- *          identity provider such as Google or <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html">Amazon Cognito federated identities</a>.</p>
- *          <note>
- *             <p>For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the
- *                <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and the <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a> to uniquely
- *             identify a user. You can also supply the user with a consistent identity throughout the
- *             lifetime of an application.</p>
- *             <p>To learn more about Amazon Cognito, see <a href="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html">Amazon Cognito identity
- *                pools</a> in <i>Amazon Cognito Developer Guide</i>.</p>
- *          </note>
- *          <p>Calling <code>AssumeRoleWithWebIdentity</code> does not require the use of Amazon Web Services
- *          security credentials. Therefore, you can distribute an application (for example, on mobile
- *          devices) that requests temporary security credentials without including long-term Amazon Web Services
- *          credentials in the application. You also don't need to deploy server-based proxy services
- *          that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by
- *          using a token from the web identity provider. For a comparison of
- *             <code>AssumeRoleWithWebIdentity</code> with the other API operations that produce
- *          temporary credentials, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html">Requesting Temporary Security
- *             Credentials</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_sts-comparison.html">Compare STS
- *             credentials</a> in the <i>IAM User Guide</i>.</p>
- *          <p>The temporary security credentials returned by this API consist of an access key ID, a
- *          secret access key, and a security token. Applications can use these temporary security
- *          credentials to sign calls to Amazon Web Services service API operations.</p>
- *          <p>
- *             <b>Session Duration</b>
- *          </p>
- *          <p>By default, the temporary security credentials created by
- *             <code>AssumeRoleWithWebIdentity</code> last for one hour. However, you can use the
- *          optional <code>DurationSeconds</code> parameter to specify the duration of your session.
- *          You can provide a value from 900 seconds (15 minutes) up to the maximum session duration
- *          setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how
- *          to view the maximum value for your role, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_update-role-settings.html#id_roles_update-session-duration">Update the maximum session duration for a role </a> in the
- *             <i>IAM User Guide</i>. The maximum session duration limit applies when
- *          you use the <code>AssumeRole*</code> API operations or the <code>assume-role*</code> CLI
- *          commands. However the limit does not apply when you use those operations to create a
- *          console URL. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html">Using IAM Roles</a> in the
- *             <i>IAM User Guide</i>. </p>
- *          <p>
- *             <b>Permissions</b>
- *          </p>
- *          <p>The temporary security credentials created by <code>AssumeRoleWithWebIdentity</code> can
- *          be used to make API calls to any Amazon Web Services service with the following exception: you cannot
- *          call the STS <code>GetFederationToken</code> or <code>GetSessionToken</code> API
- *          operations.</p>
- *          <p>(Optional) You can pass inline or managed <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">session policies</a> to
- *          this operation. You can pass a single JSON policy document to use as an inline session
- *          policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as
- *          managed session policies. The plaintext that you use for both inline and managed session
- *          policies can't exceed 2,048 characters. Passing policies to this operation returns new
- *          temporary credentials. The resulting session's permissions are the intersection of the
- *          role's identity-based policy and the session policies. You can use the role's temporary
- *          credentials in subsequent Amazon Web Services API calls to access resources in the account that owns
- *          the role. You cannot use session policies to grant more permissions than those allowed
- *          by the identity-based policy of the role that is being assumed. For more information, see
- *             <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session">Session
- *             Policies</a> in the <i>IAM User Guide</i>.</p>
- *          <p>
- *             <b>Tags</b>
- *          </p>
- *          <p>(Optional) You can configure your IdP to pass attributes into your web identity token as
- *          session tags. Each session tag consists of a key name and an associated value. For more
- *          information about session tags, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_adding-assume-role-idp">Passing
- *             session tags using AssumeRoleWithWebIdentity</a> in the
- *             <i>IAM User Guide</i>.</p>
- *          <p>You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128
- *          characters and the values can’t exceed 256 characters. For these and additional limits, see
- *             <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length">IAM
- *             and STS Character Limits</a> in the <i>IAM User Guide</i>.</p>
- *          <note>
- *             <p>An Amazon Web Services conversion compresses the passed inline session policy, managed policy ARNs,
- *             and session tags into a packed binary format that has a separate limit. Your request can
- *             fail for this limit even if your plaintext meets the other requirements. The
- *                <code>PackedPolicySize</code> response element indicates by percentage how close the
- *             policies and tags for your request are to the upper size limit.</p>
- *          </note>
- *          <p>You can pass a session tag with the same key as a tag that is attached to the role. When
- *          you do, the session tag overrides the role tag with the same key.</p>
- *          <p>An administrator must grant you the permissions necessary to pass session tags. The
- *          administrator can also create granular permissions to allow you to pass only specific
- *          session tags. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html">Tutorial: Using Tags
- *             for Attribute-Based Access Control</a> in the
- *          <i>IAM User Guide</i>.</p>
- *          <p>You can set the session tags as transitive. Transitive tags persist during role
- *          chaining. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html#id_session-tags_role-chaining">Chaining Roles
- *             with Session Tags</a> in the <i>IAM User Guide</i>.</p>
- *          <p>
- *             <b>Identities</b>
- *          </p>
- *          <p>Before your application can call <code>AssumeRoleWithWebIdentity</code>, you must have
- *          an identity token from a supported identity provider and create a role that the application
- *          can assume. The role that your application assumes must trust the identity provider that is
- *          associated with the identity token. In other words, the identity provider must be specified
- *          in the role's trust policy. </p>
- *          <important>
- *             <p>Calling <code>AssumeRoleWithWebIdentity</code> can result in an entry in your
- *             CloudTrail logs. The entry includes the <a href="http://openid.net/specs/openid-connect-core-1_0.html#Claims">Subject</a> of
- *             the provided web identity token. We recommend that you avoid using any personally
- *             identifiable information (PII) in this field. For example, you could instead use a GUID
- *             or a pairwise identifier, as <a href="http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes">suggested
- *                in the OIDC specification</a>.</p>
- *          </important>
- *          <p>For more information about how to use OIDC federation and the
- *             <code>AssumeRoleWithWebIdentity</code> API, see the following resources: </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc_manual.html">Using Web Identity Federation API Operations for Mobile Apps</a> and <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation Through a Web-based Identity Provider</a>. </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="http://aws.amazon.com/sdkforios/">Amazon Web Services SDK for iOS Developer Guide</a> and <a href="http://aws.amazon.com/sdkforandroid/">Amazon Web Services SDK for Android Developer Guide</a>. These toolkits
- *                contain sample apps that show how to invoke the identity providers. The toolkits then
- *                show how to use the information from these providers to get and use temporary
- *                security credentials. </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { STSClient, AssumeRoleWithWebIdentityCommand } from "@aws-sdk/client-sts"; // ES Modules import
- * // const { STSClient, AssumeRoleWithWebIdentityCommand } = require("@aws-sdk/client-sts"); // CommonJS import
- * // import type { STSClientConfig } from "@aws-sdk/client-sts";
- * const config = {}; // type is STSClientConfig
- * const client = new STSClient(config);
- * const input = { // AssumeRoleWithWebIdentityRequest
- *   RoleArn: "STRING_VALUE", // required
- *   RoleSessionName: "STRING_VALUE", // required
- *   WebIdentityToken: "STRING_VALUE", // required
- *   ProviderId: "STRING_VALUE",
- *   PolicyArns: [ // policyDescriptorListType
- *     { // PolicyDescriptorType
- *       arn: "STRING_VALUE",
- *     },
- *   ],
- *   Policy: "STRING_VALUE",
- *   DurationSeconds: Number("int"),
- * };
- * const command = new AssumeRoleWithWebIdentityCommand(input);
- * const response = await client.send(command);
- * // { // AssumeRoleWithWebIdentityResponse
- * //   Credentials: { // Credentials
- * //     AccessKeyId: "STRING_VALUE", // required
- * //     SecretAccessKey: "STRING_VALUE", // required
- * //     SessionToken: "STRING_VALUE", // required
- * //     Expiration: new Date("TIMESTAMP"), // required
- * //   },
- * //   SubjectFromWebIdentityToken: "STRING_VALUE",
- * //   AssumedRoleUser: { // AssumedRoleUser
- * //     AssumedRoleId: "STRING_VALUE", // required
- * //     Arn: "STRING_VALUE", // required
- * //   },
- * //   PackedPolicySize: Number("int"),
- * //   Provider: "STRING_VALUE",
- * //   Audience: "STRING_VALUE",
- * //   SourceIdentity: "STRING_VALUE",
- * // };
- *
- * ```
- *
- * @param AssumeRoleWithWebIdentityCommandInput - {@link AssumeRoleWithWebIdentityCommandInput}
- * @returns {@link AssumeRoleWithWebIdentityCommandOutput}
- * @see {@link AssumeRoleWithWebIdentityCommandInput} for command's `input` shape.
- * @see {@link AssumeRoleWithWebIdentityCommandOutput} for command's `response` shape.
- * @see {@link STSClientResolvedConfig | config} for STSClient's `config` shape.
- *
- * @throws {@link ExpiredTokenException} (client fault)
- *  <p>The web identity token that was passed is expired or is not valid. Get a new identity
- *             token from the identity provider and then retry the request.</p>
- *
- * @throws {@link IDPCommunicationErrorException} (client fault)
- *  <p>The request could not be fulfilled because the identity provider (IDP) that was asked
- *             to verify the incoming identity token could not be reached. This is often a transient
- *             error caused by network conditions. Retry the request a limited number of times so that
- *             you don't exceed the request rate. If the error persists, the identity provider might be
- *             down or not responding.</p>
- *
- * @throws {@link IDPRejectedClaimException} (client fault)
- *  <p>The identity provider (IdP) reported that authentication failed. This might be because
- *             the claim is invalid.</p>
- *          <p>If this error is returned for the <code>AssumeRoleWithWebIdentity</code> operation, it
- *             can also mean that the claim has expired or has been explicitly revoked. </p>
- *
- * @throws {@link InvalidIdentityTokenException} (client fault)
- *  <p>The web identity token that was passed could not be validated by Amazon Web Services. Get a new
- *             identity token from the identity provider and then retry the request.</p>
- *
- * @throws {@link MalformedPolicyDocumentException} (client fault)
- *  <p>The request was rejected because the policy document was malformed. The error message
- *             describes the specific error.</p>
- *
- * @throws {@link PackedPolicyTooLargeException} (client fault)
- *  <p>The request was rejected because the total packed size of the session policies and
- *             session tags combined was too large. An Amazon Web Services conversion compresses the session policy
- *             document, session policy ARNs, and session tags into a packed binary format that has a
- *             separate limit. The error message indicates by percentage how close the policies and
- *             tags are to the upper size limit. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html">Passing Session Tags in STS</a> in
- *             the <i>IAM User Guide</i>.</p>
- *          <p>You could receive this error even though you meet other defined session policy and
- *             session tag limits. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-limits-entity-length">IAM and STS Entity Character Limits</a> in the <i>IAM User
- *                 Guide</i>.</p>
- *
- * @throws {@link RegionDisabledException} (client fault)
- *  <p>STS is not activated in the requested region for the account that is being asked to
- *             generate credentials. The account administrator must use the IAM console to activate
- *             STS in that region. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-activate-deactivate">Activating and
- *                 Deactivating STS in an Amazon Web Services Region</a> in the <i>IAM User
- *                 Guide</i>.</p>
- *
- * @throws {@link STSServiceException}
- * <p>Base exception class for all service exceptions from STS service.</p>
- *
- *
- * @example To assume a role as an OpenID Connect-federated user
- * ```javascript
- * //
- * const input = {
- *   DurationSeconds: 3600,
- *   Policy: "escaped-JSON-IAM-POLICY",
- *   ProviderId: "www.amazon.com",
- *   RoleArn: "arn:aws:iam::123456789012:role/FederatedWebIdentityRole",
- *   RoleSessionName: "app1",
- *   WebIdentityToken: "Atza%7CIQEBLjAsAhRFiXuWpUXuRvQ9PZL3GMFcYevydwIUFAHZwXZXXXXXXXXJnrulxKDHwy87oGKPznh0D6bEQZTSCzyoCtL_8S07pLpr0zMbn6w1lfVZKNTBdDansFBmtGnIsIapjI6xKR02Yc_2bQ8LZbUXSGm6Ry6_BG7PrtLZtj_dfCTj92xNGed-CrKqjG7nPBjNIL016GGvuS5gSvPRUxWES3VYfm1wl7WTI7jn-Pcb6M-buCgHhFOzTQxod27L9CqnOLio7N3gZAGpsp6n1-AJBOCJckcyXe2c6uD0srOJeZlKUm2eTDVMf8IehDVI0r1QOnTV6KzzAI3OY87Vd_cVMQ"
- * };
- * const command = new AssumeRoleWithWebIdentityCommand(input);
- * const response = await client.send(command);
- * /* response is
- * {
- *   AssumedRoleUser: {
- *     Arn: "arn:aws:sts::123456789012:assumed-role/FederatedWebIdentityRole/app1",
- *     AssumedRoleId: "AROACLKWSDQRAOEXAMPLE:app1"
- *   },
- *   Audience: "client.5498841531868486423.1548@apps.example.com",
- *   Credentials: {
- *     AccessKeyId: "AKIAIOSFODNN7EXAMPLE",
- *     Expiration: "2014-10-24T23:00:23Z",
- *     SecretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY",
- *     SessionToken: "AQoDYXdzEE0a8ANXXXXXXXXNO1ewxE5TijQyp+IEXAMPLE"
- *   },
- *   PackedPolicySize: 123,
- *   Provider: "www.amazon.com",
- *   SubjectFromWebIdentityToken: "amzn1.account.AF6RHO7KZU5XRVQJGXK6HEXAMPLE"
- * }
- * *\/
- * ```
- *
- * @public
- */
-export declare class AssumeRoleWithWebIdentityCommand extends AssumeRoleWithWebIdentityCommand_base {
-    /** @internal type navigation helper, not in runtime. */
-    protected static __types: {
-        api: {
-            input: AssumeRoleWithWebIdentityRequest;
-            output: AssumeRoleWithWebIdentityResponse;
-        };
-        sdk: {
-            input: AssumeRoleWithWebIdentityCommandInput;
-            output: AssumeRoleWithWebIdentityCommandOutput;
-        };
-    };
-}

package/node_modules/@aws-sdk/token-providers/node_modules/@aws-sdk/nested-clients/dist-types/submodules/sts/commands/index.d.ts

@@ -1,2 +0,0 @@
-export * from "./AssumeRoleCommand";
-export * from "./AssumeRoleWithWebIdentityCommand";