feat(client-redshift-serverless): Added GetIdentityCenterAuthToken API to retrieve encrypted authentication tokens for Identity Center integrated serverless workgroups. This API enables programmatic access to secure Identity Center tokens with proper error handling and parameter validation across supported SDK languages.

Author: awstools

clients/client-redshift-serverless/README.md

@@ -378,6 +378,14 @@ GetEndpointAccess
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/redshift-serverless/command/GetEndpointAccessCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-redshift-serverless/Interface/GetEndpointAccessCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-redshift-serverless/Interface/GetEndpointAccessCommandOutput/)
 
+</details>
+<details>
+<summary>
+GetIdentityCenterAuthToken
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/redshift-serverless/command/GetIdentityCenterAuthTokenCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-redshift-serverless/Interface/GetIdentityCenterAuthTokenCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-redshift-serverless/Interface/GetIdentityCenterAuthTokenCommandOutput/)
+
 </details>
 <details>
 <summary>

clients/client-redshift-serverless/src/RedshiftServerless.ts

@@ -112,6 +112,11 @@ import {
   GetEndpointAccessCommandInput,
   GetEndpointAccessCommandOutput,
 } from "./commands/GetEndpointAccessCommand";
+import {
+  GetIdentityCenterAuthTokenCommand,
+  GetIdentityCenterAuthTokenCommandInput,
+  GetIdentityCenterAuthTokenCommandOutput,
+} from "./commands/GetIdentityCenterAuthTokenCommand";
 import {
   GetNamespaceCommand,
   GetNamespaceCommandInput,
@@ -331,6 +336,7 @@ const commands = {
   GetCredentialsCommand,
   GetCustomDomainAssociationCommand,
   GetEndpointAccessCommand,
+  GetIdentityCenterAuthTokenCommand,
   GetNamespaceCommand,
   GetRecoveryPointCommand,
   GetReservationCommand,
@@ -730,6 +736,23 @@ export interface RedshiftServerless {
     cb: (err: any, data?: GetEndpointAccessCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link GetIdentityCenterAuthTokenCommand}
+   */
+  getIdentityCenterAuthToken(
+    args: GetIdentityCenterAuthTokenCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<GetIdentityCenterAuthTokenCommandOutput>;
+  getIdentityCenterAuthToken(
+    args: GetIdentityCenterAuthTokenCommandInput,
+    cb: (err: any, data?: GetIdentityCenterAuthTokenCommandOutput) => void
+  ): void;
+  getIdentityCenterAuthToken(
+    args: GetIdentityCenterAuthTokenCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetIdentityCenterAuthTokenCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link GetNamespaceCommand}
    */

clients/client-redshift-serverless/src/RedshiftServerlessClient.ts

@@ -121,6 +121,10 @@ import {
   GetCustomDomainAssociationCommandOutput,
 } from "./commands/GetCustomDomainAssociationCommand";
 import { GetEndpointAccessCommandInput, GetEndpointAccessCommandOutput } from "./commands/GetEndpointAccessCommand";
+import {
+  GetIdentityCenterAuthTokenCommandInput,
+  GetIdentityCenterAuthTokenCommandOutput,
+} from "./commands/GetIdentityCenterAuthTokenCommand";
 import { GetNamespaceCommandInput, GetNamespaceCommandOutput } from "./commands/GetNamespaceCommand";
 import { GetRecoveryPointCommandInput, GetRecoveryPointCommandOutput } from "./commands/GetRecoveryPointCommand";
 import { GetReservationCommandInput, GetReservationCommandOutput } from "./commands/GetReservationCommand";
@@ -254,6 +258,7 @@ export type ServiceInputTypes =
   | GetCredentialsCommandInput
   | GetCustomDomainAssociationCommandInput
   | GetEndpointAccessCommandInput
+  | GetIdentityCenterAuthTokenCommandInput
   | GetNamespaceCommandInput
   | GetRecoveryPointCommandInput
   | GetReservationCommandInput
@@ -323,6 +328,7 @@ export type ServiceOutputTypes =
   | GetCredentialsCommandOutput
   | GetCustomDomainAssociationCommandOutput
   | GetEndpointAccessCommandOutput
+  | GetIdentityCenterAuthTokenCommandOutput
   | GetNamespaceCommandOutput
   | GetRecoveryPointCommandOutput
   | GetReservationCommandOutput

clients/client-redshift-serverless/src/commands/GetIdentityCenterAuthTokenCommand.ts

@@ -0,0 +1,117 @@
+// smithy-typescript generated code
+import { getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import type { MetadataBearer as __MetadataBearer } from "@smithy/types";
+
+import { commonParams } from "../endpoint/EndpointParameters";
+import type { GetIdentityCenterAuthTokenRequest, GetIdentityCenterAuthTokenResponse } from "../models/models_0";
+import type {
+  RedshiftServerlessClientResolvedConfig,
+  ServiceInputTypes,
+  ServiceOutputTypes,
+} from "../RedshiftServerlessClient";
+import { GetIdentityCenterAuthToken } from "../schemas/schemas_0";
+
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link GetIdentityCenterAuthTokenCommand}.
+ */
+export interface GetIdentityCenterAuthTokenCommandInput extends GetIdentityCenterAuthTokenRequest {}
+/**
+ * @public
+ *
+ * The output of {@link GetIdentityCenterAuthTokenCommand}.
+ */
+export interface GetIdentityCenterAuthTokenCommandOutput extends GetIdentityCenterAuthTokenResponse, __MetadataBearer {}
+
+/**
+ * <p>Returns an Identity Center authentication token for accessing Amazon Redshift Serverless workgroups.</p> <p>The token provides secure access to data within the specified workgroups using Identity Center identity propagation. The token expires after a specified duration and must be refreshed for continued access.</p> <p>The Identity and Access Management (IAM) user or role that runs GetIdentityCenterAuthToken must have appropriate permissions to access the specified workgroups and Identity Center integration must be configured for the workgroups.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { RedshiftServerlessClient, GetIdentityCenterAuthTokenCommand } from "@aws-sdk/client-redshift-serverless"; // ES Modules import
+ * // const { RedshiftServerlessClient, GetIdentityCenterAuthTokenCommand } = require("@aws-sdk/client-redshift-serverless"); // CommonJS import
+ * // import type { RedshiftServerlessClientConfig } from "@aws-sdk/client-redshift-serverless";
+ * const config = {}; // type is RedshiftServerlessClientConfig
+ * const client = new RedshiftServerlessClient(config);
+ * const input = { // GetIdentityCenterAuthTokenRequest
+ *   workgroupNames: [ // WorkgroupNameList // required
+ *     "STRING_VALUE",
+ *   ],
+ * };
+ * const command = new GetIdentityCenterAuthTokenCommand(input);
+ * const response = await client.send(command);
+ * // { // GetIdentityCenterAuthTokenResponse
+ * //   token: "STRING_VALUE",
+ * //   expirationTime: new Date("TIMESTAMP"),
+ * // };
+ *
+ * ```
+ *
+ * @param GetIdentityCenterAuthTokenCommandInput - {@link GetIdentityCenterAuthTokenCommandInput}
+ * @returns {@link GetIdentityCenterAuthTokenCommandOutput}
+ * @see {@link GetIdentityCenterAuthTokenCommandInput} for command's `input` shape.
+ * @see {@link GetIdentityCenterAuthTokenCommandOutput} for command's `response` shape.
+ * @see {@link RedshiftServerlessClientResolvedConfig | config} for RedshiftServerlessClient's `config` shape.
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You do not have sufficient access to perform this action.</p>
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>The submitted action has conflicts.</p>
+ *
+ * @throws {@link DryRunException} (client fault)
+ *  <p>This exception is thrown when the request was successful, but dry run was enabled so no action was taken.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>The request processing has failed because of an unknown error, exception or failure.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The resource could not be found.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The request was denied due to request throttling.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>The input failed to satisfy the constraints specified by an Amazon Web Services service.</p>
+ *
+ * @throws {@link RedshiftServerlessServiceException}
+ * <p>Base exception class for all service exceptions from RedshiftServerless service.</p>
+ *
+ *
+ * @public
+ */
+export class GetIdentityCenterAuthTokenCommand extends $Command
+  .classBuilder<
+    GetIdentityCenterAuthTokenCommandInput,
+    GetIdentityCenterAuthTokenCommandOutput,
+    RedshiftServerlessClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >()
+  .ep(commonParams)
+  .m(function (this: any, Command: any, cs: any, config: RedshiftServerlessClientResolvedConfig, o: any) {
+    return [getEndpointPlugin(config, Command.getEndpointParameterInstructions())];
+  })
+  .s("RedshiftServerless", "GetIdentityCenterAuthToken", {})
+  .n("RedshiftServerlessClient", "GetIdentityCenterAuthTokenCommand")
+  .sc(GetIdentityCenterAuthToken)
+  .build() {
+  /** @internal type navigation helper, not in runtime. */
+  protected declare static __types: {
+    api: {
+      input: GetIdentityCenterAuthTokenRequest;
+      output: GetIdentityCenterAuthTokenResponse;
+    };
+    sdk: {
+      input: GetIdentityCenterAuthTokenCommandInput;
+      output: GetIdentityCenterAuthTokenCommandOutput;
+    };
+  };
+}

clients/client-redshift-serverless/src/commands/GetTrackCommand.ts

@@ -72,6 +72,9 @@ export interface GetTrackCommandOutput extends GetTrackResponse, __MetadataBeare
  * @throws {@link ConflictException} (client fault)
  *  <p>The submitted action has conflicts.</p>
  *
+ * @throws {@link DryRunException} (client fault)
+ *  <p>This exception is thrown when the request was successful, but dry run was enabled so no action was taken.</p>
+ *
  * @throws {@link InternalServerException} (server fault)
  *  <p>The request processing has failed because of an unknown error, exception or failure.</p>
  *

clients/client-redshift-serverless/src/commands/index.ts

@@ -21,6 +21,7 @@ export * from "./DeleteWorkgroupCommand";
 export * from "./GetCredentialsCommand";
 export * from "./GetCustomDomainAssociationCommand";
 export * from "./GetEndpointAccessCommand";
+export * from "./GetIdentityCenterAuthTokenCommand";
 export * from "./GetNamespaceCommand";
 export * from "./GetRecoveryPointCommand";
 export * from "./GetReservationCommand";

clients/client-redshift-serverless/src/models/models_0.ts

@@ -1992,6 +1992,34 @@ export interface GetCustomDomainAssociationResponse {
   customDomainCertificateExpiryTime?: Date | undefined;
 }
 
+/**
+ * @public
+ */
+export interface GetIdentityCenterAuthTokenRequest {
+  /**
+   * <p>A list of workgroup names for which to generate the Identity Center authentication token.</p> <p>Constraints:</p> <ul> <li> <p>Must contain between 1 and 20 workgroup names.</p> </li> <li> <p>Each workgroup name must be a valid Amazon Redshift Serverless workgroup identifier.</p> </li> <li> <p>All specified workgroups must have Identity Center integration enabled.</p> </li> </ul>
+   * @public
+   */
+  workgroupNames: string[] | undefined;
+}
+
+/**
+ * @public
+ */
+export interface GetIdentityCenterAuthTokenResponse {
+  /**
+   * <p>The Identity Center authentication token that can be used to access data in the specified workgroups.</p> <p>This token contains the Identity Center identity information and is encrypted for secure transmission.</p>
+   * @public
+   */
+  token?: string | undefined;
+
+  /**
+   * <p>The date and time when the Identity Center authentication token expires.</p> <p>After this time, a new token must be requested for continued access.</p>
+   * @public
+   */
+  expirationTime?: Date | undefined;
+}
+
 /**
  * @public
  */

clients/client-redshift-serverless/src/schemas/schemas_0.ts

@@ -68,6 +68,7 @@ const _DWRe = "DeleteWorkgroupResponse";
 const _E = "Endpoint";
 const _EA = "EndpointAccess";
 const _EAL = "EndpointAccessList";
+const _ET = "ExpirationTime";
 const _GC = "GetCredentials";
 const _GCDA = "GetCustomDomainAssociation";
 const _GCDAR = "GetCustomDomainAssociationRequest";
@@ -77,6 +78,9 @@ const _GCRe = "GetCredentialsResponse";
 const _GEA = "GetEndpointAccess";
 const _GEAR = "GetEndpointAccessRequest";
 const _GEARe = "GetEndpointAccessResponse";
+const _GICAT = "GetIdentityCenterAuthToken";
+const _GICATR = "GetIdentityCenterAuthTokenRequest";
+const _GICATRe = "GetIdentityCenterAuthTokenResponse";
 const _GN = "GetNamespace";
 const _GNR = "GetNamespaceRequest";
 const _GNRe = "GetNamespaceResponse";
@@ -199,7 +203,7 @@ const _SL = "SnapshotList";
 const _SQEE = "ServiceQuotaExceededException";
 const _ST = "ServerlessTrack";
 const _Sc = "Schedule";
-const _T = "Tag";
+const _T = "Token";
 const _TA = "TargetAction";
 const _TE = "ThrottlingException";
 const _TL = "TagList";
@@ -210,6 +214,7 @@ const _TRR = "TagResourceRequest";
 const _TRRa = "TagResourceResponse";
 const _TRS = "TableRestoreStatus";
 const _TRSL = "TableRestoreStatusList";
+const _Ta = "Tag";
 const _UCDA = "UpdateCustomDomainAssociation";
 const _UCDAR = "UpdateCustomDomainAssociationRequest";
 const _UCDARp = "UpdateCustomDomainAssociationResponse";
@@ -301,6 +306,7 @@ const _eS = "endpointStatus";
 const _eSTC = "estimatedSecondsToCompletion";
 const _eT = "endTime";
 const _eTIS = "elapsedTimeInSeconds";
+const _eTx = "expirationTime";
 const _eVR = "enhancedVpcRouting";
 const _en = "endpoint";
 const _ena = "enabled";
@@ -314,6 +320,7 @@ const _hQ = "httpQuery";
 const _iA = "ipv6Address";
 const _iAT = "ipAddressType";
 const _iR = "iamRoles";
+const _jN = "jsonName";
 const _k = "key";
 const _kKI = "kmsKeyId";
 const _l = "level";
@@ -416,6 +423,7 @@ const _tRS = "tableRestoreStatus";
 const _tRSa = "tableRestoreStatuses";
 const _tSIMB = "totalSizeInMegaBytes";
 const _tSN = "targetSchemaName";
+const _to = "token";
 const _tr = "track";
 const _tra = "tracks";
 const _uC = "upfrontCharge";
@@ -437,6 +445,7 @@ const _w = "workgroup";
 const _wA = "workgroupArn";
 const _wI = "workgroupId";
 const _wN = "workgroupName";
+const _wNo = "workgroupNames";
 const _wV = "workgroupVersion";
 const _wo = "workgroups";
 const n0 = "com.amazonaws.redshiftserverless";
@@ -651,6 +660,18 @@ export var GetCustomDomainAssociationResponse: StaticStructureSchema = [
 ];
 export var GetEndpointAccessRequest: StaticStructureSchema = [3, n0, _GEAR, 0, [_eN], [0]];
 export var GetEndpointAccessResponse: StaticStructureSchema = [3, n0, _GEARe, 0, [_en], [() => EndpointAccess]];
+export var GetIdentityCenterAuthTokenRequest: StaticStructureSchema = [3, n0, _GICATR, 0, [_wNo], [64 | 0]];
+export var GetIdentityCenterAuthTokenResponse: StaticStructureSchema = [
+  3,
+  n0,
+  _GICATRe,
+  8,
+  [_to, _eTx],
+  [
+    [0, { [_jN]: _T }],
+    [5, { [_jN]: _ET }],
+  ],
+];
 export var GetNamespaceRequest: StaticStructureSchema = [3, n0, _GNR, 0, [_nN], [0]];
 export var GetNamespaceResponse: StaticStructureSchema = [3, n0, _GNRe, 0, [_n], [[() => Namespace, 0]]];
 export var GetRecoveryPointRequest: StaticStructureSchema = [3, n0, _GRPR, 0, [_rPI], [0]];
@@ -1061,7 +1082,7 @@ export var TableRestoreStatus: StaticStructureSchema = [
   [_tRRI, _st, _m, _rT, _nN, _wN, _sN, _pIMB, _tDIMB, _sDN, _sSN, _sTN, _tDN, _tSN, _nTN, _rPI],
   [0, 0, 0, 4, 0, 0, 0, 1, 1, 0, 0, 0, 0, 0, 0, 0],
 ];
-export var Tag: StaticStructureSchema = [3, n0, _T, 0, [_k, _v], [0, 0]];
+export var Tag: StaticStructureSchema = [3, n0, _Ta, 0, [_k, _v], [0, 0]];
 export var TagResourceRequest: StaticStructureSchema = [3, n0, _TRR, 0, [_rAe, _t], [0, () => TagList]];
 export var TagResourceResponse: StaticStructureSchema = [3, n0, _TRRa, 0, [], []];
 export var ThrottlingException: StaticErrorSchema = [-3, n0, _TE, { [_e]: _c, [_hE]: 429 }, [_co, _m], [0, 0]];
@@ -1269,6 +1290,7 @@ export var VpcIds = 64 | 0;
 export var VpcSecurityGroupIdList = 64 | 0;
 export var VpcSecurityGroupMembershipList: StaticListSchema = [1, n0, _VSGML, 0, () => VpcSecurityGroupMembership];
 export var WorkgroupList: StaticListSchema = [1, n0, _WL, 0, () => Workgroup];
+export var WorkgroupNameList = 64 | 0;
 export var Schedule: StaticStructureSchema = [3, n0, _Sc, 0, [_at, _cr], [4, 0]];
 export var TargetAction: StaticStructureSchema = [3, n0, _TA, 0, [_cS], [() => CreateSnapshotScheduleActionParameters]];
 export var ConvertRecoveryPointToSnapshot: StaticOperationSchema = [
@@ -1447,6 +1469,14 @@ export var GetEndpointAccess: StaticOperationSchema = [
   () => GetEndpointAccessRequest,
   () => GetEndpointAccessResponse,
 ];
+export var GetIdentityCenterAuthToken: StaticOperationSchema = [
+  9,
+  n0,
+  _GICAT,
+  0,
+  () => GetIdentityCenterAuthTokenRequest,
+  () => GetIdentityCenterAuthTokenResponse,
+];
 export var GetNamespace: StaticOperationSchema = [9, n0, _GN, 0, () => GetNamespaceRequest, () => GetNamespaceResponse];
 export var GetRecoveryPoint: StaticOperationSchema = [
   9,

clients/client-redshift-serverless/test/index-objects.spec.mjs

@@ -24,6 +24,7 @@ import {
   GetCredentialsCommand,
   GetCustomDomainAssociationCommand,
   GetEndpointAccessCommand,
+  GetIdentityCenterAuthTokenCommand,
   GetNamespaceCommand,
   GetRecoveryPointCommand,
   GetReservationCommand,
@@ -133,6 +134,7 @@ assert(typeof DeleteWorkgroupCommand === "function");
 assert(typeof GetCredentialsCommand === "function");
 assert(typeof GetCustomDomainAssociationCommand === "function");
 assert(typeof GetEndpointAccessCommand === "function");
+assert(typeof GetIdentityCenterAuthTokenCommand === "function");
 assert(typeof GetNamespaceCommand === "function");
 assert(typeof GetRecoveryPointCommand === "function");
 assert(typeof GetReservationCommand === "function");