refactor(iot): migrate to aws-sdk v3 (aws#8054)

## Problem

AWS SDK V2 is at EOL. All clients should migrate to V3.


## Solution

Migrate IoT client to AWS SDK V3.


---

- Treat all work as PUBLIC. Private `feature/x` branches will not be
squash-merged at release time.
- Your code changes must meet the guidelines in
[CONTRIBUTING.md](https://github.com/aws/aws-toolkit-vscode/blob/master/CONTRIBUTING.md#guidelines).
- License: I confirm that my contribution is made under the terms of the
Apache 2.0 license.

Author: ctlai95

package-lock.json

@@ -539,6 +539,7 @@
         "@types/whatwg-url": "^11.0.4",
         "@types/xml2js": "^0.4.11",
         "@vue/compiler-sfc": "^3.3.2",
+        "aws-sdk-client-mock": "^4.1.0",
         "c8": "^9.0.0",
         "circular-dependency-plugin": "^5.2.2",
         "css-loader": "^6.10.0",
@@ -580,6 +581,8 @@
         "@aws-sdk/client-ec2": "<3.731.0",
         "@aws-sdk/client-glue": "^3.852.0",
         "@aws-sdk/client-iam": "<3.731.0",
+        "@aws-sdk/client-iot": "~3.693.0",
+        "@aws-sdk/client-iotsecuretunneling": "~3.693.0",
         "@aws-sdk/client-lambda": "<3.731.0",
         "@aws-sdk/client-s3": "<3.731.0",
         "@aws-sdk/client-s3-control": "^3.830.0",

packages/core/package.json

@@ -12,7 +12,7 @@ import { createQuickPick, DataQuickPickItem } from '../../../shared/ui/pickerPro
 import { PromptResult } from '../../../shared/ui/prompter'
 import { IotClient } from '../../../shared/clients/iotClient'
 import { isValidResponse } from '../../../shared/wizards/wizard'
-import { Iot } from 'aws-sdk'
+import { Certificate, ListCertificatesResponse } from '@aws-sdk/client-iot'
 
 export type CertGen = typeof getCertList
 
@@ -53,8 +53,8 @@ export async function attachCertificateCommand(node: IotThingNode, promptFun = p
 /**
  * Prompts the user to pick a certificate to attach.
  */
-async function promptForCert(iot: IotClient, certFetch: CertGen): Promise<PromptResult<Iot.Certificate>> {
-    const placeHolder: DataQuickPickItem<Iot.Certificate> = {
+async function promptForCert(iot: IotClient, certFetch: CertGen): Promise<PromptResult<Certificate>> {
+    const placeHolder: DataQuickPickItem<Certificate> = {
         label: 'No certificates found',
         data: undefined,
     }
@@ -71,10 +71,10 @@ async function promptForCert(iot: IotClient, certFetch: CertGen): Promise<Prompt
  */
 async function* getCertList(iot: IotClient) {
     let marker: string | undefined = undefined
-    let filteredCerts: Iot.Certificate[]
+    let filteredCerts: Certificate[]
     do {
         try {
-            const certResponse: Iot.ListCertificatesResponse = await iot.listCertificates({ marker })
+            const certResponse: ListCertificatesResponse = await iot.listCertificates({ marker })
             marker = certResponse.nextMarker
 
             /* These fields should always be defined when using the above API,

packages/core/src/awsService/iot/commands/attachCertificate.ts

@@ -4,7 +4,14 @@
  */
 
 import * as vscode from 'vscode'
-import { IoTSecureTunneling, Lambda } from 'aws-sdk'
+import { Lambda } from 'aws-sdk'
+import {
+    CloseTunnelCommand,
+    IoTSecureTunnelingClient,
+    ListTunnelsCommand,
+    OpenTunnelCommand,
+    RotateTunnelAccessTokenCommand,
+} from '@aws-sdk/client-iotsecuretunneling'
 import { getClientId } from '../../shared/telemetry/util'
 import { DefaultLambdaClient } from '../../shared/clients/lambdaClient'
 import { LocalProxy } from './localProxy'
@@ -61,7 +68,7 @@ export class LdkClient {
     private localProxy: LocalProxy | undefined
     private static instanceCreating = false
     private lambdaClientCache: Map<string, DefaultLambdaClient> = new Map()
-    private iotSTClientCache: Map<string, IoTSecureTunneling> = new Map()
+    private iotSTClientCache: Map<string, IoTSecureTunnelingClient> = new Map()
 
     constructor() {}
 
@@ -97,9 +104,9 @@ export class LdkClient {
         return this.lambdaClientCache.get(region)!
     }
 
-    private async getIoTSTClient(region: string): Promise<IoTSecureTunneling> {
+    private getIoTSTClient(region: string): IoTSecureTunnelingClient {
         if (!this.iotSTClientCache.has(region)) {
-            this.iotSTClientCache.set(region, await getIoTSTClientWithAgent(region))
+            this.iotSTClientCache.set(region, getIoTSTClientWithAgent(region))
         }
         return this.iotSTClientCache.get(region)!
     }
@@ -124,13 +131,13 @@ export class LdkClient {
             const vscodeUuid = getClientId(globals.globalState)
 
             // Create IoTSecureTunneling client
-            const iotSecureTunneling = await this.getIoTSTClient(region)
+            const iotSecureTunneling = this.getIoTSTClient(region)
 
             // Define tunnel identifier
             const tunnelIdentifier = `RemoteDebugging+${vscodeUuid}`
             const timeoutInMinutes = 720
             // List existing tunnels
-            const listTunnelsResponse = await iotSecureTunneling.listTunnels({}).promise()
+            const listTunnelsResponse = await iotSecureTunneling.send(new ListTunnelsCommand({}))
 
             // Find tunnel with our identifier
             const existingTunnel = listTunnelsResponse.tunnelSummaries?.find(
@@ -150,20 +157,20 @@ export class LdkClient {
                     return rotateResponse
                 } else {
                     // Close tunnel if less than 15 minutes remaining
-                    await iotSecureTunneling
-                        .closeTunnel({
+                    await iotSecureTunneling.send(
+                        new CloseTunnelCommand({
                             tunnelId: existingTunnel.tunnelId,
                             delete: false,
                         })
-                        .promise()
+                    )
 
                     getLogger().info(`Closed tunnel ${existingTunnel.tunnelId} with less than 15 minutes remaining`)
                 }
             }
 
             // Create new tunnel
-            const openTunnelResponse = await iotSecureTunneling
-                .openTunnel({
+            const openTunnelResponse = await iotSecureTunneling.send(
+                new OpenTunnelCommand({
                     description: tunnelIdentifier,
                     timeoutConfig: {
                         maxLifetimeTimeoutMinutes: timeoutInMinutes, // 12 hours
@@ -172,7 +179,7 @@ export class LdkClient {
                         services: ['WSS'],
                     },
                 })
-                .promise()
+            )
 
             getLogger().info(`Created new tunnel with ID: ${openTunnelResponse.tunnelId}`)
 
@@ -189,13 +196,13 @@ export class LdkClient {
     // Refresh tunnel tokens
     async refreshTunnelTokens(tunnelId: string, region: string): Promise<TunnelInfo | undefined> {
         try {
-            const iotSecureTunneling = await this.getIoTSTClient(region)
-            const rotateResponse = await iotSecureTunneling
-                .rotateTunnelAccessToken({
+            const iotSecureTunneling = this.getIoTSTClient(region)
+            const rotateResponse = await iotSecureTunneling.send(
+                new RotateTunnelAccessTokenCommand({
                     tunnelId: tunnelId,
                     clientMode: 'ALL',
                 })
-                .promise()
+            )
 
             return {
                 tunnelID: tunnelId,

packages/core/src/lambda/remoteDebugging/ldkClient.ts

@@ -3,7 +3,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import IoTSecureTunneling from 'aws-sdk/clients/iotsecuretunneling'
+import { IoTSecureTunnelingClient } from '@aws-sdk/client-iotsecuretunneling'
 import { DefaultLambdaClient } from '../../shared/clients/lambdaClient'
 import { getUserAgent } from '../../shared/telemetry/util'
 import globals from '../../shared/extensionGlobals'
@@ -29,13 +29,14 @@ export function getLambdaUserAgent(): string {
     return `${getUserAgent({ includePlatform: true, includeClientId: true })}`
 }
 
-export function getIoTSTClientWithAgent(region: string): Promise<IoTSecureTunneling> {
+export function getIoTSTClientWithAgent(region: string): IoTSecureTunnelingClient {
     const customUserAgent = `${customUserAgentBase} ${getUserAgent({ includePlatform: true, includeClientId: true })}`
-    return globals.sdkClientBuilder.createAwsService(
-        IoTSecureTunneling,
-        {
-            customUserAgent,
+    return globals.sdkClientBuilderV3.createAwsService({
+        serviceClient: IoTSecureTunnelingClient,
+        clientOptions: {
+            userAgent: [[customUserAgent]],
+            region,
         },
-        region
-    )
+        userAgent: false,
+    })
 }