import * as AWS from 'aws-sdk';
import type { ConfigurationOptions } from 'aws-sdk/lib/config-base';
import { Account } from './sdk-provider';
export interface ISDK {
    /**
     * The region this SDK has been instantiated for
     *
     * (As distinct from the `defaultRegion()` on SdkProvider which
     * represents the region configured in the default config).
     */
    readonly currentRegion: string;
    /**
     * The Account this SDK has been instantiated for
     *
     * (As distinct from the `defaultAccount()` on SdkProvider which
     * represents the account available by using default credentials).
     */
    currentAccount(): Promise<Account>;
    getEndpointSuffix(region: string): string;
    /**
     * Appends the given string as the extra information to put into the User-Agent header for any requests invoked by this SDK.
     * If the string is 'undefined', this method has no effect.
     */
    appendCustomUserAgent(userAgentData?: string): void;
    /**
     * Removes the given string from the extra User-Agent header data used for requests invoked by this SDK.
     */
    removeCustomUserAgent(userAgentData: string): void;
    lambda(): AWS.Lambda;
    cloudFormation(): AWS.CloudFormation;
    ec2(): AWS.EC2;
    iam(): AWS.IAM;
    ssm(): AWS.SSM;
    s3(): AWS.S3;
    route53(): AWS.Route53;
    ecr(): AWS.ECR;
    ecs(): AWS.ECS;
    elbv2(): AWS.ELBv2;
    secretsManager(): AWS.SecretsManager;
    kms(): AWS.KMS;
    stepFunctions(): AWS.StepFunctions;
    codeBuild(): AWS.CodeBuild;
    cloudWatchLogs(): AWS.CloudWatchLogs;
    appsync(): AWS.AppSync;
}
/**
 * Additional SDK configuration options
 */
export interface SdkOptions {
    /**
     * Additional descriptive strings that indicate where the "AssumeRole" credentials are coming from
     *
     * Will be printed in an error message to help users diagnose auth problems.
     */
    readonly assumeRoleCredentialsSourceDescription?: string;
}
/**
 * Base functionality of SDK without credential fetching
 */
export declare class SDK implements ISDK {
    private readonly _credentials;
    private readonly sdkOptions;
    private static readonly accountCache;
    readonly currentRegion: string;
    private readonly config;
    /**
     * Default retry options for SDK clients.
     */
    private readonly retryOptions;
    /**
     * The more generous retry policy for CloudFormation, which has a 1 TPM limit on certain APIs,
     * which are abundantly used for deployment tracking, ...
     *
     * So we're allowing way more retries, but waiting a bit more.
     */
    private readonly cloudFormationRetryOptions;
    /**
     * STS is used to check credential validity, don't do too many retries.
     */
    private readonly stsRetryOptions;
    /**
     * Whether we have proof that the credentials have not expired
     *
     * We need to do some manual plumbing around this because the JS SDKv2 treats `ExpiredToken`
     * as retriable and we have hefty retries on CFN calls making the CLI hang for a good 15 minutes
     * if the credentials have expired.
     */
    private _credentialsValidated;
    constructor(_credentials: AWS.Credentials, region: string, httpOptions?: ConfigurationOptions, sdkOptions?: SdkOptions);
    appendCustomUserAgent(userAgentData?: string): void;
    removeCustomUserAgent(userAgentData: string): void;
    lambda(): AWS.Lambda;
    cloudFormation(): AWS.CloudFormation;
    ec2(): AWS.EC2;
    iam(): AWS.IAM;
    ssm(): AWS.SSM;
    s3(): AWS.S3;
    route53(): AWS.Route53;
    ecr(): AWS.ECR;
    ecs(): AWS.ECS;
    elbv2(): AWS.ELBv2;
    secretsManager(): AWS.SecretsManager;
    kms(): AWS.KMS;
    stepFunctions(): AWS.StepFunctions;
    codeBuild(): AWS.CodeBuild;
    cloudWatchLogs(): AWS.CloudWatchLogs;
    appsync(): AWS.AppSync;
    currentAccount(): Promise<Account>;
    /**
     * Return the current credentials
     *
     * Don't use -- only used to write tests around assuming roles.
     */
    currentCredentials(): Promise<AWS.Credentials>;
    /**
     * Force retrieval of the current credentials
     *
     * Relevant if the current credentials are AssumeRole credentials -- do the actual
     * lookup, and translate any error into a useful error message (taking into
     * account credential provenance).
     */
    forceCredentialRetrieval(): Promise<void>;
    /**
     * Make sure the the current credentials are not expired
     */
    validateCredentials(): Promise<void>;
    getEndpointSuffix(region: string): string;
    /**
     * Return a wrapping object for the underlying service object
     *
     * Responds to failures in the underlying service calls, in two different
     * ways:
     *
     * - When errors are encountered, log the failing call and the error that
     *   it triggered (at debug level). This is necessary because the lack of
     *   stack traces in NodeJS otherwise makes it very hard to suss out where
     *   a certain AWS error occurred.
     * - The JS SDK has a funny business of wrapping any credential-based error
     *   in a super-generic (and in our case wrong) exception. If we then use a
     *   'ChainableTemporaryCredentials' and the target role doesn't exist,
     *   the error message that shows up by default is super misleading
     *   (https://github.com/aws/aws-sdk-js/issues/3272). We can fix this because
     *   the exception contains the "inner exception", so we unwrap and throw
     *   the correct error ("cannot assume role").
     *
     * The wrapping business below is slightly more complicated than you'd think
     * because we must hook into the `promise()` method of the object that's being
     * returned from the methods of the object that we wrap, so there's two
     * levels of wrapping going on, and also some exceptions to the wrapping magic.
     */
    private wrapServiceErrorHandling;
    /**
     * Extract a more detailed error out of a generic error if we can
     *
     * If this is an error about Assuming Roles, add in the context showing the
     * chain of credentials we used to try to assume the role.
     */
    private makeDetailedException;
}
/**
 * Return whether an error should not be recovered from
 */
export declare function isUnrecoverableAwsError(e: Error): boolean;
