diff --git a/CHANGELOG.md b/CHANGELOG.md index fabcfc06ce1..2712630e756 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,15 @@ +Release v1.44.21 (2022-05-24) +=== + +### Service Client Updates +* `service/cognito-idp`: Updates service API and documentation +* `service/ec2`: Updates service API and documentation + * Stop Protection feature enables customers to protect their instances from accidental stop actions. +* `service/ivschat`: Updates service documentation +* `service/mediaconvert`: Updates service API and documentation + * AWS Elemental MediaConvert SDK has added support for rules that constrain Automatic-ABR rendition selection when generating ABR package ladders. +* `service/networkmanager`: Updates service API and documentation + Release v1.44.20 (2022-05-23) === diff --git a/aws/endpoints/defaults.go b/aws/endpoints/defaults.go index 97b59b12215..742ff13f532 100644 --- a/aws/endpoints/defaults.go +++ b/aws/endpoints/defaults.go @@ -8314,24 +8314,96 @@ var awsPartition = partition{ }, "email": service{ Endpoints: serviceEndpoints{ + endpointKey{ + Region: "af-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, endpointKey{ Region: "ap-south-1", }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, endpointKey{ Region: "ap-southeast-2", }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-south-1", + }: endpoint{}, endpointKey{ Region: "eu-west-1", }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "fips-us-east-1", + }: endpoint{ + Hostname: "email-fips.us-east-1.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-east-1", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "fips-us-west-2", + }: endpoint{ + Hostname: "email-fips.us-west-2.amazonaws.com", + CredentialScope: credentialScope{ + Region: "us-west-2", + }, + Deprecated: boxedTrue, + }, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, endpointKey{ Region: "us-east-1", }: endpoint{}, + endpointKey{ + Region: "us-east-1", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-east-1.amazonaws.com", + }, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, endpointKey{ Region: "us-west-2", }: endpoint{}, + endpointKey{ + Region: "us-west-2", + Variant: fipsVariant, + }: endpoint{ + Hostname: "email-fips.us-west-2.amazonaws.com", + }, }, }, "emr-containers": service{ diff --git a/aws/version.go b/aws/version.go index 086dbce9c3a..4545b702411 100644 --- a/aws/version.go +++ b/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.44.20" +const SDKVersion = "1.44.21" diff --git a/models/apis/cognito-idp/2016-04-18/api-2.json b/models/apis/cognito-idp/2016-04-18/api-2.json index fda7a5bf1d0..9840e25eb3f 100644 --- a/models/apis/cognito-idp/2016-04-18/api-2.json +++ b/models/apis/cognito-idp/2016-04-18/api-2.json @@ -1900,7 +1900,8 @@ {"shape":"PasswordResetRequiredException"}, {"shape":"UserNotFoundException"}, {"shape":"UserNotConfirmedException"}, - {"shape":"InternalErrorException"} + {"shape":"InternalErrorException"}, + {"shape":"AliasExistsException"} ], "authtype":"none" } @@ -2573,6 +2574,10 @@ "max":2048, "sensitive":true }, + "AttributesRequireVerificationBeforeUpdateType":{ + "type":"list", + "member":{"shape":"VerifiedAttributeType"} + }, "AuthEventType":{ "type":"structure", "members":{ @@ -3037,6 +3042,7 @@ "VerificationMessageTemplate":{"shape":"VerificationMessageTemplateType"}, "SmsAuthenticationMessage":{"shape":"SmsVerificationMessageType"}, "MfaConfiguration":{"shape":"UserPoolMfaType"}, + "UserAttributeUpdateSettings":{"shape":"UserAttributeUpdateSettingsType"}, "DeviceConfiguration":{"shape":"DeviceConfigurationType"}, "EmailConfiguration":{"shape":"EmailConfigurationType"}, "SmsConfiguration":{"shape":"SmsConfigurationType"}, @@ -4335,7 +4341,7 @@ "ProviderNameTypeV1":{ "type":"string", "max":32, - "min":1, + "min":3, "pattern":"[^_][\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}][^_]+" }, "ProviderUserIdentifierType":{ @@ -5193,6 +5199,7 @@ "EmailVerificationSubject":{"shape":"EmailVerificationSubjectType"}, "VerificationMessageTemplate":{"shape":"VerificationMessageTemplateType"}, "SmsAuthenticationMessage":{"shape":"SmsVerificationMessageType"}, + "UserAttributeUpdateSettings":{"shape":"UserAttributeUpdateSettingsType"}, "MfaConfiguration":{"shape":"UserPoolMfaType"}, "DeviceConfiguration":{"shape":"DeviceConfigurationType"}, "EmailConfiguration":{"shape":"EmailConfigurationType"}, @@ -5208,6 +5215,12 @@ "members":{ } }, + "UserAttributeUpdateSettingsType":{ + "type":"structure", + "members":{ + "AttributesRequireVerificationBeforeUpdate":{"shape":"AttributesRequireVerificationBeforeUpdateType"} + } + }, "UserContextDataType":{ "type":"structure", "members":{ @@ -5432,6 +5445,7 @@ "EmailVerificationSubject":{"shape":"EmailVerificationSubjectType"}, "VerificationMessageTemplate":{"shape":"VerificationMessageTemplateType"}, "SmsAuthenticationMessage":{"shape":"SmsVerificationMessageType"}, + "UserAttributeUpdateSettings":{"shape":"UserAttributeUpdateSettingsType"}, "MfaConfiguration":{"shape":"UserPoolMfaType"}, "DeviceConfiguration":{"shape":"DeviceConfigurationType"}, "EstimatedNumberOfUsers":{"shape":"IntegerType"}, diff --git a/models/apis/cognito-idp/2016-04-18/docs-2.json b/models/apis/cognito-idp/2016-04-18/docs-2.json index 55e3ad956a2..573bf3c9e97 100644 --- a/models/apis/cognito-idp/2016-04-18/docs-2.json +++ b/models/apis/cognito-idp/2016-04-18/docs-2.json @@ -8,14 +8,14 @@ "AdminCreateUser": "

Creates a new user in the specified user pool.

If MessageAction isn't set, the default is to send a welcome message via email or phone (SMS).

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.

Alternatively, you can call AdminCreateUser with SUPPRESS for the MessageAction parameter, and Amazon Cognito won't send any email.

In either case, the user will be in the FORCE_CHANGE_PASSWORD state until they sign in and change their password.

AdminCreateUser requires developer credentials.

", "AdminDeleteUser": "

Deletes a user as an administrator. Works on any user.

Calling this action requires developer credentials.

", "AdminDeleteUserAttributes": "

Deletes the user attributes in a user pool as an administrator. Works on any user.

Calling this action requires developer credentials.

", - "AdminDisableProviderForUser": "

Prevents the user from signing in with the specified external (SAML or social) identity provider. If the user that you want to deactivate is a Amazon Cognito user pools native username + password user, they can't use their password to sign in. If the user to deactivate is a linked external identity provider (IdP) user, any link between that user and an existing user is removed. When the external user signs in again, and the user is no longer attached to the previously linked DestinationUser, the user must create a new user account. See AdminLinkProviderForUser.

This action is enabled only for admin access and requires developer credentials.

The ProviderName must match the value specified when creating an IdP for the pool.

To deactivate a native username + password user, the ProviderName value must be Cognito and the ProviderAttributeName must be Cognito_Subject. The ProviderAttributeValue must be the name that is used in the user pool for the user.

The ProviderAttributeName must always be Cognito_Subject for social identity providers. The ProviderAttributeValue must always be the exact subject that was used when the user was originally linked as a source user.

For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign in, the ProviderAttributeName and ProviderAttributeValue must be the same values that were used for the SourceUser when the identities were originally linked using AdminLinkProviderForUser call. (If the linking was done with ProviderAttributeName set to Cognito_Subject, the same applies here). However, if the user has already signed in, the ProviderAttributeName must be Cognito_Subject and ProviderAttributeValue must be the subject of the SAML assertion.

", + "AdminDisableProviderForUser": "

Prevents the user from signing in with the specified external (SAML or social) identity provider (IdP). If the user that you want to deactivate is a Amazon Cognito user pools native username + password user, they can't use their password to sign in. If the user to deactivate is a linked external IdP user, any link between that user and an existing user is removed. When the external user signs in again, and the user is no longer attached to the previously linked DestinationUser, the user must create a new user account. See AdminLinkProviderForUser.

This action is enabled only for admin access and requires developer credentials.

The ProviderName must match the value specified when creating an IdP for the pool.

To deactivate a native username + password user, the ProviderName value must be Cognito and the ProviderAttributeName must be Cognito_Subject. The ProviderAttributeValue must be the name that is used in the user pool for the user.

The ProviderAttributeName must always be Cognito_Subject for social IdPs. The ProviderAttributeValue must always be the exact subject that was used when the user was originally linked as a source user.

For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign in, the ProviderAttributeName and ProviderAttributeValue must be the same values that were used for the SourceUser when the identities were originally linked using AdminLinkProviderForUser call. (If the linking was done with ProviderAttributeName set to Cognito_Subject, the same applies here). However, if the user has already signed in, the ProviderAttributeName must be Cognito_Subject and ProviderAttributeValue must be the subject of the SAML assertion.

", "AdminDisableUser": "

Disables the specified user.

Calling this action requires developer credentials.

", "AdminEnableUser": "

Enables the specified user as an administrator. Works on any user.

Calling this action requires developer credentials.

", "AdminForgetDevice": "

Forgets the device, as an administrator.

Calling this action requires developer credentials.

", "AdminGetDevice": "

Gets the device, as an administrator.

Calling this action requires developer credentials.

", "AdminGetUser": "

Gets the specified user by user name in a user pool as an administrator. Works on any user.

Calling this action requires developer credentials.

", "AdminInitiateAuth": "

Initiates the authentication flow, as an administrator.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Calling this action requires developer credentials.

", - "AdminLinkProviderForUser": "

Links an existing user account in a user pool (DestinationUser) to an identity from an external identity provider (SourceUser) based on a specified attribute name and value from the external identity provider. This allows you to create a link from the existing user account to an external federated user identity that has not yet been used to sign in. You can then use the federated user identity to sign in as the existing user account.

For example, if there is an existing user with a username and password, this API links that user to a federated user identity. When the user signs in with a federated user identity, they sign in as the existing user account.

The maximum number of federated identities linked to a user is 5.

Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external identity providers and provider attributes that have been trusted by the application owner.

This action is administrative and requires developer credentials.

", + "AdminLinkProviderForUser": "

Links an existing user account in a user pool (DestinationUser) to an identity from an external IdP (SourceUser) based on a specified attribute name and value from the external IdP. This allows you to create a link from the existing user account to an external federated user identity that has not yet been used to sign in. You can then use the federated user identity to sign in as the existing user account.

For example, if there is an existing user with a username and password, this API links that user to a federated user identity. When the user signs in with a federated user identity, they sign in as the existing user account.

The maximum number of federated identities linked to a user is five.

Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external IdPs and provider attributes that have been trusted by the application owner.

This action is administrative and requires developer credentials.

", "AdminListDevices": "

Lists devices, as an administrator.

Calling this action requires developer credentials.

", "AdminListGroupsForUser": "

Lists the groups that the user belongs to.

Calling this action requires developer credentials.

", "AdminListUserAuthEvents": "

A history of user activity and any risks detected as part of Amazon Cognito advanced security.

", @@ -28,28 +28,28 @@ "AdminUpdateAuthEventFeedback": "

Provides feedback for an authentication event indicating if it was from a valid user. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.

", "AdminUpdateDeviceStatus": "

Updates the device status as an administrator.

Calling this action requires developer credentials.

", "AdminUpdateUserAttributes": "

Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user.

For custom attributes, you must prepend the custom: prefix to the attribute name.

In addition to updating user attributes, this API can also be used to mark phone and email as verified.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Calling this action requires developer credentials.

", - "AdminUserGlobalSignOut": "

Signs out users from all devices, as an administrator. It also invalidates all refresh tokens issued to a user. The user's current access and Id tokens remain valid until their expiry. Access and Id tokens expire one hour after they're issued.

Calling this action requires developer credentials.

", + "AdminUserGlobalSignOut": "

Signs out a user from all devices. You must sign AdminUserGlobalSignOut requests with Amazon Web Services credentials. It also invalidates all refresh tokens that Amazon Cognito has issued to a user. The user's current access and ID tokens remain valid until they expire. By default, access and ID tokens expire one hour after they're issued. A user can still use a hosted UI cookie to retrieve new tokens for the duration of the cookie validity period of 1 hour.

Calling this action requires developer credentials.

", "AssociateSoftwareToken": "

Returns a unique generated shared secret key code for the user account. The request takes an access token or a session string, but not both.

Calling AssociateSoftwareToken immediately disassociates the existing software token from the user account. If the user doesn't subsequently verify the software token, their account is set up to authenticate without MFA. If MFA config is set to Optional at the user pool level, the user can then log in without MFA. However, if MFA is set to Required for the user pool, the user is asked to set up a new software token MFA during sign-in.

", "ChangePassword": "

Changes the password for a specified user in a user pool.

", "ConfirmDevice": "

Confirms tracking of the device. This API call is the call that begins device tracking.

", "ConfirmForgotPassword": "

Allows a user to enter a confirmation code to reset a forgotten password.

", - "ConfirmSignUp": "

Confirms registration of a user and handles the existing alias from a previous user.

", + "ConfirmSignUp": "

Confirms registration of a new user.

", "CreateGroup": "

Creates a new group in the specified user pool.

Calling this action requires developer credentials.

", - "CreateIdentityProvider": "

Creates an identity provider for a user pool.

", + "CreateIdentityProvider": "

Creates an IdP for a user pool.

", "CreateResourceServer": "

Creates a new OAuth2.0 resource server and defines custom scopes within it.

", "CreateUserImportJob": "

Creates the user import job.

", "CreateUserPool": "

Creates a new Amazon Cognito user pool and sets the password policy for the pool.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", "CreateUserPoolClient": "

Creates the user pool client.

When you create a new user pool client, token revocation is automatically activated. For more information about revoking tokens, see RevokeToken.

", "CreateUserPoolDomain": "

Creates a new domain for a user pool.

", "DeleteGroup": "

Deletes a group.

Calling this action requires developer credentials.

", - "DeleteIdentityProvider": "

Deletes an identity provider for a user pool.

", + "DeleteIdentityProvider": "

Deletes an IdP for a user pool.

", "DeleteResourceServer": "

Deletes a resource server.

", "DeleteUser": "

Allows a user to delete himself or herself.

", "DeleteUserAttributes": "

Deletes the attributes for a user.

", "DeleteUserPool": "

Deletes the specified Amazon Cognito user pool.

", "DeleteUserPoolClient": "

Allows the developer to delete the user pool client.

", "DeleteUserPoolDomain": "

Deletes a domain for a user pool.

", - "DescribeIdentityProvider": "

Gets information about a specific identity provider.

", + "DescribeIdentityProvider": "

Gets information about a specific IdP.

", "DescribeResourceServer": "

Describes a resource server.

", "DescribeRiskConfiguration": "

Describes the risk configuration.

", "DescribeUserImportJob": "

Describes the user import job.

", @@ -61,17 +61,17 @@ "GetCSVHeader": "

Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job.

", "GetDevice": "

Gets the device.

", "GetGroup": "

Gets a group.

Calling this action requires developer credentials.

", - "GetIdentityProviderByIdentifier": "

Gets the specified identity provider.

", + "GetIdentityProviderByIdentifier": "

Gets the specified IdP.

", "GetSigningCertificate": "

This method takes a user pool ID, and returns the signing certificate.

", "GetUICustomization": "

Gets the user interface (UI) Customization information for a particular app client's app UI, if any such information exists for the client. If nothing is set for the particular client, but there is an existing pool level customization (the app clientId is ALL), then that information is returned. If nothing is present, then an empty shape is returned.

", "GetUser": "

Gets the user attributes and metadata for a user.

", - "GetUserAttributeVerificationCode": "

Gets the user attribute verification code for the specified attribute name.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", + "GetUserAttributeVerificationCode": "

Generates a user attribute verification code for the specified attribute name. Sends a message to a user with a code that they must return in a VerifyUserAttribute request.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", "GetUserPoolMfaConfig": "

Gets the user pool multi-factor authentication (MFA) configuration.

", - "GlobalSignOut": "

Signs out users from all devices. It also invalidates all refresh tokens issued to a user. The user's current access and ID tokens remain valid until their expiry. Access and Id tokens expire one hour after they're issued.

", - "InitiateAuth": "

Initiates the authentication flow.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", - "ListDevices": "

Lists the devices.

", + "GlobalSignOut": "

Signs out users from all devices. It also invalidates all refresh tokens that Amazon Cognito has issued to a user. The user's current access and ID tokens remain valid until their expiry. By default, access and ID tokens expire one hour after Amazon Cognito issues them. A user can still use a hosted UI cookie to retrieve new tokens for the duration of the cookie validity period of 1 hour.

", + "InitiateAuth": "

Initiates sign-in for a user in the Amazon Cognito user directory. You can't sign in a user with a federated IdP with InitiateAuth. For more information, see Adding user pool sign-in through a third party.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", + "ListDevices": "

Lists the sign-in devices that Amazon Cognito has registered to the current user.

", "ListGroups": "

Lists the groups associated with a user pool.

Calling this action requires developer credentials.

", - "ListIdentityProviders": "

Lists information about all identity providers for a user pool.

", + "ListIdentityProviders": "

Lists information about all IdPs for a user pool.

", "ListResourceServers": "

Lists the resource servers for a user pool.

", "ListTagsForResource": "

Lists the tags that are assigned to an Amazon Cognito user pool.

A tag is a label that you can apply to user pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.

You can use this action up to 10 times per second, per account.

", "ListUserImportJobs": "

Lists the user import jobs.

", @@ -95,14 +95,14 @@ "UpdateAuthEventFeedback": "

Provides the feedback for an authentication event, whether it was from a valid user or not. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.

", "UpdateDeviceStatus": "

Updates the device status.

", "UpdateGroup": "

Updates the specified group with the specified attributes.

Calling this action requires developer credentials.

", - "UpdateIdentityProvider": "

Updates identity provider information for a user pool.

", + "UpdateIdentityProvider": "

Updates IdP information for a user pool.

", "UpdateResourceServer": "

Updates the name and scopes of resource server. All other fields are read-only.

If you don't provide a value for an attribute, it is set to the default value.

", "UpdateUserAttributes": "

Allows a user to update a specific attribute (one at a time).

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", - "UpdateUserPool": "

Updates the specified user pool with the specified attributes. You can get a list of the current user pool settings using DescribeUserPool. If you don't provide a value for an attribute, it will be set to the default value.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", + "UpdateUserPool": "

Updates the specified user pool with the specified attributes. You can get a list of the current user pool settings using DescribeUserPool. If you don't provide a value for an attribute, it will be set to the default value.

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

", "UpdateUserPoolClient": "

Updates the specified user pool app client with the specified attributes. You can get a list of the current user pool app client settings using DescribeUserPoolClient.

If you don't provide a value for an attribute, it will be set to the default value.

You can also use this operation to enable token revocation for user pool clients. For more information about revoking tokens, see RevokeToken.

", "UpdateUserPoolDomain": "

Updates the Secure Sockets Layer (SSL) certificate for the custom domain for your user pool.

You can use this operation to provide the Amazon Resource Name (ARN) of a new certificate to Amazon Cognito. You can't use it to change the domain for a user pool.

A custom domain is used to host the Amazon Cognito hosted UI, which provides sign-up and sign-in pages for your application. When you set up a custom domain, you provide a certificate that you manage with Certificate Manager (ACM). When necessary, you can use this operation to change the certificate that you applied to your custom domain.

Usually, this is unnecessary following routine certificate renewal with ACM. When you renew your existing certificate in ACM, the ARN for your certificate remains the same, and your custom domain uses the new certificate automatically.

However, if you replace your existing certificate with a new one, ACM gives the new certificate a new ARN. To apply the new certificate to your custom domain, you must provide this ARN to Amazon Cognito.

When you add your new certificate in ACM, you must choose US East (N. Virginia) as the Amazon Web Services Region.

After you submit your request, Amazon Cognito requires up to 1 hour to distribute your new certificate to your custom domain.

For more information about adding a custom domain to your user pool, see Using Your Own Domain for the Hosted UI.

", "VerifySoftwareToken": "

Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as \"verified\" if successful. The request takes an access token or a session string, but not both.

", - "VerifyUserAttribute": "

Verifies the specified user attributes in the user pool.

" + "VerifyUserAttribute": "

Verifies the specified user attributes in the user pool.

If your user pool requires verification before Amazon Cognito updates the attribute value, VerifyUserAttribute updates the affected attribute to its pending value. For more information, see UserAttributeUpdateSettingsType.

" }, "shapes": { "AWSAccountIdType": { @@ -114,9 +114,9 @@ "AccessTokenValidityType": { "base": null, "refs": { - "CreateUserPoolClientRequest$AccessTokenValidity": "

The time limit, between 5 minutes and 1 day, after which the access token is no longer valid and can't be used. If you supply a TokenValidityUnits value, you will override the default time unit.

", - "UpdateUserPoolClientRequest$AccessTokenValidity": "

The time limit after which the access token is no longer valid and can't be used.

", - "UserPoolClientType$AccessTokenValidity": "

The time limit, specified by tokenValidityUnits, defaulting to hours, after which the access token is no longer valid and can't be used.

" + "CreateUserPoolClientRequest$AccessTokenValidity": "

The access token time limit. After this limit expires, your user can't use their access token. To specify the time unit for AccessTokenValidity as seconds, minutes, hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set AccessTokenValidity to 10 and TokenValidityUnits to hours, your user can authorize access with their access token for 10 hours.

The default time unit for AccessTokenValidity in an API request is hours. Valid range is displayed below in seconds.

", + "UpdateUserPoolClientRequest$AccessTokenValidity": "

The access token time limit. After this limit expires, your user can't use their access token. To specify the time unit for AccessTokenValidity as seconds, minutes, hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set AccessTokenValidity to 10 and TokenValidityUnits to hours, your user can authorize access with their access token for 10 hours.

The default time unit for AccessTokenValidity in an API request is hours. Valid range is displayed below in seconds.

", + "UserPoolClientType$AccessTokenValidity": "

The access token time limit. After this limit expires, your user can't use their access token. To specify the time unit for AccessTokenValidity as seconds, minutes, hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set AccessTokenValidity to 10 and TokenValidityUnits to hours, your user can authorize access with their access token for 10 hours.

The default time unit for AccessTokenValidity in an API request is hours. Valid range is displayed below in seconds.

" } }, "AccountRecoverySettingType": { @@ -150,7 +150,7 @@ "AccountTakeoverEventActionType": { "base": null, "refs": { - "AccountTakeoverActionType$EventAction": "

The action to take in response to the account takeover action. Valid values are:

" + "AccountTakeoverActionType$EventAction": "

The action to take in response to the account takeover action. Valid values are as follows:

" } }, "AccountTakeoverRiskConfigurationType": { @@ -206,7 +206,7 @@ "AdminCreateUserUnusedAccountValidityDaysType": { "base": null, "refs": { - "AdminCreateUserConfigType$UnusedAccountValidityDays": "

The user account expiration limit, in days, after which the account is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying \"RESEND\" for the MessageAction parameter. The default value for this parameter is 7.

If you set a value for TemporaryPasswordValidityDays in PasswordPolicy, that value will be used, and UnusedAccountValidityDays will be no longer be an available parameter for that user pool.

" + "AdminCreateUserConfigType$UnusedAccountValidityDays": "

The user account expiration limit, in days, after which a new account that hasn't signed in is no longer usable. To reset the account after that time limit, you must call AdminCreateUser again, specifying \"RESEND\" for the MessageAction parameter. The default value for this parameter is 7.

If you set a value for TemporaryPasswordValidityDays in PasswordPolicy, that value will be used, and UnusedAccountValidityDays will be no longer be an available parameter for that user pool.

" } }, "AdminDeleteUserAttributesRequest": { @@ -444,36 +444,36 @@ } }, "AliasExistsException": { - "base": "

This exception is thrown when a user tries to confirm the account with an email or phone number that has already been supplied as an alias from a different account. This exception tells user that an account with this email or phone already exists.

", + "base": "

This exception is thrown when a user tries to confirm the account with an email address or phone number that has already been supplied as an alias from a different account. This exception indicates that an account with this email address or phone already exists in a user pool that you've configured to use email address or phone number as a sign-in alias.

", "refs": { } }, "AnalyticsConfigurationType": { - "base": "

The Amazon Pinpoint analytics configuration for collecting metrics for a user pool.

In Regions where Amazon Pinpointisn't available, user pools only support sending events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.

", + "base": "

The Amazon Pinpoint analytics configuration necessary to collect metrics for a user pool.

In Regions where Amazon Pinpointisn't available, user pools only support sending events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.

", "refs": { "CreateUserPoolClientRequest$AnalyticsConfiguration": "

The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.

In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools only support sending events to Amazon Pinpoint projects in Amazon Web Services Region us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.

", - "UpdateUserPoolClientRequest$AnalyticsConfiguration": "

The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.

In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools only support sending events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.

", + "UpdateUserPoolClientRequest$AnalyticsConfiguration": "

The Amazon Pinpoint analytics configuration necessary to collect metrics for this user pool.

In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools only support sending events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending events to Amazon Pinpoint projects within that same Region.

", "UserPoolClientType$AnalyticsConfiguration": "

The Amazon Pinpoint analytics configuration for the user pool client.

Amazon Cognito user pools only support sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the Region where the user pool resides.

" } }, "AnalyticsMetadataType": { - "base": "

An Amazon Pinpoint analytics endpoint.

An endpoint uniquely identifies a mobile device, email address, or phone number that can receive messages from Amazon Pinpoint analytics.

Amazon Cognito user pools only support sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the Region where the user pool resides.

", + "base": "

An Amazon Pinpoint analytics endpoint.

An endpoint uniquely identifies a mobile device, email address, or phone number that can receive messages from Amazon Pinpoint analytics. For more information about Amazon Web Services Regions that can contain Amazon Pinpoint resources for use with Amazon Cognito user pools, see Using Amazon Pinpoint analytics with Amazon Cognito user pools.

", "refs": { "AdminInitiateAuthRequest$AnalyticsMetadata": "

The analytics metadata for collecting Amazon Pinpoint metrics for AdminInitiateAuth calls.

", "AdminRespondToAuthChallengeRequest$AnalyticsMetadata": "

The analytics metadata for collecting Amazon Pinpoint metrics for AdminRespondToAuthChallenge calls.

", "ConfirmForgotPasswordRequest$AnalyticsMetadata": "

The Amazon Pinpoint analytics metadata for collecting metrics for ConfirmForgotPassword calls.

", "ConfirmSignUpRequest$AnalyticsMetadata": "

The Amazon Pinpoint analytics metadata for collecting metrics for ConfirmSignUp calls.

", - "ForgotPasswordRequest$AnalyticsMetadata": "

The Amazon Pinpoint analytics metadata for collecting metrics for ForgotPassword calls.

", - "InitiateAuthRequest$AnalyticsMetadata": "

The Amazon Pinpoint analytics metadata for collecting metrics for InitiateAuth calls.

", - "ResendConfirmationCodeRequest$AnalyticsMetadata": "

The Amazon Pinpoint analytics metadata for collecting metrics for ResendConfirmationCode calls.

", - "RespondToAuthChallengeRequest$AnalyticsMetadata": "

The Amazon Pinpoint analytics metadata for collecting metrics for RespondToAuthChallenge calls.

", - "SignUpRequest$AnalyticsMetadata": "

The Amazon Pinpoint analytics metadata for collecting metrics for SignUp calls.

" + "ForgotPasswordRequest$AnalyticsMetadata": "

The Amazon Pinpoint analytics metadata that contributes to your metrics for ForgotPassword calls.

", + "InitiateAuthRequest$AnalyticsMetadata": "

The Amazon Pinpoint analytics metadata that contributes to your metrics for InitiateAuth calls.

", + "ResendConfirmationCodeRequest$AnalyticsMetadata": "

The Amazon Pinpoint analytics metadata that contributes to your metrics for ResendConfirmationCode calls.

", + "RespondToAuthChallengeRequest$AnalyticsMetadata": "

The Amazon Pinpoint analytics metadata that contributes to your metrics for RespondToAuthChallenge calls.

", + "SignUpRequest$AnalyticsMetadata": "

The Amazon Pinpoint analytics metadata that contributes to your metrics for SignUp calls.

" } }, "ArnType": { "base": null, "refs": { - "AnalyticsConfigurationType$ApplicationArn": "

The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You can use the Amazon Pinpoint project to integrate with the chosen user pool Client. Amazon Cognito publishes events to the Amazon Pinpointproject declared by the app ARN.

", + "AnalyticsConfigurationType$ApplicationArn": "

The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You can use the Amazon Pinpoint project to integrate with the chosen user pool Client. Amazon Cognito publishes events to the Amazon Pinpoint project that the app ARN declares.

", "AnalyticsConfigurationType$RoleArn": "

The ARN of an Identity and Access Management role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics.

", "CreateGroupRequest$RoleArn": "

The role Amazon Resource Name (ARN) for the group.

", "CreateUserImportJobRequest$CloudWatchLogsRoleArn": "

The role ARN for the Amazon CloudWatch Logs Logging role for the user import job.

", @@ -525,12 +525,12 @@ "AdminCreateUserRequest$UserAttributes": "

An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than Username. However, any attributes that you specify as required (when creating a user pool or in the Attributes tab of the console) either you should supply (in your call to AdminCreateUser) or the user should supply (when they sign up in response to your welcome message).

For custom attributes, you must prepend the custom: prefix to the attribute name.

To send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the Users tab of the Amazon Cognito console for managing your user pools.

In your call to AdminCreateUser, you can set the email_verified attribute to True, and you can set the phone_number_verified attribute to True. You can also do this by calling AdminUpdateUserAttributes.

", "AdminCreateUserRequest$ValidationData": "

The user's validation data. This is an array of name-value pairs that contain user attributes and attribute values that you can use for custom validation, such as restricting the types of user accounts that can be registered. For example, you might choose to allow or disallow user sign-up based on the user's domain.

To configure custom validation, you must create a Pre Sign-up Lambda trigger for the user pool as described in the Amazon Cognito Developer Guide. The Lambda trigger receives the validation data and uses it in the validation process.

The user's validation data isn't persisted.

", "AdminGetUserResponse$UserAttributes": "

An array of name-value pairs representing user attributes.

", - "AdminUpdateUserAttributesRequest$UserAttributes": "

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the custom: prefix to the attribute name.

", + "AdminUpdateUserAttributesRequest$UserAttributes": "

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the custom: prefix to the attribute name.

If your user pool requires verification before Amazon Cognito updates an attribute value that you specify in this request, Amazon Cognito doesn’t immediately update the value of that attribute. After your user receives and responds to a verification message to verify the new value, Amazon Cognito updates the attribute value. Your user can sign in and receive messages with the original attribute value until they verify the new value.

To update the value of an attribute that requires verification in the same API request, include the email_verified or phone_number_verified attribute, with a value of true. If you set the email_verified or phone_number_verified value for an email or phone_number attribute that requires verification to true, Amazon Cognito doesn’t send a verification message to your user.

", "DeviceType$DeviceAttributes": "

The device attributes.

", "GetUserResponse$UserAttributes": "

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the custom: prefix to the attribute name.

", "SignUpRequest$UserAttributes": "

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the custom: prefix to the attribute name.

", "SignUpRequest$ValidationData": "

The validation data in the request to register a user.

", - "UpdateUserAttributesRequest$UserAttributes": "

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the custom: prefix to the attribute name.

", + "UpdateUserAttributesRequest$UserAttributes": "

An array of name-value pairs representing user attributes.

For custom attributes, you must prepend the custom: prefix to the attribute name.

If you have set an attribute to require verification before Amazon Cognito updates its value, this request doesn’t immediately update the value of that attribute. After your user receives and responds to a verification message to verify the new value, Amazon Cognito updates the attribute value. Your user can sign in and receive messages with the original attribute value until they verify the new value.

", "UserType$Attributes": "

A container with information about the user type attributes.

" } }, @@ -543,9 +543,9 @@ "AttributeMappingType": { "base": null, "refs": { - "CreateIdentityProviderRequest$AttributeMapping": "

A mapping of identity provider attributes to standard and custom user pool attributes.

", - "IdentityProviderType$AttributeMapping": "

A mapping of identity provider attributes to standard and custom user pool attributes.

", - "UpdateIdentityProviderRequest$AttributeMapping": "

The identity provider attribute mapping to be changed.

" + "CreateIdentityProviderRequest$AttributeMapping": "

A mapping of IdP attributes to standard and custom user pool attributes.

", + "IdentityProviderType$AttributeMapping": "

A mapping of IdP attributes to standard and custom user pool attributes.

", + "UpdateIdentityProviderRequest$AttributeMapping": "

The IdP attribute mapping to be changed.

" } }, "AttributeNameListType": { @@ -560,7 +560,7 @@ "refs": { "AttributeNameListType$member": null, "AttributeType$Name": "

The name of the attribute.

", - "CodeDeliveryDetailsType$AttributeName": "

The attribute name.

", + "CodeDeliveryDetailsType$AttributeName": "

The name of the attribute that Amazon Cognito verifies with the code.

", "GetUserAttributeVerificationCodeRequest$AttributeName": "

The attribute name returned by the server response to get the user attribute verification code.

", "MFAOptionType$AttributeName": "

The attribute name of the MFA option type. The only valid value is phone_number.

", "SearchedAttributeNamesListType$member": null, @@ -579,6 +579,12 @@ "AttributeType$Value": "

The value of the attribute.

" } }, + "AttributesRequireVerificationBeforeUpdateType": { + "base": null, + "refs": { + "UserAttributeUpdateSettingsType$AttributesRequireVerificationBeforeUpdate": "

Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.

You can verify an updated email address or phone number with a VerifyUserAttribute API request. You can also call the UpdateUserAttributes or AdminUpdateUserAttributes API and set email_verified or phone_number_verified to true.

When AttributesRequireVerificationBeforeUpdate is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where AttributesRequireVerificationBeforeUpdate is false, API operations that change attribute values can immediately update a user’s email or phone_number attribute.

" + } + }, "AuthEventType": { "base": "

The authentication event type.

", "refs": { @@ -595,7 +601,7 @@ "base": null, "refs": { "AdminInitiateAuthRequest$AuthFlow": "

The authentication flow for this call to run. The API action will depend on this value. For example:

Valid values include:

", - "InitiateAuthRequest$AuthFlow": "

The authentication flow for this call to run. The API action will depend on this value. For example:

Valid values include:

ADMIN_NO_SRP_AUTH isn't a valid value.

" + "InitiateAuthRequest$AuthFlow": "

The authentication flow for this call to run. The API action will depend on this value. For example:

Valid values include:

ADMIN_NO_SRP_AUTH isn't a valid value.

" } }, "AuthParametersType": { @@ -626,7 +632,7 @@ "AdminCreateUserConfigType$AllowAdminCreateUserOnly": "

Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.

", "AdminGetUserResponse$Enabled": "

Indicates that the status is enabled.

", "AdminSetUserPasswordRequest$Permanent": "

True if the password is permanent, False if it is temporary.

", - "AnalyticsConfigurationType$UserDataShared": "

If UserDataShared is true, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics.

", + "AnalyticsConfigurationType$UserDataShared": "

If UserDataShared is true, Amazon Cognito includes user data in the events that it publishes to Amazon Pinpoint analytics.

", "ConfirmDeviceResponse$UserConfirmationNecessary": "

Indicates whether the user confirmation must confirm the device response.

", "CreateUserPoolClientRequest$AllowedOAuthFlowsUserPoolClient": "

Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.

", "DeviceConfigurationType$ChallengeRequiredOnNewDevice": "

When true, device authentication can replace SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA).

Users that sign in with devices that have not been confirmed or remembered will still have to provide a second factor, whether or not ChallengeRequiredOnNewDevice is true, when your user pool requires MFA.

", @@ -638,7 +644,7 @@ "SMSMfaSettingsType$Enabled": "

Specifies whether SMS text message MFA is activated. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted.

", "SMSMfaSettingsType$PreferredMfa": "

Specifies whether SMS is the preferred MFA method.

", "SchemaAttributeType$DeveloperOnlyAttribute": "

You should use WriteAttributes in the user pool client to control how attributes can be mutated for new use cases instead of using DeveloperOnlyAttribute.

Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users won't be able to modify this attribute using their access token. For example, DeveloperOnlyAttribute can be modified using AdminUpdateUserAttributes but can't be updated using UpdateUserAttributes.

", - "SchemaAttributeType$Mutable": "

Specifies whether the value of the attribute can be changed.

For any user pool attribute that is mapped to an identity provider attribute, you must set this parameter to true. Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see Specifying Identity Provider Attribute Mappings for Your User Pool.

", + "SchemaAttributeType$Mutable": "

Specifies whether the value of the attribute can be changed.

For any user pool attribute that is mapped to an IdP attribute, you must set this parameter to true. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute. For more information, see Specifying Identity Provider Attribute Mappings for Your User Pool.

", "SchemaAttributeType$Required": "

Specifies whether a user pool attribute is required. If the attribute is required and the user doesn't provide a value, registration or sign-in will fail.

", "SignUpResponse$UserConfirmed": "

A response from the server indicating that a user registration has been confirmed.

", "SoftwareTokenMfaConfigType$Enabled": "

Specifies whether software token MFA is activated.

", @@ -665,9 +671,9 @@ "CallbackURLsListType": { "base": null, "refs": { - "CreateUserPoolClientRequest$CallbackURLs": "

A list of allowed redirect (callback) URLs for the identity providers.

A redirect URI must:

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

", - "UpdateUserPoolClientRequest$CallbackURLs": "

A list of allowed redirect (callback) URLs for the identity providers.

A redirect URI must:

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

", - "UserPoolClientType$CallbackURLs": "

A list of allowed redirect (callback) URLs for the identity providers.

A redirect URI must:

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

" + "CreateUserPoolClientRequest$CallbackURLs": "

A list of allowed redirect (callback) URLs for the IdPs.

A redirect URI must:

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

", + "UpdateUserPoolClientRequest$CallbackURLs": "

A list of allowed redirect (callback) URLs for the IdPs.

A redirect URI must:

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

", + "UserPoolClientType$CallbackURLs": "

A list of allowed redirect (callback) URLs for the IdPs.

A redirect URI must:

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

" } }, "ChallengeName": { @@ -679,10 +685,10 @@ "ChallengeNameType": { "base": null, "refs": { - "AdminInitiateAuthResponse$ChallengeName": "

The name of the challenge that you're responding to with this call. This is returned in the AdminInitiateAuth response if you must pass another challenge.

", + "AdminInitiateAuthResponse$ChallengeName": "

The name of the challenge that you're responding to with this call. This is returned in the AdminInitiateAuth response if you must pass another challenge.

", "AdminRespondToAuthChallengeRequest$ChallengeName": "

The challenge name. For more information, see AdminInitiateAuth.

", "AdminRespondToAuthChallengeResponse$ChallengeName": "

The name of the challenge. For more information, see AdminInitiateAuth.

", - "InitiateAuthResponse$ChallengeName": "

The name of the challenge that you're responding to with this call. This name is returned in the AdminInitiateAuth response if you must pass another challenge.

Valid values include the following:

All of the following challenges require USERNAME and SECRET_HASH (if applicable) in the parameters.

", + "InitiateAuthResponse$ChallengeName": "

The name of the challenge that you're responding to with this call. This name is returned in the AdminInitiateAuth response if you must pass another challenge.

Valid values include the following:

All of the following challenges require USERNAME and SECRET_HASH (if applicable) in the parameters.

", "RespondToAuthChallengeRequest$ChallengeName": "

The challenge name. For more information, see InitiateAuth.

ADMIN_NO_SRP_AUTH isn't a valid value.

", "RespondToAuthChallengeResponse$ChallengeName": "

The challenge name. For more information, see InitiateAuth.

" } @@ -717,8 +723,8 @@ "ChallengeResponsesType": { "base": null, "refs": { - "AdminRespondToAuthChallengeRequest$ChallengeResponses": "

The challenge responses. These are inputs corresponding to the value of ChallengeName, for example:

The value of the USERNAME attribute must be the user's actual username, not an alias (such as an email address or phone number). To make this simpler, the AdminInitiateAuth response includes the actual username value in the USERNAMEUSER_ID_FOR_SRP attribute. This happens even if you specified an alias in your call to AdminInitiateAuth.

", - "RespondToAuthChallengeRequest$ChallengeResponses": "

The challenge responses. These are inputs corresponding to the value of ChallengeName, for example:

SECRET_HASH (if app client is configured with client secret) applies to all of the inputs that follow (including SOFTWARE_TOKEN_MFA).

" + "AdminRespondToAuthChallengeRequest$ChallengeResponses": "

The challenge responses. These are inputs corresponding to the value of ChallengeName, for example:

The value of the USERNAME attribute must be the user's actual username, not an alias (such as an email address or phone number). To make this simpler, the AdminInitiateAuth response includes the actual username value in the USERNAMEUSER_ID_FOR_SRP attribute. This happens even if you specified an alias in your call to AdminInitiateAuth.

", + "RespondToAuthChallengeRequest$ChallengeResponses": "

The challenge responses. These are inputs corresponding to the value of ChallengeName, for example:

SECRET_HASH (if app client is configured with client secret) applies to all of the inputs that follow (including SOFTWARE_TOKEN_MFA).

" } }, "ChangePasswordRequest": { @@ -790,7 +796,7 @@ "base": null, "refs": { "CreateUserPoolClientRequest$ReadAttributes": "

The read attributes.

", - "CreateUserPoolClientRequest$WriteAttributes": "

The user pool attributes that the app client can write to.

If your app client allows users to sign in through an identity provider, this array must include all attributes that you have mapped to identity provider attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying Identity Provider Attribute Mappings for Your user pool.

", + "CreateUserPoolClientRequest$WriteAttributes": "

The user pool attributes that the app client can write to.

If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.

", "UpdateUserPoolClientRequest$ReadAttributes": "

The read-only attributes of the user pool.

", "UpdateUserPoolClientRequest$WriteAttributes": "

The writeable attributes of the user pool.

", "UserPoolClientType$ReadAttributes": "

The Read-only attributes.

", @@ -817,7 +823,7 @@ } }, "CodeDeliveryDetailsType": { - "base": "

The code delivery details being returned from the server.

", + "base": "

The delivery details for an email or SMS message that Amazon Cognito sent for authentication or verification.

", "refs": { "CodeDeliveryDetailsListType$member": null, "ForgotPasswordResponse$CodeDeliveryDetails": "

The code delivery details returned by the server in response to the request to reset a password.

", @@ -1037,8 +1043,8 @@ "EventFeedbackType$FeedbackDate": "

The event feedback date.

", "GroupType$LastModifiedDate": "

The date the group was last modified.

", "GroupType$CreationDate": "

The date the group was created.

", - "IdentityProviderType$LastModifiedDate": "

The date the identity provider was last modified.

", - "IdentityProviderType$CreationDate": "

The date the identity provider was created.

", + "IdentityProviderType$LastModifiedDate": "

The date the IdP was last modified.

", + "IdentityProviderType$CreationDate": "

The date the IdP was created.

", "ProviderDescription$LastModifiedDate": "

The date the provider was last modified.

", "ProviderDescription$CreationDate": "

The date the provider was added to the user pool.

", "RiskConfigurationType$LastModifiedDate": "

The last modified date.

", @@ -1122,7 +1128,7 @@ "DeliveryMediumType": { "base": null, "refs": { - "CodeDeliveryDetailsType$DeliveryMedium": "

The delivery medium (email message or phone number).

", + "CodeDeliveryDetailsType$DeliveryMedium": "

The method that Amazon Cognito used to send the code.

", "DeliveryMediumListType$member": null, "MFAOptionType$DeliveryMedium": "

The delivery medium to send the MFA code. You can use this parameter to set only the SMS delivery medium value.

" } @@ -1328,13 +1334,13 @@ "EmailSendingAccountType": { "base": null, "refs": { - "EmailConfigurationType$EmailSendingAccount": "

Specifies whether Amazon Cognito uses its built-in functionality to send your users email messages, or uses your Amazon Simple Email Service email configuration. Specify one of the following values:

COGNITO_DEFAULT

When Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is less than the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration.

To look up the email delivery limit for the default option, see Limits in in the Developer Guide.

The default FROM address is no-reply@verificationemail.com. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for the SourceArn parameter.

If EmailSendingAccount is COGNITO_DEFAULT, you can't use the following parameters:

DEVELOPER EmailSendingAccount is required.

DEVELOPER

When Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your Amazon Web Services account.

If you use this option, you must provide the ARN of an Amazon SES verified email address for the SourceArn parameter.

Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a service-linked role, which is a type of role, in your Amazon Web Services account. This role contains the permissions that allow to access Amazon SES and send email messages with your address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide.

" + "EmailConfigurationType$EmailSendingAccount": "

Specifies whether Amazon Cognito uses its built-in functionality to send your users email messages, or uses your Amazon Simple Email Service email configuration. Specify one of the following values:

COGNITO_DEFAULT

When Amazon Cognito emails your users, it uses its built-in email functionality. When you use the default option, Amazon Cognito allows only a limited number of emails each day for your user pool. For typical production environments, the default email limit is less than the required delivery volume. To achieve a higher delivery volume, specify DEVELOPER to use your Amazon SES email configuration.

To look up the email delivery limit for the default option, see Limits in in the Developer Guide.

The default FROM address is no-reply@verificationemail.com. To customize the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES verified email address for the SourceArn parameter.

DEVELOPER

When Amazon Cognito emails your users, it uses your Amazon SES configuration. Amazon Cognito calls Amazon SES on your behalf to send email from your verified email address. When you use this option, the email delivery limits are the same limits that apply to your Amazon SES verified email address in your Amazon Web Services account.

If you use this option, provide the ARN of an Amazon SES verified email address for the SourceArn parameter.

Before Amazon Cognito can email your users, it requires additional permissions to call Amazon SES on your behalf. When you update your user pool with this option, Amazon Cognito creates a service-linked role, which is a type of role, in your Amazon Web Services account. This role contains the permissions that allow to access Amazon SES and send email messages with your address. For more information about the service-linked role that Amazon Cognito creates, see Using Service-Linked Roles for Amazon Cognito in the Amazon Cognito Developer Guide.

" } }, "EmailVerificationMessageByLinkType": { "base": null, "refs": { - "VerificationMessageTemplateType$EmailMessageByLink": "

The email message template for sending a confirmation link to the user. EmailMessageByLink is allowed only if EmailSendingAccount is DEVELOPER.

" + "VerificationMessageTemplateType$EmailMessageByLink": "

The email message template for sending a confirmation link to the user. You can set an EmailMessageByLink template only if the value of EmailSendingAccount is DEVELOPER. When your EmailSendingAccount is DEVELOPER, your user pool sends email messages with your own Amazon SES configuration.

" } }, "EmailVerificationMessageType": { @@ -1344,13 +1350,13 @@ "MessageTemplateType$EmailMessage": "

The message template for email messages. EmailMessage is allowed only if EmailSendingAccount is DEVELOPER.

", "UpdateUserPoolRequest$EmailVerificationMessage": "

The contents of the email verification message.

", "UserPoolType$EmailVerificationMessage": "

The contents of the email verification message.

", - "VerificationMessageTemplateType$EmailMessage": "

The email message template. EmailMessage is allowed only if EmailSendingAccount is DEVELOPER.

" + "VerificationMessageTemplateType$EmailMessage": "

The template for email messages that Amazon Cognito sends to your users. You can set an EmailMessage template only if the value of EmailSendingAccount is DEVELOPER. When your EmailSendingAccount is DEVELOPER, your user pool sends email messages with your own Amazon SES configuration.

" } }, "EmailVerificationSubjectByLinkType": { "base": null, "refs": { - "VerificationMessageTemplateType$EmailSubjectByLink": "

The subject line for the email message template for sending a confirmation link to the user. EmailSubjectByLink is allowed only EmailSendingAccount is DEVELOPER.

" + "VerificationMessageTemplateType$EmailSubjectByLink": "

The subject line for the email message template for sending a confirmation link to the user. You can set an EmailSubjectByLink template only if the value of EmailSendingAccount is DEVELOPER. When your EmailSendingAccount is DEVELOPER, your user pool sends email messages with your own Amazon SES configuration.

" } }, "EmailVerificationSubjectType": { @@ -1360,7 +1366,7 @@ "MessageTemplateType$EmailSubject": "

The subject line for email messages. EmailSubject is allowed only if EmailSendingAccount is DEVELOPER.

", "UpdateUserPoolRequest$EmailVerificationSubject": "

The subject of the email verification message.

", "UserPoolType$EmailVerificationSubject": "

The subject of the email verification message.

", - "VerificationMessageTemplateType$EmailSubject": "

The subject line for the email message template. EmailSubject is allowed only if EmailSendingAccount is DEVELOPER.

" + "VerificationMessageTemplateType$EmailSubject": "

The subject line for the email message template. You can set an EmailSubject template only if the value of EmailSendingAccount is DEVELOPER. When your EmailSendingAccount is DEVELOPER, your user pool sends email messages with your own Amazon SES configuration.

" } }, "EnableSoftwareTokenMFAException": { @@ -1425,7 +1431,7 @@ "ExplicitAuthFlowsListType": { "base": null, "refs": { - "CreateUserPoolClientRequest$ExplicitAuthFlows": "

The authentication flows that are supported by the user pool clients. Flow names without the ALLOW_ prefix are no longer supported, in favor of new names with the ALLOW_ prefix.

Values with ALLOW_ prefix must be used only along with the ALLOW_ prefix.

Valid values include:

", + "CreateUserPoolClientRequest$ExplicitAuthFlows": "

The authentication flows that are supported by the user pool clients. Flow names without the ALLOW_ prefix are no longer supported, in favor of new names with the ALLOW_ prefix.

Values with ALLOW_ prefix must be used only along with the ALLOW_ prefix.

Valid values include:

If you don't specify a value for ExplicitAuthFlows, your app client activates the ALLOW_USER_SRP_AUTH and ALLOW_CUSTOM_AUTH authentication flows.

", "UpdateUserPoolClientRequest$ExplicitAuthFlows": "

The authentication flows that are supported by the user pool clients. Flow names without the ALLOW_ prefix are no longer supported in favor of new names with the ALLOW_ prefix. Note that values with ALLOW_ prefix must be used only along with values with the ALLOW_ prefix.

Valid values include:

", "UserPoolClientType$ExplicitAuthFlows": "

The authentication flows that are supported by the user pool clients. Flow names without the ALLOW_ prefix are no longer supported in favor of new names with the ALLOW_ prefix. Note that values with ALLOW_ prefix must be used only along with values including the ALLOW_ prefix.

Valid values include:

" } @@ -1462,7 +1468,7 @@ } }, "ForgotPasswordResponse": { - "base": "

Respresents the response from the server regarding the request to reset a password.

", + "base": "

Represents the response from the server regarding the request to reset a password.

", "refs": { } }, @@ -1627,41 +1633,41 @@ "IdTokenValidityType": { "base": null, "refs": { - "CreateUserPoolClientRequest$IdTokenValidity": "

The time limit, between 5 minutes and 1 day, after which the access token is no longer valid and can't be used. If you supply a TokenValidityUnits value, you will override the default time unit.

", - "UpdateUserPoolClientRequest$IdTokenValidity": "

The time limit after which the ID token is no longer valid and can't be used.

", - "UserPoolClientType$IdTokenValidity": "

The time limit specified by tokenValidityUnits, defaulting to hours, after which the refresh token is no longer valid and can't be used.

" + "CreateUserPoolClientRequest$IdTokenValidity": "

The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for IdTokenValidity as seconds, minutes, hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set IdTokenValidity as 10 and TokenValidityUnits as hours, your user can authenticate their session with their ID token for 10 hours.

The default time unit for AccessTokenValidity in an API request is hours. Valid range is displayed below in seconds.

", + "UpdateUserPoolClientRequest$IdTokenValidity": "

The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for IdTokenValidity as seconds, minutes, hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set IdTokenValidity as 10 and TokenValidityUnits as hours, your user can authenticate their session with their ID token for 10 hours.

The default time unit for AccessTokenValidity in an API request is hours. Valid range is displayed below in seconds.

", + "UserPoolClientType$IdTokenValidity": "

The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for IdTokenValidity as seconds, minutes, hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set IdTokenValidity as 10 and TokenValidityUnits as hours, your user can authenticate their session with their ID token for 10 hours.

The default time unit for AccessTokenValidity in an API request is hours. Valid range is displayed below in seconds.

" } }, "IdentityProviderType": { - "base": "

A container for information about an identity provider.

", + "base": "

A container for information about an IdP.

", "refs": { - "CreateIdentityProviderResponse$IdentityProvider": "

The newly created identity provider object.

", - "DescribeIdentityProviderResponse$IdentityProvider": "

The identity provider that was deleted.

", - "GetIdentityProviderByIdentifierResponse$IdentityProvider": "

The identity provider object.

", - "UpdateIdentityProviderResponse$IdentityProvider": "

The identity provider object.

" + "CreateIdentityProviderResponse$IdentityProvider": "

The newly created IdP object.

", + "DescribeIdentityProviderResponse$IdentityProvider": "

The IdP that was deleted.

", + "GetIdentityProviderByIdentifierResponse$IdentityProvider": "

The IdP object.

", + "UpdateIdentityProviderResponse$IdentityProvider": "

The IdP object.

" } }, "IdentityProviderTypeType": { "base": null, "refs": { - "CreateIdentityProviderRequest$ProviderType": "

The identity provider type.

", - "IdentityProviderType$ProviderType": "

The identity provider type.

", - "ProviderDescription$ProviderType": "

The identity provider type.

" + "CreateIdentityProviderRequest$ProviderType": "

The IdP type.

", + "IdentityProviderType$ProviderType": "

The IdP type.

", + "ProviderDescription$ProviderType": "

The IdP type.

" } }, "IdpIdentifierType": { "base": null, "refs": { - "GetIdentityProviderByIdentifierRequest$IdpIdentifier": "

The identity provider ID.

", + "GetIdentityProviderByIdentifierRequest$IdpIdentifier": "

The IdP identifier.

", "IdpIdentifiersListType$member": null } }, "IdpIdentifiersListType": { "base": null, "refs": { - "CreateIdentityProviderRequest$IdpIdentifiers": "

A list of identity provider identifiers.

", - "IdentityProviderType$IdpIdentifiers": "

A list of identity provider identifiers.

", - "UpdateIdentityProviderRequest$IdpIdentifiers": "

A list of identity provider identifiers.

" + "CreateIdentityProviderRequest$IdpIdentifiers": "

A list of IdP identifiers.

", + "IdentityProviderType$IdpIdentifiers": "

A list of IdP identifiers.

", + "UpdateIdentityProviderRequest$IdpIdentifiers": "

A list of IdP identifiers.

" } }, "ImageFileType": { @@ -1791,7 +1797,7 @@ "ListProvidersLimitType": { "base": null, "refs": { - "ListIdentityProvidersRequest$MaxResults": "

The maximum number of identity providers to return.

" + "ListIdentityProvidersRequest$MaxResults": "

The maximum number of IdPs to return.

" } }, "ListResourceServersLimitType": { @@ -1873,9 +1879,9 @@ "LogoutURLsListType": { "base": null, "refs": { - "CreateUserPoolClientRequest$LogoutURLs": "

A list of allowed logout URLs for the identity providers.

", - "UpdateUserPoolClientRequest$LogoutURLs": "

A list of allowed logout URLs for the identity providers.

", - "UserPoolClientType$LogoutURLs": "

A list of allowed logout URLs for the identity providers.

" + "CreateUserPoolClientRequest$LogoutURLs": "

A list of allowed logout URLs for the IdPs.

", + "UpdateUserPoolClientRequest$LogoutURLs": "

A list of allowed logout URLs for the IdPs.

", + "UserPoolClientType$LogoutURLs": "

A list of allowed logout URLs for the IdPs.

" } }, "LongType": { @@ -1932,7 +1938,7 @@ "GroupExistsException$message": null, "InternalErrorException$message": "

The message returned when Amazon Cognito throws an internal error exception.

", "InvalidEmailRoleAccessPolicyException$message": "

The message returned when you have an unverified email address or the identity policy isn't set on an email address that Amazon Cognito can access.

", - "InvalidLambdaResponseException$message": "

The message returned when Amazon Cognito hrows an invalid Lambda response exception.

", + "InvalidLambdaResponseException$message": "

The message returned when Amazon Cognito throws an invalid Lambda response exception.

", "InvalidOAuthFlowException$message": null, "InvalidParameterException$message": "

The message returned when the Amazon Cognito service throws an invalid parameter exception.

", "InvalidPasswordException$message": "

The message returned when Amazon Cognito throws an invalid user password exception.

", @@ -2004,9 +2010,9 @@ "OAuthFlowsType": { "base": null, "refs": { - "CreateUserPoolClientRequest$AllowedOAuthFlows": "

The allowed OAuth flows.

Set to code to initiate a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the token endpoint.

Set to implicit to specify that the client should get the access token (and, optionally, ID token, based on scopes) directly.

Set to client_credentials to specify that the client should get the access token (and, optionally, ID token, based on scopes) from the token endpoint using a combination of client and client_secret.

", - "UpdateUserPoolClientRequest$AllowedOAuthFlows": "

The allowed OAuth flows.

Set to code to initiate a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the token endpoint.

Set to implicit to specify that the client should get the access token (and, optionally, ID token, based on scopes) directly.

Set to client_credentials to specify that the client should get the access token (and, optionally, ID token, based on scopes) from the token endpoint using a combination of client and client_secret.

", - "UserPoolClientType$AllowedOAuthFlows": "

The allowed OAuth flows.

Set to code to initiate a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the token endpoint.

Set to implicit to specify that the client should get the access token (and, optionally, ID token, based on scopes) directly.

Set to client_credentials to specify that the client should get the access token (and, optionally, ID token, based on scopes) from the token endpoint using a combination of client and client_secret.

" + "CreateUserPoolClientRequest$AllowedOAuthFlows": "

The allowed OAuth flows.

code

Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the /oauth2/token endpoint.

implicit

Issue the access token (and, optionally, ID token, based on scopes) directly to your user.

client_credentials

Issue the access token from the /oauth2/token endpoint directly to a non-person user using a combination of the client ID and client secret.

", + "UpdateUserPoolClientRequest$AllowedOAuthFlows": "

The allowed OAuth flows.

code

Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the /oauth2/token endpoint.

implicit

Issue the access token (and, optionally, ID token, based on scopes) directly to your user.

client_credentials

Issue the access token from the /oauth2/token endpoint directly to a non-person user using a combination of the client ID and client secret.

", + "UserPoolClientType$AllowedOAuthFlows": "

The allowed OAuth flows.

code

Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the /oauth2/token endpoint.

implicit

Issue the access token (and, optionally, ID token, based on scopes) directly to your user.

client_credentials

Issue the access token from the /oauth2/token endpoint directly to a non-person user using a combination of the client ID and client secret.

" } }, "PaginationKey": { @@ -2021,7 +2027,7 @@ "ListUserPoolClientsRequest$NextToken": "

An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

", "ListUserPoolClientsResponse$NextToken": "

An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

", "ListUsersInGroupRequest$NextToken": "

An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

", - "ListUsersInGroupResponse$NextToken": "

An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

" + "ListUsersInGroupResponse$NextToken": "

An identifier that you can use in a later request to return the next set of items in the list.

" } }, "PaginationKeyType": { @@ -2081,7 +2087,7 @@ "PrecedenceType": { "base": null, "refs": { - "CreateGroupRequest$Precedence": "

A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower Precedence values take precedence over groups with higher ornull Precedence values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for the cognito:roles and cognito:preferred_role claims.

Two groups can have the same Precedence value. If this happens, neither group takes precedence over the other. If two groups with the same Precedence have the same role ARN, that role is used in the cognito:preferred_role claim in tokens for users in each group. If the two groups have different role ARNs, the cognito:preferred_role claim isn't set in users' tokens.

The default Precedence value is null.

", + "CreateGroupRequest$Precedence": "

A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower Precedence values take precedence over groups with higher or null Precedence values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for the cognito:roles and cognito:preferred_role claims.

Two groups can have the same Precedence value. If this happens, neither group takes precedence over the other. If two groups with the same Precedence have the same role ARN, that role is used in the cognito:preferred_role claim in tokens for users in each group. If the two groups have different role ARNs, the cognito:preferred_role claim isn't set in users' tokens.

The default Precedence value is null. The maximum Precedence value is 2^31-1.

", "GroupType$Precedence": "

A non-negative integer value that specifies the precedence of this group relative to the other groups that a user can belong to in the user pool. Zero is the highest precedence value. Groups with lower Precedence values take precedence over groups with higher ornull Precedence values. If a user belongs to two or more groups, it is the group with the lowest precedence value whose role ARN is given in the user's tokens for the cognito:roles and cognito:preferred_role claims.

Two groups can have the same Precedence value. If this happens, neither group takes precedence over the other. If two groups with the same Precedence have the same role ARN, that role is used in the cognito:preferred_role claim in tokens for users in each group. If the two groups have different role ARNs, the cognito:preferred_role claim isn't set in users' tokens.

The default Precedence value is null.

", "UpdateGroupRequest$Precedence": "

The new precedence value for the group. For more information about this parameter, see CreateGroup.

" } @@ -2096,7 +2102,7 @@ "refs": { "CreateUserPoolClientRequest$PreventUserExistenceErrors": "

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

", "UpdateUserPoolClientRequest$PreventUserExistenceErrors": "

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

", - "UserPoolClientType$PreventUserExistenceErrors": "

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

" + "UserPoolClientType$PreventUserExistenceErrors": "

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

" } }, "PriorityType": { @@ -2106,7 +2112,7 @@ } }, "ProviderDescription": { - "base": "

A container for identity provider details.

", + "base": "

A container for IdP details.

", "refs": { "ProvidersListType$member": null } @@ -2114,41 +2120,41 @@ "ProviderDetailsType": { "base": null, "refs": { - "CreateIdentityProviderRequest$ProviderDetails": "

The identity provider details. The following list describes the provider detail keys for each identity provider type.

", - "IdentityProviderType$ProviderDetails": "

The identity provider details. The following list describes the provider detail keys for each identity provider type.

", - "UpdateIdentityProviderRequest$ProviderDetails": "

The identity provider details to be updated, such as MetadataURL and MetadataFile.

" + "CreateIdentityProviderRequest$ProviderDetails": "

The IdP details. The following list describes the provider detail keys for each IdP type.

", + "IdentityProviderType$ProviderDetails": "

The IdP details. The following list describes the provider detail keys for each IdP type.

", + "UpdateIdentityProviderRequest$ProviderDetails": "

The IdP details to be updated, such as MetadataURL and MetadataFile.

" } }, "ProviderNameType": { "base": null, "refs": { - "DeleteIdentityProviderRequest$ProviderName": "

The identity provider name.

", - "DescribeIdentityProviderRequest$ProviderName": "

The identity provider name.

", - "IdentityProviderType$ProviderName": "

The identity provider name.

", - "ProviderDescription$ProviderName": "

The identity provider name.

", + "DeleteIdentityProviderRequest$ProviderName": "

The IdP name.

", + "DescribeIdentityProviderRequest$ProviderName": "

The IdP name.

", + "IdentityProviderType$ProviderName": "

The IdP name.

", + "ProviderDescription$ProviderName": "

The IdP name.

", "ProviderUserIdentifierType$ProviderName": "

The name of the provider, such as Facebook, Google, or Login with Amazon.

", "SupportedIdentityProvidersListType$member": null, - "UpdateIdentityProviderRequest$ProviderName": "

The identity provider name.

" + "UpdateIdentityProviderRequest$ProviderName": "

The IdP name.

" } }, "ProviderNameTypeV1": { "base": null, "refs": { - "CreateIdentityProviderRequest$ProviderName": "

The identity provider name.

" + "CreateIdentityProviderRequest$ProviderName": "

The IdP name.

" } }, "ProviderUserIdentifierType": { - "base": "

A container for information about an identity provider for a user pool.

", + "base": "

A container for information about an IdP for a user pool.

", "refs": { "AdminDisableProviderForUserRequest$User": "

The user to be disabled.

", - "AdminLinkProviderForUserRequest$DestinationUser": "

The existing user in the user pool that you want to assign to the external identity provider user account. This user can be a native (Username + Password) Amazon Cognito user pools user or a federated user (for example, a SAML or Facebook user). If the user doesn't exist, Amazon Cognito generates an exception. Amazon Cognito returns this user when the new user (with the linked identity provider attribute) signs in.

For a native username + password user, the ProviderAttributeValue for the DestinationUser should be the username in the user pool. For a federated user, it should be the provider-specific user_id.

The ProviderAttributeName of the DestinationUser is ignored.

The ProviderName should be set to Cognito for users in Cognito user pools.

All attributes in the DestinationUser profile must be mutable. If you have assigned the user any immutable custom attributes, the operation won't succeed.

", - "AdminLinkProviderForUserRequest$SourceUser": "

An external identity provider account for a user who doesn't exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.

If the SourceUser is using a federated social identity provider, such as Facebook, Google, or Login with Amazon, you must set the ProviderAttributeName to Cognito_Subject. For social identity providers, the ProviderName will be Facebook, Google, or LoginWithAmazon, and Amazon Cognito will automatically parse the Facebook, Google, and Login with Amazon tokens for id, sub, and user_id, respectively. The ProviderAttributeValue for the user must be the same value as the id, sub, or user_id value found in the social identity provider token.

For SAML, the ProviderAttributeName can be any value that matches a claim in the SAML assertion. If you want to link SAML users based on the subject of the SAML assertion, you should map the subject to a claim through the SAML identity provider and submit that claim name as the ProviderAttributeName. If you set ProviderAttributeName to Cognito_Subject, Amazon Cognito will automatically parse the default unique identifier found in the subject from the SAML token.

" + "AdminLinkProviderForUserRequest$DestinationUser": "

The existing user in the user pool that you want to assign to the external IdP user account. This user can be a native (Username + Password) Amazon Cognito user pools user or a federated user (for example, a SAML or Facebook user). If the user doesn't exist, Amazon Cognito generates an exception. Amazon Cognito returns this user when the new user (with the linked IdP attribute) signs in.

For a native username + password user, the ProviderAttributeValue for the DestinationUser should be the username in the user pool. For a federated user, it should be the provider-specific user_id.

The ProviderAttributeName of the DestinationUser is ignored.

The ProviderName should be set to Cognito for users in Cognito user pools.

All attributes in the DestinationUser profile must be mutable. If you have assigned the user any immutable custom attributes, the operation won't succeed.

", + "AdminLinkProviderForUserRequest$SourceUser": "

An external IdP account for a user who doesn't exist yet in the user pool. This user must be a federated user (for example, a SAML or Facebook user), not another native user.

If the SourceUser is using a federated social IdP, such as Facebook, Google, or Login with Amazon, you must set the ProviderAttributeName to Cognito_Subject. For social IdPs, the ProviderName will be Facebook, Google, or LoginWithAmazon, and Amazon Cognito will automatically parse the Facebook, Google, and Login with Amazon tokens for id, sub, and user_id, respectively. The ProviderAttributeValue for the user must be the same value as the id, sub, or user_id value found in the social IdP token.

For SAML, the ProviderAttributeName can be any value that matches a claim in the SAML assertion. If you want to link SAML users based on the subject of the SAML assertion, you should map the subject to a claim through the SAML IdP and submit that claim name as the ProviderAttributeName. If you set ProviderAttributeName to Cognito_Subject, Amazon Cognito will automatically parse the default unique identifier found in the subject from the SAML token.

" } }, "ProvidersListType": { "base": null, "refs": { - "ListIdentityProvidersResponse$Providers": "

A list of identity provider objects.

" + "ListIdentityProvidersResponse$Providers": "

A list of IdP objects.

" } }, "QueryLimit": { @@ -2200,9 +2206,9 @@ "RefreshTokenValidityType": { "base": null, "refs": { - "CreateUserPoolClientRequest$RefreshTokenValidity": "

The time limit, in days, after which the refresh token is no longer valid and can't be used.

", - "UpdateUserPoolClientRequest$RefreshTokenValidity": "

The time limit, in days, after which the refresh token is no longer valid and can't be used.

", - "UserPoolClientType$RefreshTokenValidity": "

The time limit, in days, after which the refresh token is no longer valid and can't be used.

" + "CreateUserPoolClientRequest$RefreshTokenValidity": "

The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for RefreshTokenValidity as seconds, minutes, hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set RefreshTokenValidity as 10 and TokenValidityUnits as days, your user can refresh their session and retrieve new access and ID tokens for 10 days.

The default time unit for RefreshTokenValidity in an API request is days. You can't set RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the value with the default value of 30 days. Valid range is displayed below in seconds.

", + "UpdateUserPoolClientRequest$RefreshTokenValidity": "

The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for RefreshTokenValidity as seconds, minutes, hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set RefreshTokenValidity as 10 and TokenValidityUnits as days, your user can refresh their session and retrieve new access and ID tokens for 10 days.

The default time unit for RefreshTokenValidity in an API request is days. You can't set RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the value with the default value of 30 days. Valid range is displayed below in seconds.

", + "UserPoolClientType$RefreshTokenValidity": "

The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for RefreshTokenValidity as seconds, minutes, hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set RefreshTokenValidity as 10 and TokenValidityUnits as days, your user can refresh their session and retrieve new access and ID tokens for 10 days.

The default time unit for RefreshTokenValidity in an API request is days. You can't set RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the value with the default value of 30 days. Valid range is displayed below in seconds.

" } }, "RegionCodeType": { @@ -2372,9 +2378,9 @@ "ScopeListType": { "base": null, "refs": { - "CreateUserPoolClientRequest$AllowedOAuthScopes": "

The allowed OAuth scopes. Possible values provided by OAuth are: phone, email, openid, and profile. Possible values provided by Amazon Web Services are: aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.

", - "UpdateUserPoolClientRequest$AllowedOAuthScopes": "

The allowed OAuth scopes. Possible values provided by OAuth are: phone, email, openid, and profile. Possible values provided by Amazon Web Services are: aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.

", - "UserPoolClientType$AllowedOAuthScopes": "

The allowed OAuth scopes. Possible values provided by OAuth are: phone, email, openid, and profile. Possible values provided by Amazon Web Services are: aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.

" + "CreateUserPoolClientRequest$AllowedOAuthScopes": "

The allowed OAuth scopes. Possible values provided by OAuth are phone, email, openid, and profile. Possible values provided by Amazon Web Services are aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.

", + "UpdateUserPoolClientRequest$AllowedOAuthScopes": "

The allowed OAuth scopes. Possible values provided by OAuth are phone, email, openid, and profile. Possible values provided by Amazon Web Services are aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.

", + "UserPoolClientType$AllowedOAuthScopes": "

The OAuth scopes that your app client supports. Possible values that OAuth provides are phone, email, openid, and profile. Possible values that Amazon Web Services provides are aws.cognito.signin.user.admin. Amazon Cognito also supports custom scopes that you create in Resource Servers.

" } }, "ScopeType": { @@ -2525,7 +2531,7 @@ "UpdateUserPoolRequest$SmsAuthenticationMessage": "

The contents of the SMS authentication message.

", "UserPoolType$SmsVerificationMessage": "

The contents of the SMS verification message.

", "UserPoolType$SmsAuthenticationMessage": "

The contents of the SMS authentication message.

", - "VerificationMessageTemplateType$SmsMessage": "

The SMS message template.

" + "VerificationMessageTemplateType$SmsMessage": "

The template for SMS messages that Amazon Cognito sends to your users.

" } }, "SoftwareTokenMFANotFoundException": { @@ -2607,13 +2613,13 @@ "ChallengeResponsesType$value": null, "ClientMetadataType$key": null, "ClientMetadataType$value": null, - "CodeDeliveryDetailsType$Destination": "

The destination for the code delivery details.

", + "CodeDeliveryDetailsType$Destination": "

The email address or phone number destination where Amazon Cognito sent the code.

", "ContextDataType$IpAddress": "

Source IP address of your user.

", "ContextDataType$ServerName": "

Your server endpoint where this API is invoked.

", "ContextDataType$ServerPath": "

Your server path where this API is invoked.

", "ContextDataType$EncodedData": "

Encoded data containing device fingerprinting details collected using the Amazon Cognito context data collection library.

", "DeviceSecretVerifierConfigType$PasswordVerifier": "

The password verifier.

", - "DeviceSecretVerifierConfigType$Salt": "

The salt.

", + "DeviceSecretVerifierConfigType$Salt": "

The salt

", "DomainDescriptionType$CloudFrontDistribution": "

The Amazon Resource Name (ARN) of the Amazon CloudFront distribution.

", "EmailConfigurationType$From": "

Either the sender’s email address or the sender’s name with their email address. For example, testuser@example.com or Test User <testuser@example.com>. This address appears before the body of the email.

", "EventContextDataType$IpAddress": "

The user's IP address.

", @@ -2651,9 +2657,9 @@ "SupportedIdentityProvidersListType": { "base": null, "refs": { - "CreateUserPoolClientRequest$SupportedIdentityProviders": "

A list of provider names for the identity providers that are supported on this client. The following are supported: COGNITO, Facebook, Google and LoginWithAmazon.

", - "UpdateUserPoolClientRequest$SupportedIdentityProviders": "

A list of provider names for the identity providers that are supported on this client.

", - "UserPoolClientType$SupportedIdentityProviders": "

A list of provider names for the identity providers that are supported on this client.

" + "CreateUserPoolClientRequest$SupportedIdentityProviders": "

A list of provider names for the IdPs that this client supports. The following are supported: COGNITO, Facebook, Google LoginWithAmazon, and the names of your own SAML and OIDC providers.

", + "UpdateUserPoolClientRequest$SupportedIdentityProviders": "

A list of provider names for the IdPs that this client supports. The following are supported: COGNITO, Facebook, Google LoginWithAmazon, and the names of your own SAML and OIDC providers.

", + "UserPoolClientType$SupportedIdentityProviders": "

A list of provider names for the IdPs that this client supports. The following are supported: COGNITO, Facebook, Google LoginWithAmazon, and the names of your own SAML and OIDC providers.

" } }, "TagKeysType": { @@ -2682,7 +2688,7 @@ "TemporaryPasswordValidityDaysType": { "base": null, "refs": { - "PasswordPolicyType$TemporaryPasswordValidityDays": "

The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password.

When you set TemporaryPasswordValidityDays for a user pool, you can no longer set the deprecated UnusedAccountValidityDays value for that user pool.

" + "PasswordPolicyType$TemporaryPasswordValidityDays": "

The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password.

When you set TemporaryPasswordValidityDays for a user pool, you can no longer set a value for the legacy UnusedAccountValidityDays parameter in that user pool.

" } }, "TimeUnitsType": { @@ -2696,36 +2702,36 @@ "TokenModelType": { "base": null, "refs": { - "AssociateSoftwareTokenRequest$AccessToken": "

The access token.

", - "AuthenticationResultType$AccessToken": "

The access token.

", + "AssociateSoftwareTokenRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose software token you want to generate.

", + "AuthenticationResultType$AccessToken": "

A valid access token that Amazon Cognito issued to the user who you want to authenticate.

", "AuthenticationResultType$RefreshToken": "

The refresh token.

", "AuthenticationResultType$IdToken": "

The ID token.

", - "ChangePasswordRequest$AccessToken": "

The access token.

", - "ConfirmDeviceRequest$AccessToken": "

The access token.

", - "DeleteUserAttributesRequest$AccessToken": "

The access token used in the request to delete user attributes.

", - "DeleteUserRequest$AccessToken": "

The access token from a request to delete a user.

", - "ForgetDeviceRequest$AccessToken": "

The access token for the forgotten device request.

", - "GetDeviceRequest$AccessToken": "

The access token.

", - "GetUserAttributeVerificationCodeRequest$AccessToken": "

The access token returned by the server response to get the user attribute verification code.

", - "GetUserRequest$AccessToken": "

The access token returned by the server response to get information about the user.

", - "GlobalSignOutRequest$AccessToken": "

The access token.

", - "ListDevicesRequest$AccessToken": "

The access tokens for the request to list devices.

", + "ChangePasswordRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose password you want to change.

", + "ConfirmDeviceRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose device you want to confirm.

", + "DeleteUserAttributesRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose attributes you want to delete.

", + "DeleteUserRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose user profile you want to delete.

", + "ForgetDeviceRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose registered device you want to forget.

", + "GetDeviceRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose device information you want to request.

", + "GetUserAttributeVerificationCodeRequest$AccessToken": "

A non-expired access token for the user whose attribute verification code you want to generate.

", + "GetUserRequest$AccessToken": "

A non-expired access token for the user whose information you want to query.

", + "GlobalSignOutRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user who you want to sign out.

", + "ListDevicesRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose list of devices you want to view.

", "RevokeTokenRequest$Token": "

The refresh token that you want to revoke.

", - "SetUserMFAPreferenceRequest$AccessToken": "

The access token for the user.

", - "SetUserSettingsRequest$AccessToken": "

The access token for the set user settings request.

", + "SetUserMFAPreferenceRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose MFA preference you want to set.

", + "SetUserSettingsRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose user settings you want to configure.

", "UpdateAuthEventFeedbackRequest$FeedbackToken": "

The feedback token.

", - "UpdateDeviceStatusRequest$AccessToken": "

The access token.

", - "UpdateUserAttributesRequest$AccessToken": "

The access token for the request to update user attributes.

", - "VerifySoftwareTokenRequest$AccessToken": "

The access token.

", - "VerifyUserAttributeRequest$AccessToken": "

The access token of the request to verify user attributes.

" + "UpdateDeviceStatusRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose device status you want to update.

", + "UpdateUserAttributesRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose user attributes you want to update.

", + "VerifySoftwareTokenRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose software token you want to verify.

", + "VerifyUserAttributeRequest$AccessToken": "

A valid access token that Amazon Cognito issued to the user whose user attributes you want to verify.

" } }, "TokenValidityUnitsType": { - "base": "

The data type for TokenValidityUnits that specifics the time measurements for token validity.

", + "base": "

The data type TokenValidityUnits specifies the time units you use when you set the duration of ID, access, and refresh tokens.

", "refs": { - "CreateUserPoolClientRequest$TokenValidityUnits": "

The units in which the validity times are represented. Default for RefreshToken is days, and default for ID and access tokens are hours.

", - "UpdateUserPoolClientRequest$TokenValidityUnits": "

The units in which the validity times are represented. Default for RefreshToken is days, and default for ID and access tokens is hours.

", - "UserPoolClientType$TokenValidityUnits": "

The time units used to specify the token validity times of their respective token.

" + "CreateUserPoolClientRequest$TokenValidityUnits": "

The units in which the validity times are represented. The default unit for RefreshToken is days, and default for ID and access tokens are hours.

", + "UpdateUserPoolClientRequest$TokenValidityUnits": "

The units in which the validity times are represented. The default unit for RefreshToken is days, and the default for ID and access tokens is hours.

", + "UserPoolClientType$TokenValidityUnits": "

The time units used to specify the token validity times of each token type: ID, access, and refresh.

" } }, "TooManyFailedAttemptsException": { @@ -2875,8 +2881,16 @@ "refs": { } }, + "UserAttributeUpdateSettingsType": { + "base": "

The settings for updates to user attributes.

", + "refs": { + "CreateUserPoolRequest$UserAttributeUpdateSettings": "

", + "UpdateUserPoolRequest$UserAttributeUpdateSettings": "

", + "UserPoolType$UserAttributeUpdateSettings": "

" + } + }, "UserContextDataType": { - "base": "

Contextual data, such as the user's device fingerprint, IP address, or location, used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.

", + "base": "

Information that your app generates about a user's AdminInitiateAuth or AdminRespondToAuthChallenge session. Amazon Cognito advanced security features calculate risk levels for user sessions based on this context data.

", "refs": { "ConfirmForgotPasswordRequest$UserContextData": "

Contextual data such as the user's device fingerprint, IP address, or location used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.

", "ConfirmSignUpRequest$UserContextData": "

Contextual data such as the user's device fingerprint, IP address, or location used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.

", @@ -2890,7 +2904,7 @@ "UserFilterType": { "base": null, "refs": { - "ListUsersRequest$Filter": "

A filter string of the form \"AttributeName Filter-Type \"AttributeValue\"\". Quotation marks within the filter string must be escaped using the backslash (\\) character. For example, \"family_name = \\\"Reddy\\\"\".

If the filter string is empty, ListUsers returns all users in the user pool.

You can only search for the following standard attributes:

Custom attributes aren't searchable.

You can also list users with a client-side filter. The server-side filter matches no more than 1 attribute. For an advanced search, use a client-side filter with the --query parameter of the list-users action in the CLI. When you use a client-side filter, ListUsers returns a paginated list of zero or more users. You can receive multiple pages in a row with zero results. Repeat the query with each pagination token that is returned until you receive a null pagination token value, and then review the combined result.

For more information about server-side and client-side filtering, see FilteringCLI output in the Command Line Interface User Guide.

For more information, see Searching for Users Using the ListUsers API and Examples of Using the ListUsers API in the Amazon Cognito Developer Guide.

" + "ListUsersRequest$Filter": "

A filter string of the form \"AttributeName Filter-Type \"AttributeValue\"\". Quotation marks within the filter string must be escaped using the backslash (\\) character. For example, \"family_name = \\\"Reddy\\\"\".

If the filter string is empty, ListUsers returns all users in the user pool.

You can only search for the following standard attributes:

Custom attributes aren't searchable.

You can also list users with a client-side filter. The server-side filter matches no more than one attribute. For an advanced search, use a client-side filter with the --query parameter of the list-users action in the CLI. When you use a client-side filter, ListUsers returns a paginated list of zero or more users. You can receive multiple pages in a row with zero results. Repeat the query with each pagination token that is returned until you receive a null pagination token value, and then review the combined result.

For more information about server-side and client-side filtering, see FilteringCLI output in the Command Line Interface User Guide.

For more information, see Searching for Users Using the ListUsers API and Examples of Using the ListUsers API in the Amazon Cognito Developer Guide.

" } }, "UserImportInProgressException": { @@ -3095,7 +3109,7 @@ "GetUserPoolMfaConfigResponse$MfaConfiguration": "

The multi-factor (MFA) configuration. Valid values include:

", "SetUserPoolMfaConfigRequest$MfaConfiguration": "

The MFA configuration. If you set the MfaConfiguration value to ‘ON’, only users who have set up an MFA factor can sign in. To learn more, see Adding Multi-Factor Authentication (MFA) to a user pool. Valid values include:

", "SetUserPoolMfaConfigResponse$MfaConfiguration": "

The MFA configuration. Valid values include:

", - "UpdateUserPoolRequest$MfaConfiguration": "

Can be one of the following values:

", + "UpdateUserPoolRequest$MfaConfiguration": "

Possible values include:

", "UserPoolType$MfaConfiguration": "

Can be one of the following values:

" } }, @@ -3147,11 +3161,11 @@ "base": null, "refs": { "AdminGetUserResponse$UserStatus": "

The user status. Can be one of the following:

", - "UserType$UserStatus": "

The user status. This can be one of the following:

" + "UserType$UserStatus": "

The user status. This can be one of the following:

" } }, "UserType": { - "base": "

The user type.

", + "base": "

A user profile in a Amazon Cognito user pool.

", "refs": { "AdminCreateUserResponse$User": "

The newly created user.

", "UsersListType$member": null @@ -3236,6 +3250,7 @@ "VerifiedAttributeType": { "base": null, "refs": { + "AttributesRequireVerificationBeforeUpdateType$member": null, "VerifiedAttributesListType$member": null } }, @@ -3280,7 +3295,7 @@ "EventRiskType$CompromisedCredentialsDetected": "

Indicates whether compromised credentials were detected during an authentication event.

", "UpdateUserPoolClientRequest$EnableTokenRevocation": "

Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.

", "UserPoolClientType$EnableTokenRevocation": "

Indicates whether token revocation is activated for the user pool client. When you create a new user pool client, token revocation is activated by default. For more information about revoking tokens, see RevokeToken.

", - "UsernameConfigurationType$CaseSensitive": "

Specifies whether username case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs.

Valid values include:

True

Enables case sensitivity for all username input. When this option is set to True, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value.

False

Enables case insensitivity for all username input. For example, when this option is set to False, users can sign in using either \"username\" or \"Username\". This option also enables both preferred_username and email alias to be case insensitive, in addition to the username attribute.

" + "UsernameConfigurationType$CaseSensitive": "

Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs.

Valid values include:

True

Enables case sensitivity for all username input. When this option is set to True, users must sign in using the exact capitalization of their given username, such as “UserName”. This is the default value.

False

Enables case insensitivity for all username input. For example, when this option is set to False, users can sign in using either \"username\" or \"Username\". This option also enables both preferred_username and email alias to be case insensitive, in addition to the username attribute.

" } } } diff --git a/models/apis/ec2/2016-11-15/api-2.json b/models/apis/ec2/2016-11-15/api-2.json index 6fe53c81c5c..f162c433ffa 100755 --- a/models/apis/ec2/2016-11-15/api-2.json +++ b/models/apis/ec2/2016-11-15/api-2.json @@ -22523,6 +22523,10 @@ "UserData":{ "shape":"AttributeValue", "locationName":"userData" + }, + "DisableApiStop":{ + "shape":"AttributeBooleanValue", + "locationName":"disableApiStop" } } }, @@ -22543,7 +22547,8 @@ "ebsOptimized", "sriovNetSupport", "enaSupport", - "enclaveOptions" + "enclaveOptions", + "disableApiStop" ] }, "InstanceAutoRecoveryState":{ @@ -27562,7 +27567,8 @@ "Value":{ "shape":"String", "locationName":"value" - } + }, + "DisableApiStop":{"shape":"AttributeBooleanValue"} } }, "ModifyInstanceCapacityReservationAttributesRequest":{ @@ -32086,7 +32092,8 @@ "EnclaveOptions":{"shape":"LaunchTemplateEnclaveOptionsRequest"}, "InstanceRequirements":{"shape":"InstanceRequirementsRequest"}, "PrivateDnsNameOptions":{"shape":"LaunchTemplatePrivateDnsNameOptionsRequest"}, - "MaintenanceOptions":{"shape":"LaunchTemplateInstanceMaintenanceOptionsRequest"} + "MaintenanceOptions":{"shape":"LaunchTemplateInstanceMaintenanceOptionsRequest"}, + "DisableApiStop":{"shape":"Boolean"} } }, "RequestSpotFleetRequest":{ @@ -33121,6 +33128,10 @@ "MaintenanceOptions":{ "shape":"LaunchTemplateInstanceMaintenanceOptions", "locationName":"maintenanceOptions" + }, + "DisableApiStop":{ + "shape":"Boolean", + "locationName":"disableApiStop" } } }, @@ -33727,7 +33738,8 @@ "MetadataOptions":{"shape":"InstanceMetadataOptionsRequest"}, "EnclaveOptions":{"shape":"EnclaveOptionsRequest"}, "PrivateDnsNameOptions":{"shape":"PrivateDnsNameOptionsRequest"}, - "MaintenanceOptions":{"shape":"InstanceMaintenanceOptionsRequest"} + "MaintenanceOptions":{"shape":"InstanceMaintenanceOptionsRequest"}, + "DisableApiStop":{"shape":"Boolean"} } }, "RunInstancesUserData":{ diff --git a/models/apis/ec2/2016-11-15/docs-2.json b/models/apis/ec2/2016-11-15/docs-2.json index 0842cc1ed8b..25461568f42 100755 --- a/models/apis/ec2/2016-11-15/docs-2.json +++ b/models/apis/ec2/2016-11-15/docs-2.json @@ -70,8 +70,8 @@ "CreateIpamPool": "

Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.

For more information, see Create a top-level pool in the Amazon VPC IPAM User Guide.

", "CreateIpamScope": "

Create an IPAM scope. In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.

For more information, see Add a scope in the Amazon VPC IPAM User Guide.

", "CreateKeyPair": "

Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified PEM or PPK format. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted private key for use with PuTTY. If a key with the specified name already exists, Amazon EC2 returns an error.

The key pair returned to you is available only in the Amazon Web Services Region in which you create it. If you prefer, you can create your own key pair using a third-party tool and upload it to any Region using ImportKeyPair.

You can have up to 5,000 key pairs per Amazon Web Services Region.

For more information, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

", - "CreateLaunchTemplate": "

Creates a launch template.

A launch template contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify a launch template instead of providing the launch parameters in the request. For more information, see Launching an instance from a launch template in the Amazon Elastic Compute Cloud User Guide.

If you want to clone an existing launch template as the basis for creating a new launch template, you can use the Amazon EC2 console. The API, SDKs, and CLI do not support cloning a template. For more information, see Create a launch template from an existing launch template in the Amazon Elastic Compute Cloud User Guide.

", - "CreateLaunchTemplateVersion": "

Creates a new version for a launch template. You can specify an existing version of launch template from which to base the new version.

Launch template versions are numbered in the order in which they are created. You cannot specify, change, or replace the numbering of launch template versions.

For more information, see Managing launch template versionsin the Amazon Elastic Compute Cloud User Guide.

", + "CreateLaunchTemplate": "

Creates a launch template.

A launch template contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify a launch template instead of providing the launch parameters in the request. For more information, see Launch an instance from a launch template in the Amazon Elastic Compute Cloud User Guide.

If you want to clone an existing launch template as the basis for creating a new launch template, you can use the Amazon EC2 console. The API, SDKs, and CLI do not support cloning a template. For more information, see Create a launch template from an existing launch template in the Amazon Elastic Compute Cloud User Guide.

", + "CreateLaunchTemplateVersion": "

Creates a new version for a launch template. You can specify an existing version of launch template from which to base the new version.

Launch template versions are numbered in the order in which they are created. You cannot specify, change, or replace the numbering of launch template versions.

Launch templates are immutable; after you create a launch template, you can't modify it. Instead, you can create a new version of the launch template that includes any changes you require.

For more information, see Modify a launch template (manage launch template versions)in the Amazon Elastic Compute Cloud User Guide.

", "CreateLocalGatewayRoute": "

Creates a static route for the specified local gateway route table.

", "CreateLocalGatewayRouteTableVpcAssociation": "

Associates the specified VPC with the specified local gateway route table.

", "CreateManagedPrefixList": "

Creates a managed prefix list. You can specify one or more entries for the prefix list. Each entry consists of a CIDR block and an optional description.

", @@ -1360,10 +1360,12 @@ "InstanceAttribute$EnaSupport": "

Indicates whether enhanced networking with ENA is enabled.

", "InstanceAttribute$EbsOptimized": "

Indicates whether the instance is optimized for Amazon EBS I/O.

", "InstanceAttribute$SourceDestCheck": "

Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.

", + "InstanceAttribute$DisableApiStop": "

To enable the instance for Amazon Web Services Stop Protection, set this parameter to true; otherwise, set it to false.

", "ModifyInstanceAttributeRequest$SourceDestCheck": "

Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.

", "ModifyInstanceAttributeRequest$DisableApiTermination": "

If the value is true, you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. You cannot use this parameter for Spot Instances.

", "ModifyInstanceAttributeRequest$EbsOptimized": "

Specifies whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

", "ModifyInstanceAttributeRequest$EnaSupport": "

Set to true to enable enhanced networking with ENA for the instance.

This option is supported only for HVM instances. Specifying this option with a PV instance can make it unreachable.

", + "ModifyInstanceAttributeRequest$DisableApiStop": "

Indicates whether an instance is enabled for stop protection. For more information, see Stop Protection.

", "ModifyNetworkInterfaceAttributeRequest$SourceDestCheck": "

Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.

", "ModifySubnetAttributeRequest$AssignIpv6AddressOnCreation": "

Specify true to indicate that network interfaces created in the specified subnet should be assigned an IPv6 address. This includes a network interface that's created when launching an instance into the subnet (the instance therefore receives an IPv6 address).

If you enable the IPv6 addressing feature for your subnet, your network interface or instance only receives an IPv6 address if it's created using version 2016-11-15 or later of the Amazon EC2 API.

", "ModifySubnetAttributeRequest$MapPublicIpOnLaunch": "

Specify true to indicate that network interfaces attached to instances created in the specified subnet should be assigned a public IPv4 address.

", @@ -2307,6 +2309,7 @@ "ReportInstanceStatusRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "RequestLaunchTemplateData$EbsOptimized": "

Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS-optimized instance.

", "RequestLaunchTemplateData$DisableApiTermination": "

If you set this parameter to true, you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use ModifyInstanceAttribute. Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, you can terminate the instance by running the shutdown command from the instance.

", + "RequestLaunchTemplateData$DisableApiStop": "

Indicates whether to enable the instance for stop protection. For more information, see Stop Protection.

", "RequestSpotFleetRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "RequestSpotInstancesRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "RequestSpotLaunchSpecification$EbsOptimized": "

Indicates whether the instance is optimized for EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS Optimized instance.

Default: false

", @@ -2322,6 +2325,7 @@ "ResetSnapshotAttributeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ResponseLaunchTemplateData$EbsOptimized": "

Indicates whether the instance is optimized for Amazon EBS I/O.

", "ResponseLaunchTemplateData$DisableApiTermination": "

If set to true, indicates that the instance cannot be terminated using the Amazon EC2 console, command line tool, or API.

", + "ResponseLaunchTemplateData$DisableApiStop": "

Indicates whether the instance is enabled for stop protection. For more information, see Stop Protection.

", "RestoreAddressToClassicRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "RestoreImageFromRecycleBinRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "RestoreImageFromRecycleBinResult$Return": "

Returns true if the request succeeds; otherwise, it returns an error.

", @@ -2342,6 +2346,7 @@ "RunInstancesRequest$DisableApiTermination": "

If you set this parameter to true, you can't terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute after launch, use ModifyInstanceAttribute. Alternatively, if you set InstanceInitiatedShutdownBehavior to terminate, you can terminate the instance by running the shutdown command from the instance.

Default: false

", "RunInstancesRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "RunInstancesRequest$EbsOptimized": "

Indicates whether the instance is optimized for Amazon EBS I/O. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal Amazon EBS I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS-optimized instance.

Default: false

", + "RunInstancesRequest$DisableApiStop": "

Indicates whether an instance is enabled for stop protection. For more information, see Stop Protection.

", "RunScheduledInstancesRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ScheduledInstanceRecurrence$OccurrenceRelativeToEnd": "

Indicates whether the occurrence is relative to the end of the specified week or month.

", "ScheduledInstanceRecurrenceRequest$OccurrenceRelativeToEnd": "

Indicates whether the occurrence is relative to the end of the specified week or month. You can't specify this value with a daily schedule.

", @@ -10176,7 +10181,7 @@ "LaunchSpecification$InstanceType": "

The instance type. Only one instance type can be specified.

", "LaunchTemplateOverrides$InstanceType": "

The instance type.

", "RequestInstanceTypeList$member": null, - "RequestLaunchTemplateData$InstanceType": "

The instance type. For more information, see Instance Types in the Amazon Elastic Compute Cloud User Guide.

If you specify InstanceTypes, you can't specify InstanceRequirements.

", + "RequestLaunchTemplateData$InstanceType": "

The instance type. For more information, see Instance types in the Amazon Elastic Compute Cloud User Guide.

If you specify InstanceTypes, you can't specify InstanceRequirements.

", "RequestSpotLaunchSpecification$InstanceType": "

The instance type. Only one instance type can be specified.

", "ReservationFleetInstanceSpecification$InstanceType": "

The instance type for which the Capacity Reservation Fleet reserves capacity.

", "ReservedInstances$InstanceType": "

The instance type on which the Reserved Instance can be used.

", @@ -11252,7 +11257,7 @@ "base": null, "refs": { "RegisterImageRequest$KernelId": "

The ID of the kernel.

", - "RequestLaunchTemplateData$KernelId": "

The ID of the kernel.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see User Provided Kernels in the Amazon Elastic Compute Cloud User Guide.

", + "RequestLaunchTemplateData$KernelId": "

The ID of the kernel.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see User provided kernels in the Amazon Elastic Compute Cloud User Guide.

", "RequestSpotLaunchSpecification$KernelId": "

The ID of the kernel.

", "RunInstancesRequest$KernelId": "

The ID of the kernel.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB in the Amazon EC2 User Guide.

", "ScheduledInstancesLaunchSpecification$KernelId": "

The ID of the kernel.

" @@ -11506,7 +11511,7 @@ } }, "LaunchTemplateEnclaveOptionsRequest": { - "base": "

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.

", + "base": "

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.

", "refs": { "RequestLaunchTemplateData$EnclaveOptions": "

Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.

You can't enable Amazon Web Services Nitro Enclaves and hibernation on the same instance.

" } @@ -11524,9 +11529,9 @@ } }, "LaunchTemplateHibernationOptionsRequest": { - "base": "

Indicates whether the instance is configured for hibernation. This parameter is valid only if the instance meets the hibernation prerequisites.

", + "base": "

Indicates whether the instance is configured for hibernation. This parameter is valid only if the instance meets the hibernation prerequisites.

", "refs": { - "RequestLaunchTemplateData$HibernationOptions": "

Indicates whether an instance is enabled for hibernation. This parameter is valid only if the instance meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon Elastic Compute Cloud User Guide.

" + "RequestLaunchTemplateData$HibernationOptions": "

Indicates whether an instance is enabled for hibernation. This parameter is valid only if the instance meets the hibernation prerequisites. For more information, see Hibernate your instance in the Amazon Elastic Compute Cloud User Guide.

" } }, "LaunchTemplateHttpTokensState": { @@ -14490,7 +14495,7 @@ "base": null, "refs": { "RegisterImageRequest$RamdiskId": "

The ID of the RAM disk.

", - "RequestLaunchTemplateData$RamDiskId": "

The ID of the RAM disk.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see User Provided Kernels in the Amazon Elastic Compute Cloud User Guide.

", + "RequestLaunchTemplateData$RamDiskId": "

The ID of the RAM disk.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see User provided kernels in the Amazon Elastic Compute Cloud User Guide.

", "RequestSpotLaunchSpecification$RamdiskId": "

The ID of the RAM disk.

", "RunInstancesRequest$RamdiskId": "

The ID of the RAM disk to select. Some kernels require additional drivers at launch. Check the kernel requirements for information about whether you need to specify a RAM disk. To find kernel requirements, go to the Amazon Web Services Resource Center and search for the kernel ID.

We recommend that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-GRUB in the Amazon EC2 User Guide.

", "ScheduledInstancesLaunchSpecification$RamdiskId": "

The ID of the RAM disk.

" @@ -16681,8 +16686,8 @@ "CreateIpamScopeRequest$Description": "

A description for the scope you're creating.

", "CreateIpamScopeRequest$ClientToken": "

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

", "CreateKeyPairRequest$KeyName": "

A unique name for the key pair.

Constraints: Up to 255 ASCII characters

", - "CreateLaunchTemplateRequest$ClientToken": "

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

Constraint: Maximum 128 ASCII characters.

", - "CreateLaunchTemplateVersionRequest$ClientToken": "

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

Constraint: Maximum 128 ASCII characters.

", + "CreateLaunchTemplateRequest$ClientToken": "

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

Constraint: Maximum 128 ASCII characters.

", + "CreateLaunchTemplateVersionRequest$ClientToken": "

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

Constraint: Maximum 128 ASCII characters.

", "CreateLaunchTemplateVersionRequest$SourceVersion": "

The version number of the launch template version on which to base the new version. The new version inherits the same launch parameters as the source version, except for parameters that you specify in LaunchTemplateData. Snapshots applied to the block device mapping are ignored when creating a new version unless they are explicitly included.

", "CreateLocalGatewayRouteRequest$DestinationCidrBlock": "

The CIDR range used for destination matches. Routing decisions are based on the most specific match.

", "CreateManagedPrefixListRequest$PrefixListName": "

A name for the prefix list.

Constraints: Up to 255 characters in length. The name cannot start with com.amazonaws.

", @@ -17535,7 +17540,7 @@ "ModifyIpamResourceCidrRequest$ResourceCidr": "

The CIDR of the resource you want to modify.

", "ModifyIpamResourceCidrRequest$ResourceRegion": "

The Amazon Web Services Region of the resource you want to modify.

", "ModifyIpamScopeRequest$Description": "

The description of the scope you want to modify.

", - "ModifyLaunchTemplateRequest$ClientToken": "

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.

Constraint: Maximum 128 ASCII characters.

", + "ModifyLaunchTemplateRequest$ClientToken": "

Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

Constraint: Maximum 128 ASCII characters.

", "ModifyLaunchTemplateRequest$DefaultVersion": "

The version number of the launch template to set as the default version.

", "ModifyManagedPrefixListRequest$PrefixListName": "

A name for the prefix list.

", "ModifyReservedInstancesRequest$ClientToken": "

A unique, case-sensitive token you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.

", @@ -17736,7 +17741,7 @@ "ReportInstanceStatusRequest$Description": "

Descriptive text about the health state of your instance.

", "RequestIpamResourceTag$Key": "

The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

", "RequestIpamResourceTag$Value": "

The value for the tag.

", - "RequestLaunchTemplateData$UserData": "

The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see Running Commands on Your Linux Instance at Launch (Linux) or Adding User Data (Windows).

If you are creating the launch template for use with Batch, the user data must be provided in the MIME multi-part archive format. For more information, see Amazon EC2 user data in launch templates in the Batch User Guide.

", + "RequestLaunchTemplateData$UserData": "

The user data to make available to the instance. You must provide base64-encoded text. User data is limited to 16 KB. For more information, see Run commands on your Linux instance at launch (Linux) or Work with instance user data (Windows) in the Amazon Elastic Compute Cloud User Guide.

If you are creating the launch template for use with Batch, the user data must be provided in the MIME multi-part archive format. For more information, see Amazon EC2 user data in launch templates in the Batch User Guide.

", "RequestSpotFleetResponse$SpotFleetRequestId": "

The ID of the Spot Fleet request.

", "RequestSpotInstancesRequest$AvailabilityZoneGroup": "

The user-specified name for a logical grouping of requests.

When you specify an Availability Zone group in a Spot Instance request, all Spot Instances in the request are launched in the same Availability Zone. Instance proximity is maintained with this parameter, but the choice of Availability Zone is not. The group applies only to requests for Spot Instances of the same instance type. Any additional Spot Instance requests that are specified with the same Availability Zone group name are launched in that same Availability Zone, as long as at least one instance from the group is still active.

If there is no active instance running in the Availability Zone group that you specify for a new Spot Instance request (all instances are terminated, the request is expired, or the maximum price you specified falls below current Spot price), then Amazon EC2 launches the instance in any Availability Zone where the constraint can be met. Consequently, the subsequent set of Spot Instances could be placed in a different zone from the original request, even if you specified the same Availability Zone group.

Default: Instances are launched in any available Availability Zone.

", "RequestSpotInstancesRequest$ClientToken": "

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency in the Amazon EC2 User Guide for Linux Instances.

", @@ -18130,8 +18135,8 @@ "UserIdGroupPair$VpcId": "

The ID of the VPC for the referenced security group, if applicable.

", "UserIdGroupPair$VpcPeeringConnectionId": "

The ID of the VPC peering connection, if applicable.

", "UserIdStringList$member": null, - "ValidationError$Code": "

The error code that indicates why the parameter or parameter combination is not valid. For more information about error codes, see Error Codes.

", - "ValidationError$Message": "

The error message that describes why the parameter or parameter combination is not valid. For more information about error messages, see Error Codes.

", + "ValidationError$Code": "

The error code that indicates why the parameter or parameter combination is not valid. For more information about error codes, see Error codes.

", + "ValidationError$Message": "

The error message that describes why the parameter or parameter combination is not valid. For more information about error messages, see Error codes.

", "ValueStringList$member": null, "VersionStringList$member": null, "VgwTelemetry$OutsideIpAddress": "

The Internet-routable IP address of the virtual private gateway's outside interface.

", diff --git a/models/apis/ivschat/2020-07-14/docs-2.json b/models/apis/ivschat/2020-07-14/docs-2.json index bfa9c7c3f52..5843e1b08d3 100644 --- a/models/apis/ivschat/2020-07-14/docs-2.json +++ b/models/apis/ivschat/2020-07-14/docs-2.json @@ -124,7 +124,7 @@ "FallbackResult": { "base": null, "refs": { - "MessageReviewHandler$fallbackResult": "

Specifies the fallback behavior (whether the message is allowed or denied) if the handler does not return a valid response, encounters an error or times out. If allowed, the message is delivered with returned content to all users connected to the room. If denied, the message is not delivered to any user. Default: ALLOW.

" + "MessageReviewHandler$fallbackResult": "

Specifies the fallback behavior (whether the message is allowed or denied) if the handler does not return a valid response, encounters an error, or times out. (For the timeout period, see Service Quotas.) If allowed, the message is delivered with returned content to all users connected to the room. If denied, the message is not delivered to any user. Default: ALLOW.

" } }, "FieldName": { diff --git a/models/apis/mediaconvert/2017-08-29/api-2.json b/models/apis/mediaconvert/2017-08-29/api-2.json index 453de80c122..654205e211b 100644 --- a/models/apis/mediaconvert/2017-08-29/api-2.json +++ b/models/apis/mediaconvert/2017-08-29/api-2.json @@ -1226,6 +1226,23 @@ } } }, + "AllowedRenditionSize": { + "type": "structure", + "members": { + "Height": { + "shape": "__integerMin32Max8192", + "locationName": "height" + }, + "Required": { + "shape": "RequiredFlag", + "locationName": "required" + }, + "Width": { + "shape": "__integerMin32Max8192", + "locationName": "width" + } + } + }, "AlphaBehavior": { "type": "string", "enum": [ @@ -1578,6 +1595,31 @@ "USE_CONFIGURED" ] }, + "AutomatedAbrRule": { + "type": "structure", + "members": { + "AllowedRenditions": { + "shape": "__listOfAllowedRenditionSize", + "locationName": "allowedRenditions" + }, + "ForceIncludeRenditions": { + "shape": "__listOfForceIncludeRenditionSize", + "locationName": "forceIncludeRenditions" + }, + "MinBottomRenditionSize": { + "shape": "MinBottomRenditionSize", + "locationName": "minBottomRenditionSize" + }, + "MinTopRenditionSize": { + "shape": "MinTopRenditionSize", + "locationName": "minTopRenditionSize" + }, + "Type": { + "shape": "RuleType", + "locationName": "type" + } + } + }, "AutomatedAbrSettings": { "type": "structure", "members": { @@ -1592,6 +1634,10 @@ "MinAbrBitrate": { "shape": "__integerMin100000Max100000000", "locationName": "minAbrBitrate" + }, + "Rules": { + "shape": "__listOfAutomatedAbrRule", + "locationName": "rules" } } }, @@ -4302,6 +4348,19 @@ "httpStatusCode": 403 } }, + "ForceIncludeRenditionSize": { + "type": "structure", + "members": { + "Height": { + "shape": "__integerMin32Max8192", + "locationName": "height" + }, + "Width": { + "shape": "__integerMin32Max8192", + "locationName": "width" + } + } + }, "FrameCaptureSettings": { "type": "structure", "members": { @@ -7291,6 +7350,32 @@ } } }, + "MinBottomRenditionSize": { + "type": "structure", + "members": { + "Height": { + "shape": "__integerMin32Max8192", + "locationName": "height" + }, + "Width": { + "shape": "__integerMin32Max8192", + "locationName": "width" + } + } + }, + "MinTopRenditionSize": { + "type": "structure", + "members": { + "Height": { + "shape": "__integerMin32Max8192", + "locationName": "height" + }, + "Width": { + "shape": "__integerMin32Max8192", + "locationName": "width" + } + } + }, "MotionImageInserter": { "type": "structure", "members": { @@ -8797,6 +8882,13 @@ "EXPIRE" ] }, + "RequiredFlag": { + "type": "string", + "enum": [ + "ENABLED", + "DISABLED" + ] + }, "ReservationPlan": { "type": "structure", "members": { @@ -8876,6 +8968,15 @@ "PASSTHROUGH" ] }, + "RuleType": { + "type": "string", + "enum": [ + "MIN_TOP_RENDITION_SIZE", + "MIN_BOTTOM_RENDITION_SIZE", + "FORCE_INCLUDE_RENDITIONS", + "ALLOWED_RENDITIONS" + ] + }, "S3DestinationAccessControl": { "type": "structure", "members": { @@ -10861,12 +10962,24 @@ "min": -70, "max": 0 }, + "__listOfAllowedRenditionSize": { + "type": "list", + "member": { + "shape": "AllowedRenditionSize" + } + }, "__listOfAudioDescription": { "type": "list", "member": { "shape": "AudioDescription" } }, + "__listOfAutomatedAbrRule": { + "type": "list", + "member": { + "shape": "AutomatedAbrRule" + } + }, "__listOfCaptionDescription": { "type": "list", "member": { @@ -10897,6 +11010,12 @@ "shape": "Endpoint" } }, + "__listOfForceIncludeRenditionSize": { + "type": "list", + "member": { + "shape": "ForceIncludeRenditionSize" + } + }, "__listOfHlsAdMarkers": { "type": "list", "member": { diff --git a/models/apis/mediaconvert/2017-08-29/docs-2.json b/models/apis/mediaconvert/2017-08-29/docs-2.json index 537cf6cf961..97ec95d7845 100644 --- a/models/apis/mediaconvert/2017-08-29/docs-2.json +++ b/models/apis/mediaconvert/2017-08-29/docs-2.json @@ -162,6 +162,12 @@ "AudioCodecSettings$AiffSettings": "Required when you set (Codec) under (AudioDescriptions)>(CodecSettings) to the value AIFF." } }, + "AllowedRenditionSize": { + "base": "Use Allowed renditions to specify a list of possible resolutions in your ABR stack. * MediaConvert will create an ABR stack exclusively from the list of resolutions that you specify. * Some resolutions in the Allowed renditions list may not be included, however you can force a resolution to be included by setting Required to ENABLED. * You must specify at least one resolution that is greater than or equal to any resolutions that you specify in Min top rendition size or Min bottom rendition size. * If you specify Allowed renditions, you must not specify a separate rule for Force include renditions.", + "refs": { + "__listOfAllowedRenditionSize$member": null + } + }, "AlphaBehavior": { "base": "Ignore this setting unless this input is a QuickTime animation with an alpha channel. Use this setting to create separate Key and Fill outputs. In each output, specify which part of the input MediaConvert uses. Leave this setting at the default value DISCARD to delete the alpha channel and preserve the video. Set it to REMAP_TO_LUMA to delete the video and map the alpha channel to the luma channel of your outputs.", "refs": { @@ -298,6 +304,12 @@ "AudioDescription$AudioTypeControl": "When set to FOLLOW_INPUT, if the input contains an ISO 639 audio_type, then that value is passed through to the output. If the input contains no ISO 639 audio_type, the value in Audio Type is included in the output. Otherwise the value in Audio Type is included in the output. Note that this field and audioType are both ignored if audioDescriptionBroadcasterMix is set to BROADCASTER_MIXED_AD." } }, + "AutomatedAbrRule": { + "base": "Specify one or more Automated ABR rule types. Note: Force include and Allowed renditions are mutually exclusive.", + "refs": { + "__listOfAutomatedAbrRule$member": null + } + }, "AutomatedAbrSettings": { "base": "Use automated ABR to have MediaConvert set up the renditions in your ABR package for you automatically, based on characteristics of your input video. This feature optimizes video quality while minimizing the overall size of your ABR package.", "refs": { @@ -335,7 +347,7 @@ } }, "Av1QvbrSettings": { - "base": "Settings for quality-defined variable bitrate encoding with the H.265 codec. Use these settings only when you set QVBR for Rate control mode (RateControlMode).", + "base": "Settings for quality-defined variable bitrate encoding with the AV1 codec. Use these settings only when you set QVBR for Rate control mode (RateControlMode).", "refs": { "Av1Settings$QvbrSettings": "Settings for quality-defined variable bitrate encoding with the H.265 codec. Use these settings only when you set QVBR for Rate control mode (RateControlMode)." } @@ -720,9 +732,9 @@ } }, "CmfcKlvMetadata": { - "base": "Applies to CMAF outputs. Use this setting to specify whether the service inserts the KLV metadata from the input in this output.", + "base": "To include key-length-value metadata in this output: Set KLV metadata insertion to Passthrough. MediaConvert reads KLV metadata present in your input and writes each instance to a separate event message box in the output, according to MISB ST1910.1. To exclude this KLV metadata: Set KLV metadata insertion to None or leave blank.", "refs": { - "CmfcSettings$KlvMetadata": "Applies to CMAF outputs. Use this setting to specify whether the service inserts the KLV metadata from the input in this output." + "CmfcSettings$KlvMetadata": "To include key-length-value metadata in this output: Set KLV metadata insertion to Passthrough. MediaConvert reads KLV metadata present in your input and writes each instance to a separate event message box in the output, according to MISB ST1910.1. To exclude this KLV metadata: Set KLV metadata insertion to None or leave blank." } }, "CmfcScte35Esam": { @@ -1041,7 +1053,7 @@ } }, "DolbyVision": { - "base": "With AWS Elemental MediaConvert, you can create profile 5 Dolby Vision outputs from MXF and IMF sources that contain mastering information as frame-interleaved Dolby Vision metadata.", + "base": "With AWS Elemental MediaConvert, you can create profile 5 or 8.1 Dolby Vision outputs from MXF and IMF sources.", "refs": { "VideoPreprocessor$DolbyVision": "Enable Dolby Vision feature to produce Dolby Vision compatible video output." } @@ -1059,15 +1071,15 @@ } }, "DolbyVisionMapping": { - "base": "Required when you set Dolby Vision Profile (Profile) to Profile 8.1 (PROFILE_8_1). When you set Content mapping (Mapping) to None (HDR10_NOMAP), content mapping is not applied to the HDR10-compatible signal. Depending on the source peak nit level, clipping might occur on HDR devices without Dolby Vision. When you set Content mapping to Static (HDR10_1000), the transcoder creates a 1,000 nits peak HDR10-compatible signal by applying static content mapping to the source. This mode is speed-optimized for PQ10 sources with metadata that is created from analysis. For graded Dolby Vision content, be aware that creative intent might not be guaranteed with extreme 1,000 nits trims.", + "base": "Required when you set Dolby Vision Profile to Profile 8.1. When you set Content mapping to None, content mapping is not applied to the HDR10-compatible signal. Depending on the source peak nit level, clipping might occur on HDR devices without Dolby Vision. When you set Content mapping to HDR10 1000, the transcoder creates a 1,000 nits peak HDR10-compatible signal by applying static content mapping to the source. This mode is speed-optimized for PQ10 sources with metadata that is created from analysis. For graded Dolby Vision content, be aware that creative intent might not be guaranteed with extreme 1,000 nits trims.", "refs": { - "DolbyVision$Mapping": "Required when you set Dolby Vision Profile (Profile) to Profile 8.1 (PROFILE_8_1). When you set Content mapping (Mapping) to None (HDR10_NOMAP), content mapping is not applied to the HDR10-compatible signal. Depending on the source peak nit level, clipping might occur on HDR devices without Dolby Vision. When you set Content mapping to Static (HDR10_1000), the transcoder creates a 1,000 nits peak HDR10-compatible signal by applying static content mapping to the source. This mode is speed-optimized for PQ10 sources with metadata that is created from analysis. For graded Dolby Vision content, be aware that creative intent might not be guaranteed with extreme 1,000 nits trims." + "DolbyVision$Mapping": "Required when you set Dolby Vision Profile to Profile 8.1. When you set Content mapping to None, content mapping is not applied to the HDR10-compatible signal. Depending on the source peak nit level, clipping might occur on HDR devices without Dolby Vision. When you set Content mapping to HDR10 1000, the transcoder creates a 1,000 nits peak HDR10-compatible signal by applying static content mapping to the source. This mode is speed-optimized for PQ10 sources with metadata that is created from analysis. For graded Dolby Vision content, be aware that creative intent might not be guaranteed with extreme 1,000 nits trims." } }, "DolbyVisionProfile": { - "base": "Required when you use Dolby Vision (DolbyVision) processing. Set Profile (DolbyVisionProfile) to Profile 5 (Profile_5) to only include frame-interleaved Dolby Vision metadata in your output. Set Profile to Profile 8.1 (Profile_8_1) to include both frame-interleaved Dolby Vision metadata and HDR10 metadata in your output.", + "base": "Required when you use Dolby Vision processing. Set Profile to Profile 5 to only include frame-interleaved Dolby Vision metadata in your output. Set Profile to Profile 8.1 to include both frame-interleaved Dolby Vision metadata and HDR10 metadata in your output.", "refs": { - "DolbyVision$Profile": "Required when you use Dolby Vision (DolbyVision) processing. Set Profile (DolbyVisionProfile) to Profile 5 (Profile_5) to only include frame-interleaved Dolby Vision metadata in your output. Set Profile to Profile 8.1 (Profile_8_1) to include both frame-interleaved Dolby Vision metadata and HDR10 metadata in your output." + "DolbyVision$Profile": "Required when you use Dolby Vision processing. Set Profile to Profile 5 to only include frame-interleaved Dolby Vision metadata in your output. Set Profile to Profile 8.1 to include both frame-interleaved Dolby Vision metadata and HDR10 metadata in your output." } }, "DropFrameTimecode": { @@ -1443,6 +1455,12 @@ "refs": { } }, + "ForceIncludeRenditionSize": { + "base": "Use Force include renditions to specify one or more resolutions to include your ABR stack. * (Recommended) To optimize automated ABR, specify as few resolutions as possible. * (Required) The number of resolutions that you specify must be equal to, or less than, the Max renditions setting. * If you specify a Min top rendition size rule, specify at least one resolution that is equal to, or greater than, Min top rendition size. * If you specify a Min bottom rendition size rule, only specify resolutions that are equal to, or greater than, Min bottom rendition size. * If you specify a Force include renditions rule, do not specify a separate rule for Allowed renditions. * Note: The ABR stack may include other resolutions that you do not specify here, depending on the Max renditions setting.", + "refs": { + "__listOfForceIncludeRenditionSize$member": null + } + }, "FrameCaptureSettings": { "base": "Required when you set (Codec) under (VideoDescription)>(CodecSettings) to the value FRAME_CAPTURE.", "refs": { @@ -1584,7 +1602,7 @@ } }, "H264QvbrSettings": { - "base": "Settings for quality-defined variable bitrate encoding with the H.265 codec. Use these settings only when you set QVBR for Rate control mode (RateControlMode).", + "base": "Settings for quality-defined variable bitrate encoding with the H.264 codec. Use these settings only when you set QVBR for Rate control mode (RateControlMode).", "refs": { "H264Settings$QvbrSettings": "Settings for quality-defined variable bitrate encoding with the H.265 codec. Use these settings only when you set QVBR for Rate control mode (RateControlMode)." } @@ -2049,9 +2067,9 @@ } }, "ImscAccessibilitySubs": { - "base": "Set Accessibility subtitles (Accessibility) to Enabled (ENABLED) if the ISMC or WebVTT captions track is intended to provide accessibility for people who are deaf or hard of hearing. When you enable this feature, MediaConvert adds the following attributes under EXT-X-MEDIA in the HLS or CMAF manifest for this track: CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". Keep the default value, Disabled (DISABLED), if the captions track is not intended to provide such accessibility. MediaConvert will not add the above attributes.", + "base": "Set Accessibility subtitles to Enabled if the ISMC or WebVTT captions track is intended to provide accessibility for people who are deaf or hard of hearing. When you enable this feature, MediaConvert adds the following attributes under EXT-X-MEDIA in the HLS or CMAF manifest for this track: CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". Keep the default value, Disabled, if the captions track is not intended to provide such accessibility. MediaConvert will not add the above attributes.", "refs": { - "ImscDestinationSettings$Accessibility": "Set Accessibility subtitles (Accessibility) to Enabled (ENABLED) if the ISMC or WebVTT captions track is intended to provide accessibility for people who are deaf or hard of hearing. When you enable this feature, MediaConvert adds the following attributes under EXT-X-MEDIA in the HLS or CMAF manifest for this track: CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". Keep the default value, Disabled (DISABLED), if the captions track is not intended to provide such accessibility. MediaConvert will not add the above attributes." + "ImscDestinationSettings$Accessibility": "Set Accessibility subtitles to Enabled if the ISMC or WebVTT captions track is intended to provide accessibility for people who are deaf or hard of hearing. When you enable this feature, MediaConvert adds the following attributes under EXT-X-MEDIA in the HLS or CMAF manifest for this track: CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". Keep the default value, Disabled, if the captions track is not intended to provide such accessibility. MediaConvert will not add the above attributes." } }, "ImscDestinationSettings": { @@ -2345,9 +2363,9 @@ } }, "M2tsKlvMetadata": { - "base": "Applies to MPEG-TS outputs. Use this setting to specify whether the service inserts the KLV metadata from the input in this output.", + "base": "To include key-length-value metadata in this output: Set KLV metadata insertion to Passthrough. MediaConvert reads KLV metadata present in your input and passes it through to the output transport stream. To exclude this KLV metadata: Set KLV metadata insertion to None or leave blank.", "refs": { - "M2tsSettings$KlvMetadata": "Applies to MPEG-TS outputs. Use this setting to specify whether the service inserts the KLV metadata from the input in this output." + "M2tsSettings$KlvMetadata": "To include key-length-value metadata in this output: Set KLV metadata insertion to Passthrough. MediaConvert reads KLV metadata present in your input and passes it through to the output transport stream. To exclude this KLV metadata: Set KLV metadata insertion to None or leave blank." } }, "M2tsNielsenId3": { @@ -2434,6 +2452,18 @@ "ContainerSettings$M3u8Settings": "These settings relate to the MPEG-2 transport stream (MPEG2-TS) container for the MPEG2-TS segments in your HLS outputs." } }, + "MinBottomRenditionSize": { + "base": "Use Min bottom rendition size to specify a minimum size for the lowest resolution in your ABR stack. * The lowest resolution in your ABR stack will be equal to or greater than the value that you enter. For example: If you specify 640x360 the lowest resolution in your ABR stack will be equal to or greater than to 640x360. * If you specify a Min top rendition size rule, the value that you specify for Min bottom rendition size must be less than, or equal to, Min top rendition size.", + "refs": { + "AutomatedAbrRule$MinBottomRenditionSize": "Use Min bottom rendition size to specify a minimum size for the lowest resolution in your ABR stack. * The lowest resolution in your ABR stack will be equal to or greater than the value that you enter. For example: If you specify 640x360 the lowest resolution in your ABR stack will be equal to or greater than to 640x360. * If you specify a Min top rendition size rule, the value that you specify for Min bottom rendition size must be less than, or equal to, Min top rendition size." + } + }, + "MinTopRenditionSize": { + "base": "Use Min top rendition size to specify a minimum size for the highest resolution in your ABR stack. * The highest resolution in your ABR stack will be equal to or greater than the value that you enter. For example: If you specify 1280x720 the highest resolution in your ABR stack will be equal to or greater than 1280x720. * If you specify a value for Max resolution, the value that you specify for Min top rendition size must be less than, or equal to, Max resolution.", + "refs": { + "AutomatedAbrRule$MinTopRenditionSize": "Use Min top rendition size to specify a minimum size for the highest resolution in your ABR stack. * The highest resolution in your ABR stack will be equal to or greater than the value that you enter. For example: If you specify 1280x720 the highest resolution in your ABR stack will be equal to or greater than 1280x720. * If you specify a value for Max resolution, the value that you specify for Min top rendition size must be less than, or equal to, Max resolution." + } + }, "MotionImageInserter": { "base": "Overlay motion graphics on top of your video. The motion graphics that you specify here appear on all outputs in all output groups. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/motion-graphic-overlay.html.", "refs": { @@ -2562,9 +2592,9 @@ } }, "MpdKlvMetadata": { - "base": "Applies to DASH ISO outputs. Use this setting to specify whether the service inserts the KLV metadata from the input in this output.", + "base": "To include key-length-value metadata in this output: Set KLV metadata insertion to Passthrough. MediaConvert reads KLV metadata present in your input and writes each instance to a separate event message box in the output, according to MISB ST1910.1. To exclude this KLV metadata: Set KLV metadata insertion to None or leave blank.", "refs": { - "MpdSettings$KlvMetadata": "Applies to DASH ISO outputs. Use this setting to specify whether the service inserts the KLV metadata from the input in this output." + "MpdSettings$KlvMetadata": "To include key-length-value metadata in this output: Set KLV metadata insertion to Passthrough. MediaConvert reads KLV metadata present in your input and writes each instance to a separate event message box in the output, according to MISB ST1910.1. To exclude this KLV metadata: Set KLV metadata insertion to None or leave blank." } }, "MpdScte35Esam": { @@ -3105,6 +3135,12 @@ "ReservationPlanSettings$RenewalType": "Specifies whether the term of your reserved queue pricing plan is automatically extended (AUTO_RENEW) or expires (EXPIRE) at the end of the term. When your term is auto renewed, you extend your commitment by 12 months from the auto renew date. You can cancel this commitment." } }, + "RequiredFlag": { + "base": "Set to ENABLED to force a rendition to be included.", + "refs": { + "AllowedRenditionSize$Required": "Set to ENABLED to force a rendition to be included." + } + }, "ReservationPlan": { "base": "Details about the pricing plan for your reserved queue. Required for reserved queues and not applicable to on-demand queues.", "refs": { @@ -3136,6 +3172,12 @@ "VideoDescription$RespondToAfd": "Use Respond to AFD (RespondToAfd) to specify how the service changes the video itself in response to AFD values in the input. * Choose Respond to clip the input video frame according to the AFD value, input display aspect ratio, and output display aspect ratio. * Choose Passthrough to include the input AFD values. Do not choose this when AfdSignaling is set to (NONE). A preferred implementation of this workflow is to set RespondToAfd to (NONE) and set AfdSignaling to (AUTO). * Choose None to remove all input AFD values from this output." } }, + "RuleType": { + "base": "Use Min top rendition size to specify a minimum size for the highest resolution in your ABR stack. * The highest resolution in your ABR stack will be equal to or greater than the value that you enter. For example: If you specify 1280x720 the highest resolution in your ABR stack will be equal to or greater than 1280x720. * If you specify a value for Max resolution, the value that you specify for Min top rendition size must be less than, or equal to, Max resolution. Use Min bottom rendition size to specify a minimum size for the lowest resolution in your ABR stack. * The lowest resolution in your ABR stack will be equal to or greater than the value that you enter. For example: If you specify 640x360 the lowest resolution in your ABR stack will be equal to or greater than to 640x360. * If you specify a Min top rendition size rule, the value that you specify for Min bottom rendition size must be less than, or equal to, Min top rendition size. Use Force include renditions to specify one or more resolutions to include your ABR stack. * (Recommended) To optimize automated ABR, specify as few resolutions as possible. * (Required) The number of resolutions that you specify must be equal to, or less than, the Max renditions setting. * If you specify a Min top rendition size rule, specify at least one resolution that is equal to, or greater than, Min top rendition size. * If you specify a Min bottom rendition size rule, only specify resolutions that are equal to, or greater than, Min bottom rendition size. * If you specify a Force include renditions rule, do not specify a separate rule for Allowed renditions. * Note: The ABR stack may include other resolutions that you do not specify here, depending on the Max renditions setting. Use Allowed renditions to specify a list of possible resolutions in your ABR stack. * (Required) The number of resolutions that you specify must be equal to, or greater than, the Max renditions setting. * MediaConvert will create an ABR stack exclusively from the list of resolutions that you specify. * Some resolutions in the Allowed renditions list may not be included, however you can force a resolution to be included by setting Required to ENABLED. * You must specify at least one resolution that is greater than or equal to any resolutions that you specify in Min top rendition size or Min bottom rendition size. * If you specify Allowed renditions, you must not specify a separate rule for Force include renditions.", + "refs": { + "AutomatedAbrRule$Type": "Use Min top rendition size to specify a minimum size for the highest resolution in your ABR stack. * The highest resolution in your ABR stack will be equal to or greater than the value that you enter. For example: If you specify 1280x720 the highest resolution in your ABR stack will be equal to or greater than 1280x720. * If you specify a value for Max resolution, the value that you specify for Min top rendition size must be less than, or equal to, Max resolution. Use Min bottom rendition size to specify a minimum size for the lowest resolution in your ABR stack. * The lowest resolution in your ABR stack will be equal to or greater than the value that you enter. For example: If you specify 640x360 the lowest resolution in your ABR stack will be equal to or greater than to 640x360. * If you specify a Min top rendition size rule, the value that you specify for Min bottom rendition size must be less than, or equal to, Min top rendition size. Use Force include renditions to specify one or more resolutions to include your ABR stack. * (Recommended) To optimize automated ABR, specify as few resolutions as possible. * (Required) The number of resolutions that you specify must be equal to, or less than, the Max renditions setting. * If you specify a Min top rendition size rule, specify at least one resolution that is equal to, or greater than, Min top rendition size. * If you specify a Min bottom rendition size rule, only specify resolutions that are equal to, or greater than, Min bottom rendition size. * If you specify a Force include renditions rule, do not specify a separate rule for Allowed renditions. * Note: The ABR stack may include other resolutions that you do not specify here, depending on the Max renditions setting. Use Allowed renditions to specify a list of possible resolutions in your ABR stack. * (Required) The number of resolutions that you specify must be equal to, or greater than, the Max renditions setting. * MediaConvert will create an ABR stack exclusively from the list of resolutions that you specify. * Some resolutions in the Allowed renditions list may not be included, however you can force a resolution to be included by setting Required to ENABLED. * You must specify at least one resolution that is greater than or equal to any resolutions that you specify in Min top rendition size or Min bottom rendition size. * If you specify Allowed renditions, you must not specify a separate rule for Force include renditions." + } + }, "S3DestinationAccessControl": { "base": "Optional. Have MediaConvert automatically apply Amazon S3 access control for the outputs in this output group. When you don't use this setting, S3 automatically applies the default access control list PRIVATE.", "refs": { @@ -3578,9 +3620,9 @@ } }, "WebvttAccessibilitySubs": { - "base": "Set Accessibility subtitles (Accessibility) to Enabled (ENABLED) if the ISMC or WebVTT captions track is intended to provide accessibility for people who are deaf or hard of hearing. When you enable this feature, MediaConvert adds the following attributes under EXT-X-MEDIA in the HLS or CMAF manifest for this track: CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". Keep the default value, Disabled (DISABLED), if the captions track is not intended to provide such accessibility. MediaConvert will not add the above attributes.", + "base": "Set Accessibility subtitles to Enabled if the ISMC or WebVTT captions track is intended to provide accessibility for people who are deaf or hard of hearing. When you enable this feature, MediaConvert adds the following attributes under EXT-X-MEDIA in the HLS or CMAF manifest for this track: CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". Keep the default value, Disabled, if the captions track is not intended to provide such accessibility. MediaConvert will not add the above attributes.", "refs": { - "WebvttDestinationSettings$Accessibility": "Set Accessibility subtitles (Accessibility) to Enabled (ENABLED) if the ISMC or WebVTT captions track is intended to provide accessibility for people who are deaf or hard of hearing. When you enable this feature, MediaConvert adds the following attributes under EXT-X-MEDIA in the HLS or CMAF manifest for this track: CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". Keep the default value, Disabled (DISABLED), if the captions track is not intended to provide such accessibility. MediaConvert will not add the above attributes." + "WebvttDestinationSettings$Accessibility": "Set Accessibility subtitles to Enabled if the ISMC or WebVTT captions track is intended to provide accessibility for people who are deaf or hard of hearing. When you enable this feature, MediaConvert adds the following attributes under EXT-X-MEDIA in the HLS or CMAF manifest for this track: CHARACTERISTICS=\"public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound\" and AUTOSELECT=\"YES\". Keep the default value, Disabled, if the captions track is not intended to provide such accessibility. MediaConvert will not add the above attributes." } }, "WebvttDestinationSettings": { @@ -4430,7 +4472,7 @@ "M2tsSettings$PmtPid": "Specify the packet identifier (PID) for the program map table (PMT) itself. Default is 480.", "M2tsSettings$PrivateMetadataPid": "Specify the packet identifier (PID) of the private metadata stream. Default is 503.", "M2tsSettings$Scte35Pid": "Specify the packet identifier (PID) of the SCTE-35 stream in the transport stream.", - "M2tsSettings$TimedMetadataPid": "Specify the packet identifier (PID) for timed metadata in this output. Default is 502.", + "M2tsSettings$TimedMetadataPid": "Packet Identifier (PID) of the ID3 metadata stream in the transport stream.", "M2tsSettings$VideoPid": "Specify the packet identifier (PID) of the elementary video stream in the transport stream.", "M3u8Settings$PcrPid": "Packet Identifier (PID) of the Program Clock Reference (PCR) in the transport stream. When no value is given, the encoder will assign the same value as the Video PID.", "M3u8Settings$PmtPid": "Packet Identifier (PID) for the Program Map Table (PMT) in the transport stream.", @@ -4444,6 +4486,14 @@ "__integerMin32Max8192": { "base": null, "refs": { + "AllowedRenditionSize$Height": "Use Height to define the video resolution height, in pixels, for this rule.", + "AllowedRenditionSize$Width": "Use Width to define the video resolution width, in pixels, for this rule.", + "ForceIncludeRenditionSize$Height": "Use Height to define the video resolution height, in pixels, for this rule.", + "ForceIncludeRenditionSize$Width": "Use Width to define the video resolution width, in pixels, for this rule.", + "MinBottomRenditionSize$Height": "Use Height to define the video resolution height, in pixels, for this rule.", + "MinBottomRenditionSize$Width": "Use Width to define the video resolution width, in pixels, for this rule.", + "MinTopRenditionSize$Height": "Use Height to define the video resolution height, in pixels, for this rule.", + "MinTopRenditionSize$Width": "Use Width to define the video resolution width, in pixels, for this rule.", "VideoDescription$Height": "Use the Height (Height) setting to define the video resolution height for this output. Specify in pixels. If you don't provide a value here, the service will use the input height.", "VideoDescription$Width": "Use Width (Width) to define the video resolution width, in pixels, for this output. If you don't provide a value here, the service will use the input width." } @@ -4603,6 +4653,12 @@ "AudioNormalizationSettings$CorrectionGateLevel": "Content measuring above this level will be corrected to the target level. Content measuring below this level will not be corrected." } }, + "__listOfAllowedRenditionSize": { + "base": null, + "refs": { + "AutomatedAbrRule$AllowedRenditions": "When customer adds the allowed renditions rule for auto ABR ladder, they are required to add at leat one rendition to allowedRenditions list" + } + }, "__listOfAudioDescription": { "base": null, "refs": { @@ -4610,6 +4666,12 @@ "PresetSettings$AudioDescriptions": "(AudioDescriptions) contains groups of audio encoding settings organized by audio codec. Include one instance of (AudioDescriptions) per output. (AudioDescriptions) can contain multiple groups of encoding settings." } }, + "__listOfAutomatedAbrRule": { + "base": null, + "refs": { + "AutomatedAbrSettings$Rules": "Optional. Use Automated ABR rules to specify restrictions for the rendition sizes MediaConvert will create in your ABR stack. You can use these rules if your ABR workflow has specific rendition size requirements, but you still want MediaConvert to optimize for video quality and overall file size." + } + }, "__listOfCaptionDescription": { "base": null, "refs": { @@ -4640,6 +4702,12 @@ "DescribeEndpointsResponse$Endpoints": "List of endpoints" } }, + "__listOfForceIncludeRenditionSize": { + "base": null, + "refs": { + "AutomatedAbrRule$ForceIncludeRenditions": "When customer adds the force include renditions rule for auto ABR ladder, they are required to add at leat one rendition to forceIncludeRenditions list" + } + }, "__listOfHlsAdMarkers": { "base": null, "refs": { diff --git a/models/apis/networkmanager/2019-07-05/api-2.json b/models/apis/networkmanager/2019-07-05/api-2.json index e7cdea61d90..703be305494 100644 --- a/models/apis/networkmanager/2019-07-05/api-2.json +++ b/models/apis/networkmanager/2019-07-05/api-2.json @@ -993,6 +993,15 @@ {"shape":"InternalServerException"} ] }, + "ListOrganizationServiceAccessStatus":{ + "name":"ListOrganizationServiceAccessStatus", + "http":{ + "method":"GET", + "requestUri":"/organizations/service-access" + }, + "input":{"shape":"ListOrganizationServiceAccessStatusRequest"}, + "output":{"shape":"ListOrganizationServiceAccessStatusResponse"} + }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ @@ -1095,6 +1104,23 @@ {"shape":"ConflictException"} ] }, + "StartOrganizationServiceAccessUpdate":{ + "name":"StartOrganizationServiceAccessUpdate", + "http":{ + "method":"POST", + "requestUri":"/organizations/service-access" + }, + "input":{"shape":"StartOrganizationServiceAccessUpdateRequest"}, + "output":{"shape":"StartOrganizationServiceAccessUpdateResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ] + }, "StartRouteAnalysis":{ "name":"StartRouteAnalysis", "http":{ @@ -1289,7 +1315,8 @@ "AWSAccountId":{ "type":"string", "max":12, - "min":12 + "min":12, + "pattern":"[\\s\\S]*" }, "AWSLocation":{ "type":"structure", @@ -1324,6 +1351,27 @@ "error":{"httpStatusCode":403}, "exception":true }, + "AccountId":{ + "type":"string", + "max":50, + "min":0 + }, + "AccountStatus":{ + "type":"structure", + "members":{ + "AccountId":{"shape":"AccountId"}, + "SLRDeploymentStatus":{"shape":"SLRDeploymentStatus"} + } + }, + "AccountStatusList":{ + "type":"list", + "member":{"shape":"AccountStatus"} + }, + "Action":{ + "type":"string", + "max":50, + "min":0 + }, "AssociateConnectPeerRequest":{ "type":"structure", "required":[ @@ -1516,7 +1564,8 @@ "ClientToken":{ "type":"string", "max":256, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "ConflictException":{ "type":"structure", @@ -1660,7 +1709,8 @@ "ConnectionArn":{ "type":"string", "max":500, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "ConnectionHealth":{ "type":"structure", @@ -1673,7 +1723,8 @@ "ConnectionId":{ "type":"string", "max":50, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "ConnectionIdList":{ "type":"list", @@ -1709,7 +1760,8 @@ "ConstrainedString":{ "type":"string", "max":256, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "ConstrainedStringList":{ "type":"list", @@ -1732,7 +1784,8 @@ "CoreNetworkArn":{ "type":"string", "max":500, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "CoreNetworkChange":{ "type":"structure", @@ -1801,7 +1854,12 @@ "LATEST" ] }, - "CoreNetworkPolicyDocument":{"type":"string"}, + "CoreNetworkPolicyDocument":{ + "type":"string", + "max":10000000, + "min":0, + "pattern":"[\\s\\S]*" + }, "CoreNetworkPolicyError":{ "type":"structure", "required":[ @@ -2123,7 +2181,8 @@ "CustomerGatewayArn":{ "type":"string", "max":500, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "CustomerGatewayArnList":{ "type":"list", @@ -2436,12 +2495,14 @@ "DeviceArn":{ "type":"string", "max":500, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "DeviceId":{ "type":"string", "max":50, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "DeviceIdList":{ "type":"list", @@ -2600,7 +2661,8 @@ "ExternalRegionCode":{ "type":"string", "max":63, - "min":1 + "min":1, + "pattern":"[\\s\\S]*" }, "ExternalRegionCodeList":{ "type":"list", @@ -3399,12 +3461,14 @@ "GlobalNetworkArn":{ "type":"string", "max":500, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "GlobalNetworkId":{ "type":"string", "max":50, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "GlobalNetworkIdList":{ "type":"list", @@ -3426,7 +3490,8 @@ "IPAddress":{ "type":"string", "max":50, - "min":1 + "min":1, + "pattern":"[\\s\\S]*" }, "Integer":{"type":"integer"}, "InternalServerException":{ @@ -3463,7 +3528,8 @@ "LinkArn":{ "type":"string", "max":500, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "LinkAssociation":{ "type":"structure", @@ -3490,7 +3556,8 @@ "LinkId":{ "type":"string", "max":50, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "LinkIdList":{ "type":"list", @@ -3633,6 +3700,28 @@ "NextToken":{"shape":"NextToken"} } }, + "ListOrganizationServiceAccessStatusRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"NextToken", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListOrganizationServiceAccessStatusResponse":{ + "type":"structure", + "members":{ + "OrganizationStatus":{"shape":"OrganizationStatus"}, + "NextToken":{"shape":"NextToken"} + } + }, "ListTagsForResourceRequest":{ "type":"structure", "required":["ResourceArn"], @@ -3762,8 +3851,29 @@ "NextToken":{ "type":"string", "max":2048, + "min":0, + "pattern":"[\\s\\S]*" + }, + "OrganizationAwsServiceAccessStatus":{ + "type":"string", + "max":50, "min":0 }, + "OrganizationId":{ + "type":"string", + "max":50, + "min":0, + "pattern":"^o-([0-9a-f]{8,17})$" + }, + "OrganizationStatus":{ + "type":"structure", + "members":{ + "OrganizationId":{"shape":"OrganizationId"}, + "OrganizationAwsServiceAccessStatus":{"shape":"OrganizationAwsServiceAccessStatus"}, + "SLRDeploymentStatus":{"shape":"SLRDeploymentStatus"}, + "AccountStatusList":{"shape":"AccountStatusList"} + } + }, "PathComponent":{ "type":"structure", "members":{ @@ -3837,13 +3947,23 @@ "members":{ } }, - "ReasonContextKey":{"type":"string"}, + "ReasonContextKey":{ + "type":"string", + "max":10000000, + "min":0, + "pattern":"[\\s\\S]*" + }, "ReasonContextMap":{ "type":"map", "key":{"shape":"ReasonContextKey"}, "value":{"shape":"ReasonContextValue"} }, - "ReasonContextValue":{"type":"string"}, + "ReasonContextValue":{ + "type":"string", + "max":10000000, + "min":0, + "pattern":"[\\s\\S]*" + }, "RegisterTransitGatewayRequest":{ "type":"structure", "required":[ @@ -3896,7 +4016,8 @@ "ResourceArn":{ "type":"string", "max":1500, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "ResourceNotFoundException":{ "type":"structure", @@ -3914,7 +4035,12 @@ "error":{"httpStatusCode":404}, "exception":true }, - "ResourcePolicyDocument":{"type":"string"}, + "ResourcePolicyDocument":{ + "type":"string", + "max":10000000, + "min":0, + "pattern":"[\\s\\S]*" + }, "RestoreCoreNetworkPolicyVersionRequest":{ "type":"structure", "required":[ @@ -4054,7 +4180,17 @@ "type":"list", "member":{"shape":"RouteType"} }, - "ServerSideString":{"type":"string"}, + "SLRDeploymentStatus":{ + "type":"string", + "max":50, + "min":0 + }, + "ServerSideString":{ + "type":"string", + "max":10000000, + "min":0, + "pattern":"[\\s\\S]*" + }, "ServiceQuotaExceededException":{ "type":"structure", "required":[ @@ -4088,12 +4224,14 @@ "SiteArn":{ "type":"string", "max":500, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "SiteId":{ "type":"string", "max":50, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "SiteIdList":{ "type":"list", @@ -4119,6 +4257,19 @@ "VpnConnectionArn":{"shape":"VpnConnectionArn"} } }, + "StartOrganizationServiceAccessUpdateRequest":{ + "type":"structure", + "required":["Action"], + "members":{ + "Action":{"shape":"Action"} + } + }, + "StartOrganizationServiceAccessUpdateResponse":{ + "type":"structure", + "members":{ + "OrganizationStatus":{"shape":"OrganizationStatus"} + } + }, "StartRouteAnalysisRequest":{ "type":"structure", "required":[ @@ -4148,7 +4299,7 @@ "type":"string", "max":500, "min":0, - "pattern":"^arn:[^:]{1,63}:ec2:[^:]{0,63}:[^:]{0,63}:subnet\\/subnet-[0-9a-f]{8,17}$" + "pattern":"^arn:[^:]{1,63}:ec2:[^:]{0,63}:[^:]{0,63}:subnet\\/subnet-[0-9a-f]{8,17}$|^$" }, "SubnetArnList":{ "type":"list", @@ -4161,7 +4312,12 @@ "Value":{"shape":"TagValue"} } }, - "TagKey":{"type":"string"}, + "TagKey":{ + "type":"string", + "max":10000000, + "min":0, + "pattern":"[\\s\\S]*" + }, "TagKeyList":{ "type":"list", "member":{"shape":"TagKey"} @@ -4190,7 +4346,12 @@ "members":{ } }, - "TagValue":{"type":"string"}, + "TagValue":{ + "type":"string", + "max":10000000, + "min":0, + "pattern":"[\\s\\S]*" + }, "ThrottlingException":{ "type":"structure", "required":["Message"], @@ -4208,7 +4369,8 @@ "TransitGatewayArn":{ "type":"string", "max":500, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "TransitGatewayArnList":{ "type":"list", @@ -4217,17 +4379,20 @@ "TransitGatewayAttachmentArn":{ "type":"string", "max":500, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "TransitGatewayAttachmentId":{ "type":"string", "max":50, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "TransitGatewayConnectPeerArn":{ "type":"string", "max":500, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "TransitGatewayConnectPeerArnList":{ "type":"list", @@ -4288,7 +4453,8 @@ "TransitGatewayRouteTableArn":{ "type":"string", "max":500, - "min":0 + "min":0, + "pattern":"[\\s\\S]*" }, "TunnelProtocol":{ "type":"string", diff --git a/models/apis/networkmanager/2019-07-05/docs-2.json b/models/apis/networkmanager/2019-07-05/docs-2.json index 00c0593469f..ed4af3cc18c 100644 --- a/models/apis/networkmanager/2019-07-05/docs-2.json +++ b/models/apis/networkmanager/2019-07-05/docs-2.json @@ -1,21 +1,21 @@ { "version": "2.0", - "service": "

Transit Gateway Network Manager (Network Manager) enables you to create a global network, in which you can monitor your Amazon Web Services and on-premises networks that are built around transit gateways.

", + "service": "

Amazon Web Services enables you to centrally manage your Amazon Web Services Cloud WAN core network and your Transit Gateway network across Amazon Web Services accounts, Regions, and on-premises locations.

", "operations": { "AcceptAttachment": "

Accepts a core network attachment request.

Once the attachment request is accepted by a core network owner, the attachment is created and connected to a core network.

", "AssociateConnectPeer": "

Associates a core network Connect peer with a device and optionally, with a link.

If you specify a link, it must be associated with the specified device. You can only associate core network Connect peers that have been created on a core network Connect attachment on a core network.

", - "AssociateCustomerGateway": "

Associates a customer gateway with a device and optionally, with a link. If you specify a link, it must be associated with the specified device.

You can only associate customer gateways that are connected to a VPN attachment on a transit gateway. The transit gateway must be registered in your global network. When you register a transit gateway, customer gateways that are connected to the transit gateway are automatically included in the global network. To list customer gateways that are connected to a transit gateway, use the DescribeVpnConnections EC2 API and filter by transit-gateway-id.

You cannot associate a customer gateway with more than one device and link.

", + "AssociateCustomerGateway": "

Associates a customer gateway with a device and optionally, with a link. If you specify a link, it must be associated with the specified device.

You can only associate customer gateways that are connected to a VPN attachment on a transit gateway or core network registered in your global network. When you register a transit gateway or core network, customer gateways that are connected to the transit gateway are automatically included in the global network. To list customer gateways that are connected to a transit gateway, use the DescribeVpnConnections EC2 API and filter by transit-gateway-id.

You cannot associate a customer gateway with more than one device and link.

", "AssociateLink": "

Associates a link to a device. A device can be associated to multiple links and a link can be associated to multiple devices. The device and link must be in the same global network and the same site.

", "AssociateTransitGatewayConnectPeer": "

Associates a transit gateway Connect peer with a device, and optionally, with a link. If you specify a link, it must be associated with the specified device.

You can only associate transit gateway Connect peers that have been created on a transit gateway that's registered in your global network.

You cannot associate a transit gateway Connect peer with more than one device and link.

", "CreateConnectAttachment": "

Creates a core network Connect attachment from a specified core network attachment.

A core network Connect attachment is a GRE-based tunnel attachment that you can use to establish a connection between a core network and an appliance. A core network Connect attachment uses an existing VPC attachment as the underlying transport mechanism.

", - "CreateConnectPeer": "

Creates a core network connect peer for a specified core network connect attachment between a core network and an appliance. The peer address and transit gateway address must be the same IP address family (IPv4 or IPv6).

", + "CreateConnectPeer": "

Creates a core network Connect peer for a specified core network connect attachment between a core network and an appliance. The peer address and transit gateway address must be the same IP address family (IPv4 or IPv6).

", "CreateConnection": "

Creates a connection between two devices. The devices can be a physical or virtual appliance that connects to a third-party appliance in a VPC, or a physical appliance that connects to another physical appliance in an on-premises network.

", "CreateCoreNetwork": "

Creates a core network as part of your global network, and optionally, with a core network policy.

", "CreateDevice": "

Creates a new device in a global network. If you specify both a site ID and a location, the location of the site is used for visualization in the Network Manager console.

", "CreateGlobalNetwork": "

Creates a new, empty global network.

", "CreateLink": "

Creates a new link for a specified site.

", "CreateSite": "

Creates a new site in a global network.

", - "CreateSiteToSiteVpnAttachment": "

Creates a site-to-site VPN attachment on an edge location of a core network.

", + "CreateSiteToSiteVpnAttachment": "

Creates an Amazon Web Services site-to-site VPN attachment on an edge location of a core network.

", "CreateVpcAttachment": "

Creates a VPC attachment on an edge location of a core network.

", "DeleteAttachment": "

Deletes an attachment. Supports all attachment types.

", "DeleteConnectPeer": "

Deletes a Connect peer.

", @@ -23,7 +23,7 @@ "DeleteCoreNetwork": "

Deletes a core network along with all core network policies. This can only be done if there are no attachments on a core network.

", "DeleteCoreNetworkPolicyVersion": "

Deletes a policy version from a core network. You can't delete the current LIVE policy.

", "DeleteDevice": "

Deletes an existing device. You must first disassociate the device from any links and customer gateways.

", - "DeleteGlobalNetwork": "

Deletes an existing global network. You must first delete all global network objects (devices, links, and sites) and deregister all transit gateways.

", + "DeleteGlobalNetwork": "

Deletes an existing global network. You must first delete all global network objects (devices, links, and sites), deregister all transit gateways, and delete any core networks.

", "DeleteLink": "

Deletes an existing link. You must first disassociate the link from any devices and customer gateways.

", "DeleteResourcePolicy": "

Deletes a resource policy for the specified resource. This revokes the access of the principals specified in the resource policy.

", "DeleteSite": "

Deletes an existing site. The site cannot be associated with any device or link.

", @@ -38,7 +38,7 @@ "GetConnectPeer": "

Returns information about a core network Connect peer.

", "GetConnectPeerAssociations": "

Returns information about a core network Connect peer associations.

", "GetConnections": "

Gets information about one or more of your connections in a global network.

", - "GetCoreNetwork": "

Returns information about a core network. By default it returns the LIVE policy.

", + "GetCoreNetwork": "

Returns information about the LIVE policy for a core network.

", "GetCoreNetworkChangeSet": "

Returns a change set between the LIVE core network policy and a submitted policy.

", "GetCoreNetworkPolicy": "

Gets details about a core network policy. You can get details about your current live policy or any previous policy version.

", "GetCustomerGatewayAssociations": "

Gets the association information for customer gateways that are associated with devices and links in your global network.

", @@ -61,12 +61,14 @@ "ListConnectPeers": "

Returns a list of core network Connect peers.

", "ListCoreNetworkPolicyVersions": "

Returns a list of core network policy versions.

", "ListCoreNetworks": "

Returns a list of owned and shared core networks.

", + "ListOrganizationServiceAccessStatus": null, "ListTagsForResource": "

Lists the tags for a specified resource.

", "PutCoreNetworkPolicy": "

Creates a new, immutable version of a core network policy. A subsequent change set is created showing the differences between the LIVE policy and the submitted policy.

", "PutResourcePolicy": "

Creates or updates a resource policy.

", "RegisterTransitGateway": "

Registers a transit gateway in your global network. The transit gateway can be in any Amazon Web Services Region, but it must be owned by the same Amazon Web Services account that owns the global network. You cannot register a transit gateway in more than one global network.

", "RejectAttachment": "

Rejects a core network attachment request.

", "RestoreCoreNetworkPolicyVersion": "

Restores a previous policy version as a new, immutable version of a core network policy. A subsequent change set is created showing the differences between the LIVE policy and restored policy.

", + "StartOrganizationServiceAccessUpdate": null, "StartRouteAnalysis": "

Starts analyzing the routing path between the specified source and destination. For more information, see Route Analyzer.

", "TagResource": "

Tags a specified resource.

", "UntagResource": "

Removes tags from a specified resource.

", @@ -116,6 +118,30 @@ "refs": { } }, + "AccountId": { + "base": null, + "refs": { + "AccountStatus$AccountId": null + } + }, + "AccountStatus": { + "base": null, + "refs": { + "AccountStatusList$member": null + } + }, + "AccountStatusList": { + "base": null, + "refs": { + "OrganizationStatus$AccountStatusList": null + } + }, + "Action": { + "base": null, + "refs": { + "StartOrganizationServiceAccessUpdateRequest$Action": null + } + }, "AssociateConnectPeerRequest": { "base": null, "refs": { @@ -1385,7 +1411,7 @@ } }, "GlobalNetwork": { - "base": "

Describes a global network. This is a single private network acting as a high-level container for your network objects, including an Amazon Web Services-manged Core Network.

", + "base": "

Describes a global network. This is a single private network acting as a high-level container for your network objects, including an Amazon Web Services-managed Core Network.

", "refs": { "CreateGlobalNetworkResponse$GlobalNetwork": "

Information about the global network object.

", "DeleteGlobalNetworkResponse$GlobalNetwork": "

Information about the global network.

", @@ -1633,6 +1659,16 @@ "refs": { } }, + "ListOrganizationServiceAccessStatusRequest": { + "base": null, + "refs": { + } + }, + "ListOrganizationServiceAccessStatusResponse": { + "base": null, + "refs": { + } + }, "ListTagsForResourceRequest": { "base": null, "refs": { @@ -1685,7 +1721,8 @@ "ListAttachmentsRequest$MaxResults": "

The maximum number of results to return.

", "ListConnectPeersRequest$MaxResults": "

The maximum number of results to return.

", "ListCoreNetworkPolicyVersionsRequest$MaxResults": "

The maximum number of results to return.

", - "ListCoreNetworksRequest$MaxResults": "

The maximum number of results to return.

" + "ListCoreNetworksRequest$MaxResults": "

The maximum number of results to return.

", + "ListOrganizationServiceAccessStatusRequest$MaxResults": null } }, "NetworkResource": { @@ -1802,7 +1839,28 @@ "ListCoreNetworkPolicyVersionsRequest$NextToken": "

The token for the next page of results.

", "ListCoreNetworkPolicyVersionsResponse$NextToken": "

The token for the next page of results.

", "ListCoreNetworksRequest$NextToken": "

The token for the next page of results.

", - "ListCoreNetworksResponse$NextToken": "

The token for the next page of results.

" + "ListCoreNetworksResponse$NextToken": "

The token for the next page of results.

", + "ListOrganizationServiceAccessStatusRequest$NextToken": null, + "ListOrganizationServiceAccessStatusResponse$NextToken": null + } + }, + "OrganizationAwsServiceAccessStatus": { + "base": null, + "refs": { + "OrganizationStatus$OrganizationAwsServiceAccessStatus": null + } + }, + "OrganizationId": { + "base": null, + "refs": { + "OrganizationStatus$OrganizationId": null + } + }, + "OrganizationStatus": { + "base": null, + "refs": { + "ListOrganizationServiceAccessStatusResponse$OrganizationStatus": null, + "StartOrganizationServiceAccessUpdateResponse$OrganizationStatus": null } }, "PathComponent": { @@ -2039,6 +2097,13 @@ "GetNetworkRoutesRequest$Types": "

The route types.

" } }, + "SLRDeploymentStatus": { + "base": null, + "refs": { + "AccountStatus$SLRDeploymentStatus": null, + "OrganizationStatus$SLRDeploymentStatus": null + } + }, "ServerSideString": { "base": null, "refs": { @@ -2126,6 +2191,16 @@ "GetSiteToSiteVpnAttachmentResponse$SiteToSiteVpnAttachment": "

Describes the site-to-site attachment.

" } }, + "StartOrganizationServiceAccessUpdateRequest": { + "base": null, + "refs": { + } + }, + "StartOrganizationServiceAccessUpdateResponse": { + "base": null, + "refs": { + } + }, "StartRouteAnalysisRequest": { "base": null, "refs": { diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index c4a2e961d95..98205ab2373 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -4834,12 +4834,50 @@ }, "email" : { "endpoints" : { + "af-south-1" : { }, + "ap-northeast-1" : { }, + "ap-northeast-2" : { }, + "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ca-central-1" : { }, "eu-central-1" : { }, + "eu-north-1" : { }, + "eu-south-1" : { }, "eu-west-1" : { }, - "us-east-1" : { }, - "us-west-2" : { } + "eu-west-2" : { }, + "eu-west-3" : { }, + "fips-us-east-1" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "deprecated" : true, + "hostname" : "email-fips.us-east-1.amazonaws.com" + }, + "fips-us-west-2" : { + "credentialScope" : { + "region" : "us-west-2" + }, + "deprecated" : true, + "hostname" : "email-fips.us-west-2.amazonaws.com" + }, + "me-south-1" : { }, + "sa-east-1" : { }, + "us-east-1" : { + "variants" : [ { + "hostname" : "email-fips.us-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-east-2" : { }, + "us-west-1" : { }, + "us-west-2" : { + "variants" : [ { + "hostname" : "email-fips.us-west-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + } } }, "emr-containers" : { diff --git a/service/cognitoidentityprovider/api.go b/service/cognitoidentityprovider/api.go index 866d99defcd..46ab5024c97 100644 --- a/service/cognitoidentityprovider/api.go +++ b/service/cognitoidentityprovider/api.go @@ -749,13 +749,13 @@ func (c *CognitoIdentityProvider) AdminDisableProviderForUserRequest(input *Admi // AdminDisableProviderForUser API operation for Amazon Cognito Identity Provider. // // Prevents the user from signing in with the specified external (SAML or social) -// identity provider. If the user that you want to deactivate is a Amazon Cognito -// user pools native username + password user, they can't use their password -// to sign in. If the user to deactivate is a linked external identity provider -// (IdP) user, any link between that user and an existing user is removed. When -// the external user signs in again, and the user is no longer attached to the -// previously linked DestinationUser, the user must create a new user account. -// See AdminLinkProviderForUser (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html). +// identity provider (IdP). If the user that you want to deactivate is a Amazon +// Cognito user pools native username + password user, they can't use their +// password to sign in. If the user to deactivate is a linked external IdP user, +// any link between that user and an existing user is removed. When the external +// user signs in again, and the user is no longer attached to the previously +// linked DestinationUser, the user must create a new user account. See AdminLinkProviderForUser +// (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminLinkProviderForUser.html). // // This action is enabled only for admin access and requires developer credentials. // @@ -766,9 +766,9 @@ func (c *CognitoIdentityProvider) AdminDisableProviderForUserRequest(input *Admi // be Cognito and the ProviderAttributeName must be Cognito_Subject. The ProviderAttributeValue // must be the name that is used in the user pool for the user. // -// The ProviderAttributeName must always be Cognito_Subject for social identity -// providers. The ProviderAttributeValue must always be the exact subject that -// was used when the user was originally linked as a source user. +// The ProviderAttributeName must always be Cognito_Subject for social IdPs. +// The ProviderAttributeValue must always be the exact subject that was used +// when the user was originally linked as a source user. // // For de-linking a SAML identity, there are two scenarios. If the linked identity // has not yet been used to sign in, the ProviderAttributeName and ProviderAttributeValue @@ -807,9 +807,10 @@ func (c *CognitoIdentityProvider) AdminDisableProviderForUserRequest(input *Admi // // * AliasExistsException // This exception is thrown when a user tries to confirm the account with an -// email or phone number that has already been supplied as an alias from a different -// account. This exception tells user that an account with this email or phone -// already exists. +// email address or phone number that has already been supplied as an alias +// from a different account. This exception indicates that an account with this +// email address or phone already exists in a user pool that you've configured +// to use email address or phone number as a sign-in alias. // // * InternalErrorException // This exception is thrown when Amazon Cognito encounters an internal error. @@ -1536,22 +1537,22 @@ func (c *CognitoIdentityProvider) AdminLinkProviderForUserRequest(input *AdminLi // AdminLinkProviderForUser API operation for Amazon Cognito Identity Provider. // // Links an existing user account in a user pool (DestinationUser) to an identity -// from an external identity provider (SourceUser) based on a specified attribute -// name and value from the external identity provider. This allows you to create -// a link from the existing user account to an external federated user identity -// that has not yet been used to sign in. You can then use the federated user -// identity to sign in as the existing user account. +// from an external IdP (SourceUser) based on a specified attribute name and +// value from the external IdP. This allows you to create a link from the existing +// user account to an external federated user identity that has not yet been +// used to sign in. You can then use the federated user identity to sign in +// as the existing user account. // // For example, if there is an existing user with a username and password, this // API links that user to a federated user identity. When the user signs in // with a federated user identity, they sign in as the existing user account. // -// The maximum number of federated identities linked to a user is 5. +// The maximum number of federated identities linked to a user is five. // // Because this API allows a user with an external federated identity to sign // in as an existing user in the user pool, it is critical that it only be used -// with external identity providers and provider attributes that have been trusted -// by the application owner. +// with external IdPs and provider attributes that have been trusted by the +// application owner. // // This action is administrative and requires developer credentials. // @@ -1583,9 +1584,10 @@ func (c *CognitoIdentityProvider) AdminLinkProviderForUserRequest(input *AdminLi // // * AliasExistsException // This exception is thrown when a user tries to confirm the account with an -// email or phone number that has already been supplied as an alias from a different -// account. This exception tells user that an account with this email or phone -// already exists. +// email address or phone number that has already been supplied as an alias +// from a different account. This exception indicates that an account with this +// email address or phone already exists in a user pool that you've configured +// to use email address or phone number as a sign-in alias. // // * LimitExceededException // This exception is thrown when a user exceeds the limit for a requested Amazon @@ -2423,9 +2425,10 @@ func (c *CognitoIdentityProvider) AdminRespondToAuthChallengeRequest(input *Admi // // * AliasExistsException // This exception is thrown when a user tries to confirm the account with an -// email or phone number that has already been supplied as an alias from a different -// account. This exception tells user that an account with this email or phone -// already exists. +// email address or phone number that has already been supplied as an alias +// from a different account. This exception indicates that an account with this +// email address or phone already exists in a user pool that you've configured +// to use email address or phone number as a sign-in alias. // // * PasswordResetRequiredException // This exception is thrown when a password reset is required. @@ -3086,9 +3089,10 @@ func (c *CognitoIdentityProvider) AdminUpdateUserAttributesRequest(input *AdminU // // * AliasExistsException // This exception is thrown when a user tries to confirm the account with an -// email or phone number that has already been supplied as an alias from a different -// account. This exception tells user that an account with this email or phone -// already exists. +// email address or phone number that has already been supplied as an alias +// from a different account. This exception indicates that an account with this +// email address or phone already exists in a user pool that you've configured +// to use email address or phone number as a sign-in alias. // // * TooManyRequestsException // This exception is thrown when the user has made too many requests for a given @@ -3184,10 +3188,12 @@ func (c *CognitoIdentityProvider) AdminUserGlobalSignOutRequest(input *AdminUser // AdminUserGlobalSignOut API operation for Amazon Cognito Identity Provider. // -// Signs out users from all devices, as an administrator. It also invalidates -// all refresh tokens issued to a user. The user's current access and Id tokens -// remain valid until their expiry. Access and Id tokens expire one hour after -// they're issued. +// Signs out a user from all devices. You must sign AdminUserGlobalSignOut requests +// with Amazon Web Services credentials. It also invalidates all refresh tokens +// that Amazon Cognito has issued to a user. The user's current access and ID +// tokens remain valid until they expire. By default, access and ID tokens expire +// one hour after they're issued. A user can still use a hosted UI cookie to +// retrieve new tokens for the duration of the cookie validity period of 1 hour. // // Calling this action requires developer credentials. // @@ -3755,8 +3761,7 @@ func (c *CognitoIdentityProvider) ConfirmSignUpRequest(input *ConfirmSignUpInput // ConfirmSignUp API operation for Amazon Cognito Identity Provider. // -// Confirms registration of a user and handles the existing alias from a previous -// user. +// Confirms registration of a new user. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3802,9 +3807,10 @@ func (c *CognitoIdentityProvider) ConfirmSignUpRequest(input *ConfirmSignUpInput // // * AliasExistsException // This exception is thrown when a user tries to confirm the account with an -// email or phone number that has already been supplied as an alias from a different -// account. This exception tells user that an account with this email or phone -// already exists. +// email address or phone number that has already been supplied as an alias +// from a different account. This exception indicates that an account with this +// email address or phone already exists in a user pool that you've configured +// to use email address or phone number as a sign-in alias. // // * TooManyRequestsException // This exception is thrown when the user has made too many requests for a given @@ -3990,7 +3996,7 @@ func (c *CognitoIdentityProvider) CreateIdentityProviderRequest(input *CreateIde // CreateIdentityProvider API operation for Amazon Cognito Identity Provider. // -// Creates an identity provider for a user pool. +// Creates an IdP for a user pool. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4720,7 +4726,7 @@ func (c *CognitoIdentityProvider) DeleteIdentityProviderRequest(input *DeleteIde // DeleteIdentityProvider API operation for Amazon Cognito Identity Provider. // -// Deletes an identity provider for a user pool. +// Deletes an IdP for a user pool. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5407,7 +5413,7 @@ func (c *CognitoIdentityProvider) DescribeIdentityProviderRequest(input *Describ // DescribeIdentityProvider API operation for Amazon Cognito Identity Provider. // -// Gets information about a specific identity provider. +// Gets information about a specific IdP. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6630,7 +6636,7 @@ func (c *CognitoIdentityProvider) GetIdentityProviderByIdentifierRequest(input * // GetIdentityProviderByIdentifier API operation for Amazon Cognito Identity Provider. // -// Gets the specified identity provider. +// Gets the specified IdP. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7014,7 +7020,9 @@ func (c *CognitoIdentityProvider) GetUserAttributeVerificationCodeRequest(input // GetUserAttributeVerificationCode API operation for Amazon Cognito Identity Provider. // -// Gets the user attribute verification code for the specified attribute name. +// Generates a user attribute verification code for the specified attribute +// name. Sends a message to a user with a code that they must return in a VerifyUserAttribute +// request. // // This action might generate an SMS text message. Starting June 1, 2021, US // telecom carriers require you to register an origination phone number before @@ -7264,8 +7272,11 @@ func (c *CognitoIdentityProvider) GlobalSignOutRequest(input *GlobalSignOutInput // GlobalSignOut API operation for Amazon Cognito Identity Provider. // // Signs out users from all devices. It also invalidates all refresh tokens -// issued to a user. The user's current access and ID tokens remain valid until -// their expiry. Access and Id tokens expire one hour after they're issued. +// that Amazon Cognito has issued to a user. The user's current access and ID +// tokens remain valid until their expiry. By default, access and ID tokens +// expire one hour after Amazon Cognito issues them. A user can still use a +// hosted UI cookie to retrieve new tokens for the duration of the cookie validity +// period of 1 hour. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7366,7 +7377,9 @@ func (c *CognitoIdentityProvider) InitiateAuthRequest(input *InitiateAuthInput) // InitiateAuth API operation for Amazon Cognito Identity Provider. // -// Initiates the authentication flow. +// Initiates sign-in for a user in the Amazon Cognito user directory. You can't +// sign in a user with a federated IdP with InitiateAuth. For more information, +// see Adding user pool sign-in through a third party (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html). // // This action might generate an SMS text message. Starting June 1, 2021, US // telecom carriers require you to register an origination phone number before @@ -7512,7 +7525,8 @@ func (c *CognitoIdentityProvider) ListDevicesRequest(input *ListDevicesInput) (r // ListDevices API operation for Amazon Cognito Identity Provider. // -// Lists the devices. +// Lists the sign-in devices that Amazon Cognito has registered to the current +// user. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7778,7 +7792,7 @@ func (c *CognitoIdentityProvider) ListIdentityProvidersRequest(input *ListIdenti // ListIdentityProviders API operation for Amazon Cognito Identity Provider. // -// Lists information about all identity providers for a user pool. +// Lists information about all IdPs for a user pool. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9120,9 +9134,10 @@ func (c *CognitoIdentityProvider) RespondToAuthChallengeRequest(input *RespondTo // // * AliasExistsException // This exception is thrown when a user tries to confirm the account with an -// email or phone number that has already been supplied as an alias from a different -// account. This exception tells user that an account with this email or phone -// already exists. +// email address or phone number that has already been supplied as an alias +// from a different account. This exception indicates that an account with this +// email address or phone already exists in a user pool that you've configured +// to use email address or phone number as a sign-in alias. // // * InternalErrorException // This exception is thrown when Amazon Cognito encounters an internal error. @@ -10704,7 +10719,7 @@ func (c *CognitoIdentityProvider) UpdateIdentityProviderRequest(input *UpdateIde // UpdateIdentityProvider API operation for Amazon Cognito Identity Provider. // -// Updates identity provider information for a user pool. +// Updates IdP information for a user pool. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -10962,9 +10977,10 @@ func (c *CognitoIdentityProvider) UpdateUserAttributesRequest(input *UpdateUserA // // * AliasExistsException // This exception is thrown when a user tries to confirm the account with an -// email or phone number that has already been supplied as an alias from a different -// account. This exception tells user that an account with this email or phone -// already exists. +// email address or phone number that has already been supplied as an alias +// from a different account. This exception indicates that an account with this +// email address or phone already exists in a user pool that you've configured +// to use email address or phone number as a sign-in alias. // // * InvalidSmsRoleAccessPolicyException // This exception is returned when the role provided for SMS configuration doesn't @@ -11561,6 +11577,11 @@ func (c *CognitoIdentityProvider) VerifyUserAttributeRequest(input *VerifyUserAt // // Verifies the specified user attributes in the user pool. // +// If your user pool requires verification before Amazon Cognito updates the +// attribute value, VerifyUserAttribute updates the affected attribute to its +// pending value. For more information, see UserAttributeUpdateSettingsType +// (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UserAttributeUpdateSettingsType.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -11607,6 +11628,13 @@ func (c *CognitoIdentityProvider) VerifyUserAttributeRequest(input *VerifyUserAt // * InternalErrorException // This exception is thrown when Amazon Cognito encounters an internal error. // +// * AliasExistsException +// This exception is thrown when a user tries to confirm the account with an +// email address or phone number that has already been supplied as an alias +// from a different account. This exception indicates that an account with this +// email address or phone already exists in a user pool that you've configured +// to use email address or phone number as a sign-in alias. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/VerifyUserAttribute func (c *CognitoIdentityProvider) VerifyUserAttribute(input *VerifyUserAttributeInput) (*VerifyUserAttributeOutput, error) { req, out := c.VerifyUserAttributeRequest(input) @@ -11689,7 +11717,7 @@ type AccountTakeoverActionType struct { _ struct{} `type:"structure"` // The action to take in response to the account takeover action. Valid values - // are: + // are as follows: // // * BLOCK Choosing this action will block the request. // @@ -12250,10 +12278,10 @@ type AdminCreateUserConfigType struct { // See also Customizing User Invitation Messages (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization). InviteMessageTemplate *MessageTemplateType `type:"structure"` - // The user account expiration limit, in days, after which the account is no - // longer usable. To reset the account after that time limit, you must call - // AdminCreateUser again, specifying "RESEND" for the MessageAction parameter. - // The default value for this parameter is 7. + // The user account expiration limit, in days, after which a new account that + // hasn't signed in is no longer usable. To reset the account after that time + // limit, you must call AdminCreateUser again, specifying "RESEND" for the MessageAction + // parameter. The default value for this parameter is 7. // // If you set a value for TemporaryPasswordValidityDays in PasswordPolicy, that // value will be used, and UnusedAccountValidityDays will be no longer be an @@ -13784,8 +13812,16 @@ type AdminInitiateAuthOutput struct { // and PASSWORD directly. An app client must be enabled to use this flow. // // * NEW_PASSWORD_REQUIRED: For users who are required to change their passwords - // after successful first login. This challenge should be passed with NEW_PASSWORD - // and any other required attributes. + // after successful first login. Respond to this challenge with NEW_PASSWORD + // and any required attributes that Amazon Cognito returned in the requiredAttributes + // parameter. You can also set values for attributes that aren't required + // by your user pool and that your app client can write. For more information, + // see AdminRespondToAuthChallenge (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminRespondToAuthChallenge.html). + // In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required + // attribute that already has a value. In AdminRespondToAuthChallenge, set + // a value for any keys that Amazon Cognito returned in the requiredAttributes + // parameter, then use the AdminUpdateUserAttributes API operation to modify + // the value of any additional attributes. // // * MFA_SETUP: For users who are required to set up an MFA factor before // they can sign in. The MFA types activated for the user pool will be listed @@ -13864,11 +13900,11 @@ type AdminLinkProviderForUserInput struct { _ struct{} `type:"structure"` // The existing user in the user pool that you want to assign to the external - // identity provider user account. This user can be a native (Username + Password) - // Amazon Cognito user pools user or a federated user (for example, a SAML or - // Facebook user). If the user doesn't exist, Amazon Cognito generates an exception. - // Amazon Cognito returns this user when the new user (with the linked identity - // provider attribute) signs in. + // IdP user account. This user can be a native (Username + Password) Amazon + // Cognito user pools user or a federated user (for example, a SAML or Facebook + // user). If the user doesn't exist, Amazon Cognito generates an exception. + // Amazon Cognito returns this user when the new user (with the linked IdP attribute) + // signs in. // // For a native username + password user, the ProviderAttributeValue for the // DestinationUser should be the username in the user pool. For a federated @@ -13884,26 +13920,24 @@ type AdminLinkProviderForUserInput struct { // DestinationUser is a required field DestinationUser *ProviderUserIdentifierType `type:"structure" required:"true"` - // An external identity provider account for a user who doesn't exist yet in - // the user pool. This user must be a federated user (for example, a SAML or - // Facebook user), not another native user. + // An external IdP account for a user who doesn't exist yet in the user pool. + // This user must be a federated user (for example, a SAML or Facebook user), + // not another native user. // - // If the SourceUser is using a federated social identity provider, such as - // Facebook, Google, or Login with Amazon, you must set the ProviderAttributeName - // to Cognito_Subject. For social identity providers, the ProviderName will - // be Facebook, Google, or LoginWithAmazon, and Amazon Cognito will automatically - // parse the Facebook, Google, and Login with Amazon tokens for id, sub, and - // user_id, respectively. The ProviderAttributeValue for the user must be the - // same value as the id, sub, or user_id value found in the social identity - // provider token. + // If the SourceUser is using a federated social IdP, such as Facebook, Google, + // or Login with Amazon, you must set the ProviderAttributeName to Cognito_Subject. + // For social IdPs, the ProviderName will be Facebook, Google, or LoginWithAmazon, + // and Amazon Cognito will automatically parse the Facebook, Google, and Login + // with Amazon tokens for id, sub, and user_id, respectively. The ProviderAttributeValue + // for the user must be the same value as the id, sub, or user_id value found + // in the social IdP token. // // For SAML, the ProviderAttributeName can be any value that matches a claim // in the SAML assertion. If you want to link SAML users based on the subject // of the SAML assertion, you should map the subject to a claim through the - // SAML identity provider and submit that claim name as the ProviderAttributeName. - // If you set ProviderAttributeName to Cognito_Subject, Amazon Cognito will - // automatically parse the default unique identifier found in the subject from - // the SAML token. + // SAML IdP and submit that claim name as the ProviderAttributeName. If you + // set ProviderAttributeName to Cognito_Subject, Amazon Cognito will automatically + // parse the default unique identifier found in the subject from the SAML token. // // SourceUser is a required field SourceUser *ProviderUserIdentifierType `type:"structure" required:"true"` @@ -14666,8 +14700,16 @@ type AdminRespondToAuthChallengeInput struct { // * ADMIN_NO_SRP_AUTH: PASSWORD, USERNAME, SECRET_HASH (if app client is // configured with client secret). // - // * NEW_PASSWORD_REQUIRED: NEW_PASSWORD, any other required attributes, - // USERNAME, SECRET_HASH (if app client is configured with client secret). + // * NEW_PASSWORD_REQUIRED: NEW_PASSWORD, USERNAME, SECRET_HASH (if app client + // is configured with client secret). To set any required attributes that + // Amazon Cognito returned as requiredAttributes in the AdminInitiateAuth + // response, add a userAttributes.attributename parameter. This parameter + // can also set values for writable attributes that aren't required by your + // user pool. In a NEW_PASSWORD_REQUIRED challenge response, you can't modify + // a required attribute that already has a value. In AdminRespondToAuthChallenge, + // set a value for any keys that Amazon Cognito returned in the requiredAttributes + // parameter, then use the AdminUpdateUserAttributes API operation to modify + // the value of any additional attributes. // // * MFA_SETUP requires USERNAME, plus you must use the session value returned // by VerifySoftwareToken in the Session parameter. @@ -15547,6 +15589,19 @@ type AdminUpdateUserAttributesInput struct { // For custom attributes, you must prepend the custom: prefix to the attribute // name. // + // If your user pool requires verification before Amazon Cognito updates an + // attribute value that you specify in this request, Amazon Cognito doesn’t + // immediately update the value of that attribute. After your user receives + // and responds to a verification message to verify the new value, Amazon Cognito + // updates the attribute value. Your user can sign in and receive messages with + // the original attribute value until they verify the new value. + // + // To update the value of an attribute that requires verification in the same + // API request, include the email_verified or phone_number_verified attribute, + // with a value of true. If you set the email_verified or phone_number_verified + // value for an email or phone_number attribute that requires verification to + // true, Amazon Cognito doesn’t send a verification message to your user. + // // UserAttributes is a required field UserAttributes []*AttributeType `type:"list" required:"true"` @@ -15761,9 +15816,10 @@ func (s AdminUserGlobalSignOutOutput) GoString() string { } // This exception is thrown when a user tries to confirm the account with an -// email or phone number that has already been supplied as an alias from a different -// account. This exception tells user that an account with this email or phone -// already exists. +// email address or phone number that has already been supplied as an alias +// from a different account. This exception indicates that an account with this +// email address or phone already exists in a user pool that you've configured +// to use email address or phone number as a sign-in alias. type AliasExistsException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -15828,8 +15884,8 @@ func (s *AliasExistsException) RequestID() string { return s.RespMetadata.RequestID } -// The Amazon Pinpoint analytics configuration for collecting metrics for a -// user pool. +// The Amazon Pinpoint analytics configuration necessary to collect metrics +// for a user pool. // // In Regions where Amazon Pinpointisn't available, user pools only support // sending events to Amazon Pinpoint projects in us-east-1. In Regions where @@ -15840,8 +15896,8 @@ type AnalyticsConfigurationType struct { // The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You can use // the Amazon Pinpoint project to integrate with the chosen user pool Client. - // Amazon Cognito publishes events to the Amazon Pinpointproject declared by - // the app ARN. + // Amazon Cognito publishes events to the Amazon Pinpoint project that the app + // ARN declares. ApplicationArn *string `min:"20" type:"string"` // The application ID for an Amazon Pinpoint application. @@ -15854,8 +15910,8 @@ type AnalyticsConfigurationType struct { // Cognito to publish events to Amazon Pinpoint analytics. RoleArn *string `min:"20" type:"string"` - // If UserDataShared is true, Amazon Cognito will include user data in the events - // it publishes to Amazon Pinpoint analytics. + // If UserDataShared is true, Amazon Cognito includes user data in the events + // that it publishes to Amazon Pinpoint analytics. UserDataShared *bool `type:"boolean"` } @@ -15926,11 +15982,10 @@ func (s *AnalyticsConfigurationType) SetUserDataShared(v bool) *AnalyticsConfigu // An Amazon Pinpoint analytics endpoint. // // An endpoint uniquely identifies a mobile device, email address, or phone -// number that can receive messages from Amazon Pinpoint analytics. -// -// Amazon Cognito user pools only support sending events to Amazon Pinpoint -// projects in the US East (N. Virginia) us-east-1 Region, regardless of the -// Region where the user pool resides. +// number that can receive messages from Amazon Pinpoint analytics. For more +// information about Amazon Web Services Regions that can contain Amazon Pinpoint +// resources for use with Amazon Cognito user pools, see Using Amazon Pinpoint +// analytics with Amazon Cognito user pools (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html). type AnalyticsMetadataType struct { _ struct{} `type:"structure"` @@ -15965,7 +16020,8 @@ func (s *AnalyticsMetadataType) SetAnalyticsEndpointId(v string) *AnalyticsMetad type AssociateSoftwareTokenInput struct { _ struct{} `type:"structure"` - // The access token. + // A valid access token that Amazon Cognito issued to the user whose software + // token you want to generate. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by AssociateSoftwareTokenInput's @@ -16233,7 +16289,8 @@ func (s *AuthEventType) SetEventType(v string) *AuthEventType { type AuthenticationResultType struct { _ struct{} `type:"structure"` - // The access token. + // A valid access token that Amazon Cognito issued to the user who you want + // to authenticate. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by AuthenticationResultType's @@ -16363,7 +16420,8 @@ func (s *ChallengeResponseType) SetChallengeResponse(v string) *ChallengeRespons type ChangePasswordInput struct { _ struct{} `type:"structure"` - // The access token. + // A valid access token that Amazon Cognito issued to the user whose password + // you want to change. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by ChangePasswordInput's @@ -16469,17 +16527,19 @@ func (s ChangePasswordOutput) GoString() string { return s.String() } -// The code delivery details being returned from the server. +// The delivery details for an email or SMS message that Amazon Cognito sent +// for authentication or verification. type CodeDeliveryDetailsType struct { _ struct{} `type:"structure"` - // The attribute name. + // The name of the attribute that Amazon Cognito verifies with the code. AttributeName *string `min:"1" type:"string"` - // The delivery medium (email message or phone number). + // The method that Amazon Cognito used to send the code. DeliveryMedium *string `type:"string" enum:"DeliveryMediumType"` - // The destination for the code delivery details. + // The email address or phone number destination where Amazon Cognito sent the + // code. Destination *string `type:"string"` } @@ -16828,7 +16888,8 @@ func (s *ConcurrentModificationException) RequestID() string { type ConfirmDeviceInput struct { _ struct{} `type:"structure"` - // The access token. + // A valid access token that Amazon Cognito issued to the user whose device + // you want to confirm. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by ConfirmDeviceInput's @@ -17472,7 +17533,7 @@ type CreateGroupInput struct { // A non-negative integer value that specifies the precedence of this group // relative to the other groups that a user can belong to in the user pool. // Zero is the highest precedence value. Groups with lower Precedence values - // take precedence over groups with higher ornull Precedence values. If a user + // take precedence over groups with higher or null Precedence values. If a user // belongs to two or more groups, it is the group with the lowest precedence // value whose role ARN is given in the user's tokens for the cognito:roles // and cognito:preferred_role claims. @@ -17483,7 +17544,7 @@ type CreateGroupInput struct { // in tokens for users in each group. If the two groups have different role // ARNs, the cognito:preferred_role claim isn't set in users' tokens. // - // The default Precedence value is null. + // The default Precedence value is null. The maximum Precedence value is 2^31-1. Precedence *int64 `type:"integer"` // The role Amazon Resource Name (ARN) for the group. @@ -17602,15 +17663,14 @@ func (s *CreateGroupOutput) SetGroup(v *GroupType) *CreateGroupOutput { type CreateIdentityProviderInput struct { _ struct{} `type:"structure"` - // A mapping of identity provider attributes to standard and custom user pool - // attributes. + // A mapping of IdP attributes to standard and custom user pool attributes. AttributeMapping map[string]*string `type:"map"` - // A list of identity provider identifiers. + // A list of IdP identifiers. IdpIdentifiers []*string `type:"list"` - // The identity provider details. The following list describes the provider - // detail keys for each identity provider type. + // The IdP details. The following list describes the provider detail keys for + // each IdP type. // // * For Google and Login with Amazon: client_id client_secret authorize_scopes // @@ -17619,24 +17679,22 @@ type CreateIdentityProviderInput struct { // * For Sign in with Apple: client_id team_id key_id private_key authorize_scopes // // * For OpenID Connect (OIDC) providers: client_id client_secret attributes_request_method - // oidc_issuer authorize_scopes authorize_url if not available from discovery - // URL specified by oidc_issuer key token_url if not available from discovery - // URL specified by oidc_issuer key attributes_url if not available from - // discovery URL specified by oidc_issuer key jwks_uri if not available from - // discovery URL specified by oidc_issuer key attributes_url_add_attributes - // a read-only property that is set automatically + // oidc_issuer authorize_scopes The following keys are only present if Amazon + // Cognito didn't discover them at the oidc_issuer URL. authorize_url token_url + // attributes_url jwks_uri Amazon Cognito sets the value of the following + // keys automatically. They are read-only. attributes_url_add_attributes // - // * For SAML providers: MetadataFile OR MetadataURL IDPSignout (optional) + // * For SAML providers: MetadataFile or MetadataURL IDPSignout optional // // ProviderDetails is a required field ProviderDetails map[string]*string `type:"map" required:"true"` - // The identity provider name. + // The IdP name. // // ProviderName is a required field - ProviderName *string `min:"1" type:"string" required:"true"` + ProviderName *string `min:"3" type:"string" required:"true"` - // The identity provider type. + // The IdP type. // // ProviderType is a required field ProviderType *string `type:"string" required:"true" enum:"IdentityProviderTypeType"` @@ -17674,8 +17732,8 @@ func (s *CreateIdentityProviderInput) Validate() error { if s.ProviderName == nil { invalidParams.Add(request.NewErrParamRequired("ProviderName")) } - if s.ProviderName != nil && len(*s.ProviderName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("ProviderName", 1)) + if s.ProviderName != nil && len(*s.ProviderName) < 3 { + invalidParams.Add(request.NewErrParamMinLen("ProviderName", 3)) } if s.ProviderType == nil { invalidParams.Add(request.NewErrParamRequired("ProviderType")) @@ -17732,7 +17790,7 @@ func (s *CreateIdentityProviderInput) SetUserPoolId(v string) *CreateIdentityPro type CreateIdentityProviderOutput struct { _ struct{} `type:"structure"` - // The newly created identity provider object. + // The newly created IdP object. // // IdentityProvider is a required field IdentityProvider *IdentityProviderType `type:"structure" required:"true"` @@ -18020,31 +18078,41 @@ func (s *CreateUserImportJobOutput) SetUserImportJob(v *UserImportJobType) *Crea type CreateUserPoolClientInput struct { _ struct{} `type:"structure"` - // The time limit, between 5 minutes and 1 day, after which the access token - // is no longer valid and can't be used. If you supply a TokenValidityUnits - // value, you will override the default time unit. + // The access token time limit. After this limit expires, your user can't use + // their access token. To specify the time unit for AccessTokenValidity as seconds, + // minutes, hours, or days, set a TokenValidityUnits value in your API request. + // + // For example, when you set AccessTokenValidity to 10 and TokenValidityUnits + // to hours, your user can authorize access with their access token for 10 hours. + // + // The default time unit for AccessTokenValidity in an API request is hours. + // Valid range is displayed below in seconds. AccessTokenValidity *int64 `min:"1" type:"integer"` // The allowed OAuth flows. // - // Set to code to initiate a code grant flow, which provides an authorization - // code as the response. This code can be exchanged for access tokens with the - // token endpoint. + // code + // + // Use a code grant flow, which provides an authorization code as the response. + // This code can be exchanged for access tokens with the /oauth2/token endpoint. // - // Set to implicit to specify that the client should get the access token (and, - // optionally, ID token, based on scopes) directly. + // implicit // - // Set to client_credentials to specify that the client should get the access - // token (and, optionally, ID token, based on scopes) from the token endpoint - // using a combination of client and client_secret. + // Issue the access token (and, optionally, ID token, based on scopes) directly + // to your user. + // + // client_credentials + // + // Issue the access token from the /oauth2/token endpoint directly to a non-person + // user using a combination of the client ID and client secret. AllowedOAuthFlows []*string `type:"list" enum:"OAuthFlowType"` // Set to true if the client is allowed to follow the OAuth protocol when interacting // with Amazon Cognito user pools. AllowedOAuthFlowsUserPoolClient *bool `type:"boolean"` - // The allowed OAuth scopes. Possible values provided by OAuth are: phone, email, - // openid, and profile. Possible values provided by Amazon Web Services are: + // The allowed OAuth scopes. Possible values provided by OAuth are phone, email, + // openid, and profile. Possible values provided by Amazon Web Services are // aws.cognito.signin.user.admin. Custom scopes created in Resource Servers // are also supported. AllowedOAuthScopes []*string `type:"list"` @@ -18059,7 +18127,7 @@ type CreateUserPoolClientInput struct { // same Region. AnalyticsConfiguration *AnalyticsConfigurationType `type:"structure"` - // A list of allowed redirect (callback) URLs for the identity providers. + // A list of allowed redirect (callback) URLs for the IdPs. // // A redirect URI must: // @@ -18130,18 +18198,28 @@ type CreateUserPoolClientInput struct { // * ALLOW_USER_SRP_AUTH: Enable SRP-based authentication. // // * ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens. + // + // If you don't specify a value for ExplicitAuthFlows, your app client activates + // the ALLOW_USER_SRP_AUTH and ALLOW_CUSTOM_AUTH authentication flows. ExplicitAuthFlows []*string `type:"list" enum:"ExplicitAuthFlowsType"` // Boolean to specify whether you want to generate a secret for the user pool // client being created. GenerateSecret *bool `type:"boolean"` - // The time limit, between 5 minutes and 1 day, after which the access token - // is no longer valid and can't be used. If you supply a TokenValidityUnits - // value, you will override the default time unit. + // The ID token time limit. After this limit expires, your user can't use their + // ID token. To specify the time unit for IdTokenValidity as seconds, minutes, + // hours, or days, set a TokenValidityUnits value in your API request. + // + // For example, when you set IdTokenValidity as 10 and TokenValidityUnits as + // hours, your user can authenticate their session with their ID token for 10 + // hours. + // + // The default time unit for AccessTokenValidity in an API request is hours. + // Valid range is displayed below in seconds. IdTokenValidity *int64 `min:"1" type:"integer"` - // A list of allowed logout URLs for the identity providers. + // A list of allowed logout URLs for the IdPs. LogoutURLs []*string `type:"list"` // Errors and responses that you want Amazon Cognito APIs to return during authentication, @@ -18164,16 +18242,28 @@ type CreateUserPoolClientInput struct { // The read attributes. ReadAttributes []*string `type:"list"` - // The time limit, in days, after which the refresh token is no longer valid - // and can't be used. + // The refresh token time limit. After this limit expires, your user can't use + // their refresh token. To specify the time unit for RefreshTokenValidity as + // seconds, minutes, hours, or days, set a TokenValidityUnits value in your + // API request. + // + // For example, when you set RefreshTokenValidity as 10 and TokenValidityUnits + // as days, your user can refresh their session and retrieve new access and + // ID tokens for 10 days. + // + // The default time unit for RefreshTokenValidity in an API request is days. + // You can't set RefreshTokenValidity to 0. If you do, Amazon Cognito overrides + // the value with the default value of 30 days. Valid range is displayed below + // in seconds. RefreshTokenValidity *int64 `type:"integer"` - // A list of provider names for the identity providers that are supported on - // this client. The following are supported: COGNITO, Facebook, Google and LoginWithAmazon. + // A list of provider names for the IdPs that this client supports. The following + // are supported: COGNITO, Facebook, Google LoginWithAmazon, and the names of + // your own SAML and OIDC providers. SupportedIdentityProviders []*string `type:"list"` - // The units in which the validity times are represented. Default for RefreshToken - // is days, and default for ID and access tokens are hours. + // The units in which the validity times are represented. The default unit for + // RefreshToken is days, and default for ID and access tokens are hours. TokenValidityUnits *TokenValidityUnitsType `type:"structure"` // The user pool ID for the user pool where you want to create a user pool client. @@ -18183,13 +18273,13 @@ type CreateUserPoolClientInput struct { // The user pool attributes that the app client can write to. // - // If your app client allows users to sign in through an identity provider, - // this array must include all attributes that you have mapped to identity provider - // attributes. Amazon Cognito updates mapped attributes when users sign in to - // your application through an identity provider. If your app client does not - // have write access to a mapped attribute, Amazon Cognito throws an error when - // it tries to update the attribute. For more information, see Specifying Identity - // Provider Attribute Mappings for Your user pool (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html). + // If your app client allows users to sign in through an IdP, this array must + // include all attributes that you have mapped to IdP attributes. Amazon Cognito + // updates mapped attributes when users sign in to your application through + // an IdP. If your app client does not have write access to a mapped attribute, + // Amazon Cognito throws an error when it tries to update the attribute. For + // more information, see Specifying IdP Attribute Mappings for Your user pool + // (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html). WriteAttributes []*string `type:"list"` } @@ -18603,6 +18693,9 @@ type CreateUserPoolInput struct { // A string representing the SMS verification message. SmsVerificationMessage *string `min:"6" type:"string"` + // The settings for updates to user attributes. + UserAttributeUpdateSettings *UserAttributeUpdateSettingsType `type:"structure"` + // Enables advanced security risk detection. Set the key AdvancedSecurityMode // to the value "AUDIT". UserPoolAddOns *UserPoolAddOnsType `type:"structure"` @@ -18827,6 +18920,12 @@ func (s *CreateUserPoolInput) SetSmsVerificationMessage(v string) *CreateUserPoo return s } +// SetUserAttributeUpdateSettings sets the UserAttributeUpdateSettings field's value. +func (s *CreateUserPoolInput) SetUserAttributeUpdateSettings(v *UserAttributeUpdateSettingsType) *CreateUserPoolInput { + s.UserAttributeUpdateSettings = v + return s +} + // SetUserPoolAddOns sets the UserPoolAddOns field's value. func (s *CreateUserPoolInput) SetUserPoolAddOns(v *UserPoolAddOnsType) *CreateUserPoolInput { s.UserPoolAddOns = v @@ -19167,7 +19266,7 @@ func (s DeleteGroupOutput) GoString() string { type DeleteIdentityProviderInput struct { _ struct{} `type:"structure"` - // The identity provider name. + // The IdP name. // // ProviderName is a required field ProviderName *string `min:"1" type:"string" required:"true"` @@ -19344,7 +19443,8 @@ func (s DeleteResourceServerOutput) GoString() string { type DeleteUserAttributesInput struct { _ struct{} `type:"structure"` - // The access token used in the request to delete user attributes. + // A valid access token that Amazon Cognito issued to the user whose attributes + // you want to delete. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by DeleteUserAttributesInput's @@ -19435,7 +19535,8 @@ func (s DeleteUserAttributesOutput) GoString() string { type DeleteUserInput struct { _ struct{} `type:"structure"` - // The access token from a request to delete a user. + // A valid access token that Amazon Cognito issued to the user whose user profile + // you want to delete. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by DeleteUserInput's @@ -19762,7 +19863,7 @@ func (s DeleteUserPoolOutput) GoString() string { type DescribeIdentityProviderInput struct { _ struct{} `type:"structure"` - // The identity provider name. + // The IdP name. // // ProviderName is a required field ProviderName *string `min:"1" type:"string" required:"true"` @@ -19828,7 +19929,7 @@ func (s *DescribeIdentityProviderInput) SetUserPoolId(v string) *DescribeIdentit type DescribeIdentityProviderOutput struct { _ struct{} `type:"structure"` - // The identity provider that was deleted. + // The IdP that was deleted. // // IdentityProvider is a required field IdentityProvider *IdentityProviderType `type:"structure" required:"true"` @@ -20481,7 +20582,7 @@ type DeviceSecretVerifierConfigType struct { // The password verifier. PasswordVerifier *string `type:"string"` - // The salt. + // The salt (https://en.wikipedia.org/wiki/Salt_(cryptography)) Salt *string `type:"string"` } @@ -20798,26 +20899,6 @@ type EmailConfigurationType struct { // the FROM address, provide the Amazon Resource Name (ARN) of an Amazon SES // verified email address for the SourceArn parameter. // - // If EmailSendingAccount is COGNITO_DEFAULT, you can't use the following parameters: - // - // * EmailVerificationMessage - // - // * EmailVerificationSubject - // - // * InviteMessageTemplate.EmailMessage - // - // * InviteMessageTemplate.EmailSubject - // - // * VerificationMessageTemplate.EmailMessage - // - // * VerificationMessageTemplate.EmailMessageByLink - // - // * VerificationMessageTemplate.EmailSubject, - // - // * VerificationMessageTemplate.EmailSubjectByLink - // - // DEVELOPER EmailSendingAccount is required. - // // DEVELOPER // // When Amazon Cognito emails your users, it uses your Amazon SES configuration. @@ -20826,8 +20907,8 @@ type EmailConfigurationType struct { // same limits that apply to your Amazon SES verified email address in your // Amazon Web Services account. // - // If you use this option, you must provide the ARN of an Amazon SES verified - // email address for the SourceArn parameter. + // If you use this option, provide the ARN of an Amazon SES verified email address + // for the SourceArn parameter. // // Before Amazon Cognito can email your users, it requires additional permissions // to call Amazon SES on your behalf. When you update your user pool with this @@ -21237,7 +21318,8 @@ func (s *ExpiredCodeException) RequestID() string { type ForgetDeviceInput struct { _ struct{} `type:"structure"` - // The access token for the forgotten device request. + // A valid access token that Amazon Cognito issued to the user whose registered + // device you want to forget. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by ForgetDeviceInput's @@ -21322,8 +21404,8 @@ func (s ForgetDeviceOutput) GoString() string { type ForgotPasswordInput struct { _ struct{} `type:"structure"` - // The Amazon Pinpoint analytics metadata for collecting metrics for ForgotPassword - // calls. + // The Amazon Pinpoint analytics metadata that contributes to your metrics for + // ForgotPassword calls. AnalyticsMetadata *AnalyticsMetadataType `type:"structure"` // The ID of the client associated with the user pool. @@ -21469,7 +21551,7 @@ func (s *ForgotPasswordInput) SetUsername(v string) *ForgotPasswordInput { return s } -// Respresents the response from the server regarding the request to reset a +// Represents the response from the server regarding the request to reset a // password. type ForgotPasswordOutput struct { _ struct{} `type:"structure"` @@ -21600,7 +21682,8 @@ func (s *GetCSVHeaderOutput) SetUserPoolId(v string) *GetCSVHeaderOutput { type GetDeviceInput struct { _ struct{} `type:"structure"` - // The access token. + // A valid access token that Amazon Cognito issued to the user whose device + // information you want to request. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetDeviceInput's @@ -21793,7 +21876,7 @@ func (s *GetGroupOutput) SetGroup(v *GroupType) *GetGroupOutput { type GetIdentityProviderByIdentifierInput struct { _ struct{} `type:"structure"` - // The identity provider ID. + // The IdP identifier. // // IdpIdentifier is a required field IdpIdentifier *string `min:"1" type:"string" required:"true"` @@ -21859,7 +21942,7 @@ func (s *GetIdentityProviderByIdentifierInput) SetUserPoolId(v string) *GetIdent type GetIdentityProviderByIdentifierOutput struct { _ struct{} `type:"structure"` - // The identity provider object. + // The IdP object. // // IdentityProvider is a required field IdentityProvider *IdentityProviderType `type:"structure" required:"true"` @@ -22073,8 +22156,8 @@ func (s *GetUICustomizationOutput) SetUICustomization(v *UICustomizationType) *G type GetUserAttributeVerificationCodeInput struct { _ struct{} `type:"structure"` - // The access token returned by the server response to get the user attribute - // verification code. + // A non-expired access token for the user whose attribute verification code + // you want to generate. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetUserAttributeVerificationCodeInput's @@ -22214,8 +22297,7 @@ func (s *GetUserAttributeVerificationCodeOutput) SetCodeDeliveryDetails(v *CodeD type GetUserInput struct { _ struct{} `type:"structure"` - // The access token returned by the server response to get information about - // the user. + // A non-expired access token for the user whose information you want to query. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GetUserInput's @@ -22455,7 +22537,8 @@ func (s *GetUserPoolMfaConfigOutput) SetSoftwareTokenMfaConfiguration(v *Softwar type GlobalSignOutInput struct { _ struct{} `type:"structure"` - // The access token. + // A valid access token that Amazon Cognito issued to the user who you want + // to sign out. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by GlobalSignOutInput's @@ -22731,47 +22814,46 @@ func (s *HttpHeader) SetHeaderValue(v string) *HttpHeader { return s } -// A container for information about an identity provider. +// A container for information about an IdP. type IdentityProviderType struct { _ struct{} `type:"structure"` - // A mapping of identity provider attributes to standard and custom user pool - // attributes. + // A mapping of IdP attributes to standard and custom user pool attributes. AttributeMapping map[string]*string `type:"map"` - // The date the identity provider was created. + // The date the IdP was created. CreationDate *time.Time `type:"timestamp"` - // A list of identity provider identifiers. + // A list of IdP identifiers. IdpIdentifiers []*string `type:"list"` - // The date the identity provider was last modified. + // The date the IdP was last modified. LastModifiedDate *time.Time `type:"timestamp"` - // The identity provider details. The following list describes the provider - // detail keys for each identity provider type. + // The IdP details. The following list describes the provider detail keys for + // each IdP type. // // * For Google and Login with Amazon: client_id client_secret authorize_scopes // // * For Facebook: client_id client_secret authorize_scopes api_version // - // * For Sign in with Apple: client_id team_id key_id private_key authorize_scopes + // * For Sign in with Apple: client_id team_id key_id private_key You can + // submit a private_key when you add or update an IdP. Describe operations + // don't return the private key. authorize_scopes // // * For OIDC providers: client_id client_secret attributes_request_method - // oidc_issuer authorize_scopes authorize_url if not available from discovery - // URL specified by oidc_issuer key token_url if not available from discovery - // URL specified by oidc_issuer key attributes_url if not available from - // discovery URL specified by oidc_issuer key jwks_uri if not available from - // discovery URL specified by oidc_issuer key attributes_url_add_attributes - // a read-only property that is set automatically - // - // * For SAML providers: MetadataFile or MetadataURL IDPSignOut optional + // oidc_issuer authorize_scopes The following keys are only present if Amazon + // Cognito didn't discover them at the oidc_issuer URL. authorize_url token_url + // attributes_url jwks_uri Amazon Cognito sets the value of the following + // keys automatically. They are read-only. attributes_url_add_attributes + // + // * For SAML providers: MetadataFile or MetadataURL IDPSignout optional ProviderDetails map[string]*string `type:"map"` - // The identity provider name. + // The IdP name. ProviderName *string `min:"1" type:"string"` - // The identity provider type. + // The IdP type. ProviderType *string `type:"string" enum:"IdentityProviderTypeType"` // The user pool ID. @@ -22848,8 +22930,8 @@ func (s *IdentityProviderType) SetUserPoolId(v string) *IdentityProviderType { type InitiateAuthInput struct { _ struct{} `type:"structure"` - // The Amazon Pinpoint analytics metadata for collecting metrics for InitiateAuth - // calls. + // The Amazon Pinpoint analytics metadata that contributes to your metrics for + // InitiateAuth calls. AnalyticsMetadata *AnalyticsMetadataType `type:"structure"` // The authentication flow for this call to run. The API action will depend @@ -22873,9 +22955,9 @@ type InitiateAuthInput struct { // // * CUSTOM_AUTH: Custom authentication flow. // - // * USER_PASSWORD_AUTH: Non-SRP authentication flow; USERNAME and PASSWORD + // * USER_PASSWORD_AUTH: Non-SRP authentication flow; user name and password // are passed directly. If a user migration Lambda trigger is set, this flow - // will invoke the user migration Lambda if it doesn't find the USERNAME + // will invoke the user migration Lambda if it doesn't find the user name // in the user pool. // // ADMIN_NO_SRP_AUTH isn't a valid value. @@ -23082,8 +23164,16 @@ type InitiateAuthOutput struct { // only. // // * NEW_PASSWORD_REQUIRED: For users who are required to change their passwords - // after successful first login. This challenge should be passed with NEW_PASSWORD - // and any other required attributes. + // after successful first login. Respond to this challenge with NEW_PASSWORD + // and any required attributes that Amazon Cognito returned in the requiredAttributes + // parameter. You can also set values for attributes that aren't required + // by your user pool and that your app client can write. For more information, + // see RespondToAuthChallenge (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RespondToAuthChallenge.html). + // In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required + // attribute that already has a value. In RespondToAuthChallenge, set a value + // for any keys that Amazon Cognito returned in the requiredAttributes parameter, + // then use the UpdateUserAttributes API operation to modify the value of + // any additional attributes. // // * MFA_SETUP: For users who are required to setup an MFA factor before // they can sign in. The MFA types activated for the user pool will be listed @@ -23289,7 +23379,7 @@ type InvalidLambdaResponseException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` - // The message returned when Amazon Cognito hrows an invalid Lambda response + // The message returned when Amazon Cognito throws an invalid Lambda response // exception. Message_ *string `locationName:"message" type:"string"` } @@ -24013,7 +24103,8 @@ func (s *LimitExceededException) RequestID() string { type ListDevicesInput struct { _ struct{} `type:"structure"` - // The access tokens for the request to list devices. + // A valid access token that Amazon Cognito issued to the user whose list of + // devices you want to view. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by ListDevicesInput's @@ -24237,7 +24328,7 @@ func (s *ListGroupsOutput) SetNextToken(v string) *ListGroupsOutput { type ListIdentityProvidersInput struct { _ struct{} `type:"structure"` - // The maximum number of identity providers to return. + // The maximum number of IdPs to return. MaxResults *int64 `type:"integer"` // A pagination token. @@ -24310,7 +24401,7 @@ type ListIdentityProvidersOutput struct { // A pagination token. NextToken *string `min:"1" type:"string"` - // A list of identity provider objects. + // A list of IdP objects. // // Providers is a required field Providers []*ProviderDescription `type:"list" required:"true"` @@ -24980,8 +25071,8 @@ func (s *ListUsersInGroupInput) SetUserPoolId(v string) *ListUsersInGroupInput { type ListUsersInGroupOutput struct { _ struct{} `type:"structure"` - // An identifier that was returned from the previous call to this operation, - // which can be used to return the next set of items in the list. + // An identifier that you can use in a later request to return the next set + // of items in the list. NextToken *string `min:"1" type:"string"` // The users returned in the request to list users. @@ -25067,7 +25158,7 @@ type ListUsersInput struct { // Custom attributes aren't searchable. // // You can also list users with a client-side filter. The server-side filter - // matches no more than 1 attribute. For an advanced search, use a client-side + // matches no more than one attribute. For an advanced search, use a client-side // filter with the --query parameter of the list-users action in the CLI. When // you use a client-side filter, ListUsers returns a paginated list of zero // or more users. You can receive multiple pages in a row with zero results. @@ -25768,7 +25859,8 @@ type PasswordPolicyType struct { // their password. // // When you set TemporaryPasswordValidityDays for a user pool, you can no longer - // set the deprecated UnusedAccountValidityDays value for that user pool. + // set a value for the legacy UnusedAccountValidityDays parameter in that user + // pool. TemporaryPasswordValidityDays *int64 `type:"integer"` } @@ -25969,7 +26061,7 @@ func (s *PreconditionNotMetException) RequestID() string { return s.RespMetadata.RequestID } -// A container for identity provider details. +// A container for IdP details. type ProviderDescription struct { _ struct{} `type:"structure"` @@ -25979,10 +26071,10 @@ type ProviderDescription struct { // The date the provider was last modified. LastModifiedDate *time.Time `type:"timestamp"` - // The identity provider name. + // The IdP name. ProviderName *string `min:"1" type:"string"` - // The identity provider type. + // The IdP type. ProviderType *string `type:"string" enum:"IdentityProviderTypeType"` } @@ -26028,7 +26120,7 @@ func (s *ProviderDescription) SetProviderType(v string) *ProviderDescription { return s } -// A container for information about an identity provider for a user pool. +// A container for information about an IdP for a user pool. type ProviderUserIdentifierType struct { _ struct{} `type:"structure"` @@ -26160,8 +26252,8 @@ func (s *RecoveryOptionType) SetPriority(v int64) *RecoveryOptionType { type ResendConfirmationCodeInput struct { _ struct{} `type:"structure"` - // The Amazon Pinpoint analytics metadata for collecting metrics for ResendConfirmationCode - // calls. + // The Amazon Pinpoint analytics metadata that contributes to your metrics for + // ResendConfirmationCode calls. AnalyticsMetadata *AnalyticsMetadataType `type:"structure"` // The ID of the client associated with the user pool. @@ -26538,8 +26630,8 @@ func (s *ResourceServerType) SetUserPoolId(v string) *ResourceServerType { type RespondToAuthChallengeInput struct { _ struct{} `type:"structure"` - // The Amazon Pinpoint analytics metadata for collecting metrics for RespondToAuthChallenge - // calls. + // The Amazon Pinpoint analytics metadata that contributes to your metrics for + // RespondToAuthChallenge calls. AnalyticsMetadata *AnalyticsMetadataType `type:"structure"` // The challenge name. For more information, see InitiateAuth (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_InitiateAuth.html). @@ -26558,11 +26650,19 @@ type RespondToAuthChallengeInput struct { // * SMS_MFA: SMS_MFA_CODE, USERNAME. // // * PASSWORD_VERIFIER: PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, - // TIMESTAMP, USERNAME. PASSWORD_VERIFIER requires DEVICE_KEY when signing + // TIMESTAMP, USERNAME. PASSWORD_VERIFIER requires DEVICE_KEY when you sign // in with a remembered device. // - // * NEW_PASSWORD_REQUIRED: NEW_PASSWORD, any other required attributes, - // USERNAME. + // * NEW_PASSWORD_REQUIRED: NEW_PASSWORD, USERNAME, SECRET_HASH (if app client + // is configured with client secret). To set any required attributes that + // Amazon Cognito returned as requiredAttributes in the InitiateAuth response, + // add a userAttributes.attributename parameter. This parameter can also + // set values for writable attributes that aren't required by your user pool. + // In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required + // attribute that already has a value. In RespondToAuthChallenge, set a value + // for any keys that Amazon Cognito returned in the requiredAttributes parameter, + // then use the UpdateUserAttributes API operation to modify the value of + // any additional attributes. // // * SOFTWARE_TOKEN_MFA: USERNAME and SOFTWARE_TOKEN_MFA_CODE are required // attributes. @@ -27081,12 +27181,12 @@ type SchemaAttributeType struct { // Specifies whether the value of the attribute can be changed. // - // For any user pool attribute that is mapped to an identity provider attribute, - // you must set this parameter to true. Amazon Cognito updates mapped attributes - // when users sign in to your application through an identity provider. If an - // attribute is immutable, Amazon Cognito throws an error when it attempts to - // update the attribute. For more information, see Specifying Identity Provider - // Attribute Mappings for Your User Pool (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html). + // For any user pool attribute that is mapped to an IdP attribute, you must + // set this parameter to true. Amazon Cognito updates mapped attributes when + // users sign in to your application through an IdP. If an attribute is immutable, + // Amazon Cognito throws an error when it attempts to update the attribute. + // For more information, see Specifying Identity Provider Attribute Mappings + // for Your User Pool (https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html). Mutable *bool `type:"boolean"` // A schema attribute of the name type. @@ -27502,7 +27602,8 @@ func (s *SetUICustomizationOutput) SetUICustomization(v *UICustomizationType) *S type SetUserMFAPreferenceInput struct { _ struct{} `type:"structure"` - // The access token for the user. + // A valid access token that Amazon Cognito issued to the user whose MFA preference + // you want to set. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by SetUserMFAPreferenceInput's @@ -27740,7 +27841,8 @@ func (s *SetUserPoolMfaConfigOutput) SetSoftwareTokenMfaConfiguration(v *Softwar type SetUserSettingsInput struct { _ struct{} `type:"structure"` - // The access token for the set user settings request. + // A valid access token that Amazon Cognito issued to the user whose user settings + // you want to configure. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by SetUserSettingsInput's @@ -27839,8 +27941,8 @@ func (s SetUserSettingsOutput) GoString() string { type SignUpInput struct { _ struct{} `type:"structure"` - // The Amazon Pinpoint analytics metadata for collecting metrics for SignUp - // calls. + // The Amazon Pinpoint analytics metadata that contributes to your metrics for + // SignUp calls. AnalyticsMetadata *AnalyticsMetadataType `type:"structure"` // The ID of the client associated with the user pool. @@ -28734,8 +28836,8 @@ func (s TagResourceOutput) GoString() string { return s.String() } -// The data type for TokenValidityUnits that specifics the time measurements -// for token validity. +// The data type TokenValidityUnits specifies the time units you use when you +// set the duration of ID, access, and refresh tokens. type TokenValidityUnitsType struct { _ struct{} `type:"structure"` @@ -29633,7 +29735,8 @@ func (s UpdateAuthEventFeedbackOutput) GoString() string { type UpdateDeviceStatusInput struct { _ struct{} `type:"structure"` - // The access token. + // A valid access token that Amazon Cognito issued to the user whose device + // status you want to update. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateDeviceStatusInput's @@ -29861,16 +29964,16 @@ func (s *UpdateGroupOutput) SetGroup(v *GroupType) *UpdateGroupOutput { type UpdateIdentityProviderInput struct { _ struct{} `type:"structure"` - // The identity provider attribute mapping to be changed. + // The IdP attribute mapping to be changed. AttributeMapping map[string]*string `type:"map"` - // A list of identity provider identifiers. + // A list of IdP identifiers. IdpIdentifiers []*string `type:"list"` - // The identity provider details to be updated, such as MetadataURL and MetadataFile. + // The IdP details to be updated, such as MetadataURL and MetadataFile. ProviderDetails map[string]*string `type:"map"` - // The identity provider name. + // The IdP name. // // ProviderName is a required field ProviderName *string `min:"1" type:"string" required:"true"` @@ -29954,7 +30057,7 @@ func (s *UpdateIdentityProviderInput) SetUserPoolId(v string) *UpdateIdentityPro type UpdateIdentityProviderOutput struct { _ struct{} `type:"structure"` - // The identity provider object. + // The IdP object. // // IdentityProvider is a required field IdentityProvider *IdentityProviderType `type:"structure" required:"true"` @@ -30123,7 +30226,8 @@ func (s *UpdateResourceServerOutput) SetResourceServer(v *ResourceServerType) *U type UpdateUserAttributesInput struct { _ struct{} `type:"structure"` - // The access token for the request to update user attributes. + // A valid access token that Amazon Cognito issued to the user whose user attributes + // you want to update. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateUserAttributesInput's @@ -30167,6 +30271,13 @@ type UpdateUserAttributesInput struct { // For custom attributes, you must prepend the custom: prefix to the attribute // name. // + // If you have set an attribute to require verification before Amazon Cognito + // updates its value, this request doesn’t immediately update the value of + // that attribute. After your user receives and responds to a verification message + // to verify the new value, Amazon Cognito updates the attribute value. Your + // user can sign in and receive messages with the original attribute value until + // they verify the new value. + // // UserAttributes is a required field UserAttributes []*AttributeType `type:"list" required:"true"` } @@ -30270,36 +30381,47 @@ func (s *UpdateUserAttributesOutput) SetCodeDeliveryDetailsList(v []*CodeDeliver type UpdateUserPoolClientInput struct { _ struct{} `type:"structure"` - // The time limit after which the access token is no longer valid and can't - // be used. + // The access token time limit. After this limit expires, your user can't use + // their access token. To specify the time unit for AccessTokenValidity as seconds, + // minutes, hours, or days, set a TokenValidityUnits value in your API request. + // + // For example, when you set AccessTokenValidity to 10 and TokenValidityUnits + // to hours, your user can authorize access with their access token for 10 hours. + // + // The default time unit for AccessTokenValidity in an API request is hours. + // Valid range is displayed below in seconds. AccessTokenValidity *int64 `min:"1" type:"integer"` // The allowed OAuth flows. // - // Set to code to initiate a code grant flow, which provides an authorization - // code as the response. This code can be exchanged for access tokens with the - // token endpoint. + // code + // + // Use a code grant flow, which provides an authorization code as the response. + // This code can be exchanged for access tokens with the /oauth2/token endpoint. + // + // implicit // - // Set to implicit to specify that the client should get the access token (and, - // optionally, ID token, based on scopes) directly. + // Issue the access token (and, optionally, ID token, based on scopes) directly + // to your user. // - // Set to client_credentials to specify that the client should get the access - // token (and, optionally, ID token, based on scopes) from the token endpoint - // using a combination of client and client_secret. + // client_credentials + // + // Issue the access token from the /oauth2/token endpoint directly to a non-person + // user using a combination of the client ID and client secret. AllowedOAuthFlows []*string `type:"list" enum:"OAuthFlowType"` // Set to true if the client is allowed to follow the OAuth protocol when interacting // with Amazon Cognito user pools. AllowedOAuthFlowsUserPoolClient *bool `type:"boolean"` - // The allowed OAuth scopes. Possible values provided by OAuth are: phone, email, - // openid, and profile. Possible values provided by Amazon Web Services are: + // The allowed OAuth scopes. Possible values provided by OAuth are phone, email, + // openid, and profile. Possible values provided by Amazon Web Services are // aws.cognito.signin.user.admin. Custom scopes created in Resource Servers // are also supported. AllowedOAuthScopes []*string `type:"list"` - // The Amazon Pinpoint analytics configuration for collecting metrics for this - // user pool. + // The Amazon Pinpoint analytics configuration necessary to collect metrics + // for this user pool. // // In Amazon Web Services Regions where Amazon Pinpoint isn't available, user // pools only support sending events to Amazon Pinpoint projects in us-east-1. @@ -30307,7 +30429,7 @@ type UpdateUserPoolClientInput struct { // events to Amazon Pinpoint projects within that same Region. AnalyticsConfiguration *AnalyticsConfigurationType `type:"structure"` - // A list of allowed redirect (callback) URLs for the identity providers. + // A list of allowed redirect (callback) URLs for the IdPs. // // A redirect URI must: // @@ -30383,10 +30505,19 @@ type UpdateUserPoolClientInput struct { // * ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens. ExplicitAuthFlows []*string `type:"list" enum:"ExplicitAuthFlowsType"` - // The time limit after which the ID token is no longer valid and can't be used. + // The ID token time limit. After this limit expires, your user can't use their + // ID token. To specify the time unit for IdTokenValidity as seconds, minutes, + // hours, or days, set a TokenValidityUnits value in your API request. + // + // For example, when you set IdTokenValidity as 10 and TokenValidityUnits as + // hours, your user can authenticate their session with their ID token for 10 + // hours. + // + // The default time unit for AccessTokenValidity in an API request is hours. + // Valid range is displayed below in seconds. IdTokenValidity *int64 `min:"1" type:"integer"` - // A list of allowed logout URLs for the identity providers. + // A list of allowed logout URLs for the IdPs. LogoutURLs []*string `type:"list"` // Errors and responses that you want Amazon Cognito APIs to return during authentication, @@ -30409,16 +30540,28 @@ type UpdateUserPoolClientInput struct { // The read-only attributes of the user pool. ReadAttributes []*string `type:"list"` - // The time limit, in days, after which the refresh token is no longer valid - // and can't be used. + // The refresh token time limit. After this limit expires, your user can't use + // their refresh token. To specify the time unit for RefreshTokenValidity as + // seconds, minutes, hours, or days, set a TokenValidityUnits value in your + // API request. + // + // For example, when you set RefreshTokenValidity as 10 and TokenValidityUnits + // as days, your user can refresh their session and retrieve new access and + // ID tokens for 10 days. + // + // The default time unit for RefreshTokenValidity in an API request is days. + // You can't set RefreshTokenValidity to 0. If you do, Amazon Cognito overrides + // the value with the default value of 30 days. Valid range is displayed below + // in seconds. RefreshTokenValidity *int64 `type:"integer"` - // A list of provider names for the identity providers that are supported on - // this client. + // A list of provider names for the IdPs that this client supports. The following + // are supported: COGNITO, Facebook, Google LoginWithAmazon, and the names of + // your own SAML and OIDC providers. SupportedIdentityProviders []*string `type:"list"` - // The units in which the validity times are represented. Default for RefreshToken - // is days, and default for ID and access tokens is hours. + // The units in which the validity times are represented. The default unit for + // RefreshToken is days, and the default for ID and access tokens is hours. TokenValidityUnits *TokenValidityUnitsType `type:"structure"` // The user pool ID for the user pool where you want to update the user pool @@ -30807,7 +30950,7 @@ type UpdateUserPoolInput struct { // pool. LambdaConfig *LambdaConfigType `type:"structure"` - // Can be one of the following values: + // Possible values include: // // * OFF - MFA tokens aren't required and can't be specified during user // registration. @@ -30837,6 +30980,9 @@ type UpdateUserPoolInput struct { // A container with information about the SMS verification message. SmsVerificationMessage *string `min:"6" type:"string"` + // The settings for updates to user attributes. + UserAttributeUpdateSettings *UserAttributeUpdateSettingsType `type:"structure"` + // Enables advanced security risk detection. Set the key AdvancedSecurityMode // to the value "AUDIT". UserPoolAddOns *UserPoolAddOnsType `type:"structure"` @@ -31019,6 +31165,12 @@ func (s *UpdateUserPoolInput) SetSmsVerificationMessage(v string) *UpdateUserPoo return s } +// SetUserAttributeUpdateSettings sets the UserAttributeUpdateSettings field's value. +func (s *UpdateUserPoolInput) SetUserAttributeUpdateSettings(v *UserAttributeUpdateSettingsType) *UpdateUserPoolInput { + s.UserAttributeUpdateSettings = v + return s +} + // SetUserPoolAddOns sets the UserPoolAddOns field's value. func (s *UpdateUserPoolInput) SetUserPoolAddOns(v *UserPoolAddOnsType) *UpdateUserPoolInput { s.UserPoolAddOns = v @@ -31067,9 +31219,58 @@ func (s UpdateUserPoolOutput) GoString() string { return s.String() } -// Contextual data, such as the user's device fingerprint, IP address, or location, -// used for evaluating the risk of an unexpected event by Amazon Cognito advanced -// security. +// The settings for updates to user attributes. +type UserAttributeUpdateSettingsType struct { + _ struct{} `type:"structure"` + + // Requires that your user verifies their email address, phone number, or both + // before Amazon Cognito updates the value of that attribute. When you update + // a user attribute that has this option activated, Amazon Cognito sends a verification + // message to the new phone number or email address. Amazon Cognito doesn’t + // change the value of the attribute until your user responds to the verification + // message and confirms the new value. + // + // You can verify an updated email address or phone number with a VerifyUserAttribute + // (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) + // API request. You can also call the UpdateUserAttributes (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) + // or AdminUpdateUserAttributes (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) + // API and set email_verified or phone_number_verified to true. + // + // When AttributesRequireVerificationBeforeUpdate is false, your user pool doesn't + // require that your users verify attribute changes before Amazon Cognito updates + // them. In a user pool where AttributesRequireVerificationBeforeUpdate is false, + // API operations that change attribute values can immediately update a user’s + // email or phone_number attribute. + AttributesRequireVerificationBeforeUpdate []*string `type:"list" enum:"VerifiedAttributeType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UserAttributeUpdateSettingsType) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UserAttributeUpdateSettingsType) GoString() string { + return s.String() +} + +// SetAttributesRequireVerificationBeforeUpdate sets the AttributesRequireVerificationBeforeUpdate field's value. +func (s *UserAttributeUpdateSettingsType) SetAttributesRequireVerificationBeforeUpdate(v []*string) *UserAttributeUpdateSettingsType { + s.AttributesRequireVerificationBeforeUpdate = v + return s +} + +// Information that your app generates about a user's AdminInitiateAuth or AdminRespondToAuthChallenge +// session. Amazon Cognito advanced security features calculate risk levels +// for user sessions based on this context data. type UserContextDataType struct { _ struct{} `type:"structure"` @@ -31699,32 +31900,43 @@ func (s *UserPoolClientDescription) SetUserPoolId(v string) *UserPoolClientDescr type UserPoolClientType struct { _ struct{} `type:"structure"` - // The time limit, specified by tokenValidityUnits, defaulting to hours, after - // which the access token is no longer valid and can't be used. + // The access token time limit. After this limit expires, your user can't use + // their access token. To specify the time unit for AccessTokenValidity as seconds, + // minutes, hours, or days, set a TokenValidityUnits value in your API request. + // + // For example, when you set AccessTokenValidity to 10 and TokenValidityUnits + // to hours, your user can authorize access with their access token for 10 hours. + // + // The default time unit for AccessTokenValidity in an API request is hours. + // Valid range is displayed below in seconds. AccessTokenValidity *int64 `min:"1" type:"integer"` // The allowed OAuth flows. // - // Set to code to initiate a code grant flow, which provides an authorization - // code as the response. This code can be exchanged for access tokens with the - // token endpoint. + // code + // + // Use a code grant flow, which provides an authorization code as the response. + // This code can be exchanged for access tokens with the /oauth2/token endpoint. + // + // implicit + // + // Issue the access token (and, optionally, ID token, based on scopes) directly + // to your user. // - // Set to implicit to specify that the client should get the access token (and, - // optionally, ID token, based on scopes) directly. + // client_credentials // - // Set to client_credentials to specify that the client should get the access - // token (and, optionally, ID token, based on scopes) from the token endpoint - // using a combination of client and client_secret. + // Issue the access token from the /oauth2/token endpoint directly to a non-person + // user using a combination of the client ID and client secret. AllowedOAuthFlows []*string `type:"list" enum:"OAuthFlowType"` // Set to true if the client is allowed to follow the OAuth protocol when interacting // with Amazon Cognito user pools. AllowedOAuthFlowsUserPoolClient *bool `type:"boolean"` - // The allowed OAuth scopes. Possible values provided by OAuth are: phone, email, - // openid, and profile. Possible values provided by Amazon Web Services are: - // aws.cognito.signin.user.admin. Custom scopes created in Resource Servers - // are also supported. + // The OAuth scopes that your app client supports. Possible values that OAuth + // provides are phone, email, openid, and profile. Possible values that Amazon + // Web Services provides are aws.cognito.signin.user.admin. Amazon Cognito also + // supports custom scopes that you create in Resource Servers. AllowedOAuthScopes []*string `type:"list"` // The Amazon Pinpoint analytics configuration for the user pool client. @@ -31734,7 +31946,7 @@ type UserPoolClientType struct { // Region where the user pool resides. AnalyticsConfiguration *AnalyticsConfigurationType `type:"structure"` - // A list of allowed redirect (callback) URLs for the identity providers. + // A list of allowed redirect (callback) URLs for the IdPs. // // A redirect URI must: // @@ -31819,14 +32031,22 @@ type UserPoolClientType struct { // * ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens. ExplicitAuthFlows []*string `type:"list" enum:"ExplicitAuthFlowsType"` - // The time limit specified by tokenValidityUnits, defaulting to hours, after - // which the refresh token is no longer valid and can't be used. + // The ID token time limit. After this limit expires, your user can't use their + // ID token. To specify the time unit for IdTokenValidity as seconds, minutes, + // hours, or days, set a TokenValidityUnits value in your API request. + // + // For example, when you set IdTokenValidity as 10 and TokenValidityUnits as + // hours, your user can authenticate their session with their ID token for 10 + // hours. + // + // The default time unit for AccessTokenValidity in an API request is hours. + // Valid range is displayed below in seconds. IdTokenValidity *int64 `min:"1" type:"integer"` // The date the user pool client was last modified. LastModifiedDate *time.Time `type:"timestamp"` - // A list of allowed logout URLs for the identity providers. + // A list of allowed logout URLs for the IdPs. LogoutURLs []*string `type:"list"` // Errors and responses that you want Amazon Cognito APIs to return during authentication, @@ -31842,23 +32062,35 @@ type UserPoolClientType struct { // // * ENABLED - This prevents user existence-related errors. // - // * LEGACY - This represents the old behavior of Cognito where user existence - // related errors aren't prevented. + // * LEGACY - This represents the old behavior of Amazon Cognito where user + // existence related errors aren't prevented. PreventUserExistenceErrors *string `type:"string" enum:"PreventUserExistenceErrorTypes"` // The Read-only attributes. ReadAttributes []*string `type:"list"` - // The time limit, in days, after which the refresh token is no longer valid - // and can't be used. + // The refresh token time limit. After this limit expires, your user can't use + // their refresh token. To specify the time unit for RefreshTokenValidity as + // seconds, minutes, hours, or days, set a TokenValidityUnits value in your + // API request. + // + // For example, when you set RefreshTokenValidity as 10 and TokenValidityUnits + // as days, your user can refresh their session and retrieve new access and + // ID tokens for 10 days. + // + // The default time unit for RefreshTokenValidity in an API request is days. + // You can't set RefreshTokenValidity to 0. If you do, Amazon Cognito overrides + // the value with the default value of 30 days. Valid range is displayed below + // in seconds. RefreshTokenValidity *int64 `type:"integer"` - // A list of provider names for the identity providers that are supported on - // this client. + // A list of provider names for the IdPs that this client supports. The following + // are supported: COGNITO, Facebook, Google LoginWithAmazon, and the names of + // your own SAML and OIDC providers. SupportedIdentityProviders []*string `type:"list"` - // The time units used to specify the token validity times of their respective - // token. + // The time units used to specify the token validity times of each token type: + // ID, access, and refresh. TokenValidityUnits *TokenValidityUnitsType `type:"structure"` // The user pool ID for the user pool client. @@ -32338,6 +32570,9 @@ type UserPoolType struct { // The status of a user pool. Status *string `type:"string" enum:"StatusType"` + // The settings for updates to user attributes. + UserAttributeUpdateSettings *UserAttributeUpdateSettingsType `type:"structure"` + // The user pool add-ons. UserPoolAddOns *UserPoolAddOnsType `type:"structure"` @@ -32534,6 +32769,12 @@ func (s *UserPoolType) SetStatus(v string) *UserPoolType { return s } +// SetUserAttributeUpdateSettings sets the UserAttributeUpdateSettings field's value. +func (s *UserPoolType) SetUserAttributeUpdateSettings(v *UserAttributeUpdateSettingsType) *UserPoolType { + s.UserAttributeUpdateSettings = v + return s +} + // SetUserPoolAddOns sets the UserPoolAddOns field's value. func (s *UserPoolType) SetUserPoolAddOns(v *UserPoolAddOnsType) *UserPoolType { s.UserPoolAddOns = v @@ -32564,7 +32805,7 @@ func (s *UserPoolType) SetVerificationMessageTemplate(v *VerificationMessageTemp return s } -// The user type. +// A user profile in a Amazon Cognito user pool. type UserType struct { _ struct{} `type:"structure"` @@ -32589,6 +32830,8 @@ type UserType struct { // // * CONFIRMED - User has been confirmed. // + // * EXTERNAL_PROVIDER - User signed in with a third-party IdP. + // // * ARCHIVED - User is no longer active. // // * UNKNOWN - User status isn't known. @@ -32673,7 +32916,7 @@ func (s *UserType) SetUsername(v string) *UserType { type UsernameConfigurationType struct { _ struct{} `type:"structure"` - // Specifies whether username case sensitivity will be applied for all users + // Specifies whether user name case sensitivity will be applied for all users // in the user pool through Amazon Cognito APIs. // // Valid values include: @@ -32805,28 +33048,38 @@ type VerificationMessageTemplateType struct { // The default email option. DefaultEmailOption *string `type:"string" enum:"DefaultEmailOptionType"` - // The email message template. EmailMessage is allowed only if EmailSendingAccount + // The template for email messages that Amazon Cognito sends to your users. + // You can set an EmailMessage template only if the value of EmailSendingAccount // (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) - // is DEVELOPER. + // is DEVELOPER. When your EmailSendingAccount (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) + // is DEVELOPER, your user pool sends email messages with your own Amazon SES + // configuration. EmailMessage *string `min:"6" type:"string"` - // The email message template for sending a confirmation link to the user. EmailMessageByLink - // is allowed only if EmailSendingAccount (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) - // is DEVELOPER. + // The email message template for sending a confirmation link to the user. You + // can set an EmailMessageByLink template only if the value of EmailSendingAccount + // (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) + // is DEVELOPER. When your EmailSendingAccount (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) + // is DEVELOPER, your user pool sends email messages with your own Amazon SES + // configuration. EmailMessageByLink *string `min:"6" type:"string"` - // The subject line for the email message template. EmailSubject is allowed - // only if EmailSendingAccount (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) - // is DEVELOPER. + // The subject line for the email message template. You can set an EmailSubject + // template only if the value of EmailSendingAccount (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) + // is DEVELOPER. When your EmailSendingAccount (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) + // is DEVELOPER, your user pool sends email messages with your own Amazon SES + // configuration. EmailSubject *string `min:"1" type:"string"` // The subject line for the email message template for sending a confirmation - // link to the user. EmailSubjectByLink is allowed only EmailSendingAccount - // (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) - // is DEVELOPER. + // link to the user. You can set an EmailSubjectByLink template only if the + // value of EmailSendingAccount (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) + // is DEVELOPER. When your EmailSendingAccount (https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount) + // is DEVELOPER, your user pool sends email messages with your own Amazon SES + // configuration. EmailSubjectByLink *string `min:"1" type:"string"` - // The SMS message template. + // The template for SMS messages that Amazon Cognito sends to your users. SmsMessage *string `min:"6" type:"string"` } @@ -32912,7 +33165,8 @@ func (s *VerificationMessageTemplateType) SetSmsMessage(v string) *VerificationM type VerifySoftwareTokenInput struct { _ struct{} `type:"structure"` - // The access token. + // A valid access token that Amazon Cognito issued to the user whose software + // token you want to verify. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by VerifySoftwareTokenInput's @@ -33039,7 +33293,8 @@ func (s *VerifySoftwareTokenOutput) SetStatus(v string) *VerifySoftwareTokenOutp type VerifyUserAttributeInput struct { _ struct{} `type:"structure"` - // The access token of the request to verify user attributes. + // A valid access token that Amazon Cognito issued to the user whose user attributes + // you want to verify. // // AccessToken is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by VerifyUserAttributeInput's diff --git a/service/cognitoidentityprovider/errors.go b/service/cognitoidentityprovider/errors.go index a0716dff49b..71ef8d29e4d 100644 --- a/service/cognitoidentityprovider/errors.go +++ b/service/cognitoidentityprovider/errors.go @@ -12,9 +12,10 @@ const ( // "AliasExistsException". // // This exception is thrown when a user tries to confirm the account with an - // email or phone number that has already been supplied as an alias from a different - // account. This exception tells user that an account with this email or phone - // already exists. + // email address or phone number that has already been supplied as an alias + // from a different account. This exception indicates that an account with this + // email address or phone already exists in a user pool that you've configured + // to use email address or phone number as a sign-in alias. ErrCodeAliasExistsException = "AliasExistsException" // ErrCodeCodeDeliveryFailureException for service response error code diff --git a/service/ec2/api.go b/service/ec2/api.go index 9e37d6598e9..95a8a414411 100644 --- a/service/ec2/api.go +++ b/service/ec2/api.go @@ -5708,7 +5708,7 @@ func (c *EC2) CreateLaunchTemplateRequest(input *CreateLaunchTemplateInput) (req // A launch template contains the parameters to launch an instance. When you // launch an instance using RunInstances, you can specify a launch template // instead of providing the launch parameters in the request. For more information, -// see Launching an instance from a launch template (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html) +// see Launch an instance from a launch template (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html) // in the Amazon Elastic Compute Cloud User Guide. // // If you want to clone an existing launch template as the basis for creating @@ -5795,7 +5795,12 @@ func (c *EC2) CreateLaunchTemplateVersionRequest(input *CreateLaunchTemplateVers // Launch template versions are numbered in the order in which they are created. // You cannot specify, change, or replace the numbering of launch template versions. // -// For more information, see Managing launch template versions (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#manage-launch-template-versions)in +// Launch templates are immutable; after you create a launch template, you can't +// modify it. Instead, you can create a new version of the launch template that +// includes any changes you require. +// +// For more information, see Modify a launch template (manage launch template +// versions) (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html#manage-launch-template-versions)in // the Amazon Elastic Compute Cloud User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -63576,7 +63581,7 @@ type CreateLaunchTemplateInput struct { _ struct{} `type:"structure"` // Unique, case-sensitive identifier you provide to ensure the idempotency of - // the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // the request. For more information, see Ensuring idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). // // Constraint: Maximum 128 ASCII characters. ClientToken *string `type:"string"` @@ -63728,7 +63733,7 @@ type CreateLaunchTemplateVersionInput struct { _ struct{} `type:"structure"` // Unique, case-sensitive identifier you provide to ensure the idempotency of - // the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // the request. For more information, see Ensuring idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). // // Constraint: Maximum 128 ASCII characters. ClientToken *string `type:"string"` @@ -83255,6 +83260,10 @@ type DescribeInstanceAttributeOutput struct { // The block device mapping of the instance. BlockDeviceMappings []*InstanceBlockDeviceMapping `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` + // To enable the instance for Amazon Web Services Stop Protection, set this + // parameter to true; otherwise, set it to false. + DisableApiStop *AttributeBooleanValue `locationName:"disableApiStop" type:"structure"` + // If the value is true, you can't terminate the instance through the Amazon // EC2 console, CLI, or API; otherwise, you can. DisableApiTermination *AttributeBooleanValue `locationName:"disableApiTermination" type:"structure"` @@ -83334,6 +83343,12 @@ func (s *DescribeInstanceAttributeOutput) SetBlockDeviceMappings(v []*InstanceBl return s } +// SetDisableApiStop sets the DisableApiStop field's value. +func (s *DescribeInstanceAttributeOutput) SetDisableApiStop(v *AttributeBooleanValue) *DescribeInstanceAttributeOutput { + s.DisableApiStop = v + return s +} + // SetDisableApiTermination sets the DisableApiTermination field's value. func (s *DescribeInstanceAttributeOutput) SetDisableApiTermination(v *AttributeBooleanValue) *DescribeInstanceAttributeOutput { s.DisableApiTermination = v @@ -121101,7 +121116,7 @@ func (s *LaunchTemplateHibernationOptions) SetConfigured(v bool) *LaunchTemplate } // Indicates whether the instance is configured for hibernation. This parameter -// is valid only if the instance meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites). +// is valid only if the instance meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hibernating-prerequisites.html). type LaunchTemplateHibernationOptionsRequest struct { _ struct{} `type:"structure"` @@ -126102,6 +126117,10 @@ type ModifyInstanceAttributeInput struct { // in the Amazon EC2 User Guide. BlockDeviceMappings []*InstanceBlockDeviceMappingSpecification `locationName:"blockDeviceMapping" locationNameList:"item" type:"list"` + // Indicates whether an instance is enabled for stop protection. For more information, + // see Stop Protection (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#Using_StopProtection). + DisableApiStop *AttributeBooleanValue `type:"structure"` + // If the value is true, you can't terminate the instance using the Amazon EC2 // console, CLI, or API; otherwise, you can. You cannot use this parameter for // Spot Instances. @@ -126229,6 +126248,12 @@ func (s *ModifyInstanceAttributeInput) SetBlockDeviceMappings(v []*InstanceBlock return s } +// SetDisableApiStop sets the DisableApiStop field's value. +func (s *ModifyInstanceAttributeInput) SetDisableApiStop(v *AttributeBooleanValue) *ModifyInstanceAttributeInput { + s.DisableApiStop = v + return s +} + // SetDisableApiTermination sets the DisableApiTermination field's value. func (s *ModifyInstanceAttributeInput) SetDisableApiTermination(v *AttributeBooleanValue) *ModifyInstanceAttributeInput { s.DisableApiTermination = v @@ -127779,7 +127804,7 @@ type ModifyLaunchTemplateInput struct { _ struct{} `type:"structure"` // Unique, case-sensitive identifier you provide to ensure the idempotency of - // the request. For more information, see Ensuring Idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). + // the request. For more information, see Ensuring idempotency (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html). // // Constraint: Maximum 128 ASCII characters. ClientToken *string `type:"string"` @@ -140812,6 +140837,10 @@ type RequestLaunchTemplateData struct { // instances only. CreditSpecification *CreditSpecificationRequest `type:"structure"` + // Indicates whether to enable the instance for stop protection. For more information, + // see Stop Protection (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#Using_StopProtection). + DisableApiStop *bool `type:"boolean"` + // If you set this parameter to true, you can't terminate the instance using // the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute // after launch, use ModifyInstanceAttribute (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html). @@ -140841,7 +140870,7 @@ type RequestLaunchTemplateData struct { EnclaveOptions *LaunchTemplateEnclaveOptionsRequest `type:"structure"` // Indicates whether an instance is enabled for hibernation. This parameter - // is valid only if the instance meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html#hibernating-prerequisites). + // is valid only if the instance meets the hibernation prerequisites (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/hibernating-prerequisites.html). // For more information, see Hibernate your instance (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Hibernate.html) // in the Amazon Elastic Compute Cloud User Guide. HibernationOptions *LaunchTemplateHibernationOptionsRequest `type:"structure"` @@ -140867,7 +140896,7 @@ type RequestLaunchTemplateData struct { // If you specify InstanceRequirements, you can't specify InstanceTypes. InstanceRequirements *InstanceRequirementsRequest `type:"structure"` - // The instance type. For more information, see Instance Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) + // The instance type. For more information, see Instance types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html) // in the Amazon Elastic Compute Cloud User Guide. // // If you specify InstanceTypes, you can't specify InstanceRequirements. @@ -140876,7 +140905,7 @@ type RequestLaunchTemplateData struct { // The ID of the kernel. // // We recommend that you use PV-GRUB instead of kernels and RAM disks. For more - // information, see User Provided Kernels (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) + // information, see User provided kernels (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) // in the Amazon Elastic Compute Cloud User Guide. KernelId *string `type:"string"` @@ -140915,7 +140944,7 @@ type RequestLaunchTemplateData struct { // The ID of the RAM disk. // // We recommend that you use PV-GRUB instead of kernels and RAM disks. For more - // information, see User Provided Kernels (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) + // information, see User provided kernels (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UserProvidedkernels.html) // in the Amazon Elastic Compute Cloud User Guide. RamDiskId *string `type:"string"` @@ -140937,10 +140966,10 @@ type RequestLaunchTemplateData struct { TagSpecifications []*LaunchTemplateTagSpecificationRequest `locationName:"TagSpecification" locationNameList:"LaunchTemplateTagSpecificationRequest" type:"list"` // The user data to make available to the instance. You must provide base64-encoded - // text. User data is limited to 16 KB. For more information, see Running Commands - // on Your Linux Instance at Launch (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) - // (Linux) or Adding User Data (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-instance-metadata.html#instancedata-add-user-data) - // (Windows). + // text. User data is limited to 16 KB. For more information, see Run commands + // on your Linux instance at launch (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html) + // (Linux) or Work with instance user data (https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/instancedata-add-user-data.html) + // (Windows) in the Amazon Elastic Compute Cloud User Guide. // // If you are creating the launch template for use with Batch, the user data // must be provided in the MIME multi-part archive format (https://cloudinit.readthedocs.io/en/latest/topics/format.html#mime-multi-part-archive). @@ -141031,6 +141060,12 @@ func (s *RequestLaunchTemplateData) SetCreditSpecification(v *CreditSpecificatio return s } +// SetDisableApiStop sets the DisableApiStop field's value. +func (s *RequestLaunchTemplateData) SetDisableApiStop(v bool) *RequestLaunchTemplateData { + s.DisableApiStop = &v + return s +} + // SetDisableApiTermination sets the DisableApiTermination field's value. func (s *RequestLaunchTemplateData) SetDisableApiTermination(v bool) *RequestLaunchTemplateData { s.DisableApiTermination = &v @@ -143549,6 +143584,10 @@ type ResponseLaunchTemplateData struct { // The credit option for CPU usage of the instance. CreditSpecification *CreditSpecification `locationName:"creditSpecification" type:"structure"` + // Indicates whether the instance is enabled for stop protection. For more information, + // see Stop Protection (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#Using_StopProtection). + DisableApiStop *bool `locationName:"disableApiStop" type:"boolean"` + // If set to true, indicates that the instance cannot be terminated using the // Amazon EC2 console, command line tool, or API. DisableApiTermination *bool `locationName:"disableApiTermination" type:"boolean"` @@ -143679,6 +143718,12 @@ func (s *ResponseLaunchTemplateData) SetCreditSpecification(v *CreditSpecificati return s } +// SetDisableApiStop sets the DisableApiStop field's value. +func (s *ResponseLaunchTemplateData) SetDisableApiStop(v bool) *ResponseLaunchTemplateData { + s.DisableApiStop = &v + return s +} + // SetDisableApiTermination sets the DisableApiTermination field's value. func (s *ResponseLaunchTemplateData) SetDisableApiTermination(v bool) *ResponseLaunchTemplateData { s.DisableApiTermination = &v @@ -145358,6 +145403,10 @@ type RunInstancesInput struct { // For T3 instances with host tenancy, only standard is supported. CreditSpecification *CreditSpecificationRequest `type:"structure"` + // Indicates whether an instance is enabled for stop protection. For more information, + // see Stop Protection (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html#Using_StopProtection). + DisableApiStop *bool `type:"boolean"` + // If you set this parameter to true, you can't terminate the instance using // the Amazon EC2 console, CLI, or API; otherwise, you can. To change this attribute // after launch, use ModifyInstanceAttribute (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyInstanceAttribute.html). @@ -145686,6 +145735,12 @@ func (s *RunInstancesInput) SetCreditSpecification(v *CreditSpecificationRequest return s } +// SetDisableApiStop sets the DisableApiStop field's value. +func (s *RunInstancesInput) SetDisableApiStop(v bool) *RunInstancesInput { + s.DisableApiStop = &v + return s +} + // SetDisableApiTermination sets the DisableApiTermination field's value. func (s *RunInstancesInput) SetDisableApiTermination(v bool) *RunInstancesInput { s.DisableApiTermination = &v @@ -158183,12 +158238,12 @@ type ValidationError struct { _ struct{} `type:"structure"` // The error code that indicates why the parameter or parameter combination - // is not valid. For more information about error codes, see Error Codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html.html). + // is not valid. For more information about error codes, see Error codes (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html). Code *string `locationName:"code" type:"string"` // The error message that describes why the parameter or parameter combination - // is not valid. For more information about error messages, see Error Codes - // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html.html). + // is not valid. For more information about error messages, see Error codes + // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/errors-overview.html). Message *string `locationName:"message" type:"string"` } @@ -163362,6 +163417,9 @@ const ( // InstanceAttributeNameEnclaveOptions is a InstanceAttributeName enum value InstanceAttributeNameEnclaveOptions = "enclaveOptions" + + // InstanceAttributeNameDisableApiStop is a InstanceAttributeName enum value + InstanceAttributeNameDisableApiStop = "disableApiStop" ) // InstanceAttributeName_Values returns all elements of the InstanceAttributeName enum @@ -163382,6 +163440,7 @@ func InstanceAttributeName_Values() []string { InstanceAttributeNameSriovNetSupport, InstanceAttributeNameEnaSupport, InstanceAttributeNameEnclaveOptions, + InstanceAttributeNameDisableApiStop, } } diff --git a/service/ivschat/api.go b/service/ivschat/api.go index a041aed4058..bfdee545a37 100644 --- a/service/ivschat/api.go +++ b/service/ivschat/api.go @@ -2281,10 +2281,11 @@ type MessageReviewHandler struct { _ struct{} `type:"structure"` // Specifies the fallback behavior (whether the message is allowed or denied) - // if the handler does not return a valid response, encounters an error or times - // out. If allowed, the message is delivered with returned content to all users - // connected to the room. If denied, the message is not delivered to any user. - // Default: ALLOW. + // if the handler does not return a valid response, encounters an error, or + // times out. (For the timeout period, see Service Quotas (https://docs.aws.amazon.com/ivs/latest/userguide/service-quotas.html).) + // If allowed, the message is delivered with returned content to all users connected + // to the room. If denied, the message is not delivered to any user. Default: + // ALLOW. FallbackResult *string `locationName:"fallbackResult" type:"string" enum:"FallbackResult"` // Identifier of the message review handler. Currently this must be an ARN of diff --git a/service/mediaconvert/api.go b/service/mediaconvert/api.go index 9f52b5eb3be..59e6a23d651 100644 --- a/service/mediaconvert/api.go +++ b/service/mediaconvert/api.go @@ -3223,6 +3223,79 @@ func (s *AiffSettings) SetSampleRate(v int64) *AiffSettings { return s } +// Use Allowed renditions to specify a list of possible resolutions in your +// ABR stack. * MediaConvert will create an ABR stack exclusively from the list +// of resolutions that you specify. * Some resolutions in the Allowed renditions +// list may not be included, however you can force a resolution to be included +// by setting Required to ENABLED. * You must specify at least one resolution +// that is greater than or equal to any resolutions that you specify in Min +// top rendition size or Min bottom rendition size. * If you specify Allowed +// renditions, you must not specify a separate rule for Force include renditions. +type AllowedRenditionSize struct { + _ struct{} `type:"structure"` + + // Use Height to define the video resolution height, in pixels, for this rule. + Height *int64 `locationName:"height" min:"32" type:"integer"` + + // Set to ENABLED to force a rendition to be included. + Required *string `locationName:"required" type:"string" enum:"RequiredFlag"` + + // Use Width to define the video resolution width, in pixels, for this rule. + Width *int64 `locationName:"width" min:"32" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AllowedRenditionSize) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AllowedRenditionSize) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AllowedRenditionSize) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AllowedRenditionSize"} + if s.Height != nil && *s.Height < 32 { + invalidParams.Add(request.NewErrParamMinValue("Height", 32)) + } + if s.Width != nil && *s.Width < 32 { + invalidParams.Add(request.NewErrParamMinValue("Width", 32)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHeight sets the Height field's value. +func (s *AllowedRenditionSize) SetHeight(v int64) *AllowedRenditionSize { + s.Height = &v + return s +} + +// SetRequired sets the Required field's value. +func (s *AllowedRenditionSize) SetRequired(v string) *AllowedRenditionSize { + s.Required = &v + return s +} + +// SetWidth sets the Width field's value. +func (s *AllowedRenditionSize) SetWidth(v int64) *AllowedRenditionSize { + s.Width = &v + return s +} + // Settings for ancillary captions source. type AncillarySourceSettings struct { _ struct{} `type:"structure"` @@ -4125,6 +4198,162 @@ func (s *AudioSelectorGroup) SetAudioSelectorNames(v []*string) *AudioSelectorGr return s } +// Specify one or more Automated ABR rule types. Note: Force include and Allowed +// renditions are mutually exclusive. +type AutomatedAbrRule struct { + _ struct{} `type:"structure"` + + // When customer adds the allowed renditions rule for auto ABR ladder, they + // are required to add at leat one rendition to allowedRenditions list + AllowedRenditions []*AllowedRenditionSize `locationName:"allowedRenditions" type:"list"` + + // When customer adds the force include renditions rule for auto ABR ladder, + // they are required to add at leat one rendition to forceIncludeRenditions + // list + ForceIncludeRenditions []*ForceIncludeRenditionSize `locationName:"forceIncludeRenditions" type:"list"` + + // Use Min bottom rendition size to specify a minimum size for the lowest resolution + // in your ABR stack. * The lowest resolution in your ABR stack will be equal + // to or greater than the value that you enter. For example: If you specify + // 640x360 the lowest resolution in your ABR stack will be equal to or greater + // than to 640x360. * If you specify a Min top rendition size rule, the value + // that you specify for Min bottom rendition size must be less than, or equal + // to, Min top rendition size. + MinBottomRenditionSize *MinBottomRenditionSize `locationName:"minBottomRenditionSize" type:"structure"` + + // Use Min top rendition size to specify a minimum size for the highest resolution + // in your ABR stack. * The highest resolution in your ABR stack will be equal + // to or greater than the value that you enter. For example: If you specify + // 1280x720 the highest resolution in your ABR stack will be equal to or greater + // than 1280x720. * If you specify a value for Max resolution, the value that + // you specify for Min top rendition size must be less than, or equal to, Max + // resolution. + MinTopRenditionSize *MinTopRenditionSize `locationName:"minTopRenditionSize" type:"structure"` + + // Use Min top rendition size to specify a minimum size for the highest resolution + // in your ABR stack. * The highest resolution in your ABR stack will be equal + // to or greater than the value that you enter. For example: If you specify + // 1280x720 the highest resolution in your ABR stack will be equal to or greater + // than 1280x720. * If you specify a value for Max resolution, the value that + // you specify for Min top rendition size must be less than, or equal to, Max + // resolution. Use Min bottom rendition size to specify a minimum size for the + // lowest resolution in your ABR stack. * The lowest resolution in your ABR + // stack will be equal to or greater than the value that you enter. For example: + // If you specify 640x360 the lowest resolution in your ABR stack will be equal + // to or greater than to 640x360. * If you specify a Min top rendition size + // rule, the value that you specify for Min bottom rendition size must be less + // than, or equal to, Min top rendition size. Use Force include renditions to + // specify one or more resolutions to include your ABR stack. * (Recommended) + // To optimize automated ABR, specify as few resolutions as possible. * (Required) + // The number of resolutions that you specify must be equal to, or less than, + // the Max renditions setting. * If you specify a Min top rendition size rule, + // specify at least one resolution that is equal to, or greater than, Min top + // rendition size. * If you specify a Min bottom rendition size rule, only specify + // resolutions that are equal to, or greater than, Min bottom rendition size. + // * If you specify a Force include renditions rule, do not specify a separate + // rule for Allowed renditions. * Note: The ABR stack may include other resolutions + // that you do not specify here, depending on the Max renditions setting. Use + // Allowed renditions to specify a list of possible resolutions in your ABR + // stack. * (Required) The number of resolutions that you specify must be equal + // to, or greater than, the Max renditions setting. * MediaConvert will create + // an ABR stack exclusively from the list of resolutions that you specify. * + // Some resolutions in the Allowed renditions list may not be included, however + // you can force a resolution to be included by setting Required to ENABLED. + // * You must specify at least one resolution that is greater than or equal + // to any resolutions that you specify in Min top rendition size or Min bottom + // rendition size. * If you specify Allowed renditions, you must not specify + // a separate rule for Force include renditions. + Type *string `locationName:"type" type:"string" enum:"RuleType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AutomatedAbrRule) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AutomatedAbrRule) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AutomatedAbrRule) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AutomatedAbrRule"} + if s.AllowedRenditions != nil { + for i, v := range s.AllowedRenditions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "AllowedRenditions", i), err.(request.ErrInvalidParams)) + } + } + } + if s.ForceIncludeRenditions != nil { + for i, v := range s.ForceIncludeRenditions { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ForceIncludeRenditions", i), err.(request.ErrInvalidParams)) + } + } + } + if s.MinBottomRenditionSize != nil { + if err := s.MinBottomRenditionSize.Validate(); err != nil { + invalidParams.AddNested("MinBottomRenditionSize", err.(request.ErrInvalidParams)) + } + } + if s.MinTopRenditionSize != nil { + if err := s.MinTopRenditionSize.Validate(); err != nil { + invalidParams.AddNested("MinTopRenditionSize", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAllowedRenditions sets the AllowedRenditions field's value. +func (s *AutomatedAbrRule) SetAllowedRenditions(v []*AllowedRenditionSize) *AutomatedAbrRule { + s.AllowedRenditions = v + return s +} + +// SetForceIncludeRenditions sets the ForceIncludeRenditions field's value. +func (s *AutomatedAbrRule) SetForceIncludeRenditions(v []*ForceIncludeRenditionSize) *AutomatedAbrRule { + s.ForceIncludeRenditions = v + return s +} + +// SetMinBottomRenditionSize sets the MinBottomRenditionSize field's value. +func (s *AutomatedAbrRule) SetMinBottomRenditionSize(v *MinBottomRenditionSize) *AutomatedAbrRule { + s.MinBottomRenditionSize = v + return s +} + +// SetMinTopRenditionSize sets the MinTopRenditionSize field's value. +func (s *AutomatedAbrRule) SetMinTopRenditionSize(v *MinTopRenditionSize) *AutomatedAbrRule { + s.MinTopRenditionSize = v + return s +} + +// SetType sets the Type field's value. +func (s *AutomatedAbrRule) SetType(v string) *AutomatedAbrRule { + s.Type = &v + return s +} + // Use automated ABR to have MediaConvert set up the renditions in your ABR // package for you automatically, based on characteristics of your input video. // This feature optimizes video quality while minimizing the overall size of @@ -4151,6 +4380,12 @@ type AutomatedAbrSettings struct { // with slow internet connections. If you don't specify a value, MediaConvert // uses 600,000 (600 kb/s) by default. MinAbrBitrate *int64 `locationName:"minAbrBitrate" min:"100000" type:"integer"` + + // Optional. Use Automated ABR rules to specify restrictions for the rendition + // sizes MediaConvert will create in your ABR stack. You can use these rules + // if your ABR workflow has specific rendition size requirements, but you still + // want MediaConvert to optimize for video quality and overall file size. + Rules []*AutomatedAbrRule `locationName:"rules" type:"list"` } // String returns the string representation. @@ -4183,6 +4418,16 @@ func (s *AutomatedAbrSettings) Validate() error { if s.MinAbrBitrate != nil && *s.MinAbrBitrate < 100000 { invalidParams.Add(request.NewErrParamMinValue("MinAbrBitrate", 100000)) } + if s.Rules != nil { + for i, v := range s.Rules { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Rules", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -4208,6 +4453,12 @@ func (s *AutomatedAbrSettings) SetMinAbrBitrate(v int64) *AutomatedAbrSettings { return s } +// SetRules sets the Rules field's value. +func (s *AutomatedAbrSettings) SetRules(v []*AutomatedAbrRule) *AutomatedAbrSettings { + s.Rules = v + return s +} + // Use automated encoding to have MediaConvert choose your encoding settings // for you, based on characteristics of your input video. type AutomatedEncodingSettings struct { @@ -4259,7 +4510,7 @@ func (s *AutomatedEncodingSettings) SetAbrSettings(v *AutomatedAbrSettings) *Aut return s } -// Settings for quality-defined variable bitrate encoding with the H.265 codec. +// Settings for quality-defined variable bitrate encoding with the AV1 codec. // Use these settings only when you set QVBR for Rate control mode (RateControlMode). type Av1QvbrSettings struct { _ struct{} `type:"structure"` @@ -6743,8 +6994,11 @@ type CmfcSettings struct { // value Exclude (EXCLUDE). IFrameOnlyManifest *string `locationName:"iFrameOnlyManifest" type:"string" enum:"CmfcIFrameOnlyManifest"` - // Applies to CMAF outputs. Use this setting to specify whether the service - // inserts the KLV metadata from the input in this output. + // To include key-length-value metadata in this output: Set KLV metadata insertion + // to Passthrough. MediaConvert reads KLV metadata present in your input and + // writes each instance to a separate event message box in the output, according + // to MISB ST1910.1. To exclude this KLV metadata: Set KLV metadata insertion + // to None or leave blank. KlvMetadata *string `locationName:"klvMetadata" type:"string" enum:"CmfcKlvMetadata"` // Use this setting only when you specify SCTE-35 markers from ESAM. Choose @@ -8958,9 +9212,8 @@ func (s DisassociateCertificateOutput) GoString() string { return s.String() } -// With AWS Elemental MediaConvert, you can create profile 5 Dolby Vision outputs -// from MXF and IMF sources that contain mastering information as frame-interleaved -// Dolby Vision metadata. +// With AWS Elemental MediaConvert, you can create profile 5 or 8.1 Dolby Vision +// outputs from MXF and IMF sources. type DolbyVision struct { _ struct{} `type:"structure"` @@ -8972,22 +9225,21 @@ type DolbyVision struct { // MaxCLL and MaxFALL properies. L6Mode *string `locationName:"l6Mode" type:"string" enum:"DolbyVisionLevel6Mode"` - // Required when you set Dolby Vision Profile (Profile) to Profile 8.1 (PROFILE_8_1). - // When you set Content mapping (Mapping) to None (HDR10_NOMAP), content mapping - // is not applied to the HDR10-compatible signal. Depending on the source peak - // nit level, clipping might occur on HDR devices without Dolby Vision. When - // you set Content mapping to Static (HDR10_1000), the transcoder creates a - // 1,000 nits peak HDR10-compatible signal by applying static content mapping - // to the source. This mode is speed-optimized for PQ10 sources with metadata - // that is created from analysis. For graded Dolby Vision content, be aware - // that creative intent might not be guaranteed with extreme 1,000 nits trims. + // Required when you set Dolby Vision Profile to Profile 8.1. When you set Content + // mapping to None, content mapping is not applied to the HDR10-compatible signal. + // Depending on the source peak nit level, clipping might occur on HDR devices + // without Dolby Vision. When you set Content mapping to HDR10 1000, the transcoder + // creates a 1,000 nits peak HDR10-compatible signal by applying static content + // mapping to the source. This mode is speed-optimized for PQ10 sources with + // metadata that is created from analysis. For graded Dolby Vision content, + // be aware that creative intent might not be guaranteed with extreme 1,000 + // nits trims. Mapping *string `locationName:"mapping" type:"string" enum:"DolbyVisionMapping"` - // Required when you use Dolby Vision (DolbyVision) processing. Set Profile - // (DolbyVisionProfile) to Profile 5 (Profile_5) to only include frame-interleaved - // Dolby Vision metadata in your output. Set Profile to Profile 8.1 (Profile_8_1) - // to include both frame-interleaved Dolby Vision metadata and HDR10 metadata - // in your output. + // Required when you use Dolby Vision processing. Set Profile to Profile 5 to + // only include frame-interleaved Dolby Vision metadata in your output. Set + // Profile to Profile 8.1 to include both frame-interleaved Dolby Vision metadata + // and HDR10 metadata in your output. Profile *string `locationName:"profile" type:"string" enum:"DolbyVisionProfile"` } @@ -10945,6 +11197,73 @@ func (s *ForbiddenException) RequestID() string { return s.RespMetadata.RequestID } +// Use Force include renditions to specify one or more resolutions to include +// your ABR stack. * (Recommended) To optimize automated ABR, specify as few +// resolutions as possible. * (Required) The number of resolutions that you +// specify must be equal to, or less than, the Max renditions setting. * If +// you specify a Min top rendition size rule, specify at least one resolution +// that is equal to, or greater than, Min top rendition size. * If you specify +// a Min bottom rendition size rule, only specify resolutions that are equal +// to, or greater than, Min bottom rendition size. * If you specify a Force +// include renditions rule, do not specify a separate rule for Allowed renditions. +// * Note: The ABR stack may include other resolutions that you do not specify +// here, depending on the Max renditions setting. +type ForceIncludeRenditionSize struct { + _ struct{} `type:"structure"` + + // Use Height to define the video resolution height, in pixels, for this rule. + Height *int64 `locationName:"height" min:"32" type:"integer"` + + // Use Width to define the video resolution width, in pixels, for this rule. + Width *int64 `locationName:"width" min:"32" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ForceIncludeRenditionSize) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ForceIncludeRenditionSize) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ForceIncludeRenditionSize) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ForceIncludeRenditionSize"} + if s.Height != nil && *s.Height < 32 { + invalidParams.Add(request.NewErrParamMinValue("Height", 32)) + } + if s.Width != nil && *s.Width < 32 { + invalidParams.Add(request.NewErrParamMinValue("Width", 32)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHeight sets the Height field's value. +func (s *ForceIncludeRenditionSize) SetHeight(v int64) *ForceIncludeRenditionSize { + s.Height = &v + return s +} + +// SetWidth sets the Width field's value. +func (s *ForceIncludeRenditionSize) SetWidth(v int64) *ForceIncludeRenditionSize { + s.Width = &v + return s +} + // Required when you set (Codec) under (VideoDescription)>(CodecSettings) to // the value FRAME_CAPTURE. type FrameCaptureSettings struct { @@ -11429,7 +11748,7 @@ func (s *GetQueueOutput) SetQueue(v *Queue) *GetQueueOutput { return s } -// Settings for quality-defined variable bitrate encoding with the H.265 codec. +// Settings for quality-defined variable bitrate encoding with the H.264 codec. // Use these settings only when you set QVBR for Rate control mode (RateControlMode). type H264QvbrSettings struct { _ struct{} `type:"structure"` @@ -14235,14 +14554,13 @@ func (s *ImageInserter) SetInsertableImages(v []*InsertableImage) *ImageInserter type ImscDestinationSettings struct { _ struct{} `type:"structure"` - // Set Accessibility subtitles (Accessibility) to Enabled (ENABLED) if the ISMC - // or WebVTT captions track is intended to provide accessibility for people - // who are deaf or hard of hearing. When you enable this feature, MediaConvert - // adds the following attributes under EXT-X-MEDIA in the HLS or CMAF manifest - // for this track: CHARACTERISTICS="public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound" - // and AUTOSELECT="YES". Keep the default value, Disabled (DISABLED), if the - // captions track is not intended to provide such accessibility. MediaConvert - // will not add the above attributes. + // Set Accessibility subtitles to Enabled if the ISMC or WebVTT captions track + // is intended to provide accessibility for people who are deaf or hard of hearing. + // When you enable this feature, MediaConvert adds the following attributes + // under EXT-X-MEDIA in the HLS or CMAF manifest for this track: CHARACTERISTICS="public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound" + // and AUTOSELECT="YES". Keep the default value, Disabled, if the captions track + // is not intended to provide such accessibility. MediaConvert will not add + // the above attributes. Accessibility *string `locationName:"accessibility" type:"string" enum:"ImscAccessibilitySubs"` // Keep this setting enabled to have MediaConvert use the font style and position @@ -17281,8 +17599,10 @@ type M2tsSettings struct { // The length, in seconds, of each fragment. Only used with EBP markers. FragmentTime *float64 `locationName:"fragmentTime" type:"double"` - // Applies to MPEG-TS outputs. Use this setting to specify whether the service - // inserts the KLV metadata from the input in this output. + // To include key-length-value metadata in this output: Set KLV metadata insertion + // to Passthrough. MediaConvert reads KLV metadata present in your input and + // passes it through to the output transport stream. To exclude this KLV metadata: + // Set KLV metadata insertion to None or leave blank. KlvMetadata *string `locationName:"klvMetadata" type:"string" enum:"M2tsKlvMetadata"` // Specify the maximum time, in milliseconds, between Program Clock References @@ -17386,8 +17706,7 @@ type M2tsSettings struct { // is set to _none_. SegmentationTime *float64 `locationName:"segmentationTime" type:"double"` - // Specify the packet identifier (PID) for timed metadata in this output. Default - // is 502. + // Packet Identifier (PID) of the ID3 metadata stream in the transport stream. TimedMetadataPid *int64 `locationName:"timedMetadataPid" min:"32" type:"integer"` // Specify the ID for the transport stream itself in the program map table for @@ -17963,6 +18282,132 @@ func (s *M3u8Settings) SetVideoPid(v int64) *M3u8Settings { return s } +// Use Min bottom rendition size to specify a minimum size for the lowest resolution +// in your ABR stack. * The lowest resolution in your ABR stack will be equal +// to or greater than the value that you enter. For example: If you specify +// 640x360 the lowest resolution in your ABR stack will be equal to or greater +// than to 640x360. * If you specify a Min top rendition size rule, the value +// that you specify for Min bottom rendition size must be less than, or equal +// to, Min top rendition size. +type MinBottomRenditionSize struct { + _ struct{} `type:"structure"` + + // Use Height to define the video resolution height, in pixels, for this rule. + Height *int64 `locationName:"height" min:"32" type:"integer"` + + // Use Width to define the video resolution width, in pixels, for this rule. + Width *int64 `locationName:"width" min:"32" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MinBottomRenditionSize) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MinBottomRenditionSize) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *MinBottomRenditionSize) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MinBottomRenditionSize"} + if s.Height != nil && *s.Height < 32 { + invalidParams.Add(request.NewErrParamMinValue("Height", 32)) + } + if s.Width != nil && *s.Width < 32 { + invalidParams.Add(request.NewErrParamMinValue("Width", 32)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHeight sets the Height field's value. +func (s *MinBottomRenditionSize) SetHeight(v int64) *MinBottomRenditionSize { + s.Height = &v + return s +} + +// SetWidth sets the Width field's value. +func (s *MinBottomRenditionSize) SetWidth(v int64) *MinBottomRenditionSize { + s.Width = &v + return s +} + +// Use Min top rendition size to specify a minimum size for the highest resolution +// in your ABR stack. * The highest resolution in your ABR stack will be equal +// to or greater than the value that you enter. For example: If you specify +// 1280x720 the highest resolution in your ABR stack will be equal to or greater +// than 1280x720. * If you specify a value for Max resolution, the value that +// you specify for Min top rendition size must be less than, or equal to, Max +// resolution. +type MinTopRenditionSize struct { + _ struct{} `type:"structure"` + + // Use Height to define the video resolution height, in pixels, for this rule. + Height *int64 `locationName:"height" min:"32" type:"integer"` + + // Use Width to define the video resolution width, in pixels, for this rule. + Width *int64 `locationName:"width" min:"32" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MinTopRenditionSize) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s MinTopRenditionSize) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *MinTopRenditionSize) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MinTopRenditionSize"} + if s.Height != nil && *s.Height < 32 { + invalidParams.Add(request.NewErrParamMinValue("Height", 32)) + } + if s.Width != nil && *s.Width < 32 { + invalidParams.Add(request.NewErrParamMinValue("Width", 32)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetHeight sets the Height field's value. +func (s *MinTopRenditionSize) SetHeight(v int64) *MinTopRenditionSize { + s.Height = &v + return s +} + +// SetWidth sets the Width field's value. +func (s *MinTopRenditionSize) SetWidth(v int64) *MinTopRenditionSize { + s.Width = &v + return s +} + // Overlay motion graphics on top of your video. The motion graphics that you // specify here appear on all outputs in all output groups. For more information, // see https://docs.aws.amazon.com/mediaconvert/latest/ug/motion-graphic-overlay.html. @@ -18578,8 +19023,11 @@ type MpdSettings struct { // MP4 files is separate from your video and audio fragmented MP4 files. CaptionContainerType *string `locationName:"captionContainerType" type:"string" enum:"MpdCaptionContainerType"` - // Applies to DASH ISO outputs. Use this setting to specify whether the service - // inserts the KLV metadata from the input in this output. + // To include key-length-value metadata in this output: Set KLV metadata insertion + // to Passthrough. MediaConvert reads KLV metadata present in your input and + // writes each instance to a separate event message box in the output, according + // to MISB ST1910.1. To exclude this KLV metadata: Set KLV metadata insertion + // to None or leave blank. KlvMetadata *string `locationName:"klvMetadata" type:"string" enum:"MpdKlvMetadata"` // Use this setting only when you specify SCTE-35 markers from ESAM. Choose @@ -25201,14 +25649,13 @@ func (s *WavSettings) SetSampleRate(v int64) *WavSettings { type WebvttDestinationSettings struct { _ struct{} `type:"structure"` - // Set Accessibility subtitles (Accessibility) to Enabled (ENABLED) if the ISMC - // or WebVTT captions track is intended to provide accessibility for people - // who are deaf or hard of hearing. When you enable this feature, MediaConvert - // adds the following attributes under EXT-X-MEDIA in the HLS or CMAF manifest - // for this track: CHARACTERISTICS="public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound" - // and AUTOSELECT="YES". Keep the default value, Disabled (DISABLED), if the - // captions track is not intended to provide such accessibility. MediaConvert - // will not add the above attributes. + // Set Accessibility subtitles to Enabled if the ISMC or WebVTT captions track + // is intended to provide accessibility for people who are deaf or hard of hearing. + // When you enable this feature, MediaConvert adds the following attributes + // under EXT-X-MEDIA in the HLS or CMAF manifest for this track: CHARACTERISTICS="public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound" + // and AUTOSELECT="YES". Keep the default value, Disabled, if the captions track + // is not intended to provide such accessibility. MediaConvert will not add + // the above attributes. Accessibility *string `locationName:"accessibility" type:"string" enum:"WebvttAccessibilitySubs"` // To use the available style, color, and position information from your input @@ -28125,8 +28572,11 @@ func CmfcIFrameOnlyManifest_Values() []string { } } -// Applies to CMAF outputs. Use this setting to specify whether the service -// inserts the KLV metadata from the input in this output. +// To include key-length-value metadata in this output: Set KLV metadata insertion +// to Passthrough. MediaConvert reads KLV metadata present in your input and +// writes each instance to a separate event message box in the output, according +// to MISB ST1910.1. To exclude this KLV metadata: Set KLV metadata insertion +// to None or leave blank. const ( // CmfcKlvMetadataPassthrough is a CmfcKlvMetadata enum value CmfcKlvMetadataPassthrough = "PASSTHROUGH" @@ -28769,15 +29219,15 @@ func DolbyVisionLevel6Mode_Values() []string { } } -// Required when you set Dolby Vision Profile (Profile) to Profile 8.1 (PROFILE_8_1). -// When you set Content mapping (Mapping) to None (HDR10_NOMAP), content mapping -// is not applied to the HDR10-compatible signal. Depending on the source peak -// nit level, clipping might occur on HDR devices without Dolby Vision. When -// you set Content mapping to Static (HDR10_1000), the transcoder creates a -// 1,000 nits peak HDR10-compatible signal by applying static content mapping -// to the source. This mode is speed-optimized for PQ10 sources with metadata -// that is created from analysis. For graded Dolby Vision content, be aware -// that creative intent might not be guaranteed with extreme 1,000 nits trims. +// Required when you set Dolby Vision Profile to Profile 8.1. When you set Content +// mapping to None, content mapping is not applied to the HDR10-compatible signal. +// Depending on the source peak nit level, clipping might occur on HDR devices +// without Dolby Vision. When you set Content mapping to HDR10 1000, the transcoder +// creates a 1,000 nits peak HDR10-compatible signal by applying static content +// mapping to the source. This mode is speed-optimized for PQ10 sources with +// metadata that is created from analysis. For graded Dolby Vision content, +// be aware that creative intent might not be guaranteed with extreme 1,000 +// nits trims. const ( // DolbyVisionMappingHdr10Nomap is a DolbyVisionMapping enum value DolbyVisionMappingHdr10Nomap = "HDR10_NOMAP" @@ -28794,11 +29244,10 @@ func DolbyVisionMapping_Values() []string { } } -// Required when you use Dolby Vision (DolbyVision) processing. Set Profile -// (DolbyVisionProfile) to Profile 5 (Profile_5) to only include frame-interleaved -// Dolby Vision metadata in your output. Set Profile to Profile 8.1 (Profile_8_1) -// to include both frame-interleaved Dolby Vision metadata and HDR10 metadata -// in your output. +// Required when you use Dolby Vision processing. Set Profile to Profile 5 to +// only include frame-interleaved Dolby Vision metadata in your output. Set +// Profile to Profile 8.1 to include both frame-interleaved Dolby Vision metadata +// and HDR10 metadata in your output. const ( // DolbyVisionProfileProfile5 is a DolbyVisionProfile enum value DolbyVisionProfileProfile5 = "PROFILE_5" @@ -31853,14 +32302,13 @@ func HlsTimedMetadataId3Frame_Values() []string { } } -// Set Accessibility subtitles (Accessibility) to Enabled (ENABLED) if the ISMC -// or WebVTT captions track is intended to provide accessibility for people -// who are deaf or hard of hearing. When you enable this feature, MediaConvert -// adds the following attributes under EXT-X-MEDIA in the HLS or CMAF manifest -// for this track: CHARACTERISTICS="public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound" -// and AUTOSELECT="YES". Keep the default value, Disabled (DISABLED), if the -// captions track is not intended to provide such accessibility. MediaConvert -// will not add the above attributes. +// Set Accessibility subtitles to Enabled if the ISMC or WebVTT captions track +// is intended to provide accessibility for people who are deaf or hard of hearing. +// When you enable this feature, MediaConvert adds the following attributes +// under EXT-X-MEDIA in the HLS or CMAF manifest for this track: CHARACTERISTICS="public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound" +// and AUTOSELECT="YES". Keep the default value, Disabled, if the captions track +// is not intended to provide such accessibility. MediaConvert will not add +// the above attributes. const ( // ImscAccessibilitySubsDisabled is a ImscAccessibilitySubs enum value ImscAccessibilitySubsDisabled = "DISABLED" @@ -33132,8 +33580,10 @@ func M2tsForceTsVideoEbpOrder_Values() []string { } } -// Applies to MPEG-TS outputs. Use this setting to specify whether the service -// inserts the KLV metadata from the input in this output. +// To include key-length-value metadata in this output: Set KLV metadata insertion +// to Passthrough. MediaConvert reads KLV metadata present in your input and +// passes it through to the output transport stream. To exclude this KLV metadata: +// Set KLV metadata insertion to None or leave blank. const ( // M2tsKlvMetadataPassthrough is a M2tsKlvMetadata enum value M2tsKlvMetadataPassthrough = "PASSTHROUGH" @@ -33682,8 +34132,11 @@ func MpdCaptionContainerType_Values() []string { } } -// Applies to DASH ISO outputs. Use this setting to specify whether the service -// inserts the KLV metadata from the input in this output. +// To include key-length-value metadata in this output: Set KLV metadata insertion +// to Passthrough. MediaConvert reads KLV metadata present in your input and +// writes each instance to a separate event message box in the output, according +// to MISB ST1910.1. To exclude this KLV metadata: Set KLV metadata insertion +// to None or leave blank. const ( // MpdKlvMetadataNone is a MpdKlvMetadata enum value MpdKlvMetadataNone = "NONE" @@ -34999,6 +35452,23 @@ func RenewalType_Values() []string { } } +// Set to ENABLED to force a rendition to be included. +const ( + // RequiredFlagEnabled is a RequiredFlag enum value + RequiredFlagEnabled = "ENABLED" + + // RequiredFlagDisabled is a RequiredFlag enum value + RequiredFlagDisabled = "DISABLED" +) + +// RequiredFlag_Values returns all elements of the RequiredFlag enum +func RequiredFlag_Values() []string { + return []string{ + RequiredFlagEnabled, + RequiredFlagDisabled, + } +} + // Specifies whether the pricing plan for your reserved queue is ACTIVE or EXPIRED. const ( // ReservationPlanStatusActive is a ReservationPlanStatus enum value @@ -35044,6 +35514,63 @@ func RespondToAfd_Values() []string { } } +// Use Min top rendition size to specify a minimum size for the highest resolution +// in your ABR stack. * The highest resolution in your ABR stack will be equal +// to or greater than the value that you enter. For example: If you specify +// 1280x720 the highest resolution in your ABR stack will be equal to or greater +// than 1280x720. * If you specify a value for Max resolution, the value that +// you specify for Min top rendition size must be less than, or equal to, Max +// resolution. Use Min bottom rendition size to specify a minimum size for the +// lowest resolution in your ABR stack. * The lowest resolution in your ABR +// stack will be equal to or greater than the value that you enter. For example: +// If you specify 640x360 the lowest resolution in your ABR stack will be equal +// to or greater than to 640x360. * If you specify a Min top rendition size +// rule, the value that you specify for Min bottom rendition size must be less +// than, or equal to, Min top rendition size. Use Force include renditions to +// specify one or more resolutions to include your ABR stack. * (Recommended) +// To optimize automated ABR, specify as few resolutions as possible. * (Required) +// The number of resolutions that you specify must be equal to, or less than, +// the Max renditions setting. * If you specify a Min top rendition size rule, +// specify at least one resolution that is equal to, or greater than, Min top +// rendition size. * If you specify a Min bottom rendition size rule, only specify +// resolutions that are equal to, or greater than, Min bottom rendition size. +// * If you specify a Force include renditions rule, do not specify a separate +// rule for Allowed renditions. * Note: The ABR stack may include other resolutions +// that you do not specify here, depending on the Max renditions setting. Use +// Allowed renditions to specify a list of possible resolutions in your ABR +// stack. * (Required) The number of resolutions that you specify must be equal +// to, or greater than, the Max renditions setting. * MediaConvert will create +// an ABR stack exclusively from the list of resolutions that you specify. * +// Some resolutions in the Allowed renditions list may not be included, however +// you can force a resolution to be included by setting Required to ENABLED. +// * You must specify at least one resolution that is greater than or equal +// to any resolutions that you specify in Min top rendition size or Min bottom +// rendition size. * If you specify Allowed renditions, you must not specify +// a separate rule for Force include renditions. +const ( + // RuleTypeMinTopRenditionSize is a RuleType enum value + RuleTypeMinTopRenditionSize = "MIN_TOP_RENDITION_SIZE" + + // RuleTypeMinBottomRenditionSize is a RuleType enum value + RuleTypeMinBottomRenditionSize = "MIN_BOTTOM_RENDITION_SIZE" + + // RuleTypeForceIncludeRenditions is a RuleType enum value + RuleTypeForceIncludeRenditions = "FORCE_INCLUDE_RENDITIONS" + + // RuleTypeAllowedRenditions is a RuleType enum value + RuleTypeAllowedRenditions = "ALLOWED_RENDITIONS" +) + +// RuleType_Values returns all elements of the RuleType enum +func RuleType_Values() []string { + return []string{ + RuleTypeMinTopRenditionSize, + RuleTypeMinBottomRenditionSize, + RuleTypeForceIncludeRenditions, + RuleTypeAllowedRenditions, + } +} + // Choose an Amazon S3 canned ACL for MediaConvert to apply to this output. const ( // S3ObjectCannedAclPublicRead is a S3ObjectCannedAcl enum value @@ -36006,14 +36533,13 @@ func WavFormat_Values() []string { } } -// Set Accessibility subtitles (Accessibility) to Enabled (ENABLED) if the ISMC -// or WebVTT captions track is intended to provide accessibility for people -// who are deaf or hard of hearing. When you enable this feature, MediaConvert -// adds the following attributes under EXT-X-MEDIA in the HLS or CMAF manifest -// for this track: CHARACTERISTICS="public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound" -// and AUTOSELECT="YES". Keep the default value, Disabled (DISABLED), if the -// captions track is not intended to provide such accessibility. MediaConvert -// will not add the above attributes. +// Set Accessibility subtitles to Enabled if the ISMC or WebVTT captions track +// is intended to provide accessibility for people who are deaf or hard of hearing. +// When you enable this feature, MediaConvert adds the following attributes +// under EXT-X-MEDIA in the HLS or CMAF manifest for this track: CHARACTERISTICS="public.accessibility.describes-spoken-dialog,public.accessibility.describes-music-and-sound" +// and AUTOSELECT="YES". Keep the default value, Disabled, if the captions track +// is not intended to provide such accessibility. MediaConvert will not add +// the above attributes. const ( // WebvttAccessibilitySubsDisabled is a WebvttAccessibilitySubs enum value WebvttAccessibilitySubsDisabled = "DISABLED" diff --git a/service/networkmanager/api.go b/service/networkmanager/api.go index f4bbd9621c2..7862c826ba5 100644 --- a/service/networkmanager/api.go +++ b/service/networkmanager/api.go @@ -262,8 +262,8 @@ func (c *NetworkManager) AssociateCustomerGatewayRequest(input *AssociateCustome // If you specify a link, it must be associated with the specified device. // // You can only associate customer gateways that are connected to a VPN attachment -// on a transit gateway. The transit gateway must be registered in your global -// network. When you register a transit gateway, customer gateways that are +// on a transit gateway or core network registered in your global network. When +// you register a transit gateway or core network, customer gateways that are // connected to the transit gateway are automatically included in the global // network. To list customer gateways that are connected to a transit gateway, // use the DescribeVpnConnections (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpnConnections.html) @@ -673,7 +673,7 @@ func (c *NetworkManager) CreateConnectPeerRequest(input *CreateConnectPeerInput) // CreateConnectPeer API operation for AWS Network Manager. // -// Creates a core network connect peer for a specified core network connect +// Creates a core network Connect peer for a specified core network connect // attachment between a core network and an appliance. The peer address and // transit gateway address must be the same IP address family (IPv4 or IPv6). // @@ -1358,7 +1358,8 @@ func (c *NetworkManager) CreateSiteToSiteVpnAttachmentRequest(input *CreateSiteT // CreateSiteToSiteVpnAttachment API operation for AWS Network Manager. // -// Creates a site-to-site VPN attachment on an edge location of a core network. +// Creates an Amazon Web Services site-to-site VPN attachment on an edge location +// of a core network. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2122,7 +2123,8 @@ func (c *NetworkManager) DeleteGlobalNetworkRequest(input *DeleteGlobalNetworkIn // DeleteGlobalNetwork API operation for AWS Network Manager. // // Deletes an existing global network. You must first delete all global network -// objects (devices, links, and sites) and deregister all transit gateways. +// objects (devices, links, and sites), deregister all transit gateways, and +// delete any core networks. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3714,8 +3716,7 @@ func (c *NetworkManager) GetCoreNetworkRequest(input *GetCoreNetworkInput) (req // GetCoreNetwork API operation for AWS Network Manager. // -// Returns information about a core network. By default it returns the LIVE -// policy. +// Returns information about the LIVE policy for a core network. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6698,6 +6699,78 @@ func (c *NetworkManager) ListCoreNetworksPagesWithContext(ctx aws.Context, input return p.Err() } +const opListOrganizationServiceAccessStatus = "ListOrganizationServiceAccessStatus" + +// ListOrganizationServiceAccessStatusRequest generates a "aws/request.Request" representing the +// client's request for the ListOrganizationServiceAccessStatus operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListOrganizationServiceAccessStatus for more information on using the ListOrganizationServiceAccessStatus +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListOrganizationServiceAccessStatusRequest method. +// req, resp := client.ListOrganizationServiceAccessStatusRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/networkmanager-2019-07-05/ListOrganizationServiceAccessStatus +func (c *NetworkManager) ListOrganizationServiceAccessStatusRequest(input *ListOrganizationServiceAccessStatusInput) (req *request.Request, output *ListOrganizationServiceAccessStatusOutput) { + op := &request.Operation{ + Name: opListOrganizationServiceAccessStatus, + HTTPMethod: "GET", + HTTPPath: "/organizations/service-access", + } + + if input == nil { + input = &ListOrganizationServiceAccessStatusInput{} + } + + output = &ListOrganizationServiceAccessStatusOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListOrganizationServiceAccessStatus API operation for AWS Network Manager. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Network Manager's +// API operation ListOrganizationServiceAccessStatus for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/networkmanager-2019-07-05/ListOrganizationServiceAccessStatus +func (c *NetworkManager) ListOrganizationServiceAccessStatus(input *ListOrganizationServiceAccessStatusInput) (*ListOrganizationServiceAccessStatusOutput, error) { + req, out := c.ListOrganizationServiceAccessStatusRequest(input) + return out, req.Send() +} + +// ListOrganizationServiceAccessStatusWithContext is the same as ListOrganizationServiceAccessStatus with the addition of +// the ability to pass a context and additional request options. +// +// See ListOrganizationServiceAccessStatus for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *NetworkManager) ListOrganizationServiceAccessStatusWithContext(ctx aws.Context, input *ListOrganizationServiceAccessStatusInput, opts ...request.Option) (*ListOrganizationServiceAccessStatusOutput, error) { + req, out := c.ListOrganizationServiceAccessStatusRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opListTagsForResource = "ListTagsForResource" // ListTagsForResourceRequest generates a "aws/request.Request" representing the @@ -7275,6 +7348,99 @@ func (c *NetworkManager) RestoreCoreNetworkPolicyVersionWithContext(ctx aws.Cont return out, req.Send() } +const opStartOrganizationServiceAccessUpdate = "StartOrganizationServiceAccessUpdate" + +// StartOrganizationServiceAccessUpdateRequest generates a "aws/request.Request" representing the +// client's request for the StartOrganizationServiceAccessUpdate operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See StartOrganizationServiceAccessUpdate for more information on using the StartOrganizationServiceAccessUpdate +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the StartOrganizationServiceAccessUpdateRequest method. +// req, resp := client.StartOrganizationServiceAccessUpdateRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/networkmanager-2019-07-05/StartOrganizationServiceAccessUpdate +func (c *NetworkManager) StartOrganizationServiceAccessUpdateRequest(input *StartOrganizationServiceAccessUpdateInput) (req *request.Request, output *StartOrganizationServiceAccessUpdateOutput) { + op := &request.Operation{ + Name: opStartOrganizationServiceAccessUpdate, + HTTPMethod: "POST", + HTTPPath: "/organizations/service-access", + } + + if input == nil { + input = &StartOrganizationServiceAccessUpdateInput{} + } + + output = &StartOrganizationServiceAccessUpdateOutput{} + req = c.newRequest(op, input, output) + return +} + +// StartOrganizationServiceAccessUpdate API operation for AWS Network Manager. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Network Manager's +// API operation StartOrganizationServiceAccessUpdate for usage and error information. +// +// Returned Error Types: +// * ValidationException +// The input fails to satisfy the constraints. +// +// * ServiceQuotaExceededException +// A service limit was exceeded. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// * ConflictException +// There was a conflict processing the request. Updating or deleting the resource +// can cause an inconsistent state. +// +// * ThrottlingException +// The request was denied due to request throttling. +// +// * InternalServerException +// The request has failed due to an internal error. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/networkmanager-2019-07-05/StartOrganizationServiceAccessUpdate +func (c *NetworkManager) StartOrganizationServiceAccessUpdate(input *StartOrganizationServiceAccessUpdateInput) (*StartOrganizationServiceAccessUpdateOutput, error) { + req, out := c.StartOrganizationServiceAccessUpdateRequest(input) + return out, req.Send() +} + +// StartOrganizationServiceAccessUpdateWithContext is the same as StartOrganizationServiceAccessUpdate with the addition of +// the ability to pass a context and additional request options. +// +// See StartOrganizationServiceAccessUpdate for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *NetworkManager) StartOrganizationServiceAccessUpdateWithContext(ctx aws.Context, input *StartOrganizationServiceAccessUpdateInput, opts ...request.Option) (*StartOrganizationServiceAccessUpdateOutput, error) { + req, out := c.StartOrganizationServiceAccessUpdateRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opStartRouteAnalysis = "StartRouteAnalysis" // StartRouteAnalysisRequest generates a "aws/request.Request" representing the @@ -8520,6 +8686,44 @@ func (s *AccessDeniedException) RequestID() string { return s.RespMetadata.RequestID } +type AccountStatus struct { + _ struct{} `type:"structure"` + + AccountId *string `type:"string"` + + SLRDeploymentStatus *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccountStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccountStatus) GoString() string { + return s.String() +} + +// SetAccountId sets the AccountId field's value. +func (s *AccountStatus) SetAccountId(v string) *AccountStatus { + s.AccountId = &v + return s +} + +// SetSLRDeploymentStatus sets the SLRDeploymentStatus field's value. +func (s *AccountStatus) SetSLRDeploymentStatus(v string) *AccountStatus { + s.SLRDeploymentStatus = &v + return s +} + type AssociateConnectPeerInput struct { _ struct{} `type:"structure"` @@ -16689,7 +16893,7 @@ func (s *GetVpcAttachmentOutput) SetVpcAttachment(v *VpcAttachment) *GetVpcAttac } // Describes a global network. This is a single private network acting as a -// high-level container for your network objects, including an Amazon Web Services-manged +// high-level container for your network objects, including an Amazon Web Services-managed // Core Network. type GlobalNetwork struct { _ struct{} `type:"structure"` @@ -17461,6 +17665,95 @@ func (s *ListCoreNetworksOutput) SetNextToken(v string) *ListCoreNetworksOutput return s } +type ListOrganizationServiceAccessStatusInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` + + NextToken *string `location:"querystring" locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListOrganizationServiceAccessStatusInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListOrganizationServiceAccessStatusInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListOrganizationServiceAccessStatusInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListOrganizationServiceAccessStatusInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListOrganizationServiceAccessStatusInput) SetMaxResults(v int64) *ListOrganizationServiceAccessStatusInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListOrganizationServiceAccessStatusInput) SetNextToken(v string) *ListOrganizationServiceAccessStatusInput { + s.NextToken = &v + return s +} + +type ListOrganizationServiceAccessStatusOutput struct { + _ struct{} `type:"structure"` + + NextToken *string `type:"string"` + + OrganizationStatus *OrganizationStatus `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListOrganizationServiceAccessStatusOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListOrganizationServiceAccessStatusOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListOrganizationServiceAccessStatusOutput) SetNextToken(v string) *ListOrganizationServiceAccessStatusOutput { + s.NextToken = &v + return s +} + +// SetOrganizationStatus sets the OrganizationStatus field's value. +func (s *ListOrganizationServiceAccessStatusOutput) SetOrganizationStatus(v *OrganizationStatus) *ListOrganizationServiceAccessStatusOutput { + s.OrganizationStatus = v + return s +} + type ListTagsForResourceInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -18114,6 +18407,60 @@ func (s *NetworkTelemetry) SetResourceType(v string) *NetworkTelemetry { return s } +type OrganizationStatus struct { + _ struct{} `type:"structure"` + + AccountStatusList []*AccountStatus `type:"list"` + + OrganizationAwsServiceAccessStatus *string `type:"string"` + + OrganizationId *string `type:"string"` + + SLRDeploymentStatus *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OrganizationStatus) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s OrganizationStatus) GoString() string { + return s.String() +} + +// SetAccountStatusList sets the AccountStatusList field's value. +func (s *OrganizationStatus) SetAccountStatusList(v []*AccountStatus) *OrganizationStatus { + s.AccountStatusList = v + return s +} + +// SetOrganizationAwsServiceAccessStatus sets the OrganizationAwsServiceAccessStatus field's value. +func (s *OrganizationStatus) SetOrganizationAwsServiceAccessStatus(v string) *OrganizationStatus { + s.OrganizationAwsServiceAccessStatus = &v + return s +} + +// SetOrganizationId sets the OrganizationId field's value. +func (s *OrganizationStatus) SetOrganizationId(v string) *OrganizationStatus { + s.OrganizationId = &v + return s +} + +// SetSLRDeploymentStatus sets the SLRDeploymentStatus field's value. +func (s *OrganizationStatus) SetSLRDeploymentStatus(v string) *OrganizationStatus { + s.SLRDeploymentStatus = &v + return s +} + // Describes a path component. type PathComponent struct { _ struct{} `type:"structure"` @@ -19430,6 +19777,80 @@ func (s *SiteToSiteVpnAttachment) SetVpnConnectionArn(v string) *SiteToSiteVpnAt return s } +type StartOrganizationServiceAccessUpdateInput struct { + _ struct{} `type:"structure"` + + // Action is a required field + Action *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartOrganizationServiceAccessUpdateInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartOrganizationServiceAccessUpdateInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *StartOrganizationServiceAccessUpdateInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "StartOrganizationServiceAccessUpdateInput"} + if s.Action == nil { + invalidParams.Add(request.NewErrParamRequired("Action")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAction sets the Action field's value. +func (s *StartOrganizationServiceAccessUpdateInput) SetAction(v string) *StartOrganizationServiceAccessUpdateInput { + s.Action = &v + return s +} + +type StartOrganizationServiceAccessUpdateOutput struct { + _ struct{} `type:"structure"` + + OrganizationStatus *OrganizationStatus `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartOrganizationServiceAccessUpdateOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s StartOrganizationServiceAccessUpdateOutput) GoString() string { + return s.String() +} + +// SetOrganizationStatus sets the OrganizationStatus field's value. +func (s *StartOrganizationServiceAccessUpdateOutput) SetOrganizationStatus(v *OrganizationStatus) *StartOrganizationServiceAccessUpdateOutput { + s.OrganizationStatus = v + return s +} + type StartRouteAnalysisInput struct { _ struct{} `type:"structure"` diff --git a/service/networkmanager/doc.go b/service/networkmanager/doc.go index 96c3cc8e8aa..e007160adb0 100644 --- a/service/networkmanager/doc.go +++ b/service/networkmanager/doc.go @@ -3,9 +3,9 @@ // Package networkmanager provides the client and types for making API // requests to AWS Network Manager. // -// Transit Gateway Network Manager (Network Manager) enables you to create a -// global network, in which you can monitor your Amazon Web Services and on-premises -// networks that are built around transit gateways. +// Amazon Web Services enables you to centrally manage your Amazon Web Services +// Cloud WAN core network and your Transit Gateway network across Amazon Web +// Services accounts, Regions, and on-premises locations. // // See https://docs.aws.amazon.com/goto/WebAPI/networkmanager-2019-07-05 for more information on this service. // diff --git a/service/networkmanager/networkmanageriface/interface.go b/service/networkmanager/networkmanageriface/interface.go index 5971ea4aad0..d94ce38da22 100644 --- a/service/networkmanager/networkmanageriface/interface.go +++ b/service/networkmanager/networkmanageriface/interface.go @@ -353,6 +353,10 @@ type NetworkManagerAPI interface { ListCoreNetworksPages(*networkmanager.ListCoreNetworksInput, func(*networkmanager.ListCoreNetworksOutput, bool) bool) error ListCoreNetworksPagesWithContext(aws.Context, *networkmanager.ListCoreNetworksInput, func(*networkmanager.ListCoreNetworksOutput, bool) bool, ...request.Option) error + ListOrganizationServiceAccessStatus(*networkmanager.ListOrganizationServiceAccessStatusInput) (*networkmanager.ListOrganizationServiceAccessStatusOutput, error) + ListOrganizationServiceAccessStatusWithContext(aws.Context, *networkmanager.ListOrganizationServiceAccessStatusInput, ...request.Option) (*networkmanager.ListOrganizationServiceAccessStatusOutput, error) + ListOrganizationServiceAccessStatusRequest(*networkmanager.ListOrganizationServiceAccessStatusInput) (*request.Request, *networkmanager.ListOrganizationServiceAccessStatusOutput) + ListTagsForResource(*networkmanager.ListTagsForResourceInput) (*networkmanager.ListTagsForResourceOutput, error) ListTagsForResourceWithContext(aws.Context, *networkmanager.ListTagsForResourceInput, ...request.Option) (*networkmanager.ListTagsForResourceOutput, error) ListTagsForResourceRequest(*networkmanager.ListTagsForResourceInput) (*request.Request, *networkmanager.ListTagsForResourceOutput) @@ -377,6 +381,10 @@ type NetworkManagerAPI interface { RestoreCoreNetworkPolicyVersionWithContext(aws.Context, *networkmanager.RestoreCoreNetworkPolicyVersionInput, ...request.Option) (*networkmanager.RestoreCoreNetworkPolicyVersionOutput, error) RestoreCoreNetworkPolicyVersionRequest(*networkmanager.RestoreCoreNetworkPolicyVersionInput) (*request.Request, *networkmanager.RestoreCoreNetworkPolicyVersionOutput) + StartOrganizationServiceAccessUpdate(*networkmanager.StartOrganizationServiceAccessUpdateInput) (*networkmanager.StartOrganizationServiceAccessUpdateOutput, error) + StartOrganizationServiceAccessUpdateWithContext(aws.Context, *networkmanager.StartOrganizationServiceAccessUpdateInput, ...request.Option) (*networkmanager.StartOrganizationServiceAccessUpdateOutput, error) + StartOrganizationServiceAccessUpdateRequest(*networkmanager.StartOrganizationServiceAccessUpdateInput) (*request.Request, *networkmanager.StartOrganizationServiceAccessUpdateOutput) + StartRouteAnalysis(*networkmanager.StartRouteAnalysisInput) (*networkmanager.StartRouteAnalysisOutput, error) StartRouteAnalysisWithContext(aws.Context, *networkmanager.StartRouteAnalysisInput, ...request.Option) (*networkmanager.StartRouteAnalysisOutput, error) StartRouteAnalysisRequest(*networkmanager.StartRouteAnalysisInput) (*request.Request, *networkmanager.StartRouteAnalysisOutput)