From 9d209cd0b54b2961308456e6ba3f9d2d06c2c62a Mon Sep 17 00:00:00 2001 From: aws-sdk-cpp-automation Date: Tue, 6 Aug 2024 18:12:01 +0000 Subject: [PATCH] Advanced security feature updates to include password history and log export for Cognito user pools. This release adds savings percentage support to the ListRecommendationSummaries API. Introduce model invocation output traces for orchestration traces, which contain the model's raw response and usage. Added support for BYOL_GRAPHICS_G4DN_WSP IngestionProcess --- VERSION | 2 +- .../BedrockAgentRuntimeClient.h | 5 +- .../bedrock-agent-runtime/model/FlowInput.h | 12 +- .../model/FlowInputContent.h | 2 +- .../model/FlowOutputContent.h | 7 +- .../model/FlowOutputEvent.h | 10 +- .../model/InferenceConfiguration.h | 2 +- .../KnowledgeBaseRetrievalConfiguration.h | 2 +- .../bedrock-agent-runtime/model/Metadata.h | 59 ++++++++++ .../OrchestrationModelInvocationOutput.h | 94 +++++++++++++++ .../model/OrchestrationTrace.h | 17 +++ .../bedrock-agent-runtime/model/RawResponse.h | 62 ++++++++++ .../aws/bedrock-agent-runtime/model/Usage.h | 71 ++++++++++++ .../source/model/Metadata.cpp | 59 ++++++++++ .../OrchestrationModelInvocationOutput.cpp | 87 ++++++++++++++ .../source/model/OrchestrationTrace.cpp | 14 +++ .../source/model/RawResponse.cpp | 59 ++++++++++ .../source/model/Usage.cpp | 75 ++++++++++++ .../CognitoIdentityProviderClient.h | 30 ++--- .../CognitoIdentityProviderErrors.h | 1 + .../model/CloudWatchLogsConfigurationType.h | 5 +- .../model/CreateUserPoolClientRequest.h | 3 +- .../aws/cognito-idp/model/EventSourceName.h | 3 +- .../model/FirehoseConfigurationType.h | 64 +++++++++++ .../GetLogDeliveryConfigurationRequest.h | 4 +- .../model/GetLogDeliveryConfigurationResult.h | 2 +- .../cognito-idp/model/LogConfigurationType.h | 56 ++++++++- .../model/LogDeliveryConfigurationType.h | 8 +- .../include/aws/cognito-idp/model/LogLevel.h | 3 +- .../cognito-idp/model/PasswordPolicyType.h | 22 ++++ .../cognito-idp/model/S3ConfigurationType.h | 63 ++++++++++ .../SetLogDeliveryConfigurationRequest.h | 6 +- .../aws/cognito-idp/model/SignUpResult.h | 2 +- .../model/UpdateUserPoolClientRequest.h | 3 +- .../cognito-idp/model/UserPoolClientType.h | 5 +- .../source/CognitoIdentityProviderErrors.cpp | 5 + .../source/model/EventSourceName.cpp | 7 ++ .../model/FirehoseConfigurationType.cpp | 59 ++++++++++ .../source/model/LogConfigurationType.cpp | 30 ++++- .../source/model/LogLevel.cpp | 7 ++ .../source/model/PasswordPolicyType.cpp | 15 +++ .../source/model/S3ConfigurationType.cpp | 59 ++++++++++ .../CostOptimizationHubClient.h | 12 +- .../model/ListEnrollmentStatusesResult.h | 2 +- .../ListRecommendationSummariesRequest.h | 22 +++- .../model/ListRecommendationSummariesResult.h | 17 ++- .../model/SummaryMetrics.h | 30 +++++ .../model/SummaryMetricsResult.h | 64 +++++++++++ .../model/UpdateEnrollmentStatusRequest.h | 2 +- .../ListRecommendationSummariesRequest.cpp | 12 ++ .../ListRecommendationSummariesResult.cpp | 6 + .../source/model/SummaryMetrics.cpp | 65 +++++++++++ .../source/model/SummaryMetricsResult.cpp | 59 ++++++++++ .../model/ImportWorkspaceImageRequest.h | 5 +- .../model/WorkspaceImageIngestionProcess.h | 1 + .../model/WorkspaceImageIngestionProcess.cpp | 7 ++ .../include/aws/core/VersionConfig.h | 4 +- ...drock-agent-runtime-2023-07-26.normal.json | 86 +++++++++++--- .../cognito-idp-2016-04-18.normal.json | 108 ++++++++++++++---- ...st-optimization-hub-2022-07-26.normal.json | 38 +++++- .../workspaces-2015-04-08.normal.json | 3 +- 61 files changed, 1530 insertions(+), 114 deletions(-) create mode 100644 generated/src/aws-cpp-sdk-bedrock-agent-runtime/include/aws/bedrock-agent-runtime/model/Metadata.h create mode 100644 generated/src/aws-cpp-sdk-bedrock-agent-runtime/include/aws/bedrock-agent-runtime/model/OrchestrationModelInvocationOutput.h create mode 100644 generated/src/aws-cpp-sdk-bedrock-agent-runtime/include/aws/bedrock-agent-runtime/model/RawResponse.h create mode 100644 generated/src/aws-cpp-sdk-bedrock-agent-runtime/include/aws/bedrock-agent-runtime/model/Usage.h create mode 100644 generated/src/aws-cpp-sdk-bedrock-agent-runtime/source/model/Metadata.cpp create mode 100644 generated/src/aws-cpp-sdk-bedrock-agent-runtime/source/model/OrchestrationModelInvocationOutput.cpp create mode 100644 generated/src/aws-cpp-sdk-bedrock-agent-runtime/source/model/RawResponse.cpp create mode 100644 generated/src/aws-cpp-sdk-bedrock-agent-runtime/source/model/Usage.cpp create mode 100644 generated/src/aws-cpp-sdk-cognito-idp/include/aws/cognito-idp/model/FirehoseConfigurationType.h create mode 100644 generated/src/aws-cpp-sdk-cognito-idp/include/aws/cognito-idp/model/S3ConfigurationType.h create mode 100644 generated/src/aws-cpp-sdk-cognito-idp/source/model/FirehoseConfigurationType.cpp create mode 100644 generated/src/aws-cpp-sdk-cognito-idp/source/model/S3ConfigurationType.cpp create mode 100644 generated/src/aws-cpp-sdk-cost-optimization-hub/include/aws/cost-optimization-hub/model/SummaryMetrics.h create mode 100644 generated/src/aws-cpp-sdk-cost-optimization-hub/include/aws/cost-optimization-hub/model/SummaryMetricsResult.h create mode 100644 generated/src/aws-cpp-sdk-cost-optimization-hub/source/model/SummaryMetrics.cpp create mode 100644 generated/src/aws-cpp-sdk-cost-optimization-hub/source/model/SummaryMetricsResult.cpp diff --git a/VERSION b/VERSION index 46d4cbfb36c..29e82b55b80 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.11.377 \ No newline at end of file +1.11.378 \ No newline at end of file diff --git a/generated/src/aws-cpp-sdk-bedrock-agent-runtime/include/aws/bedrock-agent-runtime/BedrockAgentRuntimeClient.h b/generated/src/aws-cpp-sdk-bedrock-agent-runtime/include/aws/bedrock-agent-runtime/BedrockAgentRuntimeClient.h index 5b3b88906ce..92c41436dd5 100644 --- a/generated/src/aws-cpp-sdk-bedrock-agent-runtime/include/aws/bedrock-agent-runtime/BedrockAgentRuntimeClient.h +++ b/generated/src/aws-cpp-sdk-bedrock-agent-runtime/include/aws/bedrock-agent-runtime/BedrockAgentRuntimeClient.h @@ -182,8 +182,9 @@ namespace BedrockAgentRuntime * output of each node as a stream. If there's an error, the error is returned. For * more information, see Test - * a flow in Amazon Bedrock in the Amazon Bedrock User Guide.

See - * Also:

in the Amazon Bedrock User Guide.

The + * CLI doesn't support streaming operations in Amazon Bedrock, including + * InvokeFlow.

See Also:

AWS * API Reference

*/ diff --git a/generated/src/aws-cpp-sdk-bedrock-agent-runtime/include/aws/bedrock-agent-runtime/model/FlowInput.h b/generated/src/aws-cpp-sdk-bedrock-agent-runtime/include/aws/bedrock-agent-runtime/model/FlowInput.h index c4d7e171abd..aac57ad65a7 100644 --- a/generated/src/aws-cpp-sdk-bedrock-agent-runtime/include/aws/bedrock-agent-runtime/model/FlowInput.h +++ b/generated/src/aws-cpp-sdk-bedrock-agent-runtime/include/aws/bedrock-agent-runtime/model/FlowInput.h @@ -25,8 +25,9 @@ namespace Model { /** - *

Contains information about an input into the flow and what to do with it.

- *

This data type is used in the following API operations:

*/ inline const Aws::Vector& GetApplications() const{ return m_applications; } inline bool ApplicationsHasBeenSet() const { return m_applicationsHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-workspaces/include/aws/workspaces/model/WorkspaceImageIngestionProcess.h b/generated/src/aws-cpp-sdk-workspaces/include/aws/workspaces/model/WorkspaceImageIngestionProcess.h index 2ce2d6c5bbc..1acbbc9cd78 100644 --- a/generated/src/aws-cpp-sdk-workspaces/include/aws/workspaces/model/WorkspaceImageIngestionProcess.h +++ b/generated/src/aws-cpp-sdk-workspaces/include/aws/workspaces/model/WorkspaceImageIngestionProcess.h @@ -21,6 +21,7 @@ namespace Model BYOL_GRAPHICSPRO, BYOL_GRAPHICS_G4DN, BYOL_REGULAR_WSP, + BYOL_GRAPHICS_G4DN_WSP, BYOL_REGULAR_BYOP, BYOL_GRAPHICS_G4DN_BYOP }; diff --git a/generated/src/aws-cpp-sdk-workspaces/source/model/WorkspaceImageIngestionProcess.cpp b/generated/src/aws-cpp-sdk-workspaces/source/model/WorkspaceImageIngestionProcess.cpp index 46a5e61dfa0..27b47a60994 100644 --- a/generated/src/aws-cpp-sdk-workspaces/source/model/WorkspaceImageIngestionProcess.cpp +++ b/generated/src/aws-cpp-sdk-workspaces/source/model/WorkspaceImageIngestionProcess.cpp @@ -25,6 +25,7 @@ namespace Aws static const int BYOL_GRAPHICSPRO_HASH = HashingUtils::HashString("BYOL_GRAPHICSPRO"); static const int BYOL_GRAPHICS_G4DN_HASH = HashingUtils::HashString("BYOL_GRAPHICS_G4DN"); static const int BYOL_REGULAR_WSP_HASH = HashingUtils::HashString("BYOL_REGULAR_WSP"); + static const int BYOL_GRAPHICS_G4DN_WSP_HASH = HashingUtils::HashString("BYOL_GRAPHICS_G4DN_WSP"); static const int BYOL_REGULAR_BYOP_HASH = HashingUtils::HashString("BYOL_REGULAR_BYOP"); static const int BYOL_GRAPHICS_G4DN_BYOP_HASH = HashingUtils::HashString("BYOL_GRAPHICS_G4DN_BYOP"); @@ -52,6 +53,10 @@ namespace Aws { return WorkspaceImageIngestionProcess::BYOL_REGULAR_WSP; } + else if (hashCode == BYOL_GRAPHICS_G4DN_WSP_HASH) + { + return WorkspaceImageIngestionProcess::BYOL_GRAPHICS_G4DN_WSP; + } else if (hashCode == BYOL_REGULAR_BYOP_HASH) { return WorkspaceImageIngestionProcess::BYOL_REGULAR_BYOP; @@ -86,6 +91,8 @@ namespace Aws return "BYOL_GRAPHICS_G4DN"; case WorkspaceImageIngestionProcess::BYOL_REGULAR_WSP: return "BYOL_REGULAR_WSP"; + case WorkspaceImageIngestionProcess::BYOL_GRAPHICS_G4DN_WSP: + return "BYOL_GRAPHICS_G4DN_WSP"; case WorkspaceImageIngestionProcess::BYOL_REGULAR_BYOP: return "BYOL_REGULAR_BYOP"; case WorkspaceImageIngestionProcess::BYOL_GRAPHICS_G4DN_BYOP: diff --git a/src/aws-cpp-sdk-core/include/aws/core/VersionConfig.h b/src/aws-cpp-sdk-core/include/aws/core/VersionConfig.h index 7d518d0dae9..eaf2107768e 100644 --- a/src/aws-cpp-sdk-core/include/aws/core/VersionConfig.h +++ b/src/aws-cpp-sdk-core/include/aws/core/VersionConfig.h @@ -4,7 +4,7 @@ */ #pragma once -#define AWS_SDK_VERSION_STRING "1.11.377" +#define AWS_SDK_VERSION_STRING "1.11.378" #define AWS_SDK_VERSION_MAJOR 1 #define AWS_SDK_VERSION_MINOR 11 -#define AWS_SDK_VERSION_PATCH 377 +#define AWS_SDK_VERSION_PATCH 378 diff --git a/tools/code-generation/api-descriptions/bedrock-agent-runtime-2023-07-26.normal.json b/tools/code-generation/api-descriptions/bedrock-agent-runtime-2023-07-26.normal.json index 87a76e0df1e..22a8d04af21 100644 --- a/tools/code-generation/api-descriptions/bedrock-agent-runtime-2023-07-26.normal.json +++ b/tools/code-generation/api-descriptions/bedrock-agent-runtime-2023-07-26.normal.json @@ -99,7 +99,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ServiceQuotaExceededException"} ], - "documentation":"

Invokes an alias of a flow to run the inputs that you specify and return the output of each node as a stream. If there's an error, the error is returned. For more information, see Test a flow in Amazon Bedrock in the Amazon Bedrock User Guide.

" + "documentation":"

Invokes an alias of a flow to run the inputs that you specify and return the output of each node as a stream. If there's an error, the error is returned. For more information, see Test a flow in Amazon Bedrock in the Amazon Bedrock User Guide.

The CLI doesn't support streaming operations in Amazon Bedrock, including InvokeFlow.

" }, "Retrieve":{ "name":"Retrieve", @@ -822,25 +822,25 @@ "members":{ "content":{ "shape":"FlowInputContent", - "documentation":"

Contains information about an input into the flow.

" + "documentation":"

Contains information about an input into the prompt flow.

" }, "nodeName":{ "shape":"NodeName", - "documentation":"

A name for the input of the flow input node.

" + "documentation":"

The name of the flow input node that begins the prompt flow.

" }, "nodeOutputName":{ "shape":"NodeOutputName", - "documentation":"

A name for the output of the flow input node.

" + "documentation":"

The name of the output from the flow input node that begins the prompt flow.

" } }, - "documentation":"

Contains information about an input into the flow and what to do with it.

This data type is used in the following API operations:

" + "documentation":"

Contains information about an input into the prompt flow and where to send it.

This data type is used in the following API operations:

" }, "FlowInputContent":{ "type":"structure", "members":{ "document":{ "shape":"Document", - "documentation":"

The input for the flow input node.

" + "documentation":"

The input to send to the prompt flow input node.

" } }, "documentation":"

Contains information about an input into the flow.

This data type is used in the following API operations:

", @@ -858,10 +858,10 @@ "members":{ "document":{ "shape":"Document", - "documentation":"

A name for the output of the flow.

" + "documentation":"

The content in the output.

" } }, - "documentation":"

Contains information about the output node.

This data type is used in the following API operations:

", + "documentation":"

Contains information about the content in an output from prompt flow invocation.

This data type is used in the following API operations:

", "union":true }, "FlowOutputEvent":{ @@ -874,18 +874,18 @@ "members":{ "content":{ "shape":"FlowOutputContent", - "documentation":"

The output of the node.

" + "documentation":"

The content in the output.

" }, "nodeName":{ "shape":"NodeName", - "documentation":"

The name of the node to which input was provided.

" + "documentation":"

The name of the flow output node that the output is from.

" }, "nodeType":{ "shape":"NodeType", - "documentation":"

The type of node to which input was provided.

" + "documentation":"

The type of the node that the output is from.

" } }, - "documentation":"

Contains information about an output from flow invoction.

This data type is used in the following API operations:

", + "documentation":"

Contains information about an output from prompt flow invoction.

This data type is used in the following API operations:

", "event":true, "sensitive":true }, @@ -1510,7 +1510,7 @@ }, "topP":{ "shape":"TopP", - "documentation":"

While generating a response, the model determines the probability of the following token at each point of generation. The value that you set for Top P determines the number of most-likely candidates from which the model chooses the next token in the sequence. For example, if you set topP to 80, the model only selects the next token from the top 80% of the probability distribution of next tokens.

" + "documentation":"

While generating a response, the model determines the probability of the following token at each point of generation. The value that you set for Top P determines the number of most-likely candidates from which the model chooses the next token in the sequence. For example, if you set topP to 0.8, the model only selects the next token from the top 80% of the probability distribution of next tokens.

" } }, "documentation":"

Specifications about the inference parameters that were provided alongside the prompt. These are specified in the PromptOverrideConfiguration object that was set when the agent was created or updated. For more information, see Inference parameters for foundation models.

" @@ -1997,6 +1997,17 @@ "type":"string", "enum":["SESSION_SUMMARY"] }, + "Metadata":{ + "type":"structure", + "members":{ + "usage":{ + "shape":"Usage", + "documentation":"

Contains details of the foundation model usage.

" + } + }, + "documentation":"

Provides details of the foundation model.

", + "sensitive":true + }, "MimeType":{"type":"string"}, "ModelInvocationInput":{ "type":"structure", @@ -2109,6 +2120,25 @@ }, "documentation":"

Settings for how the model processes the prompt prior to retrieval and generation.

" }, + "OrchestrationModelInvocationOutput":{ + "type":"structure", + "members":{ + "metadata":{ + "shape":"Metadata", + "documentation":"

Contains information about the foundation model output.

" + }, + "rawResponse":{ + "shape":"RawResponse", + "documentation":"

Contains details of the raw response from the foundation model output.

" + }, + "traceId":{ + "shape":"TraceId", + "documentation":"

The unique identifier of the trace.

" + } + }, + "documentation":"

The foundation model output from the orchestration step.

", + "sensitive":true + }, "OrchestrationTrace":{ "type":"structure", "members":{ @@ -2120,6 +2150,10 @@ "shape":"ModelInvocationInput", "documentation":"

The input for the orchestration step.

" }, + "modelInvocationOutput":{ + "shape":"OrchestrationModelInvocationOutput", + "documentation":"

Contains information pertaining to the output from the foundation model that is being invoked.

" + }, "observation":{ "shape":"Observation", "documentation":"

Details about the observation (the output of the action group Lambda or knowledge base) made by the agent.

" @@ -2381,6 +2415,17 @@ "type":"string", "sensitive":true }, + "RawResponse":{ + "type":"structure", + "members":{ + "content":{ + "shape":"String", + "documentation":"

The foundation model's raw output content.

" + } + }, + "documentation":"

Contains the raw output from the foundation model.

", + "sensitive":true + }, "RepromptResponse":{ "type":"structure", "members":{ @@ -3156,6 +3201,21 @@ "REPROMPT" ] }, + "Usage":{ + "type":"structure", + "members":{ + "inputTokens":{ + "shape":"Integer", + "documentation":"

Contains information about the input tokens from the foundation model usage.

" + }, + "outputTokens":{ + "shape":"Integer", + "documentation":"

Contains information about the output tokens from the foundation model usage.

" + } + }, + "documentation":"

Contains information of the usage of the foundation model.

", + "sensitive":true + }, "ValidationException":{ "type":"structure", "members":{ diff --git a/tools/code-generation/api-descriptions/cognito-idp-2016-04-18.normal.json b/tools/code-generation/api-descriptions/cognito-idp-2016-04-18.normal.json index b1f738186f2..f0c4cc1c384 100644 --- a/tools/code-generation/api-descriptions/cognito-idp-2016-04-18.normal.json +++ b/tools/code-generation/api-descriptions/cognito-idp-2016-04-18.normal.json @@ -70,7 +70,7 @@ {"shape":"UserNotFoundException"}, {"shape":"InternalErrorException"} ], - "documentation":"

This IAM-authenticated API operation provides a code that Amazon Cognito sent to your user when they signed up in your user pool. After your user enters their code, they confirm ownership of the email address or phone number that they provided, and their user account becomes active. Depending on your user pool configuration, your users will receive their confirmation code in an email or SMS message.

Local users who signed up in your user pool are the only type of user who can confirm sign-up with a code. Users who federate through an external identity provider (IdP) have already been confirmed by their IdP. Administrator-created users confirm their accounts when they respond to their invitation email message and choose a password.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

This IAM-authenticated API operation confirms user sign-up as an administrator. Unlike ConfirmSignUp, your IAM credentials authorize user account confirmation. No confirmation code is required.

This request sets a user account active in a user pool that requires confirmation of new user accounts before they can sign in. You can configure your user pool to not send confirmation codes to new users and instead confirm them with this API operation on the back end.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminCreateUser":{ "name":"AdminCreateUser", @@ -404,6 +404,7 @@ {"shape":"ExpiredCodeException"}, {"shape":"UnexpectedLambdaException"}, {"shape":"InvalidPasswordException"}, + {"shape":"PasswordHistoryPolicyViolationException"}, {"shape":"UserLambdaValidationException"}, {"shape":"InvalidLambdaResponseException"}, {"shape":"TooManyRequestsException"}, @@ -454,7 +455,8 @@ {"shape":"InternalErrorException"}, {"shape":"TooManyRequestsException"}, {"shape":"InvalidParameterException"}, - {"shape":"InvalidPasswordException"} + {"shape":"InvalidPasswordException"}, + {"shape":"PasswordHistoryPolicyViolationException"} ], "documentation":"

Sets the specified user's password in a user pool as an administrator. Works on any user.

The password can be temporary or permanent. If it is temporary, the user status enters the FORCE_CHANGE_PASSWORD state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth response will contain the NEW_PASSWORD_REQUIRED challenge. If the user doesn't sign in before it expires, the user won't be able to sign in, and an administrator must reset their password.

Once the user has set a new password, or the password is permanent, the user status is set to Confirmed.

AdminSetUserPassword can set a password for the user profile that Amazon Cognito creates for third-party federated users. When you set a password, the federated user's status changes from EXTERNAL_PROVIDER to CONFIRMED. A user in this state can sign in as a federated user, and initiate authentication flows in the API like a linked native user. They can also modify their password and attributes in token-authenticated API requests like ChangePassword and UpdateUserAttributes. As a best security practice and to keep users in sync with your external IdP, don't set passwords on federated user profiles. To set up a federated user for native sign-in with a linked native user, refer to Linking federated users to an existing user profile.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, @@ -573,7 +575,7 @@ {"shape":"SoftwareTokenMFANotFoundException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response. You can authorize an AssociateSoftwareToken request with either the user's access token, or a session string from a challenge response that you received from Amazon Cognito.

Amazon Cognito disassociates an existing software token when you verify the new token in a VerifySoftwareToken API request. If you don't verify the software token and your user pool doesn't require MFA, the user can then authenticate with user name and password credentials alone. If your user pool requires TOTP MFA, Amazon Cognito generates an MFA_SETUP or SOFTWARE_TOKEN_SETUP challenge each time your user signs. Complete setup with AssociateSoftwareToken and VerifySoftwareToken.

After you set up software token MFA for your user, Amazon Cognito generates a SOFTWARE_TOKEN_MFA challenge when they authenticate. Respond to this challenge with your user's TOTP.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", + "documentation":"

Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response. You can authorize an AssociateSoftwareToken request with either the user's access token, or a session string from a challenge response that you received from Amazon Cognito.

Amazon Cognito disassociates an existing software token when you verify the new token in a VerifySoftwareToken API request. If you don't verify the software token and your user pool doesn't require MFA, the user can then authenticate with user name and password credentials alone. If your user pool requires TOTP MFA, Amazon Cognito generates an MFA_SETUP or SOFTWARE_TOKEN_SETUP challenge each time your user signs in. Complete setup with AssociateSoftwareToken and VerifySoftwareToken.

After you set up software token MFA for your user, Amazon Cognito generates a SOFTWARE_TOKEN_MFA challenge when they authenticate. Respond to this challenge with your user's TOTP.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.

", "authtype":"none", "auth":["smithy.api#noAuth"] }, @@ -589,6 +591,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidParameterException"}, {"shape":"InvalidPasswordException"}, + {"shape":"PasswordHistoryPolicyViolationException"}, {"shape":"NotAuthorizedException"}, {"shape":"TooManyRequestsException"}, {"shape":"LimitExceededException"}, @@ -643,6 +646,7 @@ {"shape":"UserLambdaValidationException"}, {"shape":"InvalidParameterException"}, {"shape":"InvalidPasswordException"}, + {"shape":"PasswordHistoryPolicyViolationException"}, {"shape":"NotAuthorizedException"}, {"shape":"CodeMismatchException"}, {"shape":"ExpiredCodeException"}, @@ -1228,7 +1232,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Gets the detailed activity logging configuration for a user pool.

" + "documentation":"

Gets the logging configuration of a user pool.

" }, "GetSigningCertificate":{ "name":"GetSigningCertificate", @@ -1606,6 +1610,7 @@ {"shape":"UnexpectedLambdaException"}, {"shape":"UserLambdaValidationException"}, {"shape":"InvalidPasswordException"}, + {"shape":"PasswordHistoryPolicyViolationException"}, {"shape":"InvalidLambdaResponseException"}, {"shape":"TooManyRequestsException"}, {"shape":"InvalidUserPoolConfigurationException"}, @@ -1660,7 +1665,7 @@ {"shape":"NotAuthorizedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Sets up or modifies the detailed activity logging configuration of a user pool.

" + "documentation":"

Sets up or modifies the logging configuration of a user pool. User pools can export user notification logs and advanced security features user activity logs.

" }, "SetRiskConfiguration":{ "name":"SetRiskConfiguration", @@ -3509,7 +3514,7 @@ "documentation":"

The Amazon Resource Name (arn) of a CloudWatch Logs log group where your user pool sends logs. The log group must not be encrypted with Key Management Service and must be in the same Amazon Web Services account as your user pool.

To send logs to log groups with a resource policy of a size greater than 5120 characters, configure a log group with a path that starts with /aws/vendedlogs. For more information, see Enabling logging from certain Amazon Web Services services.

" } }, - "documentation":"

The CloudWatch logging destination of a user pool detailed activity logging configuration.

" + "documentation":"

Configuration for the CloudWatch log group destination of user pool detailed activity logging, or of user activity log export with advanced security features.

" }, "CodeDeliveryDetailsListType":{ "type":"list", @@ -4011,7 +4016,7 @@ }, "PreventUserExistenceErrors":{ "shape":"PreventUserExistenceErrorTypes", - "documentation":"

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

" + "documentation":"

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

Defaults to LEGACY when you don't provide a value.

" }, "EnableTokenRevocation":{ "shape":"WrappedBooleanType", @@ -4903,7 +4908,10 @@ }, "EventSourceName":{ "type":"string", - "enum":["userNotification"] + "enum":[ + "userNotification", + "userAuthEvents" + ] }, "EventType":{ "type":"string", @@ -4950,6 +4958,16 @@ "Invalid" ] }, + "FirehoseConfigurationType":{ + "type":"structure", + "members":{ + "StreamArn":{ + "shape":"ArnType", + "documentation":"

The ARN of an Amazon Data Firehose stream that's the destination for advanced security features log export.

" + } + }, + "documentation":"

Configuration for the Amazon Data Firehose stream destination of user activity log export with advanced security features.

" + }, "ForbiddenException":{ "type":"structure", "members":{ @@ -5132,7 +5150,7 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool where you want to view detailed activity logging configuration.

" + "documentation":"

The ID of the user pool that has the logging configuration that you want to view.

" } } }, @@ -5141,7 +5159,7 @@ "members":{ "LogDeliveryConfiguration":{ "shape":"LogDeliveryConfigurationType", - "documentation":"

The detailed activity logging configuration of the requested user pool.

" + "documentation":"

The logging configuration of the requested user pool.

" } } }, @@ -6021,7 +6039,7 @@ "LogConfigurationListType":{ "type":"list", "member":{"shape":"LogConfigurationType"}, - "max":1, + "max":2, "min":0 }, "LogConfigurationType":{ @@ -6033,15 +6051,23 @@ "members":{ "LogLevel":{ "shape":"LogLevel", - "documentation":"

The errorlevel selection of logs that a user pool sends for detailed activity logging.

" + "documentation":"

The errorlevel selection of logs that a user pool sends for detailed activity logging. To send userNotification activity with information about message delivery, choose ERROR with CloudWatchLogsConfiguration. To send userAuthEvents activity with user logs from advanced security features, choose INFO with one of CloudWatchLogsConfiguration, FirehoseConfiguration, or S3Configuration.

" }, "EventSource":{ "shape":"EventSourceName", - "documentation":"

The source of events that your user pool sends for detailed activity logging.

" + "documentation":"

The source of events that your user pool sends for logging. To send error-level logs about user notification activity, set to userNotification. To send info-level logs about advanced security features user activity, set to userAuthEvents.

" }, "CloudWatchLogsConfiguration":{ "shape":"CloudWatchLogsConfigurationType", - "documentation":"

The CloudWatch logging destination of a user pool.

" + "documentation":"

The CloudWatch log group destination of user pool detailed activity logs, or of user activity log export with advanced security features.

" + }, + "S3Configuration":{ + "shape":"S3ConfigurationType", + "documentation":"

The Amazon S3 bucket destination of user activity log export with advanced security features. To activate this setting, advanced security features must be active in your user pool.

" + }, + "FirehoseConfiguration":{ + "shape":"FirehoseConfigurationType", + "documentation":"

The Amazon Data Firehose stream destination of user activity log export with advanced security features. To activate this setting, advanced security features must be active in your user pool.

" } }, "documentation":"

The logging parameters of a user pool.

" @@ -6055,18 +6081,21 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool where you configured detailed activity logging.

" + "documentation":"

The ID of the user pool where you configured logging.

" }, "LogConfigurations":{ "shape":"LogConfigurationListType", - "documentation":"

The detailed activity logging destination of a user pool.

" + "documentation":"

A logging destination of a user pool. User pools can have multiple logging destinations for message-delivery and user-activity logs.

" } }, - "documentation":"

The logging parameters of a user pool.

" + "documentation":"

The logging parameters of a user pool returned in response to GetLogDeliveryConfiguration.

" }, "LogLevel":{ "type":"string", - "enum":["ERROR"] + "enum":[ + "ERROR", + "INFO" + ] }, "LogoutURLsListType":{ "type":"list", @@ -6244,6 +6273,19 @@ "min":1, "pattern":"[\\S]+" }, + "PasswordHistoryPolicyViolationException":{ + "type":"structure", + "members":{ + "message":{"shape":"MessageType"} + }, + "documentation":"

The message returned when a user's new password matches a previous password and doesn't comply with the password-history policy.

", + "exception":true + }, + "PasswordHistorySizeType":{ + "type":"integer", + "max":24, + "min":0 + }, "PasswordPolicyMinLengthType":{ "type":"integer", "max":99, @@ -6272,6 +6314,10 @@ "shape":"BooleanType", "documentation":"

In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password.

" }, + "PasswordHistorySize":{ + "shape":"PasswordHistorySizeType", + "documentation":"

The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of n previous passwords, where n is the value of PasswordHistorySize.

Password history isn't enforced and isn't displayed in DescribeUserPool responses when you set this value to 0 or don't provide it. To activate this setting, advanced security features must be active in your user pool.

" + }, "TemporaryPasswordValidityDays":{ "shape":"TemporaryPasswordValidityDaysType", "documentation":"

The number of days a temporary password is valid in the password policy. If the user doesn't sign in during this time, an administrator must reset their password. Defaults to 7. If you submit a value of 0, Amazon Cognito treats it as a null value and sets TemporaryPasswordValidityDays to its default value.

When you set TemporaryPasswordValidityDays for a user pool, you can no longer set a value for the legacy UnusedAccountValidityDays parameter in that user pool.

" @@ -6752,12 +6798,28 @@ "High" ] }, + "S3ArnType":{ + "type":"string", + "max":1024, + "min":3, + "pattern":"arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:::[\\w+=/,.@-]+(:[\\w+=/,.@-]+)?(:[\\w+=/,.@-]+)?" + }, "S3BucketType":{ "type":"string", "max":1024, "min":3, "pattern":"^[0-9A-Za-z\\.\\-_]*(?The ARN of an Amazon S3 bucket that's the destination for advanced security features log export.

" + } + }, + "documentation":"

Configuration for the Amazon S3 bucket destination of user activity log export with advanced security features.

" + }, "SESConfigurationSet":{ "type":"string", "max":64, @@ -6877,11 +6939,11 @@ "members":{ "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"

The ID of the user pool where you want to configure detailed activity logging .

" + "documentation":"

The ID of the user pool where you want to configure logging.

" }, "LogConfigurations":{ "shape":"LogConfigurationListType", - "documentation":"

A collection of all of the detailed activity logging configurations for a user pool.

" + "documentation":"

A collection of the logging configurations for a user pool.

" } } }, @@ -7112,7 +7174,7 @@ }, "UserSub":{ "shape":"StringType", - "documentation":"

The UUID of the authenticated user. This isn't the same as username.

" + "documentation":"

The 128-bit ID of the authenticated user. This isn't the same as username.

" } }, "documentation":"

The response from the server for a registration request.

" @@ -7778,7 +7840,7 @@ }, "PreventUserExistenceErrors":{ "shape":"PreventUserExistenceErrorTypes", - "documentation":"

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

" + "documentation":"

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

Defaults to LEGACY when you don't provide a value.

" }, "EnableTokenRevocation":{ "shape":"WrappedBooleanType", @@ -8224,7 +8286,7 @@ }, "PreventUserExistenceErrors":{ "shape":"PreventUserExistenceErrorTypes", - "documentation":"

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

" + "documentation":"

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

Defaults to LEGACY when you don't provide a value.

" }, "EnableTokenRevocation":{ "shape":"WrappedBooleanType", diff --git a/tools/code-generation/api-descriptions/cost-optimization-hub-2022-07-26.normal.json b/tools/code-generation/api-descriptions/cost-optimization-hub-2022-07-26.normal.json index 55ee4f5fc93..b66cf10f538 100644 --- a/tools/code-generation/api-descriptions/cost-optimization-hub-2022-07-26.normal.json +++ b/tools/code-generation/api-descriptions/cost-optimization-hub-2022-07-26.normal.json @@ -110,7 +110,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"

Updates the enrollment (opt in and opt out) status of an account to the Cost Optimization Hub service.

If the account is a management account of an organization, this action can also be used to enroll member accounts of the organization.

You must have the appropriate permissions to opt in to Cost Optimization Hub and to view its recommendations. When you opt in, Cost Optimization Hub automatically creates a service-linked role in your account to access its data.

" + "documentation":"

Updates the enrollment (opt in and opt out) status of an account to the Cost Optimization Hub service.

If the account is a management account or delegated administrator of an organization, this action can also be used to enroll member accounts of the organization.

You must have the appropriate permissions to opt in to Cost Optimization Hub and to view its recommendations. When you opt in, Cost Optimization Hub automatically creates a service-linked role in your account to access its data.

" }, "UpdatePreferences":{ "name":"UpdatePreferences", @@ -881,7 +881,7 @@ }, "includeMemberAccounts":{ "shape":"Boolean", - "documentation":"

The enrollment status of all member accounts in the organization if the account is the management account.

" + "documentation":"

The enrollment status of all member accounts in the organization if the account is the management account or delegated administrator.

" }, "nextToken":{ "shape":"String", @@ -900,7 +900,11 @@ }, "maxResults":{ "shape":"ListRecommendationSummariesRequestMaxResultsInteger", - "documentation":"

The maximum number of recommendations that are returned for the request.

" + "documentation":"

The maximum number of recommendations to be returned for the request.

" + }, + "metrics":{ + "shape":"SummaryMetricsList", + "documentation":"

Additional metrics to be returned for the request. The only valid value is savingsPercentage.

" }, "nextToken":{ "shape":"String", @@ -923,7 +927,7 @@ }, "items":{ "shape":"RecommendationSummariesList", - "documentation":"

List of all savings recommendations.

" + "documentation":"

A list of all savings recommendations.

" }, "groupBy":{ "shape":"String", @@ -933,6 +937,10 @@ "shape":"String", "documentation":"

The currency code used for the recommendation.

" }, + "metrics":{ + "shape":"SummaryMetricsResult", + "documentation":"

The results or descriptions for the additional metrics, based on whether the metrics were or were not requested.

" + }, "nextToken":{ "shape":"String", "documentation":"

The token to retrieve the next set of results.

" @@ -1714,6 +1722,26 @@ "documentation":"

The storage configuration used for recommendations.

" }, "String":{"type":"string"}, + "SummaryMetrics":{ + "type":"string", + "enum":["SavingsPercentage"] + }, + "SummaryMetricsList":{ + "type":"list", + "member":{"shape":"SummaryMetrics"}, + "max":100, + "min":1 + }, + "SummaryMetricsResult":{ + "type":"structure", + "members":{ + "savingsPercentage":{ + "shape":"String", + "documentation":"

The savings percentage based on your Amazon Web Services spend over the past 30 days.

Savings percentage is only supported when filtering by Region, account ID, or tags.

" + } + }, + "documentation":"

The results or descriptions for the additional metrics, based on whether the metrics were or were not requested.

" + }, "Tag":{ "type":"structure", "members":{ @@ -1753,7 +1781,7 @@ }, "includeMemberAccounts":{ "shape":"Boolean", - "documentation":"

Indicates whether to enroll member accounts of the organization if the account is the management account.

" + "documentation":"

Indicates whether to enroll member accounts of the organization if the account is the management account or delegated administrator.

" } } }, diff --git a/tools/code-generation/api-descriptions/workspaces-2015-04-08.normal.json b/tools/code-generation/api-descriptions/workspaces-2015-04-08.normal.json index baa446a4c53..306e6faafa9 100644 --- a/tools/code-generation/api-descriptions/workspaces-2015-04-08.normal.json +++ b/tools/code-generation/api-descriptions/workspaces-2015-04-08.normal.json @@ -4171,7 +4171,7 @@ }, "Applications":{ "shape":"ApplicationList", - "documentation":"

If specified, the version of Microsoft Office to subscribe to. Valid only for Windows 10 and 11 BYOL images. For more information about subscribing to Office for BYOL images, see Bring Your Own Windows Desktop Licenses.

  • Although this parameter is an array, only one item is allowed at this time.

  • Windows 11 only supports Microsoft_Office_2019.

" + "documentation":"

If specified, the version of Microsoft Office to subscribe to. Valid only for Windows 10 and 11 BYOL images. For more information about subscribing to Office for BYOL images, see Bring Your Own Windows Desktop Licenses.

  • Although this parameter is an array, only one item is allowed at this time.

  • During the image import process, non-GPU WSP WorkSpaces with Windows 11 support only Microsoft_Office_2019. GPU WSP WorkSpaces with Windows 11 do not support Office installation.

" } } }, @@ -6548,6 +6548,7 @@ "BYOL_GRAPHICSPRO", "BYOL_GRAPHICS_G4DN", "BYOL_REGULAR_WSP", + "BYOL_GRAPHICS_G4DN_WSP", "BYOL_REGULAR_BYOP", "BYOL_GRAPHICS_G4DN_BYOP" ]