Creates a new user in the specified user pool.
If MessageAction isn't set, the default is to send a welcome message via email or phone (SMS).
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call AdminCreateUser with SUPPRESS for the MessageAction parameter, and Amazon Cognito won't send any email.
In either case, the user will be in the FORCE_CHANGE_PASSWORD state until they sign in and change their password.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Creates a new user in the specified user pool.
If MessageAction isn't set, the default is to send a welcome message via email or phone (SMS).
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call AdminCreateUser with SUPPRESS for the MessageAction parameter, and Amazon Cognito won't send any email.
In either case, the user will be in the FORCE_CHANGE_PASSWORD state until they sign in and change their password.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Initiates the authentication flow, as an administrator.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Initiates the authentication flow, as an administrator.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Resets the specified user's password in a user pool as an administrator. Works on any user.
To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Deactivates a user's password, requiring them to change it. If a user tries to sign in after the API is called, Amazon Cognito responds with a PasswordResetRequiredException error. Your app must then perform the actions that reset your user's password: the forgot-password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Resets the specified user's password in a user pool as an administrator. Works on any user.
To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Deactivates a user's password, requiring them to change it. If a user tries to sign in after the API is called, Amazon Cognito responds with a PasswordResetRequiredException error. Your app must then perform the actions that reset your user's password: the forgot-password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. An AdminRespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. An AdminRespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
The user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Sets the user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user. To delete an attribute from your user, submit the attribute in your API request with a blank value.
For custom attributes, you must prepend the custom: prefix to the attribute name.
In addition to updating user attributes, this API can also be used to mark phone and email as verified.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user. To delete an attribute from your user, submit the attribute in your API request with a blank value.
For custom attributes, you must prepend the custom: prefix to the attribute name.
In addition to updating user attributes, this API can also be used to mark phone and email as verified.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Creates a new Amazon Cognito user pool and sets the password policy for the pool.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Creates a new Amazon Cognito user pool and sets the password policy for the pool.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password. For the Username parameter, you can use the username or user alias. The method used to send the confirmation code is sent according to the specified AccountRecoverySetting. For more information, see Recovering User Accounts in the Amazon Cognito Developer Guide. To use the confirmation code for resetting the password, call ConfirmForgotPassword.
If neither a verified phone number nor a verified email exists, this API returns InvalidParameterException. If your app client has a client secret and you don't provide a SECRET_HASH parameter, this API returns NotAuthorizedException.
To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password. For the Username parameter, you can use the username or user alias. The method used to send the confirmation code is sent according to the specified AccountRecoverySetting. For more information, see Recovering User Accounts in the Amazon Cognito Developer Guide. To use the confirmation code for resetting the password, call ConfirmForgotPassword.
If neither a verified phone number nor a verified email exists, this API returns InvalidParameterException. If your app client has a client secret and you don't provide a SECRET_HASH parameter, this API returns NotAuthorizedException.
To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Generates a user attribute verification code for the specified attribute name. Sends a message to a user with a code that they must return in a VerifyUserAttribute request.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Generates a user attribute verification code for the specified attribute name. Sends a message to a user with a code that they must return in a VerifyUserAttribute request.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Initiates sign-in for a user in the Amazon Cognito user directory. You can't sign in a user with a federated IdP with InitiateAuth. For more information, see Adding user pool sign-in through a third party.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Initiates sign-in for a user in the Amazon Cognito user directory. You can't sign in a user with a federated IdP with InitiateAuth. For more information, see Adding user pool sign-in through a third party.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Resends the confirmation (for confirmation of registration) to a specific user in the user pool.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Resends the confirmation (for confirmation of registration) to a specific user in the user pool.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. A RespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. A RespondToAuthChallenge API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Sets the user pool multi-factor authentication (MFA) configuration.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Sets the user pool multi-factor authentication (MFA) configuration.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Registers the user in the specified user pool and creates a user name, password, and user attributes.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Registers the user in the specified user pool and creates a user name, password, and user attributes.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
With this operation, your users can update one or more of their attributes with their own credentials. You authorize this API request with the user's access token. To delete an attribute from your user, submit the attribute in your API request with a blank value. Custom attribute values in this request must include the custom: prefix.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
With this operation, your users can update one or more of their attributes with their own credentials. You authorize this API request with the user's access token. To delete an attribute from your user, submit the attribute in your API request with a blank value. Custom attribute values in this request must include the custom: prefix.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Updates the specified user pool with the specified attributes. You can get a list of the current user pool settings using DescribeUserPool.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Updates the specified user pool with the specified attributes. You can get a list of the current user pool settings using DescribeUserPool.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
The MFA options that are activated for the user. The possible values in this list are SMS_MFA and SOFTWARE_TOKEN_MFA.
The MFA options that are activated for the user. The possible values in this list are SMS_MFA, EMAIL_OTP, and SOFTWARE_TOKEN_MFA.
Represents the response from the server from the request to get the specified user as an administrator.
" @@ -2629,7 +2633,7 @@ "members":{ "ChallengeName":{ "shape":"ChallengeNameType", - "documentation":"The name of the challenge that you're responding to with this call. This is returned in the AdminInitiateAuth response if you must pass another challenge.
MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to authenticate.
SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for text SMS MFA, and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.
DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and PASSWORD directly. An app client must be enabled to use this flow.
NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API operation to modify the value of any additional attributes.
MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.
To set up software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their account and then call InitiateAuth again to restart sign-in.
The name of the challenge that you're responding to with this call. This is returned in the AdminInitiateAuth response if you must pass another challenge.
MFA_SETUP: If MFA is required, users who don't have at least one of the MFA methods set up are presented with an MFA_SETUP challenge. The user must set up at least one MFA type to continue to authenticate.
SELECT_MFA_TYPE: Selects the MFA type. Valid MFA options are SMS_MFA for SMS message MFA, EMAIL_OTP for email message MFA, and SOFTWARE_TOKEN_MFA for time-based one-time password (TOTP) software token MFA.
SMS_MFA: Next challenge is to supply an SMS_MFA_CODEthat your user pool delivered in an SMS message.
EMAIL_OTP: Next challenge is to supply an EMAIL_OTP_CODE that your user pool delivered in an email message.
PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.
DEVICE_SRP_AUTH: If device tracking was activated in your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
ADMIN_NO_SRP_AUTH: This is returned if you must authenticate with USERNAME and PASSWORD directly. An app client must be enabled to use this flow.
NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login. Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see AdminRespondToAuthChallenge.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In AdminRespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the AdminUpdateUserAttributes API operation to modify the value of any additional attributes.
MFA_SETUP: For users who are required to set up an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.
To set up software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken, and use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA, users will need help from an administrator to add a phone number to their account and then call InitiateAuth again to restart sign-in.
The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.
You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret.
\"ChallengeName\": \"SMS_MFA\", \"ChallengeResponses\": {\"SMS_MFA_CODE\": \"[SMS_code]\", \"USERNAME\": \"[username]\"}
\"ChallengeName\": \"PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}
Add \"DEVICE_KEY\" when you sign in with a remembered device.
\"ChallengeName\": \"CUSTOM_CHALLENGE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[challenge_answer]\"}
Add \"DEVICE_KEY\" when you sign in with a remembered device.
\"ChallengeName\": \"NEW_PASSWORD_REQUIRED\", \"ChallengeResponses\": {\"NEW_PASSWORD\": \"[new_password]\", \"USERNAME\": \"[username]\"}
To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add \"userAttributes.[attribute_name]\": \"[attribute_value]\". This parameter can also set values for writable attributes that aren't required by your user pool.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
\"ChallengeName\": \"SOFTWARE_TOKEN_MFA\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"SOFTWARE_TOKEN_MFA_CODE\": [authenticator_code]}
\"ChallengeName\": \"DEVICE_SRP_AUTH\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"DEVICE_KEY\": \"[device_key]\", \"SRP_A\": \"[srp_a]\"}
\"ChallengeName\": \"DEVICE_PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"DEVICE_KEY\": \"[device_key]\", \"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}
\"ChallengeName\": \"MFA_SETUP\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\"}, \"SESSION\": \"[Session ID from VerifySoftwareToken]\"
\"ChallengeName\": \"SELECT_MFA_TYPE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[SMS_MFA or SOFTWARE_TOKEN_MFA]\"}
For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.
You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret.
\"ChallengeName\": \"SMS_MFA\", \"ChallengeResponses\": {\"SMS_MFA_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}
\"ChallengeName\": \"EMAIL_OTP\", \"ChallengeResponses\": {\"EMAIL_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}
This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to this challenge within a few seconds. When the response time exceeds this period, your user pool returns a NotAuthorizedException error.
\"ChallengeName\": \"PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}
Add \"DEVICE_KEY\" when you sign in with a remembered device.
\"ChallengeName\": \"CUSTOM_CHALLENGE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[challenge_answer]\"}
Add \"DEVICE_KEY\" when you sign in with a remembered device.
\"ChallengeName\": \"NEW_PASSWORD_REQUIRED\", \"ChallengeResponses\": {\"NEW_PASSWORD\": \"[new_password]\", \"USERNAME\": \"[username]\"}
To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add \"userAttributes.[attribute_name]\": \"[attribute_value]\". This parameter can also set values for writable attributes that aren't required by your user pool.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
\"ChallengeName\": \"SOFTWARE_TOKEN_MFA\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"SOFTWARE_TOKEN_MFA_CODE\": [authenticator_code]}
\"ChallengeName\": \"DEVICE_SRP_AUTH\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"DEVICE_KEY\": \"[device_key]\", \"SRP_A\": \"[srp_a]\"}
\"ChallengeName\": \"DEVICE_PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"DEVICE_KEY\": \"[device_key]\", \"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}
\"ChallengeName\": \"MFA_SETUP\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\"}, \"SESSION\": \"[Session ID from VerifySoftwareToken]\"
\"ChallengeName\": \"SELECT_MFA_TYPE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[SMS_MFA or SOFTWARE_TOKEN_MFA]\"}
For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
The SMS text message MFA settings.
" + "documentation":"User preferences for SMS message MFA. Activates or deactivates SMS MFA and sets it as the preferred MFA method when multiple methods are available.
" }, "SoftwareTokenMfaSettings":{ "shape":"SoftwareTokenMfaSettingsType", - "documentation":"The time-based one-time password software token MFA settings.
" + "documentation":"User preferences for time-based one-time password (TOTP) MFA. Activates or deactivates TOTP MFA and sets it as the preferred MFA method when multiple methods are available.
" + }, + "EmailMfaSettings":{ + "shape":"EmailMfaSettingsType", + "documentation":"User preferences for email message MFA. Activates or deactivates email MFA and sets it as the preferred MFA method when multiple methods are available. To activate this setting, advanced security features must be active in your user pool.
" }, "Username":{ "shape":"UsernameType", @@ -2925,7 +2933,7 @@ }, "UserPoolId":{ "shape":"UserPoolIdType", - "documentation":"The user pool ID.
" + "documentation":"The ID of the user pool where you want to set a user's MFA preferences.
" } } }, @@ -3413,6 +3421,7 @@ "type":"string", "enum":[ "SMS_MFA", + "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", @@ -3989,7 +3998,7 @@ }, "ReadAttributes":{ "shape":"ClientPermissionListType", - "documentation":"The list of user attributes that you want your app client to have read-only access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.
When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.
The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.
When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.
The email configuration of your user pool. The email configuration type sets your preferred sending method, Amazon Web Services Region, and sender for messages from your user pool.
Amazon Cognito can send email messages with Amazon Simple Email Service resources in the Amazon Web Services Region where you created your user pool, and in alternate Regions in some cases. For more information on the supported Regions, see Email settings for Amazon Cognito user pools.
The template for the email message that your user pool sends to users with an MFA code. The message must contain the {####} placeholder. In the message, Amazon Cognito replaces this placeholder with the code. If you don't provide this parameter, Amazon Cognito sends messages in the default format.
The subject of the email message that your user pool sends to users with an MFA code.
" + } + }, + "documentation":"Sets or shows user pool email message configuration for MFA. Includes the subject and body of the email message template for MFA messages. To activate this setting, advanced security features must be active in your user pool.
" + }, + "EmailMfaMessageType":{ + "type":"string", + "max":20000, + "min":6, + "pattern":"[\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}\\s*]*\\{####\\}[\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}\\s*]*" + }, + "EmailMfaSettingsType":{ + "type":"structure", + "members":{ + "Enabled":{ + "shape":"BooleanType", + "documentation":"Specifies whether email message MFA is active for a user. When the value of this parameter is Enabled, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted.
Specifies whether email message MFA is the user's preferred method.
" + } + }, + "documentation":"User preferences for multi-factor authentication with email messages. Activates or deactivates email MFA and sets it as the preferred MFA method when multiple methods are available. To activate this setting, advanced security features must be active in your user pool.
" + }, + "EmailMfaSubjectType":{ + "type":"string", + "pattern":"[\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}\\s]+" + }, "EmailNotificationBodyType":{ "type":"string", "max":20000, @@ -5272,11 +5319,15 @@ "members":{ "SmsMfaConfiguration":{ "shape":"SmsMfaConfigType", - "documentation":"The SMS text message multi-factor authentication (MFA) configuration.
" + "documentation":"Shows user pool SMS message configuration for MFA. Includes the message template and the SMS message sending configuration for Amazon SNS.
" }, "SoftwareTokenMfaConfiguration":{ "shape":"SoftwareTokenMfaConfigType", - "documentation":"The software token multi-factor authentication (MFA) configuration.
" + "documentation":"Shows user pool configuration for time-based one-time password (TOTP) MFA. Includes TOTP enabled or disabled state.
" + }, + "EmailMfaConfiguration":{ + "shape":"EmailMfaConfigType", + "documentation":"Shows user pool email message configuration for MFA. Includes the subject and body of the email message template for MFA messages. To activate this setting, advanced security features must be active in your user pool.
" }, "MfaConfiguration":{ "shape":"UserPoolMfaType", @@ -5320,7 +5371,7 @@ }, "UserMFASettingList":{ "shape":"UserMFASettingListType", - "documentation":"The MFA options that are activated for the user. The possible values in this list are SMS_MFA and SOFTWARE_TOKEN_MFA.
The MFA options that are activated for the user. The possible values in this list are SMS_MFA, EMAIL_OTP, and SOFTWARE_TOKEN_MFA.
Represents the response from the server from the request to get information about the user.
" @@ -5527,7 +5578,7 @@ "members":{ "ChallengeName":{ "shape":"ChallengeNameType", - "documentation":"The name of the challenge that you're responding to with this call. This name is returned in the InitiateAuth response if you must pass another challenge.
Valid values include the following:
All of the following challenges require USERNAME and SECRET_HASH (if applicable) in the parameters.
SMS_MFA: Next challenge is to supply an SMS_MFA_CODE, delivered via SMS.
PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.
DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login.
Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see RespondToAuthChallenge.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.
To set up software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken. Use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA, an administrator should help the user to add a phone number to their account, and then the user should call InitiateAuth again to restart sign-in.
The name of the challenge that you're responding to with this call. This name is returned in the InitiateAuth response if you must pass another challenge.
Valid values include the following:
All of the following challenges require USERNAME and SECRET_HASH (if applicable) in the parameters.
SMS_MFA: Next challenge is to supply an SMS_MFA_CODEthat your user pool delivered in an SMS message.
EMAIL_OTP: Next challenge is to supply an EMAIL_OTP_CODE that your user pool delivered in an email message.
PASSWORD_VERIFIER: Next challenge is to supply PASSWORD_CLAIM_SIGNATURE, PASSWORD_CLAIM_SECRET_BLOCK, and TIMESTAMP after the client-side SRP calculations.
CUSTOM_CHALLENGE: This is returned if your custom authentication flow determines that the user should pass another challenge before tokens are issued.
DEVICE_SRP_AUTH: If device tracking was activated on your user pool and the previous challenges were passed, this challenge is returned so that Amazon Cognito can start tracking this device.
DEVICE_PASSWORD_VERIFIER: Similar to PASSWORD_VERIFIER, but for devices only.
NEW_PASSWORD_REQUIRED: For users who are required to change their passwords after successful first login.
Respond to this challenge with NEW_PASSWORD and any required attributes that Amazon Cognito returned in the requiredAttributes parameter. You can also set values for attributes that aren't required by your user pool and that your app client can write. For more information, see RespondToAuthChallenge.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
MFA_SETUP: For users who are required to setup an MFA factor before they can sign in. The MFA types activated for the user pool will be listed in the challenge parameters MFAS_CAN_SETUP value.
To set up software token MFA, use the session returned here from InitiateAuth as an input to AssociateSoftwareToken. Use the session returned by VerifySoftwareToken as an input to RespondToAuthChallenge with challenge name MFA_SETUP to complete sign-in. To set up SMS MFA, an administrator should help the user to add a phone number to their account, and then the user should call InitiateAuth again to restart sign-in.
The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.
You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret.
\"ChallengeName\": \"SMS_MFA\", \"ChallengeResponses\": {\"SMS_MFA_CODE\": \"[SMS_code]\", \"USERNAME\": \"[username]\"}
\"ChallengeName\": \"PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}
Add \"DEVICE_KEY\" when you sign in with a remembered device.
\"ChallengeName\": \"CUSTOM_CHALLENGE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[challenge_answer]\"}
Add \"DEVICE_KEY\" when you sign in with a remembered device.
\"ChallengeName\": \"NEW_PASSWORD_REQUIRED\", \"ChallengeResponses\": {\"NEW_PASSWORD\": \"[new_password]\", \"USERNAME\": \"[username]\"}
To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add \"userAttributes.[attribute_name]\": \"[attribute_value]\". This parameter can also set values for writable attributes that aren't required by your user pool.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
\"ChallengeName\": \"SOFTWARE_TOKEN_MFA\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"SOFTWARE_TOKEN_MFA_CODE\": [authenticator_code]}
\"ChallengeName\": \"DEVICE_SRP_AUTH\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"DEVICE_KEY\": \"[device_key]\", \"SRP_A\": \"[srp_a]\"}
\"ChallengeName\": \"DEVICE_PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"DEVICE_KEY\": \"[device_key]\", \"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}
\"ChallengeName\": \"MFA_SETUP\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\"}, \"SESSION\": \"[Session ID from VerifySoftwareToken]\"
\"ChallengeName\": \"SELECT_MFA_TYPE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[SMS_MFA or SOFTWARE_TOKEN_MFA]\"}
For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.
You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret.
\"ChallengeName\": \"SMS_MFA\", \"ChallengeResponses\": {\"SMS_MFA_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}
\"ChallengeName\": \"EMAIL_OTP\", \"ChallengeResponses\": {\"EMAIL_OTP_CODE\": \"[code]\", \"USERNAME\": \"[username]\"}
This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to this challenge within a few seconds. When the response time exceeds this period, your user pool returns a NotAuthorizedException error.
\"ChallengeName\": \"PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}
Add \"DEVICE_KEY\" when you sign in with a remembered device.
\"ChallengeName\": \"CUSTOM_CHALLENGE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[challenge_answer]\"}
Add \"DEVICE_KEY\" when you sign in with a remembered device.
\"ChallengeName\": \"NEW_PASSWORD_REQUIRED\", \"ChallengeResponses\": {\"NEW_PASSWORD\": \"[new_password]\", \"USERNAME\": \"[username]\"}
To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add \"userAttributes.[attribute_name]\": \"[attribute_value]\". This parameter can also set values for writable attributes that aren't required by your user pool.
In a NEW_PASSWORD_REQUIRED challenge response, you can't modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.
\"ChallengeName\": \"SOFTWARE_TOKEN_MFA\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"SOFTWARE_TOKEN_MFA_CODE\": [authenticator_code]}
\"ChallengeName\": \"DEVICE_SRP_AUTH\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"DEVICE_KEY\": \"[device_key]\", \"SRP_A\": \"[srp_a]\"}
\"ChallengeName\": \"DEVICE_PASSWORD_VERIFIER\", \"ChallengeResponses\": {\"DEVICE_KEY\": \"[device_key]\", \"PASSWORD_CLAIM_SIGNATURE\": \"[claim_signature]\", \"PASSWORD_CLAIM_SECRET_BLOCK\": \"[secret_block]\", \"TIMESTAMP\": [timestamp], \"USERNAME\": \"[username]\"}
\"ChallengeName\": \"MFA_SETUP\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\"}, \"SESSION\": \"[Session ID from VerifySoftwareToken]\"
\"ChallengeName\": \"SELECT_MFA_TYPE\", \"ChallengeResponses\": {\"USERNAME\": \"[username]\", \"ANSWER\": \"[SMS_MFA or SOFTWARE_TOKEN_MFA]\"}
For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.
Specifies whether SMS text message MFA is activated. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted.
" + "documentation":"Specifies whether SMS message MFA is activated. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts, unless device tracking is turned on and the device has been trusted.
" }, "PreferredMfa":{ "shape":"BooleanType", @@ -7047,11 +7098,15 @@ "members":{ "SMSMfaSettings":{ "shape":"SMSMfaSettingsType", - "documentation":"The SMS text message multi-factor authentication (MFA) settings.
" + "documentation":"User preferences for SMS message MFA. Activates or deactivates SMS MFA and sets it as the preferred MFA method when multiple methods are available.
" }, "SoftwareTokenMfaSettings":{ "shape":"SoftwareTokenMfaSettingsType", - "documentation":"The time-based one-time password (TOTP) software token MFA settings.
" + "documentation":"User preferences for time-based one-time password (TOTP) MFA. Activates or deactivates TOTP MFA and sets it as the preferred MFA method when multiple methods are available.
" + }, + "EmailMfaSettings":{ + "shape":"EmailMfaSettingsType", + "documentation":"User preferences for email message MFA. Activates or deactivates email MFA and sets it as the preferred MFA method when multiple methods are available. To activate this setting, advanced security features must be active in your user pool.
" }, "AccessToken":{ "shape":"TokenModelType", @@ -7074,11 +7129,15 @@ }, "SmsMfaConfiguration":{ "shape":"SmsMfaConfigType", - "documentation":"The SMS text message MFA configuration.
" + "documentation":"Configures user pool SMS messages for MFA. Sets the message template and the SMS message sending configuration for Amazon SNS.
" }, "SoftwareTokenMfaConfiguration":{ "shape":"SoftwareTokenMfaConfigType", - "documentation":"The software token MFA configuration.
" + "documentation":"Configures a user pool for time-based one-time password (TOTP) MFA. Enables or disables TOTP.
" + }, + "EmailMfaConfiguration":{ + "shape":"EmailMfaConfigType", + "documentation":"Configures user pool email messages for MFA. Sets the subject and body of the email message template for MFA messages. To activate this setting, advanced security features must be active in your user pool.
" }, "MfaConfiguration":{ "shape":"UserPoolMfaType", @@ -7091,11 +7150,15 @@ "members":{ "SmsMfaConfiguration":{ "shape":"SmsMfaConfigType", - "documentation":"The SMS text message MFA configuration.
" + "documentation":"Shows user pool SMS message configuration for MFA. Includes the message template and the SMS message sending configuration for Amazon SNS.
" }, "SoftwareTokenMfaConfiguration":{ "shape":"SoftwareTokenMfaConfigType", - "documentation":"The software token MFA configuration.
" + "documentation":"Shows user pool configuration for time-based one-time password (TOTP) MFA. Includes TOTP enabled or disabled state.
" + }, + "EmailMfaConfiguration":{ + "shape":"EmailMfaConfigType", + "documentation":"Shows user pool email message configuration for MFA. Includes the subject and body of the email message template for MFA messages. To activate this setting, advanced security features must be active in your user pool.
" }, "MfaConfiguration":{ "shape":"UserPoolMfaType", @@ -7225,14 +7288,14 @@ "members":{ "SmsAuthenticationMessage":{ "shape":"SmsVerificationMessageType", - "documentation":"The SMS authentication message that will be sent to users with the code they must sign in. The message must contain the ‘{####}’ placeholder, which is replaced with the code. If the message isn't included, and default message will be used.
" + "documentation":"The SMS message that your user pool sends to users with an MFA code. The message must contain the {####} placeholder. In the message, Amazon Cognito replaces this placeholder with the code. If you don't provide this parameter, Amazon Cognito sends messages in the default format.
The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your Amazon Web Services account through Amazon Simple Notification Service. To request Amazon SNS in the Amazon Web Services Region that you want, the Amazon Cognito user pool uses an Identity and Access Management (IAM) role that you provide for your Amazon Web Services account.
" } }, - "documentation":"The SMS text message multi-factor authentication (MFA) configuration type.
" + "documentation":"Configures user pool SMS messages for multi-factor authentication (MFA). Sets the message template and the SMS message sending configuration for Amazon SNS.
" }, "SmsVerificationMessageType":{ "type":"string", @@ -7263,7 +7326,7 @@ "documentation":"Specifies whether software token MFA is activated.
" } }, - "documentation":"The type used for enabling software token MFA at the user pool level.
" + "documentation":"Configures a user pool for time-based one-time password (TOTP) multi-factor authentication (MFA). Enables or disables TOTP.
" }, "SoftwareTokenMfaSettingsType":{ "type":"structure", @@ -7813,7 +7876,7 @@ }, "ReadAttributes":{ "shape":"ClientPermissionListType", - "documentation":"The list of user attributes that you want your app client to have read-only access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.
When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.
The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.
When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.
The list of user attributes that you want your app client to have read-only access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.
When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.
The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.
When you don't specify the ReadAttributes for your app client, your app can read the values of email_verified, phone_number_verified, and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, ReadAttributes doesn't return any information. Amazon Cognito only populates ReadAttributes in the API response if you have specified your own custom set of read attributes.
The resize specification for the instance fleet.
" + }, + "InstanceTypeConfigs":{ + "shape":"InstanceTypeConfigList", + "documentation":"An array of InstanceTypeConfig objects that specify how Amazon EMR provisions Amazon EC2 instances when it fulfills On-Demand and Spot capacities. For more information, see InstanceTypeConfig.
" } }, "documentation":"Configuration parameters for an instance fleet modification request.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
The launch specification for Spot instances in the fleet, which determines the defined duration, provisioning timeout behavior, and allocation strategy.
" + "documentation":"The launch specification for Spot instances in the fleet, which determines the allocation strategy, defined duration, and provisioning timeout behavior.
" }, "OnDemandSpecification":{ "shape":"OnDemandProvisioningSpecification", - "documentation":"The launch specification for On-Demand Instances in the instance fleet, which determines the allocation strategy.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions. On-Demand Instances allocation strategy is available in Amazon EMR releases 5.12.1 and later.
The launch specification for On-Demand Instances in the instance fleet, which determines the allocation strategy and capacity reservation options.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions. On-Demand Instances allocation strategy is available in Amazon EMR releases 5.12.1 and later.
The launch specification for Spot Instances in the fleet, which determines the defined duration, provisioning timeout behavior, and allocation strategy.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions. On-Demand and Spot instance allocation strategies are available in Amazon EMR releases 5.12.1 and later.
The launch specification for On-Demand and Spot Instances in the fleet.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions. On-Demand and Spot instance allocation strategies are available in Amazon EMR releases 5.12.1 and later.
The resize specification for Spot Instances in the instance fleet, which contains the resize timeout period.
" + "documentation":"The resize specification for Spot Instances in the instance fleet, which contains the allocation strategy and the resize timeout period.
" }, "OnDemandResizeSpecification":{ "shape":"OnDemandResizingSpecification", - "documentation":"The resize specification for On-Demand Instances in the instance fleet, which contains the resize timeout period.
" + "documentation":"The resize specification for On-Demand Instances in the instance fleet, which contains the allocation strategy, capacity reservation options, and the resize timeout period.
" } }, "documentation":"The resize specification for On-Demand and Spot Instances in the fleet.
" @@ -4249,12 +4253,16 @@ }, "OnDemandResizingSpecification":{ "type":"structure", - "required":["TimeoutDurationMinutes"], "members":{ "TimeoutDurationMinutes":{ "shape":"WholeNumber", "documentation":"On-Demand resize timeout in minutes. If On-Demand Instances are not provisioned within this time, the resize workflow stops. The minimum value is 5 minutes, and the maximum value is 10,080 minutes (7 days). The timeout applies to all resize workflows on the Instance Fleet. The resize could be triggered by Amazon EMR Managed Scaling or by the customer (via Amazon EMR Console, Amazon EMR CLI modify-instance-fleet or Amazon EMR SDK ModifyInstanceFleet API) or by Amazon EMR due to Amazon EC2 Spot Reclamation.
" - } + }, + "AllocationStrategy":{ + "shape":"OnDemandProvisioningAllocationStrategy", + "documentation":"Specifies the allocation strategy to use to launch On-Demand instances during a resize. The default is lowest-price.
The resize specification for On-Demand Instances in the instance fleet, which contains the resize timeout period.
" }, @@ -5063,11 +5071,14 @@ }, "SpotResizingSpecification":{ "type":"structure", - "required":["TimeoutDurationMinutes"], "members":{ "TimeoutDurationMinutes":{ "shape":"WholeNumber", "documentation":"Spot resize timeout in minutes. If Spot Instances are not provisioned within this time, the resize workflow will stop provisioning of Spot instances. Minimum value is 5 minutes and maximum value is 10,080 minutes (7 days). The timeout applies to all resize workflows on the Instance Fleet. The resize could be triggered by Amazon EMR Managed Scaling or by the customer (via Amazon EMR Console, Amazon EMR CLI modify-instance-fleet or Amazon EMR SDK ModifyInstanceFleet API) or by Amazon EMR due to Amazon EC2 Spot Reclamation.
" + }, + "AllocationStrategy":{ + "shape":"SpotProvisioningAllocationStrategy", + "documentation":"Specifies the allocation strategy to use to launch Spot instances during a resize. If you run Amazon EMR releases 6.9.0 or higher, the default is price-capacity-optimized. If you run Amazon EMR releases 6.8.0 or lower, the default is capacity-optimized.
The resize specification for Spot Instances in the instance fleet, which contains the resize timeout period.
" diff --git a/botocore/data/glue/2017-03-31/paginators-1.json b/botocore/data/glue/2017-03-31/paginators-1.json index 62622ad921..3d3aa68a10 100644 --- a/botocore/data/glue/2017-03-31/paginators-1.json +++ b/botocore/data/glue/2017-03-31/paginators-1.json @@ -148,6 +148,12 @@ "limit_key": "MaxResults", "output_token": "NextToken", "result_key": "Workflows" + }, + "ListTableOptimizerRuns": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "TableOptimizerRuns" } } } diff --git a/botocore/data/glue/2017-03-31/paginators-1.sdk-extras.json b/botocore/data/glue/2017-03-31/paginators-1.sdk-extras.json new file mode 100644 index 0000000000..4d788b1611 --- /dev/null +++ b/botocore/data/glue/2017-03-31/paginators-1.sdk-extras.json @@ -0,0 +1,14 @@ +{ + "version": 1, + "merge": { + "pagination": { + "ListTableOptimizerRuns": { + "non_aggregate_keys": [ + "CatalogId", + "DatabaseName", + "TableName" + ] + } + } + } +} diff --git a/botocore/data/glue/2017-03-31/service-2.json b/botocore/data/glue/2017-03-31/service-2.json index 74b9922f8f..e66a37a051 100644 --- a/botocore/data/glue/2017-03-31/service-2.json +++ b/botocore/data/glue/2017-03-31/service-2.json @@ -216,7 +216,11 @@ "input":{"shape":"BatchGetTableOptimizerRequest"}, "output":{"shape":"BatchGetTableOptimizerResponse"}, "errors":[ - {"shape":"InternalServiceException"} + {"shape":"EntityNotFoundException"}, + {"shape":"InvalidInputException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceException"}, + {"shape":"ThrottlingException"} ], "documentation":"Returns the configuration for the specified table optimizers.
" }, @@ -717,10 +721,12 @@ "output":{"shape":"CreateTableOptimizerResponse"}, "errors":[ {"shape":"EntityNotFoundException"}, + {"shape":"ValidationException"}, {"shape":"InvalidInputException"}, {"shape":"AccessDeniedException"}, {"shape":"AlreadyExistsException"}, - {"shape":"InternalServiceException"} + {"shape":"InternalServiceException"}, + {"shape":"ThrottlingException"} ], "documentation":"Creates a new table optimizer for a specific function. compaction is the only currently supported optimizer type.
Deletes an optimizer and all associated metadata for a table. The optimization will no longer be performed on the table.
" }, @@ -2111,7 +2118,8 @@ {"shape":"EntityNotFoundException"}, {"shape":"InvalidInputException"}, {"shape":"AccessDeniedException"}, - {"shape":"InternalServiceException"} + {"shape":"InternalServiceException"}, + {"shape":"ThrottlingException"} ], "documentation":"Returns the configuration of all optimizers associated with a specified table.
" }, @@ -2707,7 +2715,9 @@ {"shape":"EntityNotFoundException"}, {"shape":"AccessDeniedException"}, {"shape":"InvalidInputException"}, - {"shape":"InternalServiceException"} + {"shape":"ValidationException"}, + {"shape":"InternalServiceException"}, + {"shape":"ThrottlingException"} ], "documentation":"Lists the history of previous optimizer runs for a specific table.
" }, @@ -3643,7 +3653,10 @@ {"shape":"EntityNotFoundException"}, {"shape":"InvalidInputException"}, {"shape":"AccessDeniedException"}, - {"shape":"InternalServiceException"} + {"shape":"ValidationException"}, + {"shape":"InternalServiceException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConcurrentModificationException"} ], "documentation":"Updates the configuration for an existing table optimizer.
" }, @@ -4931,7 +4944,7 @@ }, "tableOptimizer":{ "shape":"TableOptimizer", - "documentation":"A TableOptimizer object that contains details on the configuration and last run of a table optimzer.
A TableOptimizer object that contains details on the configuration and last run of a table optimizer.
Contains details for one of the table optimizers returned by the BatchGetTableOptimizer operation.
A structure containing the Iceberg compaction metrics for the optimizer run.
" + } + }, + "documentation":"A structure that contains compaction metrics for the optimizer run.
" + }, "Comparator":{ "type":"string", "enum":[ @@ -14253,6 +14276,28 @@ "type":"string", "pattern":"^arn:aws(-(cn|us-gov|iso(-[bef])?))?:iam::[0-9]{12}:role/.+" }, + "IcebergCompactionMetrics":{ + "type":"structure", + "members":{ + "NumberOfBytesCompacted":{ + "shape":"metricCounts", + "documentation":"The number of bytes removed by the compaction job run.
" + }, + "NumberOfFilesCompacted":{ + "shape":"metricCounts", + "documentation":"The number of files removed by the compaction job run.
" + }, + "NumberOfDpus":{ + "shape":"dpuCounts", + "documentation":"The number of DPU hours consumed by the job.
" + }, + "JobDurationInHour":{ + "shape":"dpuDurationInHour", + "documentation":"The duration of the job in hours.
" + } + }, + "documentation":"Compaction metrics for Iceberg for the optimizer run.
" + }, "IcebergInput":{ "type":"structure", "required":["MetadataOperation"], @@ -14268,6 +14313,82 @@ }, "documentation":"A structure that defines an Apache Iceberg metadata table to create in the catalog.
" }, + "IcebergOrphanFileDeletionConfiguration":{ + "type":"structure", + "members":{ + "orphanFileRetentionPeriodInDays":{ + "shape":"NullableInteger", + "documentation":"The number of days that orphan files should be retained before file deletion. If an input is not provided, the default value 3 will be used.
" + }, + "location":{ + "shape":"MessageString", + "documentation":"Specifies a directory in which to look for files (defaults to the table's location). You may choose a sub-directory rather than the top-level table location.
" + } + }, + "documentation":"The configuration for an Iceberg orphan file deletion optimizer.
" + }, + "IcebergOrphanFileDeletionMetrics":{ + "type":"structure", + "members":{ + "NumberOfOrphanFilesDeleted":{ + "shape":"metricCounts", + "documentation":"The number of orphan files deleted by the orphan file deletion job run.
" + }, + "NumberOfDpus":{ + "shape":"dpuCounts", + "documentation":"The number of DPU hours consumed by the job.
" + }, + "JobDurationInHour":{ + "shape":"dpuDurationInHour", + "documentation":"The duration of the job in hours.
" + } + }, + "documentation":"Orphan file deletion metrics for Iceberg for the optimizer run.
" + }, + "IcebergRetentionConfiguration":{ + "type":"structure", + "members":{ + "snapshotRetentionPeriodInDays":{ + "shape":"NullableInteger", + "documentation":"The number of days to retain the Iceberg snapshots. If an input is not provided, the corresponding Iceberg table configuration field will be used or if not present, the default value 5 will be used.
" + }, + "numberOfSnapshotsToRetain":{ + "shape":"NullableInteger", + "documentation":"The number of Iceberg snapshots to retain within the retention period. If an input is not provided, the corresponding Iceberg table configuration field will be used or if not present, the default value 1 will be used.
" + }, + "cleanExpiredFiles":{ + "shape":"NullableBoolean", + "documentation":"If set to false, snapshots are only deleted from table metadata, and the underlying data and metadata files are not deleted.
" + } + }, + "documentation":"The configuration for an Iceberg snapshot retention optimizer.
" + }, + "IcebergRetentionMetrics":{ + "type":"structure", + "members":{ + "NumberOfDataFilesDeleted":{ + "shape":"metricCounts", + "documentation":"The number of data files deleted by the retention job run.
" + }, + "NumberOfManifestFilesDeleted":{ + "shape":"metricCounts", + "documentation":"The number of manifest files deleted by the retention job run.
" + }, + "NumberOfManifestListsDeleted":{ + "shape":"metricCounts", + "documentation":"The number of manifest lists deleted by the retention job run.
" + }, + "NumberOfDpus":{ + "shape":"dpuCounts", + "documentation":"The number of DPU hours consumed by the job.
" + }, + "JobDurationInHour":{ + "shape":"dpuDurationInHour", + "documentation":"The duration of the job in hours.
" + } + }, + "documentation":"Snapshot retention metrics for Iceberg for the optimizer run.
" + }, "IcebergTarget":{ "type":"structure", "members":{ @@ -17283,6 +17404,26 @@ "type":"list", "member":{"shape":"Order"} }, + "OrphanFileDeletionConfiguration":{ + "type":"structure", + "members":{ + "icebergConfiguration":{ + "shape":"IcebergOrphanFileDeletionConfiguration", + "documentation":"The configuration for an Iceberg orphan file deletion optimizer.
" + } + }, + "documentation":"The configuration for an orphan file deletion optimizer.
" + }, + "OrphanFileDeletionMetrics":{ + "type":"structure", + "members":{ + "IcebergMetrics":{ + "shape":"IcebergOrphanFileDeletionMetrics", + "documentation":"A structure containing the Iceberg orphan file deletion metrics for the optimizer run.
" + } + }, + "documentation":"A structure that contains orphan file deletion metrics for the optimizer run.
" + }, "OtherMetadataValueList":{ "type":"list", "member":{"shape":"OtherMetadataValueListItem"} @@ -18593,6 +18734,26 @@ } } }, + "RetentionConfiguration":{ + "type":"structure", + "members":{ + "icebergConfiguration":{ + "shape":"IcebergRetentionConfiguration", + "documentation":"The configuration for an Iceberg snapshot retention optimizer.
" + } + }, + "documentation":"The configuration for a snapshot retention optimizer.
" + }, + "RetentionMetrics":{ + "type":"structure", + "members":{ + "IcebergMetrics":{ + "shape":"IcebergRetentionMetrics", + "documentation":"A structure containing the Iceberg retention metrics for the optimizer run.
" + } + }, + "documentation":"A structure that contains retention metrics for the optimizer run.
" + }, "Role":{"type":"string"}, "RoleArn":{ "type":"string", @@ -18641,7 +18802,7 @@ "documentation":"The duration of the job in hours.
" } }, - "documentation":"Metrics for the optimizer run.
" + "documentation":"Metrics for the optimizer run.
This structure is deprecated. See the individual metric members for compaction, retention, and orphan file deletion.
" }, "RunStatementRequest":{ "type":"structure", @@ -21558,7 +21719,7 @@ "members":{ "type":{ "shape":"TableOptimizerType", - "documentation":"The type of table optimizer. Currently, the only valid value is compaction.
The type of table optimizer. The valid values are:
compaction: for managing compaction with a table optimizer.
retention: for managing the retention of snapshot with a table optimizer.
orphan_file_deletion: for managing the deletion of orphan files with a table optimizer.
Whether table optimization is enabled.
" + "documentation":"Whether table optimization is enabled.
" + }, + "retentionConfiguration":{ + "shape":"RetentionConfiguration", + "documentation":"The configuration for a snapshot retention optimizer.
" + }, + "orphanFileDeletionConfiguration":{ + "shape":"OrphanFileDeletionConfiguration", + "documentation":"The configuration for an orphan file deletion optimizer.
" } }, "documentation":"Contains details on the configuration of a table optimizer. You pass this configuration when creating or updating a table optimizer.
" @@ -21611,11 +21780,25 @@ }, "metrics":{ "shape":"RunMetrics", - "documentation":"A RunMetrics object containing metrics for the optimizer run.
A RunMetrics object containing metrics for the optimizer run.
This member is deprecated. See the individual metric members for compaction, retention, and orphan file deletion.
", + "deprecated":true, + "deprecatedMessage":"Metrics has been replaced by optimizer type specific metrics such as IcebergCompactionMetrics" }, "error":{ "shape":"MessageString", "documentation":"An error that occured during the optimizer run.
" + }, + "compactionMetrics":{ + "shape":"CompactionMetrics", + "documentation":"A CompactionMetrics object containing metrics for the optimizer run.
A RetentionMetrics object containing metrics for the optimizer run.
An OrphanFileDeletionMetrics object containing metrics for the optimizer run.
Contains details for a table optimizer run.
" @@ -21627,7 +21810,11 @@ }, "TableOptimizerType":{ "type":"string", - "enum":["compaction"] + "enum":[ + "compaction", + "retention", + "orphan_file_deletion" + ] }, "TablePrefix":{ "type":"string", @@ -21920,6 +22107,17 @@ "FIND_MATCHES" ] }, + "ThrottlingException":{ + "type":"structure", + "members":{ + "Message":{ + "shape":"MessageString", + "documentation":"A message describing the problem.
" + } + }, + "documentation":"The throttling threshhold was exceeded.
", + "exception":true + }, "Timeout":{ "type":"integer", "box":true, @@ -23902,6 +24100,9 @@ "min":1 }, "double":{"type":"double"}, + "dpuCounts":{"type":"integer"}, + "dpuDurationInHour":{"type":"double"}, + "metricCounts":{"type":"long"}, "tableNameString":{ "type":"string", "min":1 diff --git a/botocore/data/mediaconvert/2017-08-29/paginators-1.json b/botocore/data/mediaconvert/2017-08-29/paginators-1.json index edee23dc7b..1f93efd8f9 100644 --- a/botocore/data/mediaconvert/2017-08-29/paginators-1.json +++ b/botocore/data/mediaconvert/2017-08-29/paginators-1.json @@ -35,6 +35,12 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "Jobs" + }, + "ListVersions": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Versions" } } } diff --git a/botocore/data/mediaconvert/2017-08-29/service-2.json b/botocore/data/mediaconvert/2017-08-29/service-2.json index db3e021b4c..62560d41aa 100644 --- a/botocore/data/mediaconvert/2017-08-29/service-2.json +++ b/botocore/data/mediaconvert/2017-08-29/service-2.json @@ -919,6 +919,47 @@ ], "documentation": "Retrieve the tags for a MediaConvert resource." }, + "ListVersions": { + "name": "ListVersions", + "http": { + "method": "GET", + "requestUri": "/2017-08-29/versions", + "responseCode": 200 + }, + "input": { + "shape": "ListVersionsRequest" + }, + "output": { + "shape": "ListVersionsResponse" + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "The service can't process your request because of a problem in the request. Please check your request form and syntax." + }, + { + "shape": "InternalServerErrorException", + "documentation": "The service encountered an unexpected condition and can't fulfill your request." + }, + { + "shape": "ForbiddenException", + "documentation": "You don't have permissions for this action with the credentials you sent." + }, + { + "shape": "NotFoundException", + "documentation": "The resource you requested doesn't exist." + }, + { + "shape": "TooManyRequestsException", + "documentation": "Too many requests have been sent in too short of a time. The service limits the rate at which it will accept requests." + }, + { + "shape": "ConflictException", + "documentation": "The service couldn't complete your request because there is a conflict with the current state of the resource." + } + ], + "documentation": "Retrieve a JSON array of all available Job engine versions and the date they expire." + }, "PutPolicy": { "name": "PutPolicy", "http": { @@ -1218,7 +1259,7 @@ }, "AacCodecProfile": { "type": "string", - "documentation": "AAC Profile.", + "documentation": "Specify the AAC profile. For the widest player compatibility and where higher bitrates are acceptable: Keep the default profile, LC (AAC-LC) For improved audio performance at lower bitrates: Choose HEV1 or HEV2. HEV1 (AAC-HE v1) adds spectral band replication to improve speech audio at low bitrates. HEV2 (AAC-HE v2) adds parametric stereo, which optimizes for encoding stereo audio at very low bitrates.", "enum": [ "LC", "HEV1", @@ -1238,7 +1279,7 @@ }, "AacRateControlMode": { "type": "string", - "documentation": "Rate Control Mode.", + "documentation": "Specify the AAC rate control mode. For a constant bitrate: Choose CBR. Your AAC output bitrate will be equal to the value that you choose for Bitrate. For a variable bitrate: Choose VBR. Your AAC output bitrate will vary according to your audio content and the value that you choose for Bitrate quality.", "enum": [ "CBR", "VBR" @@ -1268,7 +1309,7 @@ "CodecProfile": { "shape": "AacCodecProfile", "locationName": "codecProfile", - "documentation": "AAC Profile." + "documentation": "Specify the AAC profile. For the widest player compatibility and where higher bitrates are acceptable: Keep the default profile, LC (AAC-LC) For improved audio performance at lower bitrates: Choose HEV1 or HEV2. HEV1 (AAC-HE v1) adds spectral band replication to improve speech audio at low bitrates. HEV2 (AAC-HE v2) adds parametric stereo, which optimizes for encoding stereo audio at very low bitrates." }, "CodingMode": { "shape": "AacCodingMode", @@ -1278,7 +1319,7 @@ "RateControlMode": { "shape": "AacRateControlMode", "locationName": "rateControlMode", - "documentation": "Rate Control Mode." + "documentation": "Specify the AAC rate control mode. For a constant bitrate: Choose CBR. Your AAC output bitrate will be equal to the value that you choose for Bitrate. For a variable bitrate: Choose VBR. Your AAC output bitrate will vary according to your audio content and the value that you choose for Bitrate quality." }, "RawFormat": { "shape": "AacRawFormat", @@ -1288,7 +1329,7 @@ "SampleRate": { "shape": "__integerMin8000Max96000", "locationName": "sampleRate", - "documentation": "Specify the Sample rate in Hz. Valid sample rates depend on the Profile and Coding mode that you select. The following list shows valid sample rates for each Profile and Coding mode. * LC Profile, Coding mode 1.0, 2.0, and Receiver Mix: 8000, 12000, 16000, 22050, 24000, 32000, 44100, 48000, 88200, 96000. * LC Profile, Coding mode 5.1: 32000, 44100, 48000, 96000. * HEV1 Profile, Coding mode 1.0 and Receiver Mix: 22050, 24000, 32000, 44100, 48000. * HEV1 Profile, Coding mode 2.0 and 5.1: 32000, 44100, 48000, 96000. * HEV2 Profile, Coding mode 2.0: 22050, 24000, 32000, 44100, 48000." + "documentation": "Specify the AAC sample rate in samples per second (Hz). Valid sample rates depend on the AAC profile and Coding mode that you select. For a list of supported sample rates, see: https://docs.aws.amazon.com/mediaconvert/latest/ug/aac-support.html" }, "Specification": { "shape": "AacSpecification", @@ -1298,7 +1339,7 @@ "VbrQuality": { "shape": "AacVbrQuality", "locationName": "vbrQuality", - "documentation": "VBR Quality Level - Only used if rate_control_mode is VBR." + "documentation": "Specify the quality of your variable bitrate (VBR) AAC audio. For a list of approximate VBR bitrates, see: https://docs.aws.amazon.com/mediaconvert/latest/ug/aac-support.html#aac_vbr" } }, "documentation": "Required when you set Codec to the value AAC. The service accepts one of two mutually exclusive groups of AAC settings--VBR and CBR. To select one of these modes, set the value of Bitrate control mode to \"VBR\" or \"CBR\". In VBR mode, you control the audio quality with the setting VBR quality. In CBR mode, you use the setting Bitrate. Defaults and valid values depend on the rate control mode." @@ -1313,7 +1354,7 @@ }, "AacVbrQuality": { "type": "string", - "documentation": "VBR Quality Level - Only used if rate_control_mode is VBR.", + "documentation": "Specify the quality of your variable bitrate (VBR) AAC audio. For a list of approximate VBR bitrates, see: https://docs.aws.amazon.com/mediaconvert/latest/ug/aac-support.html#aac_vbr", "enum": [ "LOW", "MEDIUM_LOW", @@ -1850,12 +1891,13 @@ }, "AudioDurationCorrection": { "type": "string", - "documentation": "Apply audio timing corrections to help synchronize audio and video in your output. To apply timing corrections, your input must meet the following requirements: * Container: MP4, or MOV, with an accurate time-to-sample (STTS) table. * Audio track: AAC. Choose from the following audio timing correction settings: * Disabled (Default): Apply no correction. * Auto: Recommended for most inputs. MediaConvert analyzes the audio timing in your input and determines which correction setting to use, if needed. * Track: Adjust the duration of each audio frame by a constant amount to align the audio track length with STTS duration. Track-level correction does not affect pitch, and is recommended for tonal audio content such as music. * Frame: Adjust the duration of each audio frame by a variable amount to align audio frames with STTS timestamps. No corrections are made to already-aligned frames. Frame-level correction may affect the pitch of corrected frames, and is recommended for atonal audio content such as speech or percussion.", + "documentation": "Apply audio timing corrections to help synchronize audio and video in your output. To apply timing corrections, your input must meet the following requirements: * Container: MP4, or MOV, with an accurate time-to-sample (STTS) table. * Audio track: AAC. Choose from the following audio timing correction settings: * Disabled (Default): Apply no correction. * Auto: Recommended for most inputs. MediaConvert analyzes the audio timing in your input and determines which correction setting to use, if needed. * Track: Adjust the duration of each audio frame by a constant amount to align the audio track length with STTS duration. Track-level correction does not affect pitch, and is recommended for tonal audio content such as music. * Frame: Adjust the duration of each audio frame by a variable amount to align audio frames with STTS timestamps. No corrections are made to already-aligned frames. Frame-level correction may affect the pitch of corrected frames, and is recommended for atonal audio content such as speech or percussion. * Force: Apply audio duration correction, either Track or Frame depending on your input, regardless of the accuracy of your input's STTS table. Your output audio and video may not be aligned or it may contain audio artifacts.", "enum": [ "DISABLED", "AUTO", "TRACK", - "FRAME" + "FRAME", + "FORCE" ] }, "AudioLanguageCodeControl": { @@ -1947,7 +1989,7 @@ "AudioDurationCorrection": { "shape": "AudioDurationCorrection", "locationName": "audioDurationCorrection", - "documentation": "Apply audio timing corrections to help synchronize audio and video in your output. To apply timing corrections, your input must meet the following requirements: * Container: MP4, or MOV, with an accurate time-to-sample (STTS) table. * Audio track: AAC. Choose from the following audio timing correction settings: * Disabled (Default): Apply no correction. * Auto: Recommended for most inputs. MediaConvert analyzes the audio timing in your input and determines which correction setting to use, if needed. * Track: Adjust the duration of each audio frame by a constant amount to align the audio track length with STTS duration. Track-level correction does not affect pitch, and is recommended for tonal audio content such as music. * Frame: Adjust the duration of each audio frame by a variable amount to align audio frames with STTS timestamps. No corrections are made to already-aligned frames. Frame-level correction may affect the pitch of corrected frames, and is recommended for atonal audio content such as speech or percussion." + "documentation": "Apply audio timing corrections to help synchronize audio and video in your output. To apply timing corrections, your input must meet the following requirements: * Container: MP4, or MOV, with an accurate time-to-sample (STTS) table. * Audio track: AAC. Choose from the following audio timing correction settings: * Disabled (Default): Apply no correction. * Auto: Recommended for most inputs. MediaConvert analyzes the audio timing in your input and determines which correction setting to use, if needed. * Track: Adjust the duration of each audio frame by a constant amount to align the audio track length with STTS duration. Track-level correction does not affect pitch, and is recommended for tonal audio content such as music. * Frame: Adjust the duration of each audio frame by a variable amount to align audio frames with STTS timestamps. No corrections are made to already-aligned frames. Frame-level correction may affect the pitch of corrected frames, and is recommended for atonal audio content such as speech or percussion. * Force: Apply audio duration correction, either Track or Frame depending on your input, regardless of the accuracy of your input's STTS table. Your output audio and video may not be aligned or it may contain audio artifacts." }, "CustomLanguageCode": { "shape": "__stringMin3Max3PatternAZaZ3", @@ -2859,6 +2901,14 @@ }, "documentation": "Use captions selectors to specify the captions data from your input that you use in your outputs. You can use up to 100 captions selectors per input." }, + "CaptionSourceByteRateLimit": { + "type": "string", + "documentation": "Choose whether to limit the byte rate at which your SCC input captions are inserted into your output. To not limit the caption rate: We recommend that you keep the default value, Disabled. MediaConvert inserts captions in your output according to the byte rates listed in the EIA-608 specification, typically 2 or 3 caption bytes per frame depending on your output frame rate. To limit your output caption rate: Choose Enabled. Choose this option if your downstream systems require a maximum of 2 caption bytes per frame. Note that this setting has no effect when your output frame rate is 30 or 60.", + "enum": [ + "ENABLED", + "DISABLED" + ] + }, "CaptionSourceConvertPaintOnToPopOn": { "type": "string", "documentation": "Choose the presentation style of your input SCC captions. To use the same presentation style as your input: Keep the default value, Disabled. To convert paint-on captions to pop-on: Choose Enabled. We also recommend that you choose Enabled if you notice additional repeated lines in your output captions.", @@ -3761,6 +3811,7 @@ "MP4", "MPD", "MXF", + "OGG", "WEBM", "RAW", "Y4M" @@ -3798,6 +3849,11 @@ "locationName": "hopDestinations", "documentation": "Optional. Use queue hopping to avoid overly long waits in the backlog of the queue that you submit your job to. Specify an alternate queue and the maximum time that your job will wait in the initial queue before hopping. For more information about this feature, see the AWS Elemental MediaConvert User Guide." }, + "JobEngineVersion": { + "shape": "__string", + "locationName": "jobEngineVersion", + "documentation": "Use Job engine versions to run jobs for your production workflow on one version, while you test and validate the latest version. To specify a Job engine version: Enter a date in a YYYY-MM-DD format. For a list of valid Job engine versions, submit a ListVersions request. To not specify a Job engine version: Leave blank." + }, "JobTemplate": { "shape": "__string", "locationName": "jobTemplate", @@ -5545,6 +5601,11 @@ "FileSourceSettings": { "type": "structure", "members": { + "ByteRateLimit": { + "shape": "CaptionSourceByteRateLimit", + "locationName": "byteRateLimit", + "documentation": "Choose whether to limit the byte rate at which your SCC input captions are inserted into your output. To not limit the caption rate: We recommend that you keep the default value, Disabled. MediaConvert inserts captions in your output according to the byte rates listed in the EIA-608 specification, typically 2 or 3 caption bytes per frame depending on your output frame rate. To limit your output caption rate: Choose Enabled. Choose this option if your downstream systems require a maximum of 2 caption bytes per frame. Note that this setting has no effect when your output frame rate is 30 or 60." + }, "Convert608To708": { "shape": "FileSourceConvert608To708", "locationName": "convert608To708", @@ -5972,6 +6033,14 @@ "ENABLED" ] }, + "H264SaliencyAwareEncoding": { + "type": "string", + "documentation": "Specify whether to apply Saliency aware encoding to your output. Use to improve the perceptual video quality of your output by allocating more encoding bits to the prominent or noticeable parts of your content. To apply saliency aware encoding, when possible: We recommend that you choose Preferred. The effects of Saliency aware encoding are best seen in lower bitrate outputs. When you choose Preferred, note that Saliency aware encoding will only apply to outputs that are 720p or higher in resolution. To not apply saliency aware encoding, prioritizing encoding speed over perceptual video quality: Choose Disabled.", + "enum": [ + "DISABLED", + "PREFERRED" + ] + }, "H264ScanTypeConversionMode": { "type": "string", "documentation": "Use this setting for interlaced outputs, when your output frame rate is half of your input frame rate. In this situation, choose Optimized interlacing to create a better quality interlaced output. In this case, each progressive frame from the input corresponds to an interlaced field in the output. Keep the default value, Basic interlacing, for all other output frame rates. With basic interlacing, MediaConvert performs any frame rate conversion first and then interlaces the frames. When you choose Optimized interlacing and you set your output frame rate to a value that isn't suitable for optimized interlacing, MediaConvert automatically falls back to basic interlacing. Required settings: To use optimized interlacing, you must set Telecine to None or Soft. You can't use optimized interlacing for hard telecine outputs. You must also set Interlace mode to a value other than Progressive.", @@ -6110,7 +6179,7 @@ "MinIInterval": { "shape": "__integerMin0Max30", "locationName": "minIInterval", - "documentation": "Use this setting only when you also enable Scene change detection. This setting determines how the encoder manages the spacing between I-frames that it inserts as part of the I-frame cadence and the I-frames that it inserts for Scene change detection. We recommend that you have the transcoder automatically choose this value for you based on characteristics of your input video. To enable this automatic behavior, do this by keeping the default empty value. When you explicitly specify a value for this setting, the encoder determines whether to skip a cadence-driven I-frame by the value you set. For example, if you set Min I interval to 5 and a cadence-driven I-frame would fall within 5 frames of a scene-change I-frame, then the encoder skips the cadence-driven I-frame. In this way, one GOP is shrunk slightly and one GOP is stretched slightly. When the cadence-driven I-frames are farther from the scene-change I-frame than the value you set, then the encoder leaves all I-frames in place and the GOPs surrounding the scene change are smaller than the usual cadence GOPs." + "documentation": "Specify the minimum number of frames allowed between two IDR-frames in your output. This includes frames created at the start of a GOP or a scene change. Use Min I-Interval to improve video compression by varying GOP size when two IDR-frames would be created near each other. For example, if a regular cadence-driven IDR-frame would fall within 5 frames of a scene-change IDR-frame, and you set Min I-interval to 5, then the encoder would only write an IDR-frame for the scene-change. In this way, one GOP is shortened or extended. If a cadence-driven IDR-frame would be further than 5 frames from a scene-change IDR-frame, then the encoder leaves all IDR-frames in place. To use an automatically determined interval: We recommend that you keep this value blank. This allows for MediaConvert to use an optimal setting according to the characteristics of your input video, and results in better video compression. To manually specify an interval: Enter a value from 1 to 30. Use when your downstream systems have specific GOP size requirements. To disable GOP size variance: Enter 0. MediaConvert will only create IDR-frames at the start of your output's cadence-driven GOP. Use when your downstream systems require a regular GOP size." }, "NumberBFramesBetweenReferenceFrames": { "shape": "__integerMin0Max7", @@ -6157,6 +6226,11 @@ "locationName": "repeatPps", "documentation": "Places a PPS header on each encoded picture, even if repeated." }, + "SaliencyAwareEncoding": { + "shape": "H264SaliencyAwareEncoding", + "locationName": "saliencyAwareEncoding", + "documentation": "Specify whether to apply Saliency aware encoding to your output. Use to improve the perceptual video quality of your output by allocating more encoding bits to the prominent or noticeable parts of your content. To apply saliency aware encoding, when possible: We recommend that you choose Preferred. The effects of Saliency aware encoding are best seen in lower bitrate outputs. When you choose Preferred, note that Saliency aware encoding will only apply to outputs that are 720p or higher in resolution. To not apply saliency aware encoding, prioritizing encoding speed over perceptual video quality: Choose Disabled." + }, "ScanTypeConversionMode": { "shape": "H264ScanTypeConversionMode", "locationName": "scanTypeConversionMode", @@ -6572,7 +6646,7 @@ "MinIInterval": { "shape": "__integerMin0Max30", "locationName": "minIInterval", - "documentation": "Use this setting only when you also enable Scene change detection. This setting determines how the encoder manages the spacing between I-frames that it inserts as part of the I-frame cadence and the I-frames that it inserts for Scene change detection. We recommend that you have the transcoder automatically choose this value for you based on characteristics of your input video. To enable this automatic behavior, do this by keeping the default empty value. When you explicitly specify a value for this setting, the encoder determines whether to skip a cadence-driven I-frame by the value you set. For example, if you set Min I interval to 5 and a cadence-driven I-frame would fall within 5 frames of a scene-change I-frame, then the encoder skips the cadence-driven I-frame. In this way, one GOP is shrunk slightly and one GOP is stretched slightly. When the cadence-driven I-frames are farther from the scene-change I-frame than the value you set, then the encoder leaves all I-frames in place and the GOPs surrounding the scene change are smaller than the usual cadence GOPs." + "documentation": "Specify the minimum number of frames allowed between two IDR-frames in your output. This includes frames created at the start of a GOP or a scene change. Use Min I-Interval to improve video compression by varying GOP size when two IDR-frames would be created near each other. For example, if a regular cadence-driven IDR-frame would fall within 5 frames of a scene-change IDR-frame, and you set Min I-interval to 5, then the encoder would only write an IDR-frame for the scene-change. In this way, one GOP is shortened or extended. If a cadence-driven IDR-frame would be further than 5 frames from a scene-change IDR-frame, then the encoder leaves all IDR-frames in place. To use an automatically determined interval: We recommend that you keep this value blank. This allows for MediaConvert to use an optimal setting according to the characteristics of your input video, and results in better video compression. To manually specify an interval: Enter a value from 1 to 30. Use when your downstream systems have specific GOP size requirements. To disable GOP size variance: Enter 0. MediaConvert will only create IDR-frames at the start of your output's cadence-driven GOP. Use when your downstream systems require a regular GOP size." }, "NumberBFramesBetweenReferenceFrames": { "shape": "__integerMin0Max7", @@ -8012,6 +8086,16 @@ "locationName": "id", "documentation": "A portion of the job's ARN, unique within your AWS Elemental MediaConvert resources" }, + "JobEngineVersionRequested": { + "shape": "__string", + "locationName": "jobEngineVersionRequested", + "documentation": "The Job engine version that you requested for your job. Valid versions are in a YYYY-MM-DD format." + }, + "JobEngineVersionUsed": { + "shape": "__string", + "locationName": "jobEngineVersionUsed", + "documentation": "The Job engine version that your job used. Job engine versions are in a YYYY-MM-DD format. When you request an expired version, the response for this property will be empty. Requests to create jobs with an expired version result in a regular job, as if no specific Job engine version was requested. When you request an invalid version, the response for this property will be empty. Requests to create jobs with an invalid version result in a 400 error message, and no job is created." + }, "JobPercentComplete": { "shape": "__integer", "locationName": "jobPercentComplete", @@ -8099,6 +8183,22 @@ "Role" ] }, + "JobEngineVersion": { + "type": "structure", + "members": { + "ExpirationDate": { + "shape": "__timestampUnix", + "locationName": "expirationDate", + "documentation": "The date that this Job engine version expires. Requests to create jobs with an expired version result in a regular job, as if no specific Job engine version was requested." + }, + "Version": { + "shape": "__string", + "locationName": "version", + "documentation": "Use Job engine versions to run jobs for your production workflow on one version, while you test and validate the latest version. Job engine versions are in a YYYY-MM-DD format." + } + }, + "documentation": "Use Job engine versions to run jobs for your production workflow on one version, while you test and validate the latest version. Job engine versions are in a YYYY-MM-DD format." + }, "JobMessages": { "type": "structure", "members": { @@ -8858,6 +8958,38 @@ } } }, + "ListVersionsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__integerMin1Max20", + "locationName": "maxResults", + "documentation": "Optional. Number of valid Job engine versions, up to twenty, that will be returned at one time.", + "location": "querystring" + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "Optional. Use this string, provided with the response to a previous request, to request the next batch of Job engine versions.", + "location": "querystring" + } + } + }, + "ListVersionsResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "Optional. Use this string, provided with the response to a previous request, to request the next batch of Job engine versions." + }, + "Versions": { + "shape": "__listOfJobEngineVersion", + "locationName": "versions", + "documentation": "Retrieve a JSON array of all available Job engine versions and the date they expire." + } + } + }, "M2tsAudioBufferModel": { "type": "string", "documentation": "Selects between the DVB and ATSC buffer models for Dolby Digital audio.", @@ -10028,7 +10160,7 @@ "MinIInterval": { "shape": "__integerMin0Max30", "locationName": "minIInterval", - "documentation": "Use this setting only when you also enable Scene change detection. This setting determines how the encoder manages the spacing between I-frames that it inserts as part of the I-frame cadence and the I-frames that it inserts for Scene change detection. When you specify a value for this setting, the encoder determines whether to skip a cadence-driven I-frame by the value you set. For example, if you set Min I interval to 5 and a cadence-driven I-frame would fall within 5 frames of a scene-change I-frame, then the encoder skips the cadence-driven I-frame. In this way, one GOP is shrunk slightly and one GOP is stretched slightly. When the cadence-driven I-frames are farther from the scene-change I-frame than the value you set, then the encoder leaves all I-frames in place and the GOPs surrounding the scene change are smaller than the usual cadence GOPs." + "documentation": "Specify the minimum number of frames allowed between two IDR-frames in your output. This includes frames created at the start of a GOP or a scene change. Use Min I-Interval to improve video compression by varying GOP size when two IDR-frames would be created near each other. For example, if a regular cadence-driven IDR-frame would fall within 5 frames of a scene-change IDR-frame, and you set Min I-interval to 5, then the encoder would only write an IDR-frame for the scene-change. In this way, one GOP is shortened or extended. If a cadence-driven IDR-frame would be further than 5 frames from a scene-change IDR-frame, then the encoder leaves all IDR-frames in place. To manually specify an interval: Enter a value from 1 to 30. Use when your downstream systems have specific GOP size requirements. To disable GOP size variance: Enter 0. MediaConvert will only create IDR-frames at the start of your output's cadence-driven GOP. Use when your downstream systems require a regular GOP size." }, "NumberBFramesBetweenReferenceFrames": { "shape": "__integerMin0Max7", @@ -12501,17 +12633,32 @@ "EndTimecode": { "shape": "__stringPattern010920405090509092", "locationName": "endTimecode", - "documentation": "Enter the end timecode in the underlying input video for this overlay. Your overlay will be active through this frame. To display your video overlay for the duration of the underlying video: Leave blank. Use the format HH:MM:SS:FF or HH:MM:SS;FF, where HH is the hour, MM is the minute, SS is the second, and FF is the frame number. When entering this value, take into account your choice for the underlying Input timecode source. For example, if you have embedded timecodes that start at 01:00:00:00 and you want your overlay to end ten minutes into the video, enter 01:10:00:00." + "documentation": "Enter the end timecode in the base input video for this overlay. Your overlay will be active through this frame. To display your video overlay for the duration of the base input video: Leave blank. Use the format HH:MM:SS:FF or HH:MM:SS;FF, where HH is the hour, MM is the minute, SS isthe second, and FF is the frame number. When entering this value, take into account your choice for the base input video's timecode source. For example, if you have embedded timecodes that start at 01:00:00:00 and you want your overlay to end ten minutes into the video, enter 01:10:00:00." + }, + "InitialPosition": { + "shape": "VideoOverlayPosition", + "locationName": "initialPosition", + "documentation": "Specify the Initial position of your video overlay. To specify the Initial position of your video overlay, including distance from the left or top edge of the base input video's frame, or size: Enter a value for X position, Y position, Width, or Height. To use the full frame of the base input video: Leave blank." }, "Input": { "shape": "VideoOverlayInput", "locationName": "input", "documentation": "Input settings for Video overlay. You can include one or more video overlays in sequence at different times that you specify." }, + "Playback": { + "shape": "VideoOverlayPlayBackMode", + "locationName": "playback", + "documentation": "Specify whether your video overlay repeats or plays only once. To repeat your video overlay on a loop: Keep the default value, Repeat. Your overlay will repeat for the duration of the base input video. To playback your video overlay only once: Choose Once. With either option, you can end playback at a time that you specify by entering a value for End timecode." + }, "StartTimecode": { "shape": "__stringPattern010920405090509092", "locationName": "startTimecode", - "documentation": "Enter the start timecode in the underlying input video for this overlay. Your overlay will be active starting with this frame. To display your video overlay starting at the beginning of the underlying video: Leave blank. Use the format HH:MM:SS:FF or HH:MM:SS;FF, where HH is the hour, MM is the minute, SS is the second, and FF is the frame number. When entering this value, take into account your choice for the underlying Input timecode source. For example, if you have embedded timecodes that start at 01:00:00:00 and you want your overlay to begin five minutes into the video, enter 01:05:00:00." + "documentation": "Enter the start timecode in the base input video for this overlay. Your overlay will be active starting with this frame. To display your video overlay starting at the beginning of the base input video: Leave blank. Use the format HH:MM:SS:FF or HH:MM:SS;FF, where HH is the hour, MM is the minute, SS is the second, and FF is the frame number. When entering this value, take into account your choice for the base input video's timecode source. For example, if you have embedded timecodes that start at 01:00:00:00 and you want your overlay to begin five minutes into the video, enter 01:05:00:00." + }, + "Transitions": { + "shape": "__listOfVideoOverlayTransition", + "locationName": "transitions", + "documentation": "Specify one or more transitions for your video overlay. Use Transitions to reposition or resize your overlay over time. To use the same position and size for the duration of your video overlay: Leave blank. To specify a Transition: Enter a value for Start timecode, End Timecode, X Position, Y Position, Width, or Height." } }, "documentation": "Overlay one or more videos on top of your input video. For more information, see https://docs.aws.amazon.com/mediaconvert/latest/ug/video-overlays.html" @@ -12522,7 +12669,7 @@ "FileInput": { "shape": "__stringPatternS3Https", "locationName": "fileInput", - "documentation": "Specify the input file S3, HTTP, or HTTPS URI for your video overlay. For consistency in color and formatting in your output video image, we recommend that you specify a video with similar characteristics as the underlying input video." + "documentation": "Specify the input file S3, HTTP, or HTTPS URL for your video overlay.\nTo specify one or more Transitions for your base input video instead: Leave blank." }, "InputClippings": { "shape": "__listOfVideoOverlayInputClipping", @@ -12546,18 +12693,86 @@ "type": "structure", "members": { "EndTimecode": { - "shape": "__stringPattern010920405090509092", + "shape": "__stringPattern010920405090509092090909", "locationName": "endTimecode", "documentation": "Specify the timecode of the last frame to include in your video overlay's clip. Use the format HH:MM:SS:FF or HH:MM:SS;FF, where HH is the hour, MM is the minute, SS is the second, and FF is the frame number. When entering this value, take into account your choice for Timecode source." }, "StartTimecode": { - "shape": "__stringPattern010920405090509092", + "shape": "__stringPattern010920405090509092090909", "locationName": "startTimecode", "documentation": "Specify the timecode of the first frame to include in your video overlay's clip. Use the format HH:MM:SS:FF or HH:MM:SS;FF, where HH is the hour, MM is the minute, SS is the second, and FF is the frame number. When entering this value, take into account your choice for Timecode source." } }, "documentation": "To transcode only portions of your video overlay, include one input clip for each part of your video overlay that you want in your output." }, + "VideoOverlayPlayBackMode": { + "type": "string", + "documentation": "Specify whether your video overlay repeats or plays only once. To repeat your video overlay on a loop: Keep the default value, Repeat. Your overlay will repeat for the duration of the base input video. To playback your video overlay only once: Choose Once. With either option, you can end playback at a time that you specify by entering a value for End timecode.", + "enum": [ + "ONCE", + "REPEAT" + ] + }, + "VideoOverlayPosition": { + "type": "structure", + "members": { + "Height": { + "shape": "__integerMinNegative1Max2147483647", + "locationName": "height", + "documentation": "To scale your video overlay to the same height as the base input video: Leave blank. To scale the height of your video overlay to a different height: Enter an integer representing the Unit type that you choose, either Pixels or Percentage. For example, when you enter 360 and choose Pixels, your video overlay will be rendered with a height of 360. When you enter 50, choose Percentage, and your overlay's source has a height of 1080, your video overlay will be rendered with a height of 540. To scale your overlay to a specific height while automatically maintaining its original aspect ratio, enter a value for Height and leave Width blank." + }, + "Unit": { + "shape": "VideoOverlayUnit", + "locationName": "unit", + "documentation": "Specify the Unit type to use when you enter a value for X position, Y position, Width, or Height. You can choose Pixels or Percentage. Leave blank to use the default value, Pixels." + }, + "Width": { + "shape": "__integerMinNegative1Max2147483647", + "locationName": "width", + "documentation": "To scale your video overlay to the same width as the base input video: Leave blank. To scale the width of your video overlay to a different width: Enter an integer representing the Unit type that you choose, either Pixels or Percentage. For example, when you enter 640 and choose Pixels, your video overlay will scale to a height of 640 pixels. When you enter 50, choose Percentage, and your overlay's source has a width of 1920, your video overlay will scale to a width of 960. To scale your overlay to a specific width while automatically maintaining its original aspect ratio, enter a value for Width and leave Height blank." + }, + "XPosition": { + "shape": "__integerMinNegative2147483648Max2147483647", + "locationName": "xPosition", + "documentation": "To position the left edge of your video overlay along the left edge of the base input video's frame: Keep blank, or enter 0. To position the left edge of your video overlay to the right, relative to the left edge of the base input video's frame: Enter an integer representing the Unit type that you choose, either Pixels or Percentage. For example, when you enter 10 and choose Pixels, your video overlay will be positioned 10 pixels from the left edge of the base input video's frame. When you enter 10, choose Percentage, and your base input video is 1920x1080, your video overlay will be positioned 192 pixels from the left edge of the base input video's frame." + }, + "YPosition": { + "shape": "__integerMinNegative2147483648Max2147483647", + "locationName": "yPosition", + "documentation": "To position the top edge of your video overlay along the top edge of the base input video's frame: Keep blank, or enter 0. To position the top edge of your video overlay down, relative to the top edge of the base input video's frame: Enter an integer representing the Unit type that you choose, either Pixels or Percentage. For example, when you enter 10 and choose Pixels, your video overlay will be positioned 10 pixels from the top edge of the base input video's frame. When you enter 10, choose Percentage, and your underlying video is 1920x1080, your video overlay will be positioned 108 pixels from the top edge of the base input video's frame." + } + }, + "documentation": "position of video overlay" + }, + "VideoOverlayTransition": { + "type": "structure", + "members": { + "EndPosition": { + "shape": "VideoOverlayPosition", + "locationName": "endPosition", + "documentation": "Specify the ending position for this transition, relative to the base input video's frame. Your video overlay will move smoothly to this position, beginning at this transition's Start timecode and ending at this transition's End timecode." + }, + "EndTimecode": { + "shape": "__stringPattern010920405090509092", + "locationName": "endTimecode", + "documentation": "Specify the timecode for when this transition ends. Use the format HH:MM:SS:FF or HH:MM:SS;FF, where HH is the hour, MM is the minute, SS is the second, and FF is the frame number. When entering this value, take into account your choice for Timecode source." + }, + "StartTimecode": { + "shape": "__stringPattern010920405090509092", + "locationName": "startTimecode", + "documentation": "Specify the timecode for when this transition begins. Use the format HH:MM:SS:FF or HH:MM:SS;FF, where HH is the hour, MM is the minute, SS is the second, and FF is the frame number. When entering this value, take into account your choice for Timecode source." + } + }, + "documentation": "Specify one or more Transitions for your video overlay. Use Transitions to reposition or resize your overlay over time. To use the same position and size for the duration of your video overlay: Leave blank. To specify a Transition: Enter a value for Start timecode, End Timecode, X Position, Y Position, Width, or Height." + }, + "VideoOverlayUnit": { + "type": "string", + "documentation": "Specify the Unit type to use when you enter a value for X position, Y position, Width, or Height. You can choose Pixels or Percentage. Leave blank to use the default value, Pixels.", + "enum": [ + "PIXELS", + "PERCENTAGE" + ] + }, "VideoPreprocessor": { "type": "structure", "members": { @@ -13932,6 +14147,11 @@ "min": -1, "max": 10 }, + "__integerMinNegative1Max2147483647": { + "type": "integer", + "min": -1, + "max": 2147483647 + }, "__integerMinNegative1Max3": { "type": "integer", "min": -1, @@ -14093,6 +14313,12 @@ "shape": "Job" } }, + "__listOfJobEngineVersion": { + "type": "list", + "member": { + "shape": "JobEngineVersion" + } + }, "__listOfJobTemplate": { "type": "list", "member": { @@ -14171,6 +14397,12 @@ "shape": "VideoOverlayInputClipping" } }, + "__listOfVideoOverlayTransition": { + "type": "list", + "member": { + "shape": "VideoOverlayTransition" + } + }, "__listOfWarningGroup": { "type": "list", "member": { diff --git a/botocore/data/rds/2014-10-31/service-2.json b/botocore/data/rds/2014-10-31/service-2.json index b9ec58a6d4..e21f1c0a86 100644 --- a/botocore/data/rds/2014-10-31/service-2.json +++ b/botocore/data/rds/2014-10-31/service-2.json @@ -3208,7 +3208,7 @@ }, "ApplyAction":{ "shape":"String", - "documentation":"The pending maintenance action to apply to this resource.
Valid Values: system-update, db-upgrade, hardware-maintenance, ca-certificate-rotation
The pending maintenance action to apply to this resource.
Valid Values:
ca-certificate-rotation
db-upgrade
hardware-maintenance
os-upgrade
system-update
For more information about these actions, see Maintenance actions for Amazon Aurora or Maintenance actions for Amazon RDS.
" }, "OptInType":{ "shape":"String", @@ -3732,7 +3732,7 @@ }, "ConnectionBorrowTimeout":{ "shape":"IntegerOptional", - "documentation":"The number of seconds for a proxy to wait for a connection to become available in the connection pool. This setting only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions. For an unlimited wait time, specify 0.
Default: 120
Constraints:
Must be between 0 and 3600.
The number of seconds for a proxy to wait for a connection to become available in the connection pool. This setting only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions.
Default: 120
Constraints:
Must be between 0 and 3600.
The database engine to use for this DB instance.
Not every database engine is available in every Amazon Web Services Region.
Valid Values:
aurora-mysql (for Aurora MySQL DB instances)
aurora-postgresql (for Aurora PostgreSQL DB instances)
custom-oracle-ee (for RDS Custom for Oracle DB instances)
custom-oracle-ee-cdb (for RDS Custom for Oracle DB instances)
custom-oracle-se2 (for RDS Custom for Oracle DB instances)
custom-oracle-se2-cdb (for RDS Custom for Oracle DB instances)
custom-sqlserver-ee (for RDS Custom for SQL Server DB instances)
custom-sqlserver-se (for RDS Custom for SQL Server DB instances)
custom-sqlserver-web (for RDS Custom for SQL Server DB instances)
db2-ae
db2-se
mariadb
mysql
oracle-ee
oracle-ee-cdb
oracle-se2
oracle-se2-cdb
postgres
sqlserver-ee
sqlserver-se
sqlserver-ex
sqlserver-web
The database engine to use for this DB instance.
Not every database engine is available in every Amazon Web Services Region.
Valid Values:
aurora-mysql (for Aurora MySQL DB instances)
aurora-postgresql (for Aurora PostgreSQL DB instances)
custom-oracle-ee (for RDS Custom for Oracle DB instances)
custom-oracle-ee-cdb (for RDS Custom for Oracle DB instances)
custom-oracle-se2 (for RDS Custom for Oracle DB instances)
custom-oracle-se2-cdb (for RDS Custom for Oracle DB instances)
custom-sqlserver-ee (for RDS Custom for SQL Server DB instances)
custom-sqlserver-se (for RDS Custom for SQL Server DB instances)
custom-sqlserver-web (for RDS Custom for SQL Server DB instances)
custom-sqlserver-dev (for RDS Custom for SQL Server DB instances)
db2-ae
db2-se
mariadb
mysql
oracle-ee
oracle-ee-cdb
oracle-se2
oracle-se2-cdb
postgres
sqlserver-ee
sqlserver-se
sqlserver-ex
sqlserver-web
A DB subnet group to associate with this DB instance.
Constraints:
Must match the name of an existing DB subnet group.
Must not be default.
Example: mydbsubnetgroup
A DB subnet group to associate with this DB instance.
Constraints:
Must match the name of an existing DB subnet group.
Example: mydbsubnetgroup
When you are creating a read replica from one Amazon Web Services GovCloud (US) Region to another or from one China Amazon Web Services Region to another, the URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica API operation in the source Amazon Web Services Region that contains the source DB instance.
This setting applies only to Amazon Web Services GovCloud (US) Regions and China Amazon Web Services Regions. It's ignored in other Amazon Web Services Regions.
This setting applies only when replicating from a source DB instance. Source DB clusters aren't supported in Amazon Web Services GovCloud (US) Regions and China Amazon Web Services Regions.
You must specify this parameter when you create an encrypted read replica from another Amazon Web Services Region by using the Amazon RDS API. Don't specify PreSignedUrl when you are creating an encrypted read replica in the same Amazon Web Services Region.
The presigned URL must be a valid request for the CreateDBInstanceReadReplica API operation that can run in the source Amazon Web Services Region that contains the encrypted source DB instance. The presigned URL request must contain the following parameter values:
DestinationRegion - The Amazon Web Services Region that the encrypted read replica is created in. This Amazon Web Services Region is the same one where the CreateDBInstanceReadReplica operation is called that contains this presigned URL.
For example, if you create an encrypted DB instance in the us-west-1 Amazon Web Services Region, from a source DB instance in the us-east-2 Amazon Web Services Region, then you call the CreateDBInstanceReadReplica operation in the us-east-1 Amazon Web Services Region and provide a presigned URL that contains a call to the CreateDBInstanceReadReplica operation in the us-west-2 Amazon Web Services Region. For this example, the DestinationRegion in the presigned URL must be set to the us-east-1 Amazon Web Services Region.
KmsKeyId - The KMS key identifier for the key to use to encrypt the read replica in the destination Amazon Web Services Region. This is the same identifier for both the CreateDBInstanceReadReplica operation that is called in the destination Amazon Web Services Region, and the operation contained in the presigned URL.
SourceDBInstanceIdentifier - The DB instance identifier for the encrypted DB instance to be replicated. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are creating an encrypted read replica from a DB instance in the us-west-2 Amazon Web Services Region, then your SourceDBInstanceIdentifier looks like the following example: arn:aws:rds:us-west-2:123456789012:instance:mysql-instance1-20161115.
To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.
If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can run in the source Amazon Web Services Region.
SourceRegion isn't supported for SQL Server, because Amazon RDS for SQL Server doesn't support cross-Region read replicas.
This setting doesn't apply to RDS Custom DB instances.
" + "documentation":"When you are creating a read replica from one Amazon Web Services GovCloud (US) Region to another or from one China Amazon Web Services Region to another, the URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica API operation in the source Amazon Web Services Region that contains the source DB instance.
This setting applies only to Amazon Web Services GovCloud (US) Regions and China Amazon Web Services Regions. It's ignored in other Amazon Web Services Regions.
This setting applies only when replicating from a source DB instance. Source DB clusters aren't supported in Amazon Web Services GovCloud (US) Regions and China Amazon Web Services Regions.
You must specify this parameter when you create an encrypted read replica from another Amazon Web Services Region by using the Amazon RDS API. Don't specify PreSignedUrl when you are creating an encrypted read replica in the same Amazon Web Services Region.
The presigned URL must be a valid request for the CreateDBInstanceReadReplica API operation that can run in the source Amazon Web Services Region that contains the encrypted source DB instance. The presigned URL request must contain the following parameter values:
DestinationRegion - The Amazon Web Services Region that the encrypted read replica is created in. This Amazon Web Services Region is the same one where the CreateDBInstanceReadReplica operation is called that contains this presigned URL.
For example, if you create an encrypted DB instance in the us-west-1 Amazon Web Services Region, from a source DB instance in the us-east-2 Amazon Web Services Region, then you call the CreateDBInstanceReadReplica operation in the us-east-1 Amazon Web Services Region and provide a presigned URL that contains a call to the CreateDBInstanceReadReplica operation in the us-west-2 Amazon Web Services Region. For this example, the DestinationRegion in the presigned URL must be set to the us-east-1 Amazon Web Services Region.
KmsKeyId - The KMS key identifier for the key to use to encrypt the read replica in the destination Amazon Web Services Region. This is the same identifier for both the CreateDBInstanceReadReplica operation that is called in the destination Amazon Web Services Region, and the operation contained in the presigned URL.
SourceDBInstanceIdentifier - The DB instance identifier for the encrypted DB instance to be replicated. This identifier must be in the Amazon Resource Name (ARN) format for the source Amazon Web Services Region. For example, if you are creating an encrypted read replica from a DB instance in the us-west-2 Amazon Web Services Region, then your SourceDBInstanceIdentifier looks like the following example: arn:aws:rds:us-west-2:123456789012:instance:mysql-instance1-20161115.
To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.
If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can run in the source Amazon Web Services Region.
This setting doesn't apply to RDS Custom DB instances.
" }, "EnableIAMDatabaseAuthentication":{ "shape":"BooleanOptional", @@ -7473,7 +7473,7 @@ }, "ParameterApplyStatus":{ "shape":"String", - "documentation":"The status of parameter updates.
" + "documentation":"The status of parameter updates. Valid values are:
applying: The parameter group change is being applied to the database.
failed-to-apply: The parameter group is in an invalid state.
in-sync: The parameter group change is synchronized with the database.
pending-database-upgrade: The parameter group change will be applied after the DB instance is upgraded.
pending-reboot: The parameter group change will be applied after the DB instance reboots.
The status of the DB parameter group.
This data type is used as a response element in the following actions:
CreateDBInstance
CreateDBInstanceReadReplica
DeleteDBInstance
ModifyDBInstance
RebootDBInstance
RestoreDBInstanceFromDBSnapshot
The type of pending maintenance action that is available for the resource.
For more information about maintenance actions, see Maintaining a DB instance.
Valid Values: system-update | db-upgrade | hardware-maintenance | ca-certificate-rotation
The type of pending maintenance action that is available for the resource.
For more information about maintenance actions, see Maintaining a DB instance.
Valid Values:
ca-certificate-rotation
db-upgrade
hardware-maintenance
os-upgrade
system-update
For more information about these actions, see Maintenance actions for Amazon Aurora or Maintenance actions for Amazon RDS.
" }, "AutoAppliedAfterDate":{ "shape":"TStamp", diff --git a/botocore/data/storagegateway/2013-06-30/service-2.json b/botocore/data/storagegateway/2013-06-30/service-2.json index 93da2d52d4..30ab09c117 100644 --- a/botocore/data/storagegateway/2013-06-30/service-2.json +++ b/botocore/data/storagegateway/2013-06-30/service-2.json @@ -1952,13 +1952,19 @@ "shape":"GatewayARN", "documentation":"The Amazon Resource Name (ARN) of the S3 File Gateway on which you want to create a file share.
" }, + "EncryptionType":{ + "shape":"EncryptionType", + "documentation":"A value that specifies the type of server-side encryption that the file share will use for the data that it stores in Amazon S3.
We recommend using EncryptionType instead of KMSEncrypted to set the file share encryption method. You do not need to provide values for both parameters.
If values for both parameters exist in the same request, then the specified encryption methods must not conflict. For example, if EncryptionType is SseS3, then KMSEncrypted must be false. If EncryptionType is SseKms or DsseKms, then KMSEncrypted must be true.
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Optional. Set to true to use Amazon S3 server-side encryption with your own KMS key (SSE-KMS), or false to use a key managed by Amazon S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the EncryptionType parameter instead.
We recommend using EncryptionType instead of KMSEncrypted to set the file share encryption method. You do not need to provide values for both parameters.
If values for both parameters exist in the same request, then the specified encryption methods must not conflict. For example, if EncryptionType is SseS3, then KMSEncrypted must be false. If EncryptionType is SseKms or DsseKms, then KMSEncrypted must be true.
Valid Values: true | false
The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when KMSEncrypted is true. Optional.
Optional. The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value must be set if KMSEncrypted is true, or if EncryptionType is SseKms or DsseKms.
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
This setting is not meant to specify an exact time at which the notification will be sent. In some cases, the gateway might require more than the specified delay time to generate and send notifications.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
The ARN of the S3 File Gateway on which you want to create a file share.
" }, + "EncryptionType":{ + "shape":"EncryptionType", + "documentation":"A value that specifies the type of server-side encryption that the file share will use for the data that it stores in Amazon S3.
We recommend using EncryptionType instead of KMSEncrypted to set the file share encryption method. You do not need to provide values for both parameters.
If values for both parameters exist in the same request, then the specified encryption methods must not conflict. For example, if EncryptionType is SseS3, then KMSEncrypted must be false. If EncryptionType is SseKms or DsseKms, then KMSEncrypted must be true.
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Optional. Set to true to use Amazon S3 server-side encryption with your own KMS key (SSE-KMS), or false to use a key managed by Amazon S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the EncryptionType parameter instead.
We recommend using EncryptionType instead of KMSEncrypted to set the file share encryption method. You do not need to provide values for both parameters.
If values for both parameters exist in the same request, then the specified encryption methods must not conflict. For example, if EncryptionType is SseS3, then KMSEncrypted must be false. If EncryptionType is SseKms or DsseKms, then KMSEncrypted must be true.
Valid Values: true | false
The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when KMSEncrypted is true. Optional.
Optional. The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value must be set if KMSEncrypted is true, or if EncryptionType is SseKms or DsseKms.
Set this value to true to enable access control list (ACL) on the SMB file share. Set it to false to map file and directory permissions to the POSIX permissions.
For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the Storage Gateway User Guide.
Valid Values: true | false
Set this value to true to enable access control list (ACL) on the SMB file share. Set it to false to map file and directory permissions to the POSIX permissions.
For more information, see Using Windows ACLs to limit SMB file share access in the Amazon S3 File Gateway User Guide.
Valid Values: true | false
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
This setting is not meant to specify an exact time at which the notification will be sent. In some cases, the gateway might require more than the specified delay time to generate and send notifications.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
A set of variables indicating the software update preferences for the gateway.
Includes AutomaticUpdatePolicy field with the following inputs:
ALL_VERSIONS - Enables regular gateway maintenance updates.
EMERGENCY_VERSIONS_ONLY - Disables regular gateway maintenance updates.
A set of variables indicating the software update preferences for the gateway.
Includes AutomaticUpdatePolicy parameter with the following inputs:
ALL_VERSIONS - Enables regular gateway maintenance updates.
EMERGENCY_VERSIONS_ONLY - Disables regular gateway maintenance updates. The gateway will still receive emergency version updates on rare occasions if necessary to remedy highly critical security or durability issues. You will be notified before an emergency version update is applied. These updates are applied during your gateway's scheduled maintenance window.
A JSON object containing the following fields:
" @@ -3508,6 +3520,14 @@ "DoubleObject":{"type":"double"}, "Ec2InstanceId":{"type":"string"}, "Ec2InstanceRegion":{"type":"string"}, + "EncryptionType":{ + "type":"string", + "enum":[ + "SseS3", + "SseKms", + "DsseKms" + ] + }, "EndpointNetworkConfiguration":{ "type":"structure", "members":{ @@ -4016,7 +4036,7 @@ }, "KMSKey":{ "type":"string", - "documentation":"The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when KMSEncrypted is true. Optional.
Optional. The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value must be set if KMSEncrypted is true, or if EncryptionType is SseKms or DsseKms.
A value that specifies the type of server-side encryption that the file share will use for the data that it stores in Amazon S3.
We recommend using EncryptionType instead of KMSEncrypted to set the file share encryption method. You do not need to provide values for both parameters.
If values for both parameters exist in the same request, then the specified encryption methods must not conflict. For example, if EncryptionType is SseS3, then KMSEncrypted must be false. If EncryptionType is SseKms or DsseKms, then KMSEncrypted must be true.
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Optional. Set to true to use Amazon S3 server-side encryption with your own KMS key (SSE-KMS), or false to use a key managed by Amazon S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the EncryptionType parameter instead.
We recommend using EncryptionType instead of KMSEncrypted to set the file share encryption method. You do not need to provide values for both parameters.
If values for both parameters exist in the same request, then the specified encryption methods must not conflict. For example, if EncryptionType is SseS3, then KMSEncrypted must be false. If EncryptionType is SseKms or DsseKms, then KMSEncrypted must be true.
Valid Values: true | false
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
This setting is not meant to specify an exact time at which the notification will be sent. In some cases, the gateway might require more than the specified delay time to generate and send notifications.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
A value that specifies the type of server-side encryption that the file share will use for the data that it stores in Amazon S3.
We recommend using EncryptionType instead of KMSEncrypted to set the file share encryption method. You do not need to provide values for both parameters.
If values for both parameters exist in the same request, then the specified encryption methods must not conflict. For example, if EncryptionType is SseS3, then KMSEncrypted must be false. If EncryptionType is SseKms or DsseKms, then KMSEncrypted must be true.
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Optional. Set to true to use Amazon S3 server-side encryption with your own KMS key (SSE-KMS), or false to use a key managed by Amazon S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the EncryptionType parameter instead.
We recommend using EncryptionType instead of KMSEncrypted to set the file share encryption method. You do not need to provide values for both parameters.
If values for both parameters exist in the same request, then the specified encryption methods must not conflict. For example, if EncryptionType is SseS3, then KMSEncrypted must be false. If EncryptionType is SseKms or DsseKms, then KMSEncrypted must be true.
Valid Values: true | false
If this value is set to true, it indicates that access control list (ACL) is enabled on the SMB file share. If it is set to false, it indicates that file and directory permissions are mapped to the POSIX permission.
For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the Storage Gateway User Guide.
" + "documentation":"If this value is set to true, it indicates that access control list (ACL) is enabled on the SMB file share. If it is set to false, it indicates that file and directory permissions are mapped to the POSIX permission.
For more information, see Using Windows ACLs to limit SMB file share access in the Amazon S3 File Gateway User Guide.
" }, "AccessBasedEnumeration":{ "shape":"Boolean", @@ -4830,7 +4862,7 @@ }, "NotificationPolicy":{ "shape":"NotificationPolicy", - "documentation":"The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
This setting is not meant to specify an exact time at which the notification will be sent. In some cases, the gateway might require more than the specified delay time to generate and send notifications.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
Indicates the automatic update policy for a gateway.
ALL_VERSIONS - Enables regular gateway maintenance updates.
EMERGENCY_VERSIONS_ONLY - Disables regular gateway maintenance updates.
Indicates the automatic update policy for a gateway.
ALL_VERSIONS - Enables regular gateway maintenance updates.
EMERGENCY_VERSIONS_ONLY - Disables regular gateway maintenance updates. The gateway will still receive emergency version updates on rare occasions if necessary to remedy highly critical security or durability issues. You will be notified before an emergency version update is applied. These updates are applied during your gateway's scheduled maintenance window.
A set of variables indicating the software update preferences for the gateway.
" @@ -5587,7 +5619,7 @@ }, "SoftwareUpdatePreferences":{ "shape":"SoftwareUpdatePreferences", - "documentation":"A set of variables indicating the software update preferences for the gateway.
Includes AutomaticUpdatePolicy field with the following inputs:
ALL_VERSIONS - Enables regular gateway maintenance updates.
EMERGENCY_VERSIONS_ONLY - Disables regular gateway maintenance updates.
A set of variables indicating the software update preferences for the gateway.
Includes AutomaticUpdatePolicy field with the following inputs:
ALL_VERSIONS - Enables regular gateway maintenance updates.
EMERGENCY_VERSIONS_ONLY - Disables regular gateway maintenance updates. The gateway will still receive emergency version updates on rare occasions if necessary to remedy highly critical security or durability issues. You will be notified before an emergency version update is applied. These updates are applied during your gateway's scheduled maintenance window.
A JSON object containing the following fields:
The Amazon Resource Name (ARN) of the file share to be updated.
" }, + "EncryptionType":{ + "shape":"EncryptionType", + "documentation":"A value that specifies the type of server-side encryption that the file share will use for the data that it stores in Amazon S3.
We recommend using EncryptionType instead of KMSEncrypted to set the file share encryption method. You do not need to provide values for both parameters.
If values for both parameters exist in the same request, then the specified encryption methods must not conflict. For example, if EncryptionType is SseS3, then KMSEncrypted must be false. If EncryptionType is SseKms or DsseKms, then KMSEncrypted must be true.
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Optional. Set to true to use Amazon S3 server-side encryption with your own KMS key (SSE-KMS), or false to use a key managed by Amazon S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the EncryptionType parameter instead.
We recommend using EncryptionType instead of KMSEncrypted to set the file share encryption method. You do not need to provide values for both parameters.
If values for both parameters exist in the same request, then the specified encryption methods must not conflict. For example, if EncryptionType is SseS3, then KMSEncrypted must be false. If EncryptionType is SseKms or DsseKms, then KMSEncrypted must be true.
Valid Values: true | false
The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when KMSEncrypted is true. Optional.
Optional. The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value must be set if KMSEncrypted is true, or if EncryptionType is SseKms or DsseKms.
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
This setting is not meant to specify an exact time at which the notification will be sent. In some cases, the gateway might require more than the specified delay time to generate and send notifications.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
The Amazon Resource Name (ARN) of the SMB file share that you want to update.
" }, + "EncryptionType":{ + "shape":"EncryptionType", + "documentation":"A value that specifies the type of server-side encryption that the file share will use for the data that it stores in Amazon S3.
We recommend using EncryptionType instead of KMSEncrypted to set the file share encryption method. You do not need to provide values for both parameters.
If values for both parameters exist in the same request, then the specified encryption methods must not conflict. For example, if EncryptionType is SseS3, then KMSEncrypted must be false. If EncryptionType is SseKms or DsseKms, then KMSEncrypted must be true.
Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.
Valid Values: true | false
Optional. Set to true to use Amazon S3 server-side encryption with your own KMS key (SSE-KMS), or false to use a key managed by Amazon S3 (SSE-S3). To use dual-layer encryption (DSSE-KMS), set the EncryptionType parameter instead.
We recommend using EncryptionType instead of KMSEncrypted to set the file share encryption method. You do not need to provide values for both parameters.
If values for both parameters exist in the same request, then the specified encryption methods must not conflict. For example, if EncryptionType is SseS3, then KMSEncrypted must be false. If EncryptionType is SseKms or DsseKms, then KMSEncrypted must be true.
Valid Values: true | false
The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value can only be set when KMSEncrypted is true. Optional.
Optional. The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value must be set if KMSEncrypted is true, or if EncryptionType is SseKms or DsseKms.
Set this value to true to enable access control list (ACL) on the SMB file share. Set it to false to map file and directory permissions to the POSIX permissions.
For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the Storage Gateway User Guide.
Valid Values: true | false
Set this value to true to enable access control list (ACL) on the SMB file share. Set it to false to map file and directory permissions to the POSIX permissions.
For more information, see Using Windows ACLs to limit SMB file share access in the Amazon S3 File Gateway User Guide.
Valid Values: true | false
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
The notification policy of the file share. SettlingTimeInSeconds controls the number of seconds to wait after the last point in time a client wrote to a file before generating an ObjectUploaded notification. Because clients can make many small writes to files, it's best to set this parameter for as long as possible to avoid generating multiple notifications for the same file in a small time period.
SettlingTimeInSeconds has no effect on the timing of the object uploading to Amazon S3, only the timing of the notification.
This setting is not meant to specify an exact time at which the notification will be sent. In some cases, the gateway might require more than the specified delay time to generate and send notifications.
The following example sets NotificationPolicy on with SettlingTimeInSeconds set to 60.
{\\\"Upload\\\": {\\\"SettlingTimeInSeconds\\\": 60}}
The following example sets NotificationPolicy off.
{}
Permanently deletes the specified canary.
If you specify DeleteLambda to true, CloudWatch Synthetics also deletes the Lambda functions and layers that are used by the canary.
Other resources used and created by the canary are not automatically deleted. After you delete a canary that you do not intend to use again, you should also delete the following:
The CloudWatch alarms created for this canary. These alarms have a name of Synthetics-SharpDrop-Alarm-MyCanaryName .
Amazon S3 objects and buckets, such as the canary's artifact location.
IAM roles created for the canary. If they were created in the console, these roles have the name role/service-role/CloudWatchSyntheticsRole-MyCanaryName .
CloudWatch Logs log groups created for the canary. These logs groups have the name /aws/lambda/cwsyn-MyCanaryName .
Before you delete a canary, you might want to use GetCanary to display the information about this canary. Make note of the information returned by this operation so that you can delete these resources after you delete the canary.
Permanently deletes the specified canary.
If you specify DeleteLambda to true, CloudWatch Synthetics also deletes the Lambda functions and layers that are used by the canary.
Other resources used and created by the canary are not automatically deleted. After you delete a canary that you do not intend to use again, you should also delete the following:
The CloudWatch alarms created for this canary. These alarms have a name of Synthetics-Alarm-first-198-characters-of-canary-name-canaryId-alarm number
Amazon S3 objects and buckets, such as the canary's artifact location.
IAM roles created for the canary. If they were created in the console, these roles have the name role/service-role/CloudWatchSyntheticsRole-First-21-Characters-of-CanaryName
CloudWatch Logs log groups created for the canary. These logs groups have the name /aws/lambda/cwsyn-First-21-Characters-of-CanaryName
Before you delete a canary, you might want to use GetCanary to display the information about this canary. Make note of the information returned by this operation so that you can delete these resources after you delete the canary.
The entry point to use for the source code when running the canary. For canaries that use the syn-python-selenium-1.0 runtime or a syn-nodejs.puppeteer runtime earlier than syn-nodejs.puppeteer-3.4, the handler must be specified as fileName.handler. For syn-python-selenium-1.1, syn-nodejs.puppeteer-3.4, and later runtimes, the handler can be specified as fileName.functionName , or you can specify a folder where canary scripts reside as folder/fileName.functionName .
Use this structure to input your script code for the canary. This structure contains the Lambda handler with the location where the canary should start running the script. If the script is stored in an S3 bucket, the bucket name, key, and version are also included. If the script was passed into the canary directly, the script code is contained in the value of Zipfile.
Use this structure to input your script code for the canary. This structure contains the Lambda handler with the location where the canary should start running the script. If the script is stored in an S3 bucket, the bucket name, key, and version are also included. If the script was passed into the canary directly, the script code is contained in the value of Zipfile.
If you are uploading your canary scripts with an Amazon S3 bucket, your zip file should include your script in a certain folder structure.
For Node.js canaries, the folder structure must be nodejs/node_modules/myCanaryFilename.js For more information, see Packaging your Node.js canary files
For Python canaries, the folder structure must be python/myCanaryFilename.p or python/myFolder/myCanaryFilename.py For more information, see Packaging your Python canary files
If this canary is to test an endpoint in a VPC, this structure contains information about the subnet and security groups of the VPC endpoint. For more information, see Running a Canary in a VPC.
" }, + "ResourcesToReplicateTags":{ + "shape":"ResourceList", + "documentation":"To have the tags that you apply to this canary also be applied to the Lambda function that the canary uses, specify this parameter with the value lambda-function.
If you specify this parameter and don't specify any tags in the Tags parameter, the canary creation fails.
A list of key-value pairs to associate with the canary. You can associate as many as 50 tags with a canary.
Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only the resources that have certain tag values.
" + "documentation":"A list of key-value pairs to associate with the canary. You can associate as many as 50 tags with a canary.
Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only the resources that have certain tag values.
To have the tags that you apply to this canary also be applied to the Lambda function that the canary uses, specify this parameter with the value lambda-function.
Specify this parameter to limit how many canaries are returned each time you use the DescribeCanaries operation. If you omit this parameter, the default of 100 is used.
Specify this parameter to limit how many canaries are returned each time you use the DescribeCanaries operation. If you omit this parameter, the default of 20 is used.