aws-sdk-appsync 1.41.0 → 1.42.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5f6abeafdc0788ba74469d684352e3365ba6c6c073550f6ebb48d1f042629bd5
-  data.tar.gz: fdc01d2c263bbb1b45e97239afde2329b6e347ac1ad46b89419a8e4d23a13dab
+  metadata.gz: c554d8adc76f4dcad2a03cb7bd5ba7919eb9b33e6d27e275f059ae1a9082cf8d
+  data.tar.gz: ce39aed5d5b55c267915cef9d0c4e84d6db67ed1c4fb8b791aa668915ad1a183
 SHA512:
-  metadata.gz: 61ee7f64b76a109ce086b3fbb8c4d347b81f65a3faf907100b74b4f765cc5090bc1a3bc00af8deb85cc4feec9eafe9aa2c506ed5388505104bace9e391cf9d98
-  data.tar.gz: c27a29b5a52642991081523a708695a707f4bca60b0a3c4d3dfbb7119cc53a50d175ca0a5289b3631e035e62fccada189377166da2248e4279fcf14e70cfecdc
+  metadata.gz: 92e9f5bb8eb3f227e189a26c01bceb17721d920624e87128c74cb73eaaee3c69e8ef3dcc70635dc73c4a7f6f1dc2a6cb7e912eebe092101fe77fbae29c29cd97
+  data.tar.gz: 2f88c2604a5ebd3391e18450a586929cb4a09e69a8e8b7a9b83920b42bb6c7fdf84eb984702d9f7fc2d9a6a688281d29fa28a67c33861662f032df881b2f57cb

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.42.0 (2021-07-30)
+------------------
+
+* Feature - AWS AppSync now supports a new authorization mode allowing you to define your own authorization logic using an AWS Lambda function.
+
 1.41.0 (2021-07-28)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.41.0
+1.42.0

data/lib/aws-sdk-appsync.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-appsync/customizations'
 # @!group service
 module Aws::AppSync
 
-  GEM_VERSION = '1.41.0'
+  GEM_VERSION = '1.42.0'
 
 end

data/lib/aws-sdk-appsync/client.rb

@@ -484,14 +484,14 @@ module Aws::AppSync
     #   The type of the `DataSource`.
     #
     # @option params [String] :service_role_arn
-    #   The AWS IAM service role ARN for the data source. The system assumes
-    #   this role when accessing the data source.
+    #   The Identity and Access Management service role ARN for the data
+    #   source. The system assumes this role when accessing the data source.
     #
     # @option params [Types::DynamodbDataSourceConfig] :dynamodb_config
     #   Amazon DynamoDB settings.
     #
     # @option params [Types::LambdaDataSourceConfig] :lambda_config
-    #   AWS Lambda settings.
+    #   Amazon Web Services Lambda settings.
     #
     # @option params [Types::ElasticsearchDataSourceConfig] :elasticsearch_config
     #   Amazon Elasticsearch Service settings.
@@ -680,8 +680,8 @@ module Aws::AppSync
     #   The Amazon CloudWatch Logs configuration.
     #
     # @option params [required, String] :authentication_type
-    #   The authentication type: API key, AWS IAM, OIDC, or Amazon Cognito
-    #   user pools.
+    #   The authentication type: API key, Identity and Access Management,
+    #   OIDC, or Amazon Cognito user pools.
     #
     # @option params [Types::UserPoolConfig] :user_pool_config
     #   The Amazon Cognito user pool configuration.
@@ -700,6 +700,9 @@ module Aws::AppSync
     #   A flag indicating whether to enable X-Ray tracing for the
     #   `GraphqlApi`.
     #
+    # @option params [Types::LambdaAuthorizerConfig] :lambda_authorizer_config
+    #   Configuration for AWS Lambda function authorization.
+    #
     # @return [Types::CreateGraphqlApiResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateGraphqlApiResponse#graphql_api #graphql_api} => Types::GraphqlApi
@@ -713,7 +716,7 @@ module Aws::AppSync
     #       cloud_watch_logs_role_arn: "String", # required
     #       exclude_verbose_content: false,
     #     },
-    #     authentication_type: "API_KEY", # required, accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT
+    #     authentication_type: "API_KEY", # required, accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
     #     user_pool_config: {
     #       user_pool_id: "String", # required
     #       aws_region: "String", # required
@@ -731,7 +734,7 @@ module Aws::AppSync
     #     },
     #     additional_authentication_providers: [
     #       {
-    #         authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT
+    #         authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
     #         open_id_connect_config: {
     #           issuer: "String", # required
     #           client_id: "String",
@@ -743,16 +746,26 @@ module Aws::AppSync
     #           aws_region: "String", # required
     #           app_id_client_regex: "String",
     #         },
+    #         lambda_authorizer_config: {
+    #           authorizer_result_ttl_in_seconds: 1,
+    #           authorizer_uri: "String", # required
+    #           identity_validation_expression: "String",
+    #         },
     #       },
     #     ],
     #     xray_enabled: false,
+    #     lambda_authorizer_config: {
+    #       authorizer_result_ttl_in_seconds: 1,
+    #       authorizer_uri: "String", # required
+    #       identity_validation_expression: "String",
+    #     },
     #   })
     #
     # @example Response structure
     #
     #   resp.graphql_api.name #=> String
     #   resp.graphql_api.api_id #=> String
-    #   resp.graphql_api.authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT"
+    #   resp.graphql_api.authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT", "AWS_LAMBDA"
     #   resp.graphql_api.log_config.field_log_level #=> String, one of "NONE", "ERROR", "ALL"
     #   resp.graphql_api.log_config.cloud_watch_logs_role_arn #=> String
     #   resp.graphql_api.log_config.exclude_verbose_content #=> Boolean
@@ -770,7 +783,7 @@ module Aws::AppSync
     #   resp.graphql_api.tags #=> Hash
     #   resp.graphql_api.tags["TagKey"] #=> String
     #   resp.graphql_api.additional_authentication_providers #=> Array
-    #   resp.graphql_api.additional_authentication_providers[0].authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT"
+    #   resp.graphql_api.additional_authentication_providers[0].authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT", "AWS_LAMBDA"
     #   resp.graphql_api.additional_authentication_providers[0].open_id_connect_config.issuer #=> String
     #   resp.graphql_api.additional_authentication_providers[0].open_id_connect_config.client_id #=> String
     #   resp.graphql_api.additional_authentication_providers[0].open_id_connect_config.iat_ttl #=> Integer
@@ -778,8 +791,14 @@ module Aws::AppSync
     #   resp.graphql_api.additional_authentication_providers[0].user_pool_config.user_pool_id #=> String
     #   resp.graphql_api.additional_authentication_providers[0].user_pool_config.aws_region #=> String
     #   resp.graphql_api.additional_authentication_providers[0].user_pool_config.app_id_client_regex #=> String
+    #   resp.graphql_api.additional_authentication_providers[0].lambda_authorizer_config.authorizer_result_ttl_in_seconds #=> Integer
+    #   resp.graphql_api.additional_authentication_providers[0].lambda_authorizer_config.authorizer_uri #=> String
+    #   resp.graphql_api.additional_authentication_providers[0].lambda_authorizer_config.identity_validation_expression #=> String
     #   resp.graphql_api.xray_enabled #=> Boolean
     #   resp.graphql_api.waf_web_acl_arn #=> String
+    #   resp.graphql_api.lambda_authorizer_config.authorizer_result_ttl_in_seconds #=> Integer
+    #   resp.graphql_api.lambda_authorizer_config.authorizer_uri #=> String
+    #   resp.graphql_api.lambda_authorizer_config.identity_validation_expression #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/CreateGraphqlApi AWS API Documentation
     #
@@ -1296,7 +1315,7 @@ module Aws::AppSync
     #
     #   resp.graphql_api.name #=> String
     #   resp.graphql_api.api_id #=> String
-    #   resp.graphql_api.authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT"
+    #   resp.graphql_api.authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT", "AWS_LAMBDA"
     #   resp.graphql_api.log_config.field_log_level #=> String, one of "NONE", "ERROR", "ALL"
     #   resp.graphql_api.log_config.cloud_watch_logs_role_arn #=> String
     #   resp.graphql_api.log_config.exclude_verbose_content #=> Boolean
@@ -1314,7 +1333,7 @@ module Aws::AppSync
     #   resp.graphql_api.tags #=> Hash
     #   resp.graphql_api.tags["TagKey"] #=> String
     #   resp.graphql_api.additional_authentication_providers #=> Array
-    #   resp.graphql_api.additional_authentication_providers[0].authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT"
+    #   resp.graphql_api.additional_authentication_providers[0].authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT", "AWS_LAMBDA"
     #   resp.graphql_api.additional_authentication_providers[0].open_id_connect_config.issuer #=> String
     #   resp.graphql_api.additional_authentication_providers[0].open_id_connect_config.client_id #=> String
     #   resp.graphql_api.additional_authentication_providers[0].open_id_connect_config.iat_ttl #=> Integer
@@ -1322,8 +1341,14 @@ module Aws::AppSync
     #   resp.graphql_api.additional_authentication_providers[0].user_pool_config.user_pool_id #=> String
     #   resp.graphql_api.additional_authentication_providers[0].user_pool_config.aws_region #=> String
     #   resp.graphql_api.additional_authentication_providers[0].user_pool_config.app_id_client_regex #=> String
+    #   resp.graphql_api.additional_authentication_providers[0].lambda_authorizer_config.authorizer_result_ttl_in_seconds #=> Integer
+    #   resp.graphql_api.additional_authentication_providers[0].lambda_authorizer_config.authorizer_uri #=> String
+    #   resp.graphql_api.additional_authentication_providers[0].lambda_authorizer_config.identity_validation_expression #=> String
     #   resp.graphql_api.xray_enabled #=> Boolean
     #   resp.graphql_api.waf_web_acl_arn #=> String
+    #   resp.graphql_api.lambda_authorizer_config.authorizer_result_ttl_in_seconds #=> Integer
+    #   resp.graphql_api.lambda_authorizer_config.authorizer_uri #=> String
+    #   resp.graphql_api.lambda_authorizer_config.identity_validation_expression #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/GetGraphqlApi AWS API Documentation
     #
@@ -1685,7 +1710,7 @@ module Aws::AppSync
     #   resp.graphql_apis #=> Array
     #   resp.graphql_apis[0].name #=> String
     #   resp.graphql_apis[0].api_id #=> String
-    #   resp.graphql_apis[0].authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT"
+    #   resp.graphql_apis[0].authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT", "AWS_LAMBDA"
     #   resp.graphql_apis[0].log_config.field_log_level #=> String, one of "NONE", "ERROR", "ALL"
     #   resp.graphql_apis[0].log_config.cloud_watch_logs_role_arn #=> String
     #   resp.graphql_apis[0].log_config.exclude_verbose_content #=> Boolean
@@ -1703,7 +1728,7 @@ module Aws::AppSync
     #   resp.graphql_apis[0].tags #=> Hash
     #   resp.graphql_apis[0].tags["TagKey"] #=> String
     #   resp.graphql_apis[0].additional_authentication_providers #=> Array
-    #   resp.graphql_apis[0].additional_authentication_providers[0].authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT"
+    #   resp.graphql_apis[0].additional_authentication_providers[0].authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT", "AWS_LAMBDA"
     #   resp.graphql_apis[0].additional_authentication_providers[0].open_id_connect_config.issuer #=> String
     #   resp.graphql_apis[0].additional_authentication_providers[0].open_id_connect_config.client_id #=> String
     #   resp.graphql_apis[0].additional_authentication_providers[0].open_id_connect_config.iat_ttl #=> Integer
@@ -1711,8 +1736,14 @@ module Aws::AppSync
     #   resp.graphql_apis[0].additional_authentication_providers[0].user_pool_config.user_pool_id #=> String
     #   resp.graphql_apis[0].additional_authentication_providers[0].user_pool_config.aws_region #=> String
     #   resp.graphql_apis[0].additional_authentication_providers[0].user_pool_config.app_id_client_regex #=> String
+    #   resp.graphql_apis[0].additional_authentication_providers[0].lambda_authorizer_config.authorizer_result_ttl_in_seconds #=> Integer
+    #   resp.graphql_apis[0].additional_authentication_providers[0].lambda_authorizer_config.authorizer_uri #=> String
+    #   resp.graphql_apis[0].additional_authentication_providers[0].lambda_authorizer_config.identity_validation_expression #=> String
     #   resp.graphql_apis[0].xray_enabled #=> Boolean
     #   resp.graphql_apis[0].waf_web_acl_arn #=> String
+    #   resp.graphql_apis[0].lambda_authorizer_config.authorizer_result_ttl_in_seconds #=> Integer
+    #   resp.graphql_apis[0].lambda_authorizer_config.authorizer_uri #=> String
+    #   resp.graphql_apis[0].lambda_authorizer_config.identity_validation_expression #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/ListGraphqlApis AWS API Documentation
@@ -2163,7 +2194,7 @@ module Aws::AppSync
     #   The new Amazon DynamoDB configuration.
     #
     # @option params [Types::LambdaDataSourceConfig] :lambda_config
-    #   The new AWS Lambda configuration.
+    #   The new Amazon Web Services Lambda configuration.
     #
     # @option params [Types::ElasticsearchDataSourceConfig] :elasticsearch_config
     #   The new Elasticsearch Service configuration.
@@ -2373,6 +2404,9 @@ module Aws::AppSync
     #   A flag indicating whether to enable X-Ray tracing for the
     #   `GraphqlApi`.
     #
+    # @option params [Types::LambdaAuthorizerConfig] :lambda_authorizer_config
+    #   Configuration for AWS Lambda function authorization.
+    #
     # @return [Types::UpdateGraphqlApiResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateGraphqlApiResponse#graphql_api #graphql_api} => Types::GraphqlApi
@@ -2387,7 +2421,7 @@ module Aws::AppSync
     #       cloud_watch_logs_role_arn: "String", # required
     #       exclude_verbose_content: false,
     #     },
-    #     authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT
+    #     authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
     #     user_pool_config: {
     #       user_pool_id: "String", # required
     #       aws_region: "String", # required
@@ -2402,7 +2436,7 @@ module Aws::AppSync
     #     },
     #     additional_authentication_providers: [
     #       {
-    #         authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT
+    #         authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
     #         open_id_connect_config: {
     #           issuer: "String", # required
     #           client_id: "String",
@@ -2414,16 +2448,26 @@ module Aws::AppSync
     #           aws_region: "String", # required
     #           app_id_client_regex: "String",
     #         },
+    #         lambda_authorizer_config: {
+    #           authorizer_result_ttl_in_seconds: 1,
+    #           authorizer_uri: "String", # required
+    #           identity_validation_expression: "String",
+    #         },
     #       },
     #     ],
     #     xray_enabled: false,
+    #     lambda_authorizer_config: {
+    #       authorizer_result_ttl_in_seconds: 1,
+    #       authorizer_uri: "String", # required
+    #       identity_validation_expression: "String",
+    #     },
     #   })
     #
     # @example Response structure
     #
     #   resp.graphql_api.name #=> String
     #   resp.graphql_api.api_id #=> String
-    #   resp.graphql_api.authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT"
+    #   resp.graphql_api.authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT", "AWS_LAMBDA"
     #   resp.graphql_api.log_config.field_log_level #=> String, one of "NONE", "ERROR", "ALL"
     #   resp.graphql_api.log_config.cloud_watch_logs_role_arn #=> String
     #   resp.graphql_api.log_config.exclude_verbose_content #=> Boolean
@@ -2441,7 +2485,7 @@ module Aws::AppSync
     #   resp.graphql_api.tags #=> Hash
     #   resp.graphql_api.tags["TagKey"] #=> String
     #   resp.graphql_api.additional_authentication_providers #=> Array
-    #   resp.graphql_api.additional_authentication_providers[0].authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT"
+    #   resp.graphql_api.additional_authentication_providers[0].authentication_type #=> String, one of "API_KEY", "AWS_IAM", "AMAZON_COGNITO_USER_POOLS", "OPENID_CONNECT", "AWS_LAMBDA"
     #   resp.graphql_api.additional_authentication_providers[0].open_id_connect_config.issuer #=> String
     #   resp.graphql_api.additional_authentication_providers[0].open_id_connect_config.client_id #=> String
     #   resp.graphql_api.additional_authentication_providers[0].open_id_connect_config.iat_ttl #=> Integer
@@ -2449,8 +2493,14 @@ module Aws::AppSync
     #   resp.graphql_api.additional_authentication_providers[0].user_pool_config.user_pool_id #=> String
     #   resp.graphql_api.additional_authentication_providers[0].user_pool_config.aws_region #=> String
     #   resp.graphql_api.additional_authentication_providers[0].user_pool_config.app_id_client_regex #=> String
+    #   resp.graphql_api.additional_authentication_providers[0].lambda_authorizer_config.authorizer_result_ttl_in_seconds #=> Integer
+    #   resp.graphql_api.additional_authentication_providers[0].lambda_authorizer_config.authorizer_uri #=> String
+    #   resp.graphql_api.additional_authentication_providers[0].lambda_authorizer_config.identity_validation_expression #=> String
     #   resp.graphql_api.xray_enabled #=> Boolean
     #   resp.graphql_api.waf_web_acl_arn #=> String
+    #   resp.graphql_api.lambda_authorizer_config.authorizer_result_ttl_in_seconds #=> Integer
+    #   resp.graphql_api.lambda_authorizer_config.authorizer_uri #=> String
+    #   resp.graphql_api.lambda_authorizer_config.identity_validation_expression #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/UpdateGraphqlApi AWS API Documentation
     #
@@ -2624,7 +2674,7 @@ module Aws::AppSync
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-appsync'
-      context[:gem_version] = '1.41.0'
+      context[:gem_version] = '1.42.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-appsync/client_api.rb

@@ -102,6 +102,7 @@ module Aws::AppSync
     GraphqlApis = Shapes::ListShape.new(name: 'GraphqlApis')
     HttpDataSourceConfig = Shapes::StructureShape.new(name: 'HttpDataSourceConfig')
     InternalFailureException = Shapes::StructureShape.new(name: 'InternalFailureException')
+    LambdaAuthorizerConfig = Shapes::StructureShape.new(name: 'LambdaAuthorizerConfig')
     LambdaConflictHandlerConfig = Shapes::StructureShape.new(name: 'LambdaConflictHandlerConfig')
     LambdaDataSourceConfig = Shapes::StructureShape.new(name: 'LambdaDataSourceConfig')
     LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
@@ -144,6 +145,7 @@ module Aws::AppSync
     StartSchemaCreationResponse = Shapes::StructureShape.new(name: 'StartSchemaCreationResponse')
     String = Shapes::StringShape.new(name: 'String')
     SyncConfig = Shapes::StructureShape.new(name: 'SyncConfig')
+    TTL = Shapes::IntegerShape.new(name: 'TTL')
     TagKey = Shapes::StringShape.new(name: 'TagKey')
     TagKeyList = Shapes::ListShape.new(name: 'TagKeyList')
     TagMap = Shapes::MapShape.new(name: 'TagMap')
@@ -178,6 +180,7 @@ module Aws::AppSync
     AdditionalAuthenticationProvider.add_member(:authentication_type, Shapes::ShapeRef.new(shape: AuthenticationType, location_name: "authenticationType"))
     AdditionalAuthenticationProvider.add_member(:open_id_connect_config, Shapes::ShapeRef.new(shape: OpenIDConnectConfig, location_name: "openIDConnectConfig"))
     AdditionalAuthenticationProvider.add_member(:user_pool_config, Shapes::ShapeRef.new(shape: CognitoUserPoolConfig, location_name: "userPoolConfig"))
+    AdditionalAuthenticationProvider.add_member(:lambda_authorizer_config, Shapes::ShapeRef.new(shape: LambdaAuthorizerConfig, location_name: "lambdaAuthorizerConfig"))
     AdditionalAuthenticationProvider.struct_class = Types::AdditionalAuthenticationProvider
 
     AdditionalAuthenticationProviders.member = Shapes::ShapeRef.new(shape: AdditionalAuthenticationProvider)
@@ -287,6 +290,7 @@ module Aws::AppSync
     CreateGraphqlApiRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
     CreateGraphqlApiRequest.add_member(:additional_authentication_providers, Shapes::ShapeRef.new(shape: AdditionalAuthenticationProviders, location_name: "additionalAuthenticationProviders"))
     CreateGraphqlApiRequest.add_member(:xray_enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "xrayEnabled"))
+    CreateGraphqlApiRequest.add_member(:lambda_authorizer_config, Shapes::ShapeRef.new(shape: LambdaAuthorizerConfig, location_name: "lambdaAuthorizerConfig"))
     CreateGraphqlApiRequest.struct_class = Types::CreateGraphqlApiRequest
 
     CreateGraphqlApiResponse.add_member(:graphql_api, Shapes::ShapeRef.new(shape: GraphqlApi, location_name: "graphqlApi"))
@@ -480,6 +484,7 @@ module Aws::AppSync
     GraphqlApi.add_member(:additional_authentication_providers, Shapes::ShapeRef.new(shape: AdditionalAuthenticationProviders, location_name: "additionalAuthenticationProviders"))
     GraphqlApi.add_member(:xray_enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "xrayEnabled"))
     GraphqlApi.add_member(:waf_web_acl_arn, Shapes::ShapeRef.new(shape: String, location_name: "wafWebAclArn"))
+    GraphqlApi.add_member(:lambda_authorizer_config, Shapes::ShapeRef.new(shape: LambdaAuthorizerConfig, location_name: "lambdaAuthorizerConfig"))
     GraphqlApi.struct_class = Types::GraphqlApi
 
     GraphqlApis.member = Shapes::ShapeRef.new(shape: GraphqlApi)
@@ -491,6 +496,11 @@ module Aws::AppSync
     InternalFailureException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
     InternalFailureException.struct_class = Types::InternalFailureException
 
+    LambdaAuthorizerConfig.add_member(:authorizer_result_ttl_in_seconds, Shapes::ShapeRef.new(shape: TTL, location_name: "authorizerResultTtlInSeconds"))
+    LambdaAuthorizerConfig.add_member(:authorizer_uri, Shapes::ShapeRef.new(shape: String, required: true, location_name: "authorizerUri"))
+    LambdaAuthorizerConfig.add_member(:identity_validation_expression, Shapes::ShapeRef.new(shape: String, location_name: "identityValidationExpression"))
+    LambdaAuthorizerConfig.struct_class = Types::LambdaAuthorizerConfig
+
     LambdaConflictHandlerConfig.add_member(:lambda_conflict_handler_arn, Shapes::ShapeRef.new(shape: String, location_name: "lambdaConflictHandlerArn"))
     LambdaConflictHandlerConfig.struct_class = Types::LambdaConflictHandlerConfig
 
@@ -712,6 +722,7 @@ module Aws::AppSync
     UpdateGraphqlApiRequest.add_member(:open_id_connect_config, Shapes::ShapeRef.new(shape: OpenIDConnectConfig, location_name: "openIDConnectConfig"))
     UpdateGraphqlApiRequest.add_member(:additional_authentication_providers, Shapes::ShapeRef.new(shape: AdditionalAuthenticationProviders, location_name: "additionalAuthenticationProviders"))
     UpdateGraphqlApiRequest.add_member(:xray_enabled, Shapes::ShapeRef.new(shape: Boolean, location_name: "xrayEnabled"))
+    UpdateGraphqlApiRequest.add_member(:lambda_authorizer_config, Shapes::ShapeRef.new(shape: LambdaAuthorizerConfig, location_name: "lambdaAuthorizerConfig"))
     UpdateGraphqlApiRequest.struct_class = Types::UpdateGraphqlApiRequest
 
     UpdateGraphqlApiResponse.add_member(:graphql_api, Shapes::ShapeRef.new(shape: GraphqlApi, location_name: "graphqlApi"))

data/lib/aws-sdk-appsync/types.rb

@@ -29,7 +29,7 @@ module Aws::AppSync
     #   data as a hash:
     #
     #       {
-    #         authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT
+    #         authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
     #         open_id_connect_config: {
     #           issuer: "String", # required
     #           client_id: "String",
@@ -41,11 +41,16 @@ module Aws::AppSync
     #           aws_region: "String", # required
     #           app_id_client_regex: "String",
     #         },
+    #         lambda_authorizer_config: {
+    #           authorizer_result_ttl_in_seconds: 1,
+    #           authorizer_uri: "String", # required
+    #           identity_validation_expression: "String",
+    #         },
     #       }
     #
     # @!attribute [rw] authentication_type
-    #   The authentication type: API key, AWS IAM, OIDC, or Amazon Cognito
-    #   user pools.
+    #   The authentication type: API key, Identity and Access Management,
+    #   OIDC, or Amazon Cognito user pools.
     #   @return [String]
     #
     # @!attribute [rw] open_id_connect_config
@@ -56,12 +61,17 @@ module Aws::AppSync
     #   The Amazon Cognito user pool configuration.
     #   @return [Types::CognitoUserPoolConfig]
     #
+    # @!attribute [rw] lambda_authorizer_config
+    #   Configuration for AWS Lambda function authorization.
+    #   @return [Types::LambdaAuthorizerConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/AdditionalAuthenticationProvider AWS API Documentation
     #
     class AdditionalAuthenticationProvider < Struct.new(
       :authentication_type,
       :open_id_connect_config,
-      :user_pool_config)
+      :user_pool_config,
+      :lambda_authorizer_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -163,8 +173,8 @@ module Aws::AppSync
 
     # Describes an API key.
     #
-    # Customers invoke AWS AppSync GraphQL API operations with API keys as
-    # an identity mechanism. There are two key versions:
+    # Customers invoke AppSync GraphQL API operations with API keys as an
+    # identity mechanism. There are two key versions:
     #
     # **da1**\: This version was introduced at launch in November 2017.
     # These keys always expire after 7 days. Key expiration is managed by
@@ -301,7 +311,7 @@ module Aws::AppSync
     #   @return [String]
     #
     # @!attribute [rw] aws_iam_config
-    #   The AWS IAM settings.
+    #   The Identity and Access Management settings.
     #   @return [Types::AwsIamConfig]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/AuthorizationConfig AWS API Documentation
@@ -313,7 +323,7 @@ module Aws::AppSync
       include Aws::Structure
     end
 
-    # The AWS IAM configuration.
+    # The Identity and Access Management configuration.
     #
     # @note When making an API call, you may pass AwsIamConfig
     #   data as a hash:
@@ -324,11 +334,12 @@ module Aws::AppSync
     #       }
     #
     # @!attribute [rw] signing_region
-    #   The signing region for AWS IAM authorization.
+    #   The signing region for Identity and Access Management authorization.
     #   @return [String]
     #
     # @!attribute [rw] signing_service_name
-    #   The signing service name for AWS IAM authorization.
+    #   The signing service name for Identity and Access Management
+    #   authorization.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/AwsIamConfig AWS API Documentation
@@ -402,7 +413,7 @@ module Aws::AppSync
     #   @return [String]
     #
     # @!attribute [rw] aws_region
-    #   The AWS Region in which the user pool was created.
+    #   The Amazon Web Services Region in which the user pool was created.
     #   @return [String]
     #
     # @!attribute [rw] app_id_client_regex
@@ -657,8 +668,8 @@ module Aws::AppSync
     #   @return [String]
     #
     # @!attribute [rw] service_role_arn
-    #   The AWS IAM service role ARN for the data source. The system assumes
-    #   this role when accessing the data source.
+    #   The Identity and Access Management service role ARN for the data
+    #   source. The system assumes this role when accessing the data source.
     #   @return [String]
     #
     # @!attribute [rw] dynamodb_config
@@ -666,7 +677,7 @@ module Aws::AppSync
     #   @return [Types::DynamodbDataSourceConfig]
     #
     # @!attribute [rw] lambda_config
-    #   AWS Lambda settings.
+    #   Amazon Web Services Lambda settings.
     #   @return [Types::LambdaDataSourceConfig]
     #
     # @!attribute [rw] elasticsearch_config
@@ -805,7 +816,7 @@ module Aws::AppSync
     #           cloud_watch_logs_role_arn: "String", # required
     #           exclude_verbose_content: false,
     #         },
-    #         authentication_type: "API_KEY", # required, accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT
+    #         authentication_type: "API_KEY", # required, accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
     #         user_pool_config: {
     #           user_pool_id: "String", # required
     #           aws_region: "String", # required
@@ -823,7 +834,7 @@ module Aws::AppSync
     #         },
     #         additional_authentication_providers: [
     #           {
-    #             authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT
+    #             authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
     #             open_id_connect_config: {
     #               issuer: "String", # required
     #               client_id: "String",
@@ -835,9 +846,19 @@ module Aws::AppSync
     #               aws_region: "String", # required
     #               app_id_client_regex: "String",
     #             },
+    #             lambda_authorizer_config: {
+    #               authorizer_result_ttl_in_seconds: 1,
+    #               authorizer_uri: "String", # required
+    #               identity_validation_expression: "String",
+    #             },
     #           },
     #         ],
     #         xray_enabled: false,
+    #         lambda_authorizer_config: {
+    #           authorizer_result_ttl_in_seconds: 1,
+    #           authorizer_uri: "String", # required
+    #           identity_validation_expression: "String",
+    #         },
     #       }
     #
     # @!attribute [rw] name
@@ -849,8 +870,8 @@ module Aws::AppSync
     #   @return [Types::LogConfig]
     #
     # @!attribute [rw] authentication_type
-    #   The authentication type: API key, AWS IAM, OIDC, or Amazon Cognito
-    #   user pools.
+    #   The authentication type: API key, Identity and Access Management,
+    #   OIDC, or Amazon Cognito user pools.
     #   @return [String]
     #
     # @!attribute [rw] user_pool_config
@@ -875,6 +896,10 @@ module Aws::AppSync
     #   `GraphqlApi`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] lambda_authorizer_config
+    #   Configuration for AWS Lambda function authorization.
+    #   @return [Types::LambdaAuthorizerConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/CreateGraphqlApiRequest AWS API Documentation
     #
     class CreateGraphqlApiRequest < Struct.new(
@@ -885,7 +910,8 @@ module Aws::AppSync
       :open_id_connect_config,
       :tags,
       :additional_authentication_providers,
-      :xray_enabled)
+      :xray_enabled,
+      :lambda_authorizer_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1088,7 +1114,8 @@ module Aws::AppSync
     #   * **AMAZON\_ELASTICSEARCH**\: The data source is an Amazon
     #     Elasticsearch Service domain.
     #
-    #   * **AWS\_LAMBDA**\: The data source is an AWS Lambda function.
+    #   * **AWS\_LAMBDA**\: The data source is an Amazon Web Services Lambda
+    #     function.
     #
     #   * **NONE**\: There is no data source. This type is used when you
     #     wish to invoke a GraphQL operation without connecting to a data
@@ -1102,8 +1129,8 @@ module Aws::AppSync
     #   @return [String]
     #
     # @!attribute [rw] service_role_arn
-    #   The AWS IAM service role ARN for the data source. The system assumes
-    #   this role when accessing the data source.
+    #   The Identity and Access Management service role ARN for the data
+    #   source. The system assumes this role when accessing the data source.
     #   @return [String]
     #
     # @!attribute [rw] dynamodb_config
@@ -1111,7 +1138,7 @@ module Aws::AppSync
     #   @return [Types::DynamodbDataSourceConfig]
     #
     # @!attribute [rw] lambda_config
-    #   AWS Lambda settings.
+    #   Amazon Web Services Lambda settings.
     #   @return [Types::LambdaDataSourceConfig]
     #
     # @!attribute [rw] elasticsearch_config
@@ -1400,7 +1427,7 @@ module Aws::AppSync
     #   @return [String]
     #
     # @!attribute [rw] aws_region
-    #   The AWS Region.
+    #   The Amazon Web Services Region.
     #   @return [String]
     #
     # @!attribute [rw] use_caller_credentials
@@ -1443,7 +1470,7 @@ module Aws::AppSync
     #   @return [String]
     #
     # @!attribute [rw] aws_region
-    #   The AWS Region.
+    #   The Amazon Web Services Region.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/ElasticsearchDataSourceConfig AWS API Documentation
@@ -1920,10 +1947,14 @@ module Aws::AppSync
     #   @return [Boolean]
     #
     # @!attribute [rw] waf_web_acl_arn
-    #   The ARN of the AWS Web Application Firewall (WAF) ACL associated
-    #   with this `GraphqlApi`, if one exists.
+    #   The ARN of the WAF ACL associated with this `GraphqlApi`, if one
+    #   exists.
     #   @return [String]
     #
+    # @!attribute [rw] lambda_authorizer_config
+    #   Configuration for AWS Lambda function authorization.
+    #   @return [Types::LambdaAuthorizerConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/GraphqlApi AWS API Documentation
     #
     class GraphqlApi < Struct.new(
@@ -1938,7 +1969,8 @@ module Aws::AppSync
       :tags,
       :additional_authentication_providers,
       :xray_enabled,
-      :waf_web_acl_arn)
+      :waf_web_acl_arn,
+      :lambda_authorizer_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1962,8 +1994,8 @@ module Aws::AppSync
     # @!attribute [rw] endpoint
     #   The HTTP URL endpoint. You can either specify the domain name or IP,
     #   and port combination, and the URL scheme must be HTTP or HTTPS. If
-    #   the port is not specified, AWS AppSync uses the default port 80 for
-    #   the HTTP endpoint and port 443 for HTTPS endpoints.
+    #   the port is not specified, AppSync uses the default port 80 for the
+    #   HTTP endpoint and port 443 for HTTPS endpoints.
     #   @return [String]
     #
     # @!attribute [rw] authorization_config
@@ -1980,7 +2012,7 @@ module Aws::AppSync
       include Aws::Structure
     end
 
-    # An internal AWS AppSync error occurred. Try your request again.
+    # An internal AppSync error occurred. Try your request again.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1993,6 +2025,57 @@ module Aws::AppSync
       include Aws::Structure
     end
 
+    # A `LambdaAuthorizerConfig` holds configuration on how to authorize
+    # AppSync API access when using the `AWS_LAMBDA` authorizer mode. Be
+    # aware that an AppSync API may have only one Lambda authorizer
+    # configured at a time.
+    #
+    # @note When making an API call, you may pass LambdaAuthorizerConfig
+    #   data as a hash:
+    #
+    #       {
+    #         authorizer_result_ttl_in_seconds: 1,
+    #         authorizer_uri: "String", # required
+    #         identity_validation_expression: "String",
+    #       }
+    #
+    # @!attribute [rw] authorizer_result_ttl_in_seconds
+    #   The number of seconds a response should be cached for. The default
+    #   is 5 minutes (300 seconds). The Lambda function can override this by
+    #   returning a `ttlOverride` key in its response. A value of 0 disables
+    #   caching of responses.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] authorizer_uri
+    #   The ARN of the lambda function to be called for authorization. This
+    #   may be a standard Lambda ARN, a version ARN (`.../v3`) or alias ARN.
+    #
+    #   *Note*\: This Lambda function must have the following resource-based
+    #   policy assigned to it. When configuring Lambda authorizers in the
+    #   Console, this is done for you. To do so with the AWS CLI, run the
+    #   following:
+    #
+    #   `aws lambda add-permission --function-name
+    #   "arn:aws:lambda:us-east-2:111122223333:function:my-function"
+    #   --statement-id "appsync" --principal appsync.amazonaws.com --action
+    #   lambda:InvokeFunction`
+    #   @return [String]
+    #
+    # @!attribute [rw] identity_validation_expression
+    #   A regular expression for validation of tokens before the Lambda
+    #   Function is called.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/LambdaAuthorizerConfig AWS API Documentation
+    #
+    class LambdaAuthorizerConfig < Struct.new(
+      :authorizer_result_ttl_in_seconds,
+      :authorizer_uri,
+      :identity_validation_expression)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The `LambdaConflictHandlerConfig` object when configuring LAMBDA as
     # the Conflict Handler.
     #
@@ -2015,7 +2098,7 @@ module Aws::AppSync
       include Aws::Structure
     end
 
-    # Describes an AWS Lambda data source configuration.
+    # Describes an Amazon Web Services Lambda data source configuration.
     #
     # @note When making an API call, you may pass LambdaDataSourceConfig
     #   data as a hash:
@@ -2486,7 +2569,7 @@ module Aws::AppSync
     #   @return [String]
     #
     # @!attribute [rw] cloud_watch_logs_role_arn
-    #   The service role that AWS AppSync will assume to publish to Amazon
+    #   The service role that AppSync will assume to publish to Amazon
     #   CloudWatch logs in your account.
     #   @return [String]
     #
@@ -2541,7 +2624,7 @@ module Aws::AppSync
     #   The client identifier of the Relying party at the OpenID identity
     #   provider. This identifier is typically obtained when the Relying
     #   party is registered with the OpenID identity provider. You can
-    #   specify a regular expression so the AWS AppSync can validate against
+    #   specify a regular expression so the AppSync can validate against
     #   multiple client identifiers at a time.
     #   @return [String]
     #
@@ -2601,7 +2684,7 @@ module Aws::AppSync
     #       }
     #
     # @!attribute [rw] aws_region
-    #   AWS Region for RDS HTTP endpoint.
+    #   Amazon Web Services Region for RDS HTTP endpoint.
     #   @return [String]
     #
     # @!attribute [rw] db_cluster_identifier
@@ -2617,7 +2700,7 @@ module Aws::AppSync
     #   @return [String]
     #
     # @!attribute [rw] aws_secret_store_arn
-    #   AWS secret store ARN for database credentials.
+    #   Amazon Web Services secret store ARN for database credentials.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/RdsHttpEndpointConfig AWS API Documentation
@@ -3161,7 +3244,7 @@ module Aws::AppSync
     #   @return [Types::DynamodbDataSourceConfig]
     #
     # @!attribute [rw] lambda_config
-    #   The new AWS Lambda configuration.
+    #   The new Amazon Web Services Lambda configuration.
     #   @return [Types::LambdaDataSourceConfig]
     #
     # @!attribute [rw] elasticsearch_config
@@ -3307,7 +3390,7 @@ module Aws::AppSync
     #           cloud_watch_logs_role_arn: "String", # required
     #           exclude_verbose_content: false,
     #         },
-    #         authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT
+    #         authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
     #         user_pool_config: {
     #           user_pool_id: "String", # required
     #           aws_region: "String", # required
@@ -3322,7 +3405,7 @@ module Aws::AppSync
     #         },
     #         additional_authentication_providers: [
     #           {
-    #             authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT
+    #             authentication_type: "API_KEY", # accepts API_KEY, AWS_IAM, AMAZON_COGNITO_USER_POOLS, OPENID_CONNECT, AWS_LAMBDA
     #             open_id_connect_config: {
     #               issuer: "String", # required
     #               client_id: "String",
@@ -3334,9 +3417,19 @@ module Aws::AppSync
     #               aws_region: "String", # required
     #               app_id_client_regex: "String",
     #             },
+    #             lambda_authorizer_config: {
+    #               authorizer_result_ttl_in_seconds: 1,
+    #               authorizer_uri: "String", # required
+    #               identity_validation_expression: "String",
+    #             },
     #           },
     #         ],
     #         xray_enabled: false,
+    #         lambda_authorizer_config: {
+    #           authorizer_result_ttl_in_seconds: 1,
+    #           authorizer_uri: "String", # required
+    #           identity_validation_expression: "String",
+    #         },
     #       }
     #
     # @!attribute [rw] api_id
@@ -3375,6 +3468,10 @@ module Aws::AppSync
     #   `GraphqlApi`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] lambda_authorizer_config
+    #   Configuration for AWS Lambda function authorization.
+    #   @return [Types::LambdaAuthorizerConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/appsync-2017-07-25/UpdateGraphqlApiRequest AWS API Documentation
     #
     class UpdateGraphqlApiRequest < Struct.new(
@@ -3385,7 +3482,8 @@ module Aws::AppSync
       :user_pool_config,
       :open_id_connect_config,
       :additional_authentication_providers,
-      :xray_enabled)
+      :xray_enabled,
+      :lambda_authorizer_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3581,7 +3679,7 @@ module Aws::AppSync
     #   @return [String]
     #
     # @!attribute [rw] aws_region
-    #   The AWS Region in which the user pool was created.
+    #   The Amazon Web Services Region in which the user pool was created.
     #   @return [String]
     #
     # @!attribute [rw] default_action

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-appsync
 version: !ruby/object:Gem::Version
-  version: 1.41.0
+  version: 1.42.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-07-28 00:00:00.000000000 Z
+date: 2021-07-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.118.0
+        version: 3.119.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.118.0
+        version: 3.119.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement