RubyGems - aws-sdk-cloudfront - Versions diffs - 1.119.0 → 1.121.0 - Mend

aws-sdk-cloudfront 1.119.0 → 1.121.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +10 -0
data/VERSION +1 -1
data/lib/aws-sdk-cloudfront/client.rb +179 -80
data/lib/aws-sdk-cloudfront/client_api.rb +16 -9
data/lib/aws-sdk-cloudfront/endpoint_parameters.rb +9 -9
data/lib/aws-sdk-cloudfront/endpoint_provider.rb +14 -11
data/lib/aws-sdk-cloudfront/types.rb +364 -133
data/lib/aws-sdk-cloudfront.rb +1 -1
data/sig/client.rbs +1 -0
data/sig/resource.rbs +1 -0
data/sig/types.rbs +2 -2
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ae85e07e9feefe3212add83e30961a340fc2c2d5b9d7476b7cea377fddd2e060
-  data.tar.gz: d9a81a0808128cb09cd74ac0f83ea49c4164bb841efbce3a3c0f354162573149
+  metadata.gz: 3449dbfddf944810a1b3812c5fb7ad80d25ea71eda9c254aaf358cb53d0b644f
+  data.tar.gz: 1ab810c7992b1618ec71c84ceb5d2cb31a9cb3b9c4174178162a931177f0cfda
 SHA512:
-  metadata.gz: f737e604383d37d13946331d469411a9570c8488a9d5e5a3deee7e843bc6c47f043fbcb33e7818f3a3e553daf913e51758f509c45114c13f81aa8d8055a4527d
-  data.tar.gz: bb95e8d798659cb25f5d1e726fe713117a74461cd34f2d147e6f0010d8bbb99bb6ec9783ff87290fb33adfe5b0702c68d8ab9e05f3146fd32c5ad3062a7766a1
+  metadata.gz: 2d63e08dad36b521e933fd0b87fb9bc25730218dc1d6d6881b58c4ea583887596c9a26872cc6e64564036cff9c1f4c7faeab8de8fcc76cc9aeca28bd776911de
+  data.tar.gz: b81f7baadcac7a844024c4891c93ad48e021caa925db0760e0ab7107b91f3bc2d6eb0d3962bfdf693769ade108e33031177681b5e1fc45078be91564c3ca8837

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
+1.121.0 (2025-07-21)
+------------------
+* Feature - Add dualstack endpoint support
+1.120.0 (2025-07-17)
+------------------
+* Feature - Doc only update for CloudFront that fixes some customer-reported issues
 1.119.0 (2025-06-02)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.~~119~~.0
1	+ 1.121.0

data/lib/aws-sdk-cloudfront/client.rb CHANGED Viewed

@@ -95,7 +95,7 @@ module Aws::CloudFront
     #     class name or an instance of a plugin class.
     #
     #   @option options [required, Aws::CredentialProvider] :credentials
-    #     Your AWS credentials. This can be an instance of any one of the
+    #     Your AWS credentials used for authentication. This can be an instance of any one of the
     #     following classes:
     #
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
@@ -128,18 +128,23 @@ module Aws::CloudFront
     #     locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
+    #
     #     * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
     #       `:account_id` options.
-    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
-    #       ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
+    #
+    #     * `ENV['AWS_ACCESS_KEY_ID']`, `ENV['AWS_SECRET_ACCESS_KEY']`,
+    #       `ENV['AWS_SESSION_TOKEN']`, and `ENV['AWS_ACCOUNT_ID']`.
+    #
     #     * `~/.aws/credentials`
+    #
     #     * `~/.aws/config`
+    #
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
     #       enable retries and extended timeouts. Instance profile credential
-    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
-    #       to true.
+    #       fetching can be disabled by setting `ENV['AWS_EC2_METADATA_DISABLED']`
+    #       to `true`.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -167,6 +172,11 @@ module Aws::CloudFront
     #     When false, the request will raise a `RetryCapacityNotAvailableError` and will
     #     not retry instead of sleeping.
     #
+    #   @option options [Array<String>] :auth_scheme_preference
+    #     A list of preferred authentication schemes to use when making a request. Supported values are:
+    #     `sigv4`, `sigv4a`, `httpBearerAuth`, and `noAuth`. When set using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or in
+    #     shared config as `auth_scheme_preference`, the value should be a comma-separated list.
+    #
     #   @option options [Boolean] :client_side_monitoring (false)
     #     When `true`, client-side metrics will be collected for all API requests from
     #     this client.
@@ -253,8 +263,8 @@ module Aws::CloudFront
     #     4 times. Used in `standard` and `adaptive` retry modes.
     #
     #   @option options [String] :profile ("default")
-    #     Used when loading credentials from the shared credentials file
-    #     at HOME/.aws/credentials.  When not specified, 'default' is used.
+    #     Used when loading credentials from the shared credentials file at `HOME/.aws/credentials`.
+    #     When not specified, 'default' is used.
     #
     #   @option options [String] :request_checksum_calculation ("when_supported")
     #     Determines when a checksum will be calculated for request payloads. Values are:
@@ -367,7 +377,7 @@ module Aws::CloudFront
     #     `Aws::Telemetry::OTelProvider` for telemetry provider.
     #
     #   @option options [Aws::TokenProvider] :token_provider
-    #     A Bearer Token Provider. This can be an instance of any one of the
+    #     Your Bearer token used for authentication. This can be an instance of any one of the
     #     following classes:
     #
     #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
@@ -469,31 +479,45 @@ module Aws::CloudFront
     # @!group API Operations
-    # Associates an alias (also known as a CNAME or an alternate domain
-    # name) with a CloudFront distribution.
+    # <note markdown="1"> The `AssociateAlias` API operation only supports
+    # standard
+    # distributions. To move domains between distribution tenants and/or
+    # standard distributions, we recommend that you use the
+    # [UpdateDomainAssociation][1] API operation instead.
+    #
+    #  </note>
+    #
+    #  Associates an alias with a CloudFront standard distribution. An alias
+    # is commonly known as a custom domain or vanity domain. It can also be
+    # called a CNAME or alternate domain name.
     #
-    # With this operation you can move an alias that's already in use on a
-    # CloudFront distribution to a different distribution in one step. This
+    #  With this operation, you can move an alias that's already used for a
+    # standard distribution to a different standard distribution. This
     # prevents the downtime that could occur if you first remove the alias
-    # from one distribution and then separately add the alias to another
-    # distribution.
+    # from one standard distribution and then separately add the alias to
+    # another standard distribution.
     #
-    # To use this operation to associate an alias with a distribution, you
-    # provide the alias and the ID of the target distribution for the alias.
-    # For more information, including how to set up the target distribution,
-    # prerequisites that you must complete, and other restrictions, see
-    # [Moving an alternate domain name to a different distribution][1] in
-    # the *Amazon CloudFront Developer Guide*.
+    #  To use this operation, specify the alias and the ID of the target
+    # standard distribution.
+    #
+    #  For more information, including how to set up the target standard
+    # distribution, prerequisites that you must complete, and other
+    # restrictions, see [Moving an alternate domain name to a different
+    # standard distribution or distribution tenant][2] in the *Amazon
+    # CloudFront Developer Guide*.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-move
+    # [1]: https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDomainAssociation.html
+    # [2]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-move
     #
     # @option params [required, String] :target_distribution_id
-    #   The ID of the distribution that you're associating the alias with.
+    #   The ID of the standard distribution that you're associating the alias
+    #   with.
     #
     # @option params [required, String] :alias
-    #   The alias (also known as a CNAME) to add to the target distribution.
+    #   The alias (also known as a CNAME) to add to the target standard
+    #   distribution.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -1491,7 +1515,7 @@ module Aws::CloudFront
     #       enabled: false, # required
     #       viewer_certificate: {
     #         cloud_front_default_certificate: false,
-    #         iam_certificate_id: "string",
+    #         iam_certificate_id: "ServerCertificateId",
     #         acm_certificate_arn: "string",
     #         ssl_support_method: "sni-only", # accepts sni-only, vip, static-ip
     #         minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018, TLSv1.2_2019, TLSv1.2_2021
@@ -1517,7 +1541,7 @@ module Aws::CloudFront
     #             name: "ParameterName", # required
     #             definition: { # required
     #               string_schema: {
-    #                 comment: "string",
+    #                 comment: "sensitiveStringType",
     #                 default_value: "ParameterValue",
     #                 required: false, # required
     #               },
@@ -2144,7 +2168,7 @@ module Aws::CloudFront
     #         enabled: false, # required
     #         viewer_certificate: {
     #           cloud_front_default_certificate: false,
-    #           iam_certificate_id: "string",
+    #           iam_certificate_id: "ServerCertificateId",
     #           acm_certificate_arn: "string",
     #           ssl_support_method: "sni-only", # accepts sni-only, vip, static-ip
     #           minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018, TLSv1.2_2019, TLSv1.2_2021
@@ -2170,7 +2194,7 @@ module Aws::CloudFront
     #               name: "ParameterName", # required
     #               definition: { # required
     #                 string_schema: {
-    #                   comment: "string",
+    #                   comment: "sensitiveStringType",
     #                   default_value: "ParameterValue",
     #                   required: false, # required
     #                 },
@@ -3999,7 +4023,7 @@ module Aws::CloudFront
     # @example Request syntax with placeholder values
     #
     #   resp = client.delete_function({
-    #     name: "string", # required
+    #     name: "FunctionName", # required
     #     if_match: "string", # required
     #   })
     #
@@ -4460,7 +4484,7 @@ module Aws::CloudFront
     # @example Request syntax with placeholder values
     #
     #   resp = client.describe_function({
-    #     name: "string", # required
+    #     name: "FunctionName", # required
     #     stage: "DEVELOPMENT", # accepts DEVELOPMENT, LIVE
     #   })
     #
@@ -5744,7 +5768,7 @@ module Aws::CloudFront
     # @example Request syntax with placeholder values
     #
     #   resp = client.get_function({
-    #     name: "string", # required
+    #     name: "FunctionName", # required
     #     stage: "DEVELOPMENT", # accepts DEVELOPMENT, LIVE
     #   })
     #
@@ -6834,44 +6858,54 @@ module Aws::CloudFront
       req.send_request(options)
     end
-    # Gets a list of aliases (also called CNAMEs or alternate domain names)
-    # that conflict or overlap with the provided alias, and the associated
-    # CloudFront distributions and Amazon Web Services accounts for each
-    # conflicting alias. In the returned list, the distribution and account
-    # IDs are partially hidden, which allows you to identify the
-    # distributions and accounts that you own, but helps to protect the
+    # <note markdown="1"> The `ListConflictingAliases` API operation only
+    # supports standard
+    # distributions. To list domain conflicts for both standard
+    # distributions and distribution tenants, we recommend that you use the
+    # [ListDomainConflicts][1] API operation instead.
+    #
+    #  </note>
+    #
+    #  Gets a list of aliases that conflict or overlap with the provided
+    # alias, and the associated CloudFront standard distribution and Amazon
+    # Web Services accounts for each conflicting alias. An alias is commonly
+    # known as a custom domain or vanity domain. It can also be called a
+    # CNAME or alternate domain name.
+    #
+    #  In the returned list, the standard distribution and account IDs are
+    # partially hidden, which allows you to identify the standard
+    # distribution and accounts that you own, and helps to protect the
     # information of ones that you don't own.
     #
-    # Use this operation to find aliases that are in use in CloudFront that
+    #  Use this operation to find aliases that are in use in CloudFront that
     # conflict or overlap with the provided alias. For example, if you
     # provide `www.example.com` as input, the returned list can include
     # `www.example.com` and the overlapping wildcard alternate domain name
-    # (`*.example.com`), if they exist. If you provide `*.example.com` as
-    # input, the returned list can include `*.example.com` and any alternate
-    # domain names covered by that wildcard (for example, `www.example.com`,
-    # `test.example.com`, `dev.example.com`, and so on), if they exist.
-    #
-    # To list conflicting aliases, you provide the alias to search and the
-    # ID of a distribution in your account that has an attached SSL/TLS
-    # certificate that includes the provided alias. For more information,
-    # including how to set up the distribution and certificate, see [Moving
-    # an alternate domain name to a different distribution][1] in the
-    # *Amazon CloudFront Developer Guide*.
-    #
-    # You can optionally specify the maximum number of items to receive in
-    # the response. If the total number of items in the list exceeds the
-    # maximum that you specify, or the default maximum, the response is
-    # paginated. To get the next page of items, send a subsequent request
-    # that specifies the `NextMarker` value from the current response as the
-    # `Marker` value in the subsequent request.
-    #
-    #
-    #
-    # [1]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-move
+    # (`.example.com</code>), if they exist. If you provide
+    # </em>.example.com as input, the returned list can include
+    # *.example.com and any alternate domain names covered by that wildcard
+    # (for example, www.example.com, test.example.com, dev.example.com, and
+    # so on), if they exist.</p> To list conflicting aliases, specify the
+    # alias to search and the ID of a standard distribution in your account
+    # that has an attached TLS certificate that includes the provided alias.
+    # For more information, including how to set up the standard
+    # distribution and certificate, see Moving an alternate domain name to a
+    # different standard distribution or distribution tenant in the Amazon
+    # CloudFront Developer Guide. You can optionally specify the maximum
+    # number of items to receive in the response. If the total number of
+    # items in the list exceeds the maximum that you specify, or the default
+    # maximum, the response is paginated. To get the next page of items,
+    # send a subsequent request that specifies the NextMarker value from the
+    # current response as the Marker value in the subsequent request.</p>
+    # `
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDomainConflicts.html
     #
     # @option params [required, String] :distribution_id
-    #   The ID of a distribution in your account that has an attached SSL/TLS
-    #   certificate that includes the provided alias.
+    #   The ID of a standard distribution in your account that has an attached
+    #   TLS certificate that includes the provided alias.
     #
     # @option params [required, String] :alias
     #   The alias (also called a CNAME) to search for conflicting aliases.
@@ -7656,7 +7690,9 @@ module Aws::CloudFront
     #   The maximum number of distributions to return.
     #
     # @option params [required, String] :connection_mode
-    #   The connection mode to filter distributions by.
+    #   This field specifies whether the connection mode is through a standard
+    #   distribution (direct) or a multi-tenant distribution with distribution
+    #   tenants(tenant-only).
     #
     # @return [Types::ListDistributionsByConnectionModeResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -8553,20 +8589,55 @@ module Aws::CloudFront
       req.send_request(options)
     end
-    # Lists existing domain associations that conflict with the domain that
+    # <note markdown="1"> We recommend that you use the
+    # `ListDomainConflicts` API operation to
+    # check for domain conflicts, as it supports both standard distributions
+    # and distribution tenants. [ListConflictingAliases][1] performs similar
+    # checks but only supports standard distributions.
+    #
+    #  </note>
+    #
+    #  Lists existing domain associations that conflict with the domain that
     # you specify.
     #
-    # You can use this API operation when transferring domains to identify
-    # potential domain conflicts. Domain conflicts must be resolved first
-    # before they can be moved.
+    #  You can use this API operation to identify potential domain conflicts
+    # when moving domains between standard distributions and/or distribution
+    # tenants. Domain conflicts must be resolved first before they can be
+    # moved.
+    #
+    #  For example, if you provide `www.example.com` as input, the returned
+    # list can include `www.example.com` and the overlapping wildcard
+    # alternate domain name (`.example.com</code>), if they exist. If you
+    # provide </em>.example.com as input, the returned list can include
+    # *.example.com and any alternate domain names covered by that wildcard
+    # (for example, www.example.com, test.example.com, dev.example.com, and
+    # so on), if they exist.</p> To list conflicting domains, specify the
+    # following:   The domain to search for   The ID of a standard
+    # distribution or distribution tenant in your account that has an
+    # attached TLS certificate, which covers the specified domain   For more
+    # information, including how to set up the standard distribution or
+    # distribution tenant, and the certificate, see Moving an alternate
+    # domain name to a different standard distribution or distribution
+    # tenant in the Amazon CloudFront Developer Guide. You can optionally
+    # specify the maximum number of items to receive in the response. If the
+    # total number of items in the list exceeds the maximum that you
+    # specify, or the default maximum, the response is paginated. To get the
+    # next page of items, send a subsequent request that specifies the
+    # NextMarker value from the current response as the Marker value in the
+    # subsequent request.</p>
+    # `
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListConflictingAliases.html
     #
     # @option params [required, String] :domain
     #   The domain to check for conflicts.
     #
     # @option params [required, Types::DistributionResourceId] :domain_control_validation_resource
-    #   The distribution resource identifier. This can be the distribution or
-    #   distribution tenant that has a valid certificate, which covers the
-    #   domain that you specify.
+    #   The distribution resource identifier. This can be the standard
+    #   distribution or distribution tenant that has a valid certificate,
+    #   which covers the domain that you specify.
     #
     # @option params [Integer] :max_items
     #   The maximum number of domain conflicts to return.
@@ -9051,6 +9122,8 @@ module Aws::CloudFront
     #
     #   * {Types::ListOriginAccessControlsResult#origin_access_control_list #origin_access_control_list} => Types::OriginAccessControlList
     #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_origin_access_controls({
@@ -9564,7 +9637,7 @@ module Aws::CloudFront
     # @example Request syntax with placeholder values
     #
     #   resp = client.publish_function({
-    #     name: "string", # required
+    #     name: "FunctionName", # required
     #     if_match: "string", # required
     #   })
     #
@@ -9675,7 +9748,7 @@ module Aws::CloudFront
     # @example Request syntax with placeholder values
     #
     #   resp = client.test_function({
-    #     name: "string", # required
+    #     name: "FunctionName", # required
     #     if_match: "string", # required
     #     stage: "DEVELOPMENT", # accepts DEVELOPMENT, LIVE
     #     event_object: "data", # required
@@ -10341,7 +10414,7 @@ module Aws::CloudFront
     #       enabled: false, # required
     #       viewer_certificate: {
     #         cloud_front_default_certificate: false,
-    #         iam_certificate_id: "string",
+    #         iam_certificate_id: "ServerCertificateId",
     #         acm_certificate_arn: "string",
     #         ssl_support_method: "sni-only", # accepts sni-only, vip, static-ip
     #         minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018, TLSv1.2_2019, TLSv1.2_2021
@@ -10367,7 +10440,7 @@ module Aws::CloudFront
     #             name: "ParameterName", # required
     #             definition: { # required
     #               string_schema: {
-    #                 comment: "string",
+    #                 comment: "sensitiveStringType",
     #                 default_value: "ParameterValue",
     #                 required: false, # required
     #               },
@@ -10979,18 +11052,44 @@ module Aws::CloudFront
       req.send_request(options)
     end
-    # Moves a domain from its current distribution or distribution tenant to
-    # another one.
+    # <note markdown="1"> We recommend that you use the
+    # `UpdateDomainAssociation` API operation
+    # to move a domain association, as it supports both standard
+    # distributions and distribution tenants. [AssociateAlias][1] performs
+    # similar checks but only supports standard distributions.
+    #
+    #  </note>
+    #
+    #  Moves a domain from its current standard distribution or distribution
+    # tenant to another one.
+    #
+    #  You must first disable the source distribution (standard distribution
+    # or distribution tenant) and then separately call this operation to
+    # move the domain to another target distribution (standard distribution
+    # or distribution tenant).
+    #
+    #  To use this operation, specify the domain and the ID of the target
+    # resource (standard distribution or distribution tenant). For more
+    # information, including how to set up the target resource,
+    # prerequisites that you must complete, and other restrictions, see
+    # [Moving an alternate domain name to a different standard distribution
+    # or distribution tenant][2] in the *Amazon CloudFront Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_AssociateAlias.html
+    # [2]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-move
     #
     # @option params [required, String] :domain
     #   The domain to update.
     #
     # @option params [required, Types::DistributionResourceId] :target_resource
-    #   The target distribution resource for the domain. You can specify
-    #   either `DistributionId` or `DistributionTenantId`, but not both.
+    #   The target standard distribution or distribution tenant resource for
+    #   the domain. You can specify either `DistributionId` or
+    #   `DistributionTenantId`, but not both.
     #
     # @option params [String] :if_match
-    #   The value of the `ETag` identifier for the distribution or
+    #   The value of the `ETag` identifier for the standard distribution or
     #   distribution tenant that will be associated with the domain.
     #
     # @return [Types::UpdateDomainAssociationResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -11259,7 +11358,7 @@ module Aws::CloudFront
     # @example Request syntax with placeholder values
     #
     #   resp = client.update_function({
-    #     name: "string", # required
+    #     name: "FunctionName", # required
     #     if_match: "string", # required
     #     function_config: { # required
     #       comment: "string", # required
@@ -12145,7 +12244,7 @@ module Aws::CloudFront
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-cloudfront'
-      context[:gem_version] = '1.119.0'
+      context[:gem_version] = '1.121.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-cloudfront/client_api.rb CHANGED Viewed

@@ -618,6 +618,7 @@ module Aws::CloudFront
     S3OriginConfig = Shapes::StructureShape.new(name: 'S3OriginConfig')
     SSLSupportMethod = Shapes::StringShape.new(name: 'SSLSupportMethod')
     SamplingRate = Shapes::FloatShape.new(name: 'SamplingRate')
+    ServerCertificateId = Shapes::StringShape.new(name: 'ServerCertificateId')
     SessionStickinessConfig = Shapes::StructureShape.new(name: 'SessionStickinessConfig')
     Signer = Shapes::StructureShape.new(name: 'Signer')
     SignerList = Shapes::ListShape.new(name: 'SignerList')
@@ -1485,7 +1486,7 @@ module Aws::CloudFront
     DeleteFieldLevelEncryptionProfileRequest.add_member(:if_match, Shapes::ShapeRef.new(shape: string, location: "header", location_name: "If-Match"))
     DeleteFieldLevelEncryptionProfileRequest.struct_class = Types::DeleteFieldLevelEncryptionProfileRequest
-    DeleteFunctionRequest.add_member(:name, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "Name"))
+    DeleteFunctionRequest.add_member(:name, Shapes::ShapeRef.new(shape: FunctionName, required: true, location: "uri", location_name: "Name"))
     DeleteFunctionRequest.add_member(:if_match, Shapes::ShapeRef.new(shape: string, required: true, location: "header", location_name: "If-Match"))
     DeleteFunctionRequest.struct_class = Types::DeleteFunctionRequest
@@ -1536,7 +1537,7 @@ module Aws::CloudFront
     DeleteVpcOriginResult[:payload] = :vpc_origin
     DeleteVpcOriginResult[:payload_member] = DeleteVpcOriginResult.member(:vpc_origin)
-    DescribeFunctionRequest.add_member(:name, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "Name"))
+    DescribeFunctionRequest.add_member(:name, Shapes::ShapeRef.new(shape: FunctionName, required: true, location: "uri", location_name: "Name"))
     DescribeFunctionRequest.add_member(:stage, Shapes::ShapeRef.new(shape: FunctionStage, location: "querystring", location_name: "Stage"))
     DescribeFunctionRequest.struct_class = Types::DescribeFunctionRequest
@@ -1651,7 +1652,7 @@ module Aws::CloudFront
     DistributionSummary.add_member(:default_cache_behavior, Shapes::ShapeRef.new(shape: DefaultCacheBehavior, required: true, location_name: "DefaultCacheBehavior"))
     DistributionSummary.add_member(:cache_behaviors, Shapes::ShapeRef.new(shape: CacheBehaviors, required: true, location_name: "CacheBehaviors"))
     DistributionSummary.add_member(:custom_error_responses, Shapes::ShapeRef.new(shape: CustomErrorResponses, required: true, location_name: "CustomErrorResponses"))
-    DistributionSummary.add_member(:comment, Shapes::ShapeRef.new(shape: string, required: true, location_name: "Comment"))
+    DistributionSummary.add_member(:comment, Shapes::ShapeRef.new(shape: sensitiveStringType, required: true, location_name: "Comment"))
     DistributionSummary.add_member(:price_class, Shapes::ShapeRef.new(shape: PriceClass, required: true, location_name: "PriceClass"))
     DistributionSummary.add_member(:enabled, Shapes::ShapeRef.new(shape: boolean, required: true, location_name: "Enabled"))
     DistributionSummary.add_member(:viewer_certificate, Shapes::ShapeRef.new(shape: ViewerCertificate, required: true, location_name: "ViewerCertificate"))
@@ -2046,7 +2047,7 @@ module Aws::CloudFront
     GetFieldLevelEncryptionResult[:payload] = :field_level_encryption
     GetFieldLevelEncryptionResult[:payload_member] = GetFieldLevelEncryptionResult.member(:field_level_encryption)
-    GetFunctionRequest.add_member(:name, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "Name"))
+    GetFunctionRequest.add_member(:name, Shapes::ShapeRef.new(shape: FunctionName, required: true, location: "uri", location_name: "Name"))
     GetFunctionRequest.add_member(:stage, Shapes::ShapeRef.new(shape: FunctionStage, location: "querystring", location_name: "Stage"))
     GetFunctionRequest.struct_class = Types::GetFunctionRequest
@@ -3031,7 +3032,7 @@ module Aws::CloudFront
     PublicKeySummaryList.member = Shapes::ShapeRef.new(shape: PublicKeySummary, location_name: "PublicKeySummary")
-    PublishFunctionRequest.add_member(:name, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "Name"))
+    PublishFunctionRequest.add_member(:name, Shapes::ShapeRef.new(shape: FunctionName, required: true, location: "uri", location_name: "Name"))
     PublishFunctionRequest.add_member(:if_match, Shapes::ShapeRef.new(shape: string, required: true, location: "header", location_name: "If-Match"))
     PublishFunctionRequest.struct_class = Types::PublishFunctionRequest
@@ -3313,7 +3314,7 @@ module Aws::CloudFront
     StreamingLoggingConfig.add_member(:prefix, Shapes::ShapeRef.new(shape: string, required: true, location_name: "Prefix"))
     StreamingLoggingConfig.struct_class = Types::StreamingLoggingConfig
-    StringSchemaConfig.add_member(:comment, Shapes::ShapeRef.new(shape: string, location_name: "Comment"))
+    StringSchemaConfig.add_member(:comment, Shapes::ShapeRef.new(shape: sensitiveStringType, location_name: "Comment"))
     StringSchemaConfig.add_member(:default_value, Shapes::ShapeRef.new(shape: ParameterValue, location_name: "DefaultValue"))
     StringSchemaConfig.add_member(:required, Shapes::ShapeRef.new(shape: boolean, required: true, location_name: "Required"))
     StringSchemaConfig.struct_class = Types::StringSchemaConfig
@@ -3344,7 +3345,7 @@ module Aws::CloudFront
     TestFunctionFailed.add_member(:message, Shapes::ShapeRef.new(shape: string, location_name: "Message"))
     TestFunctionFailed.struct_class = Types::TestFunctionFailed
-    TestFunctionRequest.add_member(:name, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "Name"))
+    TestFunctionRequest.add_member(:name, Shapes::ShapeRef.new(shape: FunctionName, required: true, location: "uri", location_name: "Name"))
     TestFunctionRequest.add_member(:if_match, Shapes::ShapeRef.new(shape: string, required: true, location: "header", location_name: "If-Match"))
     TestFunctionRequest.add_member(:stage, Shapes::ShapeRef.new(shape: FunctionStage, location_name: "Stage"))
     TestFunctionRequest.add_member(:event_object, Shapes::ShapeRef.new(shape: FunctionEventObject, required: true, location_name: "EventObject"))
@@ -3679,7 +3680,7 @@ module Aws::CloudFront
     UpdateFieldLevelEncryptionProfileResult[:payload] = :field_level_encryption_profile
     UpdateFieldLevelEncryptionProfileResult[:payload_member] = UpdateFieldLevelEncryptionProfileResult.member(:field_level_encryption_profile)
-    UpdateFunctionRequest.add_member(:name, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "Name"))
+    UpdateFunctionRequest.add_member(:name, Shapes::ShapeRef.new(shape: FunctionName, required: true, location: "uri", location_name: "Name"))
     UpdateFunctionRequest.add_member(:if_match, Shapes::ShapeRef.new(shape: string, required: true, location: "header", location_name: "If-Match"))
     UpdateFunctionRequest.add_member(:function_config, Shapes::ShapeRef.new(shape: FunctionConfig, required: true, location_name: "FunctionConfig"))
     UpdateFunctionRequest.add_member(:function_code, Shapes::ShapeRef.new(shape: FunctionBlob, required: true, location_name: "FunctionCode"))
@@ -3818,7 +3819,7 @@ module Aws::CloudFront
     VerifyDnsConfigurationResult.struct_class = Types::VerifyDnsConfigurationResult
     ViewerCertificate.add_member(:cloud_front_default_certificate, Shapes::ShapeRef.new(shape: boolean, location_name: "CloudFrontDefaultCertificate"))
-    ViewerCertificate.add_member(:iam_certificate_id, Shapes::ShapeRef.new(shape: string, location_name: "IAMCertificateId"))
+    ViewerCertificate.add_member(:iam_certificate_id, Shapes::ShapeRef.new(shape: ServerCertificateId, location_name: "IAMCertificateId"))
     ViewerCertificate.add_member(:acm_certificate_arn, Shapes::ShapeRef.new(shape: string, location_name: "ACMCertificateArn"))
     ViewerCertificate.add_member(:ssl_support_method, Shapes::ShapeRef.new(shape: SSLSupportMethod, location_name: "SSLSupportMethod"))
     ViewerCertificate.add_member(:minimum_protocol_version, Shapes::ShapeRef.new(shape: MinimumProtocolVersion, location_name: "MinimumProtocolVersion"))
@@ -5585,6 +5586,12 @@ module Aws::CloudFront
         o.input = Shapes::ShapeRef.new(shape: ListOriginAccessControlsRequest)
         o.output = Shapes::ShapeRef.new(shape: ListOriginAccessControlsResult)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArgument)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_items",
+          tokens: {
+            "origin_access_control_list.next_marker" => "marker"
+          }
+        )
       end)
       api.add_operation(:list_origin_request_policies, Seahorse::Model::Operation.new.tap do |o|