aws-sdk-cloudfront 1.42.0 → 1.47.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1f38fa18b9d8845e479c8882b2bc44b295eeb6d34bbb26d773462caf49c74ee3
-  data.tar.gz: d7c783e585883dcc2ff2ee32c52f38fdd8f7346ab3bc84abfe86ca38b24549f8
+  metadata.gz: 8e0b3ddf8f5d24e49a4108abc3e6bd2afa98371e7d4f30789d18c279038246ac
+  data.tar.gz: 5f3b3a94f77fa775d96800f6dbf2e9034dd466f2b5dfdcfb22b96d325530c658
 SHA512:
-  metadata.gz: 5542e62b2ffa403179d4d527dcbad239265a68f9d46401ba3504f5f9c13343451001eac050cd66f5cfcbfb0c6d339e3a221b099a67cde6884ee819699b915433
-  data.tar.gz: 78a7f8d89a945676e1e8049331e0686b05a8f51a321277c7ed7658a3db4d437b7aa8c9335c6ad1d3e745dcebee0f1c3d138ebd6bbf5b44737233a55208be32ed
+  metadata.gz: 508224f203fe3e8c16a216b14418d5cc6cdf838ff96397fb381153d9ec2af4679873c9be49151fe0a305be1a74a8ffc75d894b699dba5d73d540838e51160b92
+  data.tar.gz: '0696cdd60e8b0810cb2c391f93dd367b2b8a764b3358c1e9a7cf189f4b78e501d27e867087c2d06003142b764113b9af60b205aaf2d95ebf083abfb497111e92'

data/lib/aws-sdk-cloudfront.rb

@@ -49,6 +49,6 @@ require_relative 'aws-sdk-cloudfront/customizations'
 # @!group service
 module Aws::CloudFront
 
-  GEM_VERSION = '1.42.0'
+  GEM_VERSION = '1.47.0'
 
 end

data/lib/aws-sdk-cloudfront/client.rb

@@ -554,6 +554,10 @@ module Aws::CloudFront
     #             },
     #             connection_attempts: 1,
     #             connection_timeout: 1,
+    #             origin_shield: {
+    #               enabled: false, # required
+    #               origin_shield_region: "OriginShieldRegion",
+    #             },
     #           },
     #         ],
     #       },
@@ -581,7 +585,12 @@ module Aws::CloudFront
     #       },
     #       default_cache_behavior: { # required
     #         target_origin_id: "string", # required
-    #         trusted_signers: { # required
+    #         trusted_signers: {
+    #           enabled: false, # required
+    #           quantity: 1, # required
+    #           items: ["string"],
+    #         },
+    #         trusted_key_groups: {
     #           enabled: false, # required
     #           quantity: 1, # required
     #           items: ["string"],
@@ -639,7 +648,12 @@ module Aws::CloudFront
     #           {
     #             path_pattern: "string", # required
     #             target_origin_id: "string", # required
-    #             trusted_signers: { # required
+    #             trusted_signers: {
+    #               enabled: false, # required
+    #               quantity: 1, # required
+    #               items: ["string"],
+    #             },
+    #             trusted_key_groups: {
     #               enabled: false, # required
     #               quantity: 1, # required
     #               items: ["string"],
@@ -750,6 +764,13 @@ module Aws::CloudFront
     #   resp.distribution.active_trusted_signers.items[0].key_pair_ids.quantity #=> Integer
     #   resp.distribution.active_trusted_signers.items[0].key_pair_ids.items #=> Array
     #   resp.distribution.active_trusted_signers.items[0].key_pair_ids.items[0] #=> String
+    #   resp.distribution.active_trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution.active_trusted_key_groups.quantity #=> Integer
+    #   resp.distribution.active_trusted_key_groups.items #=> Array
+    #   resp.distribution.active_trusted_key_groups.items[0].key_group_id #=> String
+    #   resp.distribution.active_trusted_key_groups.items[0].key_pair_ids.quantity #=> Integer
+    #   resp.distribution.active_trusted_key_groups.items[0].key_pair_ids.items #=> Array
+    #   resp.distribution.active_trusted_key_groups.items[0].key_pair_ids.items[0] #=> String
     #   resp.distribution.distribution_config.caller_reference #=> String
     #   resp.distribution.distribution_config.aliases.quantity #=> Integer
     #   resp.distribution.distribution_config.aliases.items #=> Array
@@ -775,6 +796,8 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.origins.items[0].custom_origin_config.origin_keepalive_timeout #=> Integer
     #   resp.distribution.distribution_config.origins.items[0].connection_attempts #=> Integer
     #   resp.distribution.distribution_config.origins.items[0].connection_timeout #=> Integer
+    #   resp.distribution.distribution_config.origins.items[0].origin_shield.enabled #=> Boolean
+    #   resp.distribution.distribution_config.origins.items[0].origin_shield.origin_shield_region #=> String
     #   resp.distribution.distribution_config.origin_groups.quantity #=> Integer
     #   resp.distribution.distribution_config.origin_groups.items #=> Array
     #   resp.distribution.distribution_config.origin_groups.items[0].id #=> String
@@ -789,6 +812,10 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.default_cache_behavior.trusted_signers.quantity #=> Integer
     #   resp.distribution.distribution_config.default_cache_behavior.trusted_signers.items #=> Array
     #   resp.distribution.distribution_config.default_cache_behavior.trusted_signers.items[0] #=> String
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.quantity #=> Integer
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.items #=> Array
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.items[0] #=> String
     #   resp.distribution.distribution_config.default_cache_behavior.viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution.distribution_config.default_cache_behavior.allowed_methods.quantity #=> Integer
     #   resp.distribution.distribution_config.default_cache_behavior.allowed_methods.items #=> Array
@@ -829,6 +856,10 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_signers.quantity #=> Integer
     #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_signers.items #=> Array
     #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_signers.items[0] #=> String
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.quantity #=> Integer
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.items #=> Array
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.items[0] #=> String
     #   resp.distribution.distribution_config.cache_behaviors.items[0].viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution.distribution_config.cache_behaviors.items[0].allowed_methods.quantity #=> Integer
     #   resp.distribution.distribution_config.cache_behaviors.items[0].allowed_methods.items #=> Array
@@ -957,6 +988,10 @@ module Aws::CloudFront
     #               },
     #               connection_attempts: 1,
     #               connection_timeout: 1,
+    #               origin_shield: {
+    #                 enabled: false, # required
+    #                 origin_shield_region: "OriginShieldRegion",
+    #               },
     #             },
     #           ],
     #         },
@@ -984,7 +1019,12 @@ module Aws::CloudFront
     #         },
     #         default_cache_behavior: { # required
     #           target_origin_id: "string", # required
-    #           trusted_signers: { # required
+    #           trusted_signers: {
+    #             enabled: false, # required
+    #             quantity: 1, # required
+    #             items: ["string"],
+    #           },
+    #           trusted_key_groups: {
     #             enabled: false, # required
     #             quantity: 1, # required
     #             items: ["string"],
@@ -1042,7 +1082,12 @@ module Aws::CloudFront
     #             {
     #               path_pattern: "string", # required
     #               target_origin_id: "string", # required
-    #               trusted_signers: { # required
+    #               trusted_signers: {
+    #                 enabled: false, # required
+    #                 quantity: 1, # required
+    #                 items: ["string"],
+    #               },
+    #               trusted_key_groups: {
     #                 enabled: false, # required
     #                 quantity: 1, # required
     #                 items: ["string"],
@@ -1162,6 +1207,13 @@ module Aws::CloudFront
     #   resp.distribution.active_trusted_signers.items[0].key_pair_ids.quantity #=> Integer
     #   resp.distribution.active_trusted_signers.items[0].key_pair_ids.items #=> Array
     #   resp.distribution.active_trusted_signers.items[0].key_pair_ids.items[0] #=> String
+    #   resp.distribution.active_trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution.active_trusted_key_groups.quantity #=> Integer
+    #   resp.distribution.active_trusted_key_groups.items #=> Array
+    #   resp.distribution.active_trusted_key_groups.items[0].key_group_id #=> String
+    #   resp.distribution.active_trusted_key_groups.items[0].key_pair_ids.quantity #=> Integer
+    #   resp.distribution.active_trusted_key_groups.items[0].key_pair_ids.items #=> Array
+    #   resp.distribution.active_trusted_key_groups.items[0].key_pair_ids.items[0] #=> String
     #   resp.distribution.distribution_config.caller_reference #=> String
     #   resp.distribution.distribution_config.aliases.quantity #=> Integer
     #   resp.distribution.distribution_config.aliases.items #=> Array
@@ -1187,6 +1239,8 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.origins.items[0].custom_origin_config.origin_keepalive_timeout #=> Integer
     #   resp.distribution.distribution_config.origins.items[0].connection_attempts #=> Integer
     #   resp.distribution.distribution_config.origins.items[0].connection_timeout #=> Integer
+    #   resp.distribution.distribution_config.origins.items[0].origin_shield.enabled #=> Boolean
+    #   resp.distribution.distribution_config.origins.items[0].origin_shield.origin_shield_region #=> String
     #   resp.distribution.distribution_config.origin_groups.quantity #=> Integer
     #   resp.distribution.distribution_config.origin_groups.items #=> Array
     #   resp.distribution.distribution_config.origin_groups.items[0].id #=> String
@@ -1201,6 +1255,10 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.default_cache_behavior.trusted_signers.quantity #=> Integer
     #   resp.distribution.distribution_config.default_cache_behavior.trusted_signers.items #=> Array
     #   resp.distribution.distribution_config.default_cache_behavior.trusted_signers.items[0] #=> String
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.quantity #=> Integer
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.items #=> Array
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.items[0] #=> String
     #   resp.distribution.distribution_config.default_cache_behavior.viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution.distribution_config.default_cache_behavior.allowed_methods.quantity #=> Integer
     #   resp.distribution.distribution_config.default_cache_behavior.allowed_methods.items #=> Array
@@ -1241,6 +1299,10 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_signers.quantity #=> Integer
     #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_signers.items #=> Array
     #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_signers.items[0] #=> String
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.quantity #=> Integer
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.items #=> Array
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.items[0] #=> String
     #   resp.distribution.distribution_config.cache_behaviors.items[0].viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution.distribution_config.cache_behaviors.items[0].allowed_methods.quantity #=> Integer
     #   resp.distribution.distribution_config.cache_behaviors.items[0].allowed_methods.items #=> Array
@@ -1495,6 +1557,63 @@ module Aws::CloudFront
       req.send_request(options)
     end
 
+    # Creates a key group that you can use with [CloudFront signed URLs and
+    # signed cookies][1].
+    #
+    # To create a key group, you must specify at least one public key for
+    # the key group. After you create a key group, you can reference it from
+    # one or more cache behaviors. When you reference a key group in a cache
+    # behavior, CloudFront requires signed URLs or signed cookies for all
+    # requests that match the cache behavior. The URLs or cookies must be
+    # signed with a private key whose corresponding public key is in the key
+    # group. The signed URL or cookie contains information about which
+    # public key CloudFront should use to verify the signature. For more
+    # information, see [Serving private content][1] in the *Amazon
+    # CloudFront Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
+    #
+    # @option params [required, Types::KeyGroupConfig] :key_group_config
+    #   A key group configuration.
+    #
+    # @return [Types::CreateKeyGroupResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateKeyGroupResult#key_group #key_group} => Types::KeyGroup
+    #   * {Types::CreateKeyGroupResult#location #location} => String
+    #   * {Types::CreateKeyGroupResult#etag #etag} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_key_group({
+    #     key_group_config: { # required
+    #       name: "string", # required
+    #       items: ["string"], # required
+    #       comment: "string",
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.key_group.id #=> String
+    #   resp.key_group.last_modified_time #=> Time
+    #   resp.key_group.key_group_config.name #=> String
+    #   resp.key_group.key_group_config.items #=> Array
+    #   resp.key_group.key_group_config.items[0] #=> String
+    #   resp.key_group.key_group_config.comment #=> String
+    #   resp.location #=> String
+    #   resp.etag #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/CreateKeyGroup2020_05_31 AWS API Documentation
+    #
+    # @overload create_key_group(params = {})
+    # @param [Hash] params ({})
+    def create_key_group(params = {}, options = {})
+      req = build_request(:create_key_group, params)
+      req.send_request(options)
+    end
+
     # Enables additional CloudWatch metrics for the specified CloudFront
     # distribution. The additional metrics incur an additional cost.
     #
@@ -1640,12 +1759,16 @@ module Aws::CloudFront
       req.send_request(options)
     end
 
-    # Add a new public key to CloudFront to use, for example, for
-    # field-level encryption. You can add a maximum of 10 public keys with
-    # one AWS account.
+    # Uploads a public key to CloudFront that you can use with [signed URLs
+    # and signed cookies][1], or with [field-level encryption][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
+    # [2]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html
     #
     # @option params [required, Types::PublicKeyConfig] :public_key_config
-    #   The request to add a public key to CloudFront.
+    #   A CloudFront public key configuration.
     #
     # @return [Types::CreatePublicKeyResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1762,40 +1885,14 @@ module Aws::CloudFront
       req.send_request(options)
     end
 
-    # Creates a new RTMP distribution. An RTMP distribution is similar to a
-    # web distribution, but an RTMP distribution streams media files using
-    # the Adobe Real-Time Messaging Protocol (RTMP) instead of serving files
-    # using HTTP.
+    # This API is deprecated. Amazon CloudFront is deprecating real-time
+    # messaging protocol (RTMP) distributions on December 31, 2020. For more
+    # information, [read the announcement][1] on the Amazon CloudFront
+    # discussion forum.
     #
-    # To create a new distribution, submit a `POST` request to the
-    # *CloudFront API version*/distribution resource. The request body must
-    # include a document with a *StreamingDistributionConfig* element. The
-    # response echoes the `StreamingDistributionConfig` element and returns
-    # other information about the RTMP distribution.
     #
-    # To get the status of your request, use the *GET StreamingDistribution*
-    # API action. When the value of `Enabled` is `true` and the value of
-    # `Status` is `Deployed`, your distribution is ready. A distribution
-    # usually deploys in less than 15 minutes.
     #
-    # For more information about web distributions, see [Working with RTMP
-    # Distributions][1] in the *Amazon CloudFront Developer Guide*.
-    #
-    # Beginning with the 2012-05-05 version of the CloudFront API, we made
-    # substantial changes to the format of the XML document that you include
-    # in the request body when you create or update a web distribution or an
-    # RTMP distribution, and when you invalidate objects. With previous
-    # versions of the API, we discovered that it was too easy to
-    # accidentally delete one or more values for an element that accepts
-    # multiple values, for example, CNAMEs and trusted signers. Our changes
-    # for the 2012-05-05 release are intended to prevent these accidental
-    # deletions and to notify you when there's a mismatch between the
-    # number of values you say you're specifying in the `Quantity` element
-    # and the number of values specified.
-    #
-    #
-    #
-    # [1]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-rtmp.html
+    # [1]: http://forums.aws.amazon.com/ann.jspa?annID=7356
     #
     # @option params [required, Types::StreamingDistributionConfig] :streaming_distribution_config
     #   The streaming distribution's configuration information.
@@ -1877,7 +1974,14 @@ module Aws::CloudFront
       req.send_request(options)
     end
 
-    # Create a new streaming distribution with tags.
+    # This API is deprecated. Amazon CloudFront is deprecating real-time
+    # messaging protocol (RTMP) distributions on December 31, 2020. For more
+    # information, [read the announcement][1] on the Amazon CloudFront
+    # discussion forum.
+    #
+    #
+    #
+    # [1]: http://forums.aws.amazon.com/ann.jspa?annID=7356
     #
     # @option params [required, Types::StreamingDistributionConfigWithTags] :streaming_distribution_config_with_tags
     #   The streaming distribution's configuration information.
@@ -2114,6 +2218,43 @@ module Aws::CloudFront
       req.send_request(options)
     end
 
+    # Deletes a key group.
+    #
+    # You cannot delete a key group that is referenced in a cache behavior.
+    # First update your distributions to remove the key group from all cache
+    # behaviors, then delete the key group.
+    #
+    # To delete a key group, you must provide the key group’s identifier and
+    # version. To get these values, use `ListKeyGroups` followed by
+    # `GetKeyGroup` or `GetKeyGroupConfig`.
+    #
+    # @option params [required, String] :id
+    #   The identifier of the key group that you are deleting. To get the
+    #   identifier, use `ListKeyGroups`.
+    #
+    # @option params [String] :if_match
+    #   The version of the key group that you are deleting. The version is the
+    #   key group’s `ETag` value. To get the `ETag`, use `GetKeyGroup` or
+    #   `GetKeyGroupConfig`.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_key_group({
+    #     id: "string", # required
+    #     if_match: "string",
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/DeleteKeyGroup2020_05_31 AWS API Documentation
+    #
+    # @overload delete_key_group(params = {})
+    # @param [Hash] params ({})
+    def delete_key_group(params = {}, options = {})
+      req = build_request(:delete_key_group, params)
+      req.send_request(options)
+    end
+
     # Disables additional CloudWatch metrics for the specified CloudFront
     # distribution.
     #
@@ -2530,6 +2671,13 @@ module Aws::CloudFront
     #   resp.distribution.active_trusted_signers.items[0].key_pair_ids.quantity #=> Integer
     #   resp.distribution.active_trusted_signers.items[0].key_pair_ids.items #=> Array
     #   resp.distribution.active_trusted_signers.items[0].key_pair_ids.items[0] #=> String
+    #   resp.distribution.active_trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution.active_trusted_key_groups.quantity #=> Integer
+    #   resp.distribution.active_trusted_key_groups.items #=> Array
+    #   resp.distribution.active_trusted_key_groups.items[0].key_group_id #=> String
+    #   resp.distribution.active_trusted_key_groups.items[0].key_pair_ids.quantity #=> Integer
+    #   resp.distribution.active_trusted_key_groups.items[0].key_pair_ids.items #=> Array
+    #   resp.distribution.active_trusted_key_groups.items[0].key_pair_ids.items[0] #=> String
     #   resp.distribution.distribution_config.caller_reference #=> String
     #   resp.distribution.distribution_config.aliases.quantity #=> Integer
     #   resp.distribution.distribution_config.aliases.items #=> Array
@@ -2555,6 +2703,8 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.origins.items[0].custom_origin_config.origin_keepalive_timeout #=> Integer
     #   resp.distribution.distribution_config.origins.items[0].connection_attempts #=> Integer
     #   resp.distribution.distribution_config.origins.items[0].connection_timeout #=> Integer
+    #   resp.distribution.distribution_config.origins.items[0].origin_shield.enabled #=> Boolean
+    #   resp.distribution.distribution_config.origins.items[0].origin_shield.origin_shield_region #=> String
     #   resp.distribution.distribution_config.origin_groups.quantity #=> Integer
     #   resp.distribution.distribution_config.origin_groups.items #=> Array
     #   resp.distribution.distribution_config.origin_groups.items[0].id #=> String
@@ -2569,6 +2719,10 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.default_cache_behavior.trusted_signers.quantity #=> Integer
     #   resp.distribution.distribution_config.default_cache_behavior.trusted_signers.items #=> Array
     #   resp.distribution.distribution_config.default_cache_behavior.trusted_signers.items[0] #=> String
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.quantity #=> Integer
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.items #=> Array
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.items[0] #=> String
     #   resp.distribution.distribution_config.default_cache_behavior.viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution.distribution_config.default_cache_behavior.allowed_methods.quantity #=> Integer
     #   resp.distribution.distribution_config.default_cache_behavior.allowed_methods.items #=> Array
@@ -2609,6 +2763,10 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_signers.quantity #=> Integer
     #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_signers.items #=> Array
     #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_signers.items[0] #=> String
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.quantity #=> Integer
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.items #=> Array
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.items[0] #=> String
     #   resp.distribution.distribution_config.cache_behaviors.items[0].viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution.distribution_config.cache_behaviors.items[0].allowed_methods.quantity #=> Integer
     #   resp.distribution.distribution_config.cache_behaviors.items[0].allowed_methods.items #=> Array
@@ -2731,6 +2889,8 @@ module Aws::CloudFront
     #   resp.distribution_config.origins.items[0].custom_origin_config.origin_keepalive_timeout #=> Integer
     #   resp.distribution_config.origins.items[0].connection_attempts #=> Integer
     #   resp.distribution_config.origins.items[0].connection_timeout #=> Integer
+    #   resp.distribution_config.origins.items[0].origin_shield.enabled #=> Boolean
+    #   resp.distribution_config.origins.items[0].origin_shield.origin_shield_region #=> String
     #   resp.distribution_config.origin_groups.quantity #=> Integer
     #   resp.distribution_config.origin_groups.items #=> Array
     #   resp.distribution_config.origin_groups.items[0].id #=> String
@@ -2745,6 +2905,10 @@ module Aws::CloudFront
     #   resp.distribution_config.default_cache_behavior.trusted_signers.quantity #=> Integer
     #   resp.distribution_config.default_cache_behavior.trusted_signers.items #=> Array
     #   resp.distribution_config.default_cache_behavior.trusted_signers.items[0] #=> String
+    #   resp.distribution_config.default_cache_behavior.trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution_config.default_cache_behavior.trusted_key_groups.quantity #=> Integer
+    #   resp.distribution_config.default_cache_behavior.trusted_key_groups.items #=> Array
+    #   resp.distribution_config.default_cache_behavior.trusted_key_groups.items[0] #=> String
     #   resp.distribution_config.default_cache_behavior.viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution_config.default_cache_behavior.allowed_methods.quantity #=> Integer
     #   resp.distribution_config.default_cache_behavior.allowed_methods.items #=> Array
@@ -2785,6 +2949,10 @@ module Aws::CloudFront
     #   resp.distribution_config.cache_behaviors.items[0].trusted_signers.quantity #=> Integer
     #   resp.distribution_config.cache_behaviors.items[0].trusted_signers.items #=> Array
     #   resp.distribution_config.cache_behaviors.items[0].trusted_signers.items[0] #=> String
+    #   resp.distribution_config.cache_behaviors.items[0].trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution_config.cache_behaviors.items[0].trusted_key_groups.quantity #=> Integer
+    #   resp.distribution_config.cache_behaviors.items[0].trusted_key_groups.items #=> Array
+    #   resp.distribution_config.cache_behaviors.items[0].trusted_key_groups.items[0] #=> String
     #   resp.distribution_config.cache_behaviors.items[0].viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution_config.cache_behaviors.items[0].allowed_methods.quantity #=> Integer
     #   resp.distribution_config.cache_behaviors.items[0].allowed_methods.items #=> Array
@@ -3068,6 +3236,90 @@ module Aws::CloudFront
       req.send_request(options)
     end
 
+    # Gets a key group, including the date and time when the key group was
+    # last modified.
+    #
+    # To get a key group, you must provide the key group’s identifier. If
+    # the key group is referenced in a distribution’s cache behavior, you
+    # can get the key group’s identifier using `ListDistributions` or
+    # `GetDistribution`. If the key group is not referenced in a cache
+    # behavior, you can get the identifier using `ListKeyGroups`.
+    #
+    # @option params [required, String] :id
+    #   The identifier of the key group that you are getting. To get the
+    #   identifier, use `ListKeyGroups`.
+    #
+    # @return [Types::GetKeyGroupResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetKeyGroupResult#key_group #key_group} => Types::KeyGroup
+    #   * {Types::GetKeyGroupResult#etag #etag} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_key_group({
+    #     id: "string", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.key_group.id #=> String
+    #   resp.key_group.last_modified_time #=> Time
+    #   resp.key_group.key_group_config.name #=> String
+    #   resp.key_group.key_group_config.items #=> Array
+    #   resp.key_group.key_group_config.items[0] #=> String
+    #   resp.key_group.key_group_config.comment #=> String
+    #   resp.etag #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetKeyGroup2020_05_31 AWS API Documentation
+    #
+    # @overload get_key_group(params = {})
+    # @param [Hash] params ({})
+    def get_key_group(params = {}, options = {})
+      req = build_request(:get_key_group, params)
+      req.send_request(options)
+    end
+
+    # Gets a key group configuration.
+    #
+    # To get a key group configuration, you must provide the key group’s
+    # identifier. If the key group is referenced in a distribution’s cache
+    # behavior, you can get the key group’s identifier using
+    # `ListDistributions` or `GetDistribution`. If the key group is not
+    # referenced in a cache behavior, you can get the identifier using
+    # `ListKeyGroups`.
+    #
+    # @option params [required, String] :id
+    #   The identifier of the key group whose configuration you are getting.
+    #   To get the identifier, use `ListKeyGroups`.
+    #
+    # @return [Types::GetKeyGroupConfigResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetKeyGroupConfigResult#key_group_config #key_group_config} => Types::KeyGroupConfig
+    #   * {Types::GetKeyGroupConfigResult#etag #etag} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_key_group_config({
+    #     id: "string", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.key_group_config.name #=> String
+    #   resp.key_group_config.items #=> Array
+    #   resp.key_group_config.items[0] #=> String
+    #   resp.key_group_config.comment #=> String
+    #   resp.etag #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetKeyGroupConfig2020_05_31 AWS API Documentation
+    #
+    # @overload get_key_group_config(params = {})
+    # @param [Hash] params ({})
+    def get_key_group_config(params = {}, options = {})
+      req = build_request(:get_key_group_config, params)
+      req.send_request(options)
+    end
+
     # Gets information about whether additional CloudWatch metrics are
     # enabled for the specified CloudFront distribution.
     #
@@ -3214,10 +3466,10 @@ module Aws::CloudFront
       req.send_request(options)
     end
 
-    # Get the public key information.
+    # Gets a public key.
     #
     # @option params [required, String] :id
-    #   Request the ID for the public key.
+    #   The identifier of the public key you are getting.
     #
     # @return [Types::GetPublicKeyResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -3249,10 +3501,10 @@ module Aws::CloudFront
       req.send_request(options)
     end
 
-    # Return public key configuration informaation
+    # Gets a public key configuration.
     #
     # @option params [required, String] :id
-    #   Request the ID for the public key configuration.
+    #   The identifier of the public key whose configuration you are getting.
     #
     # @return [Types::GetPublicKeyConfigResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -3627,6 +3879,8 @@ module Aws::CloudFront
     #   resp.distribution_list.items[0].origins.items[0].custom_origin_config.origin_keepalive_timeout #=> Integer
     #   resp.distribution_list.items[0].origins.items[0].connection_attempts #=> Integer
     #   resp.distribution_list.items[0].origins.items[0].connection_timeout #=> Integer
+    #   resp.distribution_list.items[0].origins.items[0].origin_shield.enabled #=> Boolean
+    #   resp.distribution_list.items[0].origins.items[0].origin_shield.origin_shield_region #=> String
     #   resp.distribution_list.items[0].origin_groups.quantity #=> Integer
     #   resp.distribution_list.items[0].origin_groups.items #=> Array
     #   resp.distribution_list.items[0].origin_groups.items[0].id #=> String
@@ -3641,6 +3895,10 @@ module Aws::CloudFront
     #   resp.distribution_list.items[0].default_cache_behavior.trusted_signers.quantity #=> Integer
     #   resp.distribution_list.items[0].default_cache_behavior.trusted_signers.items #=> Array
     #   resp.distribution_list.items[0].default_cache_behavior.trusted_signers.items[0] #=> String
+    #   resp.distribution_list.items[0].default_cache_behavior.trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution_list.items[0].default_cache_behavior.trusted_key_groups.quantity #=> Integer
+    #   resp.distribution_list.items[0].default_cache_behavior.trusted_key_groups.items #=> Array
+    #   resp.distribution_list.items[0].default_cache_behavior.trusted_key_groups.items[0] #=> String
     #   resp.distribution_list.items[0].default_cache_behavior.viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution_list.items[0].default_cache_behavior.allowed_methods.quantity #=> Integer
     #   resp.distribution_list.items[0].default_cache_behavior.allowed_methods.items #=> Array
@@ -3681,6 +3939,10 @@ module Aws::CloudFront
     #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_signers.quantity #=> Integer
     #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_signers.items #=> Array
     #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_signers.items[0] #=> String
+    #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_key_groups.quantity #=> Integer
+    #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_key_groups.items #=> Array
+    #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_key_groups.items[0] #=> String
     #   resp.distribution_list.items[0].cache_behaviors.items[0].viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution_list.items[0].cache_behaviors.items[0].allowed_methods.quantity #=> Integer
     #   resp.distribution_list.items[0].cache_behaviors.items[0].allowed_methods.items #=> Array
@@ -3804,6 +4066,61 @@ module Aws::CloudFront
       req.send_request(options)
     end
 
+    # Gets a list of distribution IDs for distributions that have a cache
+    # behavior that references the specified key group.
+    #
+    # You can optionally specify the maximum number of items to receive in
+    # the response. If the total number of items in the list exceeds the
+    # maximum that you specify, or the default maximum, the response is
+    # paginated. To get the next page of items, send a subsequent request
+    # that specifies the `NextMarker` value from the current response as the
+    # `Marker` value in the subsequent request.
+    #
+    # @option params [String] :marker
+    #   Use this field when paginating results to indicate where to begin in
+    #   your list of distribution IDs. The response includes distribution IDs
+    #   in the list that occur after the marker. To get the next page of the
+    #   list, set this field’s value to the value of `NextMarker` from the
+    #   current page’s response.
+    #
+    # @option params [Integer] :max_items
+    #   The maximum number of distribution IDs that you want in the response.
+    #
+    # @option params [required, String] :key_group_id
+    #   The ID of the key group whose associated distribution IDs you are
+    #   listing.
+    #
+    # @return [Types::ListDistributionsByKeyGroupResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListDistributionsByKeyGroupResult#distribution_id_list #distribution_id_list} => Types::DistributionIdList
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_distributions_by_key_group({
+    #     marker: "string",
+    #     max_items: 1,
+    #     key_group_id: "string", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.distribution_id_list.marker #=> String
+    #   resp.distribution_id_list.next_marker #=> String
+    #   resp.distribution_id_list.max_items #=> Integer
+    #   resp.distribution_id_list.is_truncated #=> Boolean
+    #   resp.distribution_id_list.quantity #=> Integer
+    #   resp.distribution_id_list.items #=> Array
+    #   resp.distribution_id_list.items[0] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/ListDistributionsByKeyGroup2020_05_31 AWS API Documentation
+    #
+    # @overload list_distributions_by_key_group(params = {})
+    # @param [Hash] params ({})
+    def list_distributions_by_key_group(params = {}, options = {})
+      req = build_request(:list_distributions_by_key_group, params)
+      req.send_request(options)
+    end
+
     # Gets a list of distribution IDs for distributions that have a cache
     # behavior that’s associated with the specified origin request policy.
     #
@@ -3941,6 +4258,8 @@ module Aws::CloudFront
     #   resp.distribution_list.items[0].origins.items[0].custom_origin_config.origin_keepalive_timeout #=> Integer
     #   resp.distribution_list.items[0].origins.items[0].connection_attempts #=> Integer
     #   resp.distribution_list.items[0].origins.items[0].connection_timeout #=> Integer
+    #   resp.distribution_list.items[0].origins.items[0].origin_shield.enabled #=> Boolean
+    #   resp.distribution_list.items[0].origins.items[0].origin_shield.origin_shield_region #=> String
     #   resp.distribution_list.items[0].origin_groups.quantity #=> Integer
     #   resp.distribution_list.items[0].origin_groups.items #=> Array
     #   resp.distribution_list.items[0].origin_groups.items[0].id #=> String
@@ -3955,6 +4274,10 @@ module Aws::CloudFront
     #   resp.distribution_list.items[0].default_cache_behavior.trusted_signers.quantity #=> Integer
     #   resp.distribution_list.items[0].default_cache_behavior.trusted_signers.items #=> Array
     #   resp.distribution_list.items[0].default_cache_behavior.trusted_signers.items[0] #=> String
+    #   resp.distribution_list.items[0].default_cache_behavior.trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution_list.items[0].default_cache_behavior.trusted_key_groups.quantity #=> Integer
+    #   resp.distribution_list.items[0].default_cache_behavior.trusted_key_groups.items #=> Array
+    #   resp.distribution_list.items[0].default_cache_behavior.trusted_key_groups.items[0] #=> String
     #   resp.distribution_list.items[0].default_cache_behavior.viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution_list.items[0].default_cache_behavior.allowed_methods.quantity #=> Integer
     #   resp.distribution_list.items[0].default_cache_behavior.allowed_methods.items #=> Array
@@ -3995,6 +4318,10 @@ module Aws::CloudFront
     #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_signers.quantity #=> Integer
     #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_signers.items #=> Array
     #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_signers.items[0] #=> String
+    #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_key_groups.quantity #=> Integer
+    #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_key_groups.items #=> Array
+    #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_key_groups.items[0] #=> String
     #   resp.distribution_list.items[0].cache_behaviors.items[0].viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution_list.items[0].cache_behaviors.items[0].allowed_methods.quantity #=> Integer
     #   resp.distribution_list.items[0].cache_behaviors.items[0].allowed_methods.items #=> Array
@@ -4131,6 +4458,8 @@ module Aws::CloudFront
     #   resp.distribution_list.items[0].origins.items[0].custom_origin_config.origin_keepalive_timeout #=> Integer
     #   resp.distribution_list.items[0].origins.items[0].connection_attempts #=> Integer
     #   resp.distribution_list.items[0].origins.items[0].connection_timeout #=> Integer
+    #   resp.distribution_list.items[0].origins.items[0].origin_shield.enabled #=> Boolean
+    #   resp.distribution_list.items[0].origins.items[0].origin_shield.origin_shield_region #=> String
     #   resp.distribution_list.items[0].origin_groups.quantity #=> Integer
     #   resp.distribution_list.items[0].origin_groups.items #=> Array
     #   resp.distribution_list.items[0].origin_groups.items[0].id #=> String
@@ -4145,6 +4474,10 @@ module Aws::CloudFront
     #   resp.distribution_list.items[0].default_cache_behavior.trusted_signers.quantity #=> Integer
     #   resp.distribution_list.items[0].default_cache_behavior.trusted_signers.items #=> Array
     #   resp.distribution_list.items[0].default_cache_behavior.trusted_signers.items[0] #=> String
+    #   resp.distribution_list.items[0].default_cache_behavior.trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution_list.items[0].default_cache_behavior.trusted_key_groups.quantity #=> Integer
+    #   resp.distribution_list.items[0].default_cache_behavior.trusted_key_groups.items #=> Array
+    #   resp.distribution_list.items[0].default_cache_behavior.trusted_key_groups.items[0] #=> String
     #   resp.distribution_list.items[0].default_cache_behavior.viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution_list.items[0].default_cache_behavior.allowed_methods.quantity #=> Integer
     #   resp.distribution_list.items[0].default_cache_behavior.allowed_methods.items #=> Array
@@ -4185,6 +4518,10 @@ module Aws::CloudFront
     #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_signers.quantity #=> Integer
     #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_signers.items #=> Array
     #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_signers.items[0] #=> String
+    #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_key_groups.quantity #=> Integer
+    #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_key_groups.items #=> Array
+    #   resp.distribution_list.items[0].cache_behaviors.items[0].trusted_key_groups.items[0] #=> String
     #   resp.distribution_list.items[0].cache_behaviors.items[0].viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution_list.items[0].cache_behaviors.items[0].allowed_methods.quantity #=> Integer
     #   resp.distribution_list.items[0].cache_behaviors.items[0].allowed_methods.items #=> Array
@@ -4415,6 +4752,58 @@ module Aws::CloudFront
       req.send_request(options)
     end
 
+    # Gets a list of key groups.
+    #
+    # You can optionally specify the maximum number of items to receive in
+    # the response. If the total number of items in the list exceeds the
+    # maximum that you specify, or the default maximum, the response is
+    # paginated. To get the next page of items, send a subsequent request
+    # that specifies the `NextMarker` value from the current response as the
+    # `Marker` value in the subsequent request.
+    #
+    # @option params [String] :marker
+    #   Use this field when paginating results to indicate where to begin in
+    #   your list of key groups. The response includes key groups in the list
+    #   that occur after the marker. To get the next page of the list, set
+    #   this field’s value to the value of `NextMarker` from the current
+    #   page’s response.
+    #
+    # @option params [Integer] :max_items
+    #   The maximum number of key groups that you want in the response.
+    #
+    # @return [Types::ListKeyGroupsResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListKeyGroupsResult#key_group_list #key_group_list} => Types::KeyGroupList
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_key_groups({
+    #     marker: "string",
+    #     max_items: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.key_group_list.next_marker #=> String
+    #   resp.key_group_list.max_items #=> Integer
+    #   resp.key_group_list.quantity #=> Integer
+    #   resp.key_group_list.items #=> Array
+    #   resp.key_group_list.items[0].key_group.id #=> String
+    #   resp.key_group_list.items[0].key_group.last_modified_time #=> Time
+    #   resp.key_group_list.items[0].key_group.key_group_config.name #=> String
+    #   resp.key_group_list.items[0].key_group.key_group_config.items #=> Array
+    #   resp.key_group_list.items[0].key_group.key_group_config.items[0] #=> String
+    #   resp.key_group_list.items[0].key_group.key_group_config.comment #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/ListKeyGroups2020_05_31 AWS API Documentation
+    #
+    # @overload list_key_groups(params = {})
+    # @param [Hash] params ({})
+    def list_key_groups(params = {}, options = {})
+      req = build_request(:list_key_groups, params)
+      req.send_request(options)
+    end
+
     # Gets a list of origin request policies.
     #
     # You can optionally apply a filter to return only the managed policies
@@ -5028,6 +5417,10 @@ module Aws::CloudFront
     #             },
     #             connection_attempts: 1,
     #             connection_timeout: 1,
+    #             origin_shield: {
+    #               enabled: false, # required
+    #               origin_shield_region: "OriginShieldRegion",
+    #             },
     #           },
     #         ],
     #       },
@@ -5055,7 +5448,12 @@ module Aws::CloudFront
     #       },
     #       default_cache_behavior: { # required
     #         target_origin_id: "string", # required
-    #         trusted_signers: { # required
+    #         trusted_signers: {
+    #           enabled: false, # required
+    #           quantity: 1, # required
+    #           items: ["string"],
+    #         },
+    #         trusted_key_groups: {
     #           enabled: false, # required
     #           quantity: 1, # required
     #           items: ["string"],
@@ -5113,7 +5511,12 @@ module Aws::CloudFront
     #           {
     #             path_pattern: "string", # required
     #             target_origin_id: "string", # required
-    #             trusted_signers: { # required
+    #             trusted_signers: {
+    #               enabled: false, # required
+    #               quantity: 1, # required
+    #               items: ["string"],
+    #             },
+    #             trusted_key_groups: {
     #               enabled: false, # required
     #               quantity: 1, # required
     #               items: ["string"],
@@ -5226,6 +5629,13 @@ module Aws::CloudFront
     #   resp.distribution.active_trusted_signers.items[0].key_pair_ids.quantity #=> Integer
     #   resp.distribution.active_trusted_signers.items[0].key_pair_ids.items #=> Array
     #   resp.distribution.active_trusted_signers.items[0].key_pair_ids.items[0] #=> String
+    #   resp.distribution.active_trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution.active_trusted_key_groups.quantity #=> Integer
+    #   resp.distribution.active_trusted_key_groups.items #=> Array
+    #   resp.distribution.active_trusted_key_groups.items[0].key_group_id #=> String
+    #   resp.distribution.active_trusted_key_groups.items[0].key_pair_ids.quantity #=> Integer
+    #   resp.distribution.active_trusted_key_groups.items[0].key_pair_ids.items #=> Array
+    #   resp.distribution.active_trusted_key_groups.items[0].key_pair_ids.items[0] #=> String
     #   resp.distribution.distribution_config.caller_reference #=> String
     #   resp.distribution.distribution_config.aliases.quantity #=> Integer
     #   resp.distribution.distribution_config.aliases.items #=> Array
@@ -5251,6 +5661,8 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.origins.items[0].custom_origin_config.origin_keepalive_timeout #=> Integer
     #   resp.distribution.distribution_config.origins.items[0].connection_attempts #=> Integer
     #   resp.distribution.distribution_config.origins.items[0].connection_timeout #=> Integer
+    #   resp.distribution.distribution_config.origins.items[0].origin_shield.enabled #=> Boolean
+    #   resp.distribution.distribution_config.origins.items[0].origin_shield.origin_shield_region #=> String
     #   resp.distribution.distribution_config.origin_groups.quantity #=> Integer
     #   resp.distribution.distribution_config.origin_groups.items #=> Array
     #   resp.distribution.distribution_config.origin_groups.items[0].id #=> String
@@ -5265,6 +5677,10 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.default_cache_behavior.trusted_signers.quantity #=> Integer
     #   resp.distribution.distribution_config.default_cache_behavior.trusted_signers.items #=> Array
     #   resp.distribution.distribution_config.default_cache_behavior.trusted_signers.items[0] #=> String
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.quantity #=> Integer
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.items #=> Array
+    #   resp.distribution.distribution_config.default_cache_behavior.trusted_key_groups.items[0] #=> String
     #   resp.distribution.distribution_config.default_cache_behavior.viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution.distribution_config.default_cache_behavior.allowed_methods.quantity #=> Integer
     #   resp.distribution.distribution_config.default_cache_behavior.allowed_methods.items #=> Array
@@ -5305,6 +5721,10 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_signers.quantity #=> Integer
     #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_signers.items #=> Array
     #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_signers.items[0] #=> String
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.enabled #=> Boolean
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.quantity #=> Integer
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.items #=> Array
+    #   resp.distribution.distribution_config.cache_behaviors.items[0].trusted_key_groups.items[0] #=> String
     #   resp.distribution.distribution_config.cache_behaviors.items[0].viewer_protocol_policy #=> String, one of "allow-all", "https-only", "redirect-to-https"
     #   resp.distribution.distribution_config.cache_behaviors.items[0].allowed_methods.quantity #=> Integer
     #   resp.distribution.distribution_config.cache_behaviors.items[0].allowed_methods.items #=> Array
@@ -5526,6 +5946,67 @@ module Aws::CloudFront
       req.send_request(options)
     end
 
+    # Updates a key group.
+    #
+    # When you update a key group, all the fields are updated with the
+    # values provided in the request. You cannot update some fields
+    # independent of others. To update a key group:
+    #
+    # 1.  Get the current key group with `GetKeyGroup` or
+    #     `GetKeyGroupConfig`.
+    #
+    # 2.  Locally modify the fields in the key group that you want to
+    #     update. For example, add or remove public key IDs.
+    #
+    # 3.  Call `UpdateKeyGroup` with the entire key group object, including
+    #     the fields that you modified and those that you didn’t.
+    #
+    # @option params [required, Types::KeyGroupConfig] :key_group_config
+    #   The key group configuration.
+    #
+    # @option params [required, String] :id
+    #   The identifier of the key group that you are updating.
+    #
+    # @option params [String] :if_match
+    #   The version of the key group that you are updating. The version is the
+    #   key group’s `ETag` value.
+    #
+    # @return [Types::UpdateKeyGroupResult] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateKeyGroupResult#key_group #key_group} => Types::KeyGroup
+    #   * {Types::UpdateKeyGroupResult#etag #etag} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_key_group({
+    #     key_group_config: { # required
+    #       name: "string", # required
+    #       items: ["string"], # required
+    #       comment: "string",
+    #     },
+    #     id: "string", # required
+    #     if_match: "string",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.key_group.id #=> String
+    #   resp.key_group.last_modified_time #=> Time
+    #   resp.key_group.key_group_config.name #=> String
+    #   resp.key_group.key_group_config.items #=> Array
+    #   resp.key_group.key_group_config.items[0] #=> String
+    #   resp.key_group.key_group_config.comment #=> String
+    #   resp.etag #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/UpdateKeyGroup2020_05_31 AWS API Documentation
+    #
+    # @overload update_key_group(params = {})
+    # @param [Hash] params ({})
+    def update_key_group(params = {}, options = {})
+      req = build_request(:update_key_group, params)
+      req.send_request(options)
+    end
+
     # Updates an origin request policy configuration.
     #
     # When you update an origin request policy configuration, all the fields
@@ -5627,10 +6108,10 @@ module Aws::CloudFront
     # is the comment.
     #
     # @option params [required, Types::PublicKeyConfig] :public_key_config
-    #   Request to update public key information.
+    #   A public key configuration.
     #
     # @option params [required, String] :id
-    #   ID of the public key to be updated.
+    #   The identifier of the public key that you are updating.
     #
     # @option params [String] :if_match
     #   The value of the `ETag` header that you received when retrieving the
@@ -5864,7 +6345,7 @@ module Aws::CloudFront
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cloudfront'
-      context[:gem_version] = '1.42.0'
+      context[:gem_version] = '1.47.0'
       Seahorse::Client::Request.new(handlers, context)
     end