aws-sdk-cognitoidentity 1.8.0 → 1.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5ab9fee898beeadc59c0f984a413ea461d4e4dce
-  data.tar.gz: 9fdc88353a633272e468b69d8ea0e28000d152ac
+  metadata.gz: 69b9fdc803eb6dc83c59ae853cbb2d005e4c7724
+  data.tar.gz: a5ec02b9ef13243421575a5241ab41c3bd894324
 SHA512:
-  metadata.gz: 1f7315bd7865256eccc4d51443ce6c8feca024f52af47c8b7ad7dbfad5fe56f8bbcee97a7b3e0724b5b34aa3f737b8a4b69c2e1adc4b666a88ed7d877906c2e3
-  data.tar.gz: dfd058a84657c4c90e67e631e5ba9b87ef2457e00893d270f0baf4bff15bcbc228565c5cea4eb147bec685640d6417bdf30d2a545a5ad8509193234e533c5571
+  metadata.gz: 4e28c32ee211377e30bef0a8e2fbe554e690c7f7f5890db6f5c8a6a449883f4c954f5711e685561c5731c33178396eb1f5334a63f01b379fc3340d41895bbc7b
+  data.tar.gz: 17127ae8c4ba42449202ceeed6e45d485a98c58d694d3651de92c65a426eb11cccb0525006792085bc33f0f5f001a7582696eaf9ee59cadcacf1f4735c13ebfc

data/lib/aws-sdk-cognitoidentity.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-cognitoidentity/customizations'
 # @service
 module Aws::CognitoIdentity
 
-  GEM_VERSION = '1.8.0'
+  GEM_VERSION = '1.9.0'
 
 end

data/lib/aws-sdk-cognitoidentity/client.rb

@@ -255,12 +255,17 @@ module Aws::CognitoIdentity
     #   A list of OpendID Connect provider ARNs.
     #
     # @option params [Array<Types::CognitoIdentityProvider>] :cognito_identity_providers
-    #   An array of Amazon Cognito Identity user pools and their client IDs.
+    #   An array of Amazon Cognito user pools and their client IDs.
     #
     # @option params [Array<String>] :saml_provider_arns
     #   An array of Amazon Resource Names (ARNs) of the SAML provider for your
     #   identity pool.
     #
+    # @option params [Hash<String,String>] :identity_pool_tags
+    #   Tags to assign to the identity pool. A tag is a label that you can
+    #   apply to identity pools to categorize and manage them in different
+    #   ways, such as by purpose, owner, environment, or other criteria.
+    #
     # @return [Types::IdentityPool] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::IdentityPool#identity_pool_id #identity_pool_id} => String
@@ -271,6 +276,7 @@ module Aws::CognitoIdentity
     #   * {Types::IdentityPool#open_id_connect_provider_arns #open_id_connect_provider_arns} => Array&lt;String&gt;
     #   * {Types::IdentityPool#cognito_identity_providers #cognito_identity_providers} => Array&lt;Types::CognitoIdentityProvider&gt;
     #   * {Types::IdentityPool#saml_provider_arns #saml_provider_arns} => Array&lt;String&gt;
+    #   * {Types::IdentityPool#identity_pool_tags #identity_pool_tags} => Hash&lt;String,String&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -290,6 +296,9 @@ module Aws::CognitoIdentity
     #       },
     #     ],
     #     saml_provider_arns: ["ARNString"],
+    #     identity_pool_tags: {
+    #       "TagKeysType" => "TagValueType",
+    #     },
     #   })
     #
     # @example Response structure
@@ -308,6 +317,8 @@ module Aws::CognitoIdentity
     #   resp.cognito_identity_providers[0].server_side_token_check #=> Boolean
     #   resp.saml_provider_arns #=> Array
     #   resp.saml_provider_arns[0] #=> String
+    #   resp.identity_pool_tags #=> Hash
+    #   resp.identity_pool_tags["TagKeysType"] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/CreateIdentityPool AWS API Documentation
     #
@@ -351,8 +362,8 @@ module Aws::CognitoIdentity
       req.send_request(options)
     end
 
-    # Deletes a user pool. Once a pool is deleted, users will not be able to
-    # authenticate with the pool.
+    # Deletes an identity pool. Once a pool is deleted, users will not be
+    # able to authenticate with the pool.
     #
     # You must use AWS Developer credentials to call this API.
     #
@@ -432,6 +443,7 @@ module Aws::CognitoIdentity
     #   * {Types::IdentityPool#open_id_connect_provider_arns #open_id_connect_provider_arns} => Array&lt;String&gt;
     #   * {Types::IdentityPool#cognito_identity_providers #cognito_identity_providers} => Array&lt;Types::CognitoIdentityProvider&gt;
     #   * {Types::IdentityPool#saml_provider_arns #saml_provider_arns} => Array&lt;String&gt;
+    #   * {Types::IdentityPool#identity_pool_tags #identity_pool_tags} => Hash&lt;String,String&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -455,6 +467,8 @@ module Aws::CognitoIdentity
     #   resp.cognito_identity_providers[0].server_side_token_check #=> Boolean
     #   resp.saml_provider_arns #=> Array
     #   resp.saml_provider_arns[0] #=> String
+    #   resp.identity_pool_tags #=> Hash
+    #   resp.identity_pool_tags["TagKeysType"] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/DescribeIdentityPool AWS API Documentation
     #
@@ -478,7 +492,20 @@ module Aws::CognitoIdentity
     #
     # @option params [Hash<String,String>] :logins
     #   A set of optional name-value pairs that map provider names to provider
-    #   tokens.
+    #   tokens. The name-value pair will follow the syntax "provider\_name":
+    #   "provider\_user\_identifier".
+    #
+    #   Logins should not be specified when trying to get credentials for an
+    #   unauthenticated identity.
+    #
+    #   The Logins parameter is required when using identities associated with
+    #   external identity providers such as FaceBook. For examples of `Logins`
+    #   maps, see the code examples in the [External Identity Providers][1]
+    #   section of the Amazon Cognito Developer Guide.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/cognito/latest/developerguide/external-identity-providers.html
     #
     # @option params [String] :custom_role_arn
     #   The Amazon Resource Name (ARN) of the role to be assumed when multiple
@@ -536,8 +563,9 @@ module Aws::CognitoIdentity
     #
     #   * Facebook: `graph.facebook.com`
     #
-    #   * Amazon Cognito Identity Provider:
-    #     `cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789`
+    #   * Amazon Cognito user pool:
+    #     `cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>`, for
+    #     example, `cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789`.
     #
     #   * Google: `accounts.google.com`
     #
@@ -620,7 +648,7 @@ module Aws::CognitoIdentity
     # is returned by GetId. You can optionally add additional logins for the
     # identity. Supplying multiple logins creates an implicit link.
     #
-    # The OpenId token is valid for 15 minutes.
+    # The OpenId token is valid for 10 minutes.
     #
     # This is a public API. You do not need any credentials to call this
     # API.
@@ -632,8 +660,8 @@ module Aws::CognitoIdentity
     #   A set of optional name-value pairs that map provider names to provider
     #   tokens. When using graph.facebook.com and www.amazon.com, supply the
     #   access\_token returned from the provider's authflow. For
-    #   accounts.google.com, an Amazon Cognito Identity Provider, or any other
-    #   OpenId Connect provider, always include the `id_token`.
+    #   accounts.google.com, an Amazon Cognito user pool provider, or any
+    #   other OpenId Connect provider, always include the `id_token`.
     #
     # @return [Types::GetOpenIdTokenResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -740,7 +768,7 @@ module Aws::CognitoIdentity
       req.send_request(options)
     end
 
-    # Lists the identities in a pool.
+    # Lists the identities in an identity pool.
     #
     # You must use AWS Developer credentials to call this API.
     #
@@ -831,8 +859,44 @@ module Aws::CognitoIdentity
       req.send_request(options)
     end
 
+    # Lists the tags that are assigned to an Amazon Cognito identity pool.
+    #
+    # A tag is a label that you can apply to identity pools to categorize
+    # and manage them in different ways, such as by purpose, owner,
+    # environment, or other criteria.
+    #
+    # You can use this action up to 10 times per second, per account.
+    #
+    # @option params [required, String] :resource_arn
+    #   The Amazon Resource Name (ARN) of the identity pool that the tags are
+    #   assigned to.
+    #
+    # @return [Types::ListTagsForResourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListTagsForResourceResponse#tags #tags} => Hash&lt;String,String&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_tags_for_resource({
+    #     resource_arn: "ARNString", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.tags #=> Hash
+    #   resp.tags["TagKeysType"] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/ListTagsForResource AWS API Documentation
+    #
+    # @overload list_tags_for_resource(params = {})
+    # @param [Hash] params ({})
+    def list_tags_for_resource(params = {}, options = {})
+      req = build_request(:list_tags_for_resource, params)
+      req.send_request(options)
+    end
+
     # Retrieves the `IdentityID` associated with a `DeveloperUserIdentifier`
-    # or the list of `DeveloperUserIdentifier`s associated with an
+    # or the list of `DeveloperUserIdentifier` values associated with an
     # `IdentityId` for an existing identity. Either `IdentityID` or
     # `DeveloperUserIdentifier` must not be null. If you supply only one of
     # these values, the other value will be searched in the database and
@@ -842,6 +906,13 @@ module Aws::CognitoIdentity
     # values and is the same as the request. Otherwise a
     # `ResourceConflictException` is thrown.
     #
+    # `LookupDeveloperIdentity` is intended for low-throughput control plane
+    # operations: for example, to enable customer service to locate an
+    # identity ID by username. If you are using it for higher-volume
+    # operations such as user authentication, your requests are likely to be
+    # throttled. GetOpenIdTokenForDeveloperIdentity is a better option for
+    # higher-volume operations for user authentication.
+    #
     # You must use AWS Developer credentials to call this API.
     #
     # @option params [required, String] :identity_pool_id
@@ -909,6 +980,11 @@ module Aws::CognitoIdentity
     # are associated with the same public provider, but as two different
     # users, an exception will be thrown.
     #
+    # The number of linked logins is limited to 20. So, the number of linked
+    # logins for the source user, `SourceUserIdentifier`, and the
+    # destination user, `DestinationUserIdentifier`, together should not be
+    # larger than 20. Otherwise, an exception will be thrown.
+    #
     # You must use AWS Developer credentials to call this API.
     #
     # @option params [required, String] :source_user_identifier
@@ -1013,6 +1089,54 @@ module Aws::CognitoIdentity
       req.send_request(options)
     end
 
+    # Assigns a set of tags to an Amazon Cognito identity pool. A tag is a
+    # label that you can use to categorize and manage identity pools in
+    # different ways, such as by purpose, owner, environment, or other
+    # criteria.
+    #
+    # Each tag consists of a key and value, both of which you define. A key
+    # is a general category for more specific values. For example, if you
+    # have two versions of an identity pool, one for testing and another for
+    # production, you might assign an `Environment` tag key to both identity
+    # pools. The value of this key might be `Test` for one identity pool and
+    # `Production` for the other.
+    #
+    # Tags are useful for cost tracking and access control. You can activate
+    # your tags so that they appear on the Billing and Cost Management
+    # console, where you can track the costs associated with your identity
+    # pools. In an IAM policy, you can constrain permissions for identity
+    # pools based on specific tags or tag values.
+    #
+    # You can use this action up to 5 times per second, per account. An
+    # identity pool can have as many as 50 tags.
+    #
+    # @option params [required, String] :resource_arn
+    #   The Amazon Resource Name (ARN) of the identity pool to assign the tags
+    #   to.
+    #
+    # @option params [Hash<String,String>] :tags
+    #   The tags to assign to the identity pool.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.tag_resource({
+    #     resource_arn: "ARNString", # required
+    #     tags: {
+    #       "TagKeysType" => "TagValueType",
+    #     },
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/TagResource AWS API Documentation
+    #
+    # @overload tag_resource(params = {})
+    # @param [Hash] params ({})
+    def tag_resource(params = {}, options = {})
+      req = build_request(:tag_resource, params)
+      req.send_request(options)
+    end
+
     # Unlinks a `DeveloperUserIdentifier` from an existing identity.
     # Unlinked developer users will be considered new identities next time
     # they are seen. If, for a given Cognito identity, you remove all
@@ -1092,7 +1216,35 @@ module Aws::CognitoIdentity
       req.send_request(options)
     end
 
-    # Updates a user pool.
+    # Removes the specified tags from an Amazon Cognito identity pool. You
+    # can use this action up to 5 times per second, per account
+    #
+    # @option params [required, String] :resource_arn
+    #   The Amazon Resource Name (ARN) of the identity pool that the tags are
+    #   assigned to.
+    #
+    # @option params [Array<String>] :tag_keys
+    #   The keys of the tags to remove from the user pool.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.untag_resource({
+    #     resource_arn: "ARNString", # required
+    #     tag_keys: ["TagKeysType"],
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/UntagResource AWS API Documentation
+    #
+    # @overload untag_resource(params = {})
+    # @param [Hash] params ({})
+    def untag_resource(params = {}, options = {})
+      req = build_request(:untag_resource, params)
+      req.send_request(options)
+    end
+
+    # Updates an identity pool.
     #
     # You must use AWS Developer credentials to call this API.
     #
@@ -1115,13 +1267,18 @@ module Aws::CognitoIdentity
     #   A list of OpendID Connect provider ARNs.
     #
     # @option params [Array<Types::CognitoIdentityProvider>] :cognito_identity_providers
-    #   A list representing an Amazon Cognito Identity User Pool and its
-    #   client ID.
+    #   A list representing an Amazon Cognito user pool and its client ID.
     #
     # @option params [Array<String>] :saml_provider_arns
     #   An array of Amazon Resource Names (ARNs) of the SAML provider for your
     #   identity pool.
     #
+    # @option params [Hash<String,String>] :identity_pool_tags
+    #   The tags that are assigned to the identity pool. A tag is a label that
+    #   you can apply to identity pools to categorize and manage them in
+    #   different ways, such as by purpose, owner, environment, or other
+    #   criteria.
+    #
     # @return [Types::IdentityPool] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::IdentityPool#identity_pool_id #identity_pool_id} => String
@@ -1132,6 +1289,7 @@ module Aws::CognitoIdentity
     #   * {Types::IdentityPool#open_id_connect_provider_arns #open_id_connect_provider_arns} => Array&lt;String&gt;
     #   * {Types::IdentityPool#cognito_identity_providers #cognito_identity_providers} => Array&lt;Types::CognitoIdentityProvider&gt;
     #   * {Types::IdentityPool#saml_provider_arns #saml_provider_arns} => Array&lt;String&gt;
+    #   * {Types::IdentityPool#identity_pool_tags #identity_pool_tags} => Hash&lt;String,String&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -1152,6 +1310,9 @@ module Aws::CognitoIdentity
     #       },
     #     ],
     #     saml_provider_arns: ["ARNString"],
+    #     identity_pool_tags: {
+    #       "TagKeysType" => "TagValueType",
+    #     },
     #   })
     #
     # @example Response structure
@@ -1170,6 +1331,8 @@ module Aws::CognitoIdentity
     #   resp.cognito_identity_providers[0].server_side_token_check #=> Boolean
     #   resp.saml_provider_arns #=> Array
     #   resp.saml_provider_arns[0] #=> String
+    #   resp.identity_pool_tags #=> Hash
+    #   resp.identity_pool_tags["TagKeysType"] #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/UpdateIdentityPool AWS API Documentation
     #
@@ -1193,7 +1356,7 @@ module Aws::CognitoIdentity
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentity'
-      context[:gem_version] = '1.8.0'
+      context[:gem_version] = '1.9.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cognitoidentity/client_api.rb

@@ -56,6 +56,8 @@ module Aws::CognitoIdentity
     IdentityPoolId = Shapes::StringShape.new(name: 'IdentityPoolId')
     IdentityPoolName = Shapes::StringShape.new(name: 'IdentityPoolName')
     IdentityPoolShortDescription = Shapes::StructureShape.new(name: 'IdentityPoolShortDescription')
+    IdentityPoolTagsListType = Shapes::ListShape.new(name: 'IdentityPoolTagsListType')
+    IdentityPoolTagsType = Shapes::MapShape.new(name: 'IdentityPoolTagsType')
     IdentityPoolUnauthenticated = Shapes::BooleanShape.new(name: 'IdentityPoolUnauthenticated')
     IdentityPoolsList = Shapes::ListShape.new(name: 'IdentityPoolsList')
     IdentityProviderId = Shapes::StringShape.new(name: 'IdentityProviderId')
@@ -70,6 +72,8 @@ module Aws::CognitoIdentity
     ListIdentitiesResponse = Shapes::StructureShape.new(name: 'ListIdentitiesResponse')
     ListIdentityPoolsInput = Shapes::StructureShape.new(name: 'ListIdentityPoolsInput')
     ListIdentityPoolsResponse = Shapes::StructureShape.new(name: 'ListIdentityPoolsResponse')
+    ListTagsForResourceInput = Shapes::StructureShape.new(name: 'ListTagsForResourceInput')
+    ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
     LoginsList = Shapes::ListShape.new(name: 'LoginsList')
     LoginsMap = Shapes::MapShape.new(name: 'LoginsMap')
     LookupDeveloperIdentityInput = Shapes::StructureShape.new(name: 'LookupDeveloperIdentityInput')
@@ -97,12 +101,18 @@ module Aws::CognitoIdentity
     SessionTokenString = Shapes::StringShape.new(name: 'SessionTokenString')
     SetIdentityPoolRolesInput = Shapes::StructureShape.new(name: 'SetIdentityPoolRolesInput')
     String = Shapes::StringShape.new(name: 'String')
+    TagKeysType = Shapes::StringShape.new(name: 'TagKeysType')
+    TagResourceInput = Shapes::StructureShape.new(name: 'TagResourceInput')
+    TagResourceResponse = Shapes::StructureShape.new(name: 'TagResourceResponse')
+    TagValueType = Shapes::StringShape.new(name: 'TagValueType')
     TokenDuration = Shapes::IntegerShape.new(name: 'TokenDuration')
     TooManyRequestsException = Shapes::StructureShape.new(name: 'TooManyRequestsException')
     UnlinkDeveloperIdentityInput = Shapes::StructureShape.new(name: 'UnlinkDeveloperIdentityInput')
     UnlinkIdentityInput = Shapes::StructureShape.new(name: 'UnlinkIdentityInput')
     UnprocessedIdentityId = Shapes::StructureShape.new(name: 'UnprocessedIdentityId')
     UnprocessedIdentityIdList = Shapes::ListShape.new(name: 'UnprocessedIdentityIdList')
+    UntagResourceInput = Shapes::StructureShape.new(name: 'UntagResourceInput')
+    UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
 
     CognitoIdentityProvider.add_member(:provider_name, Shapes::ShapeRef.new(shape: CognitoIdentityProviderName, location_name: "ProviderName"))
     CognitoIdentityProvider.add_member(:client_id, Shapes::ShapeRef.new(shape: CognitoIdentityProviderClientId, location_name: "ClientId"))
@@ -118,6 +128,7 @@ module Aws::CognitoIdentity
     CreateIdentityPoolInput.add_member(:open_id_connect_provider_arns, Shapes::ShapeRef.new(shape: OIDCProviderList, location_name: "OpenIdConnectProviderARNs"))
     CreateIdentityPoolInput.add_member(:cognito_identity_providers, Shapes::ShapeRef.new(shape: CognitoIdentityProviderList, location_name: "CognitoIdentityProviders"))
     CreateIdentityPoolInput.add_member(:saml_provider_arns, Shapes::ShapeRef.new(shape: SAMLProviderList, location_name: "SamlProviderARNs"))
+    CreateIdentityPoolInput.add_member(:identity_pool_tags, Shapes::ShapeRef.new(shape: IdentityPoolTagsType, location_name: "IdentityPoolTags"))
     CreateIdentityPoolInput.struct_class = Types::CreateIdentityPoolInput
 
     Credentials.add_member(:access_key_id, Shapes::ShapeRef.new(shape: AccessKeyString, location_name: "AccessKeyId"))
@@ -204,12 +215,18 @@ module Aws::CognitoIdentity
     IdentityPool.add_member(:open_id_connect_provider_arns, Shapes::ShapeRef.new(shape: OIDCProviderList, location_name: "OpenIdConnectProviderARNs"))
     IdentityPool.add_member(:cognito_identity_providers, Shapes::ShapeRef.new(shape: CognitoIdentityProviderList, location_name: "CognitoIdentityProviders"))
     IdentityPool.add_member(:saml_provider_arns, Shapes::ShapeRef.new(shape: SAMLProviderList, location_name: "SamlProviderARNs"))
+    IdentityPool.add_member(:identity_pool_tags, Shapes::ShapeRef.new(shape: IdentityPoolTagsType, location_name: "IdentityPoolTags"))
     IdentityPool.struct_class = Types::IdentityPool
 
     IdentityPoolShortDescription.add_member(:identity_pool_id, Shapes::ShapeRef.new(shape: IdentityPoolId, location_name: "IdentityPoolId"))
     IdentityPoolShortDescription.add_member(:identity_pool_name, Shapes::ShapeRef.new(shape: IdentityPoolName, location_name: "IdentityPoolName"))
     IdentityPoolShortDescription.struct_class = Types::IdentityPoolShortDescription
 
+    IdentityPoolTagsListType.member = Shapes::ShapeRef.new(shape: TagKeysType)
+
+    IdentityPoolTagsType.key = Shapes::ShapeRef.new(shape: TagKeysType)
+    IdentityPoolTagsType.value = Shapes::ShapeRef.new(shape: TagValueType)
+
     IdentityPoolsList.member = Shapes::ShapeRef.new(shape: IdentityPoolShortDescription)
 
     IdentityProviders.key = Shapes::ShapeRef.new(shape: IdentityProviderName)
@@ -234,6 +251,12 @@ module Aws::CognitoIdentity
     ListIdentityPoolsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationKey, location_name: "NextToken"))
     ListIdentityPoolsResponse.struct_class = Types::ListIdentityPoolsResponse
 
+    ListTagsForResourceInput.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ARNString, required: true, location_name: "ResourceArn"))
+    ListTagsForResourceInput.struct_class = Types::ListTagsForResourceInput
+
+    ListTagsForResourceResponse.add_member(:tags, Shapes::ShapeRef.new(shape: IdentityPoolTagsType, location_name: "Tags"))
+    ListTagsForResourceResponse.struct_class = Types::ListTagsForResourceResponse
+
     LoginsList.member = Shapes::ShapeRef.new(shape: IdentityProviderName)
 
     LoginsMap.key = Shapes::ShapeRef.new(shape: IdentityProviderName)
@@ -291,6 +314,12 @@ module Aws::CognitoIdentity
     SetIdentityPoolRolesInput.add_member(:role_mappings, Shapes::ShapeRef.new(shape: RoleMappingMap, location_name: "RoleMappings"))
     SetIdentityPoolRolesInput.struct_class = Types::SetIdentityPoolRolesInput
 
+    TagResourceInput.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ARNString, required: true, location_name: "ResourceArn"))
+    TagResourceInput.add_member(:tags, Shapes::ShapeRef.new(shape: IdentityPoolTagsType, location_name: "Tags"))
+    TagResourceInput.struct_class = Types::TagResourceInput
+
+    TagResourceResponse.struct_class = Types::TagResourceResponse
+
     UnlinkDeveloperIdentityInput.add_member(:identity_id, Shapes::ShapeRef.new(shape: IdentityId, required: true, location_name: "IdentityId"))
     UnlinkDeveloperIdentityInput.add_member(:identity_pool_id, Shapes::ShapeRef.new(shape: IdentityPoolId, required: true, location_name: "IdentityPoolId"))
     UnlinkDeveloperIdentityInput.add_member(:developer_provider_name, Shapes::ShapeRef.new(shape: DeveloperProviderName, required: true, location_name: "DeveloperProviderName"))
@@ -308,6 +337,12 @@ module Aws::CognitoIdentity
 
     UnprocessedIdentityIdList.member = Shapes::ShapeRef.new(shape: UnprocessedIdentityId)
 
+    UntagResourceInput.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ARNString, required: true, location_name: "ResourceArn"))
+    UntagResourceInput.add_member(:tag_keys, Shapes::ShapeRef.new(shape: IdentityPoolTagsListType, location_name: "TagKeys"))
+    UntagResourceInput.struct_class = Types::UntagResourceInput
+
+    UntagResourceResponse.struct_class = Types::UntagResourceResponse
+
 
     # @api private
     API = Seahorse::Model::Api.new.tap do |api|
@@ -320,6 +355,7 @@ module Aws::CognitoIdentity
         "jsonVersion" => "1.1",
         "protocol" => "json",
         "serviceFullName" => "Amazon Cognito Identity",
+        "serviceId" => "Cognito Identity",
         "signatureVersion" => "v4",
         "targetPrefix" => "AWSCognitoIdentityService",
         "uid" => "cognito-identity-2014-06-30",
@@ -490,6 +526,20 @@ module Aws::CognitoIdentity
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
         o.errors << Shapes::ShapeRef.new(shape: NotAuthorizedException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+      end)
+
+      api.add_operation(:list_tags_for_resource, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListTagsForResource"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ListTagsForResourceInput)
+        o.output = Shapes::ShapeRef.new(shape: ListTagsForResourceResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: NotAuthorizedException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
       end)
 
@@ -536,6 +586,19 @@ module Aws::CognitoIdentity
         o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
       end)
 
+      api.add_operation(:tag_resource, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "TagResource"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: TagResourceInput)
+        o.output = Shapes::ShapeRef.new(shape: TagResourceResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: NotAuthorizedException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+      end)
+
       api.add_operation(:unlink_developer_identity, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UnlinkDeveloperIdentity"
         o.http_method = "POST"
@@ -566,6 +629,19 @@ module Aws::CognitoIdentity
         o.errors << Shapes::ShapeRef.new(shape: ExternalServiceException)
       end)
 
+      api.add_operation(:untag_resource, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UntagResource"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: UntagResourceInput)
+        o.output = Shapes::ShapeRef.new(shape: UntagResourceResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: NotAuthorizedException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyRequestsException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
+      end)
+
       api.add_operation(:update_identity_pool, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateIdentityPool"
         o.http_method = "POST"

data/lib/aws-sdk-cognitoidentity/types.rb

@@ -8,8 +8,7 @@
 module Aws::CognitoIdentity
   module Types
 
-    # A provider representing an Amazon Cognito Identity User Pool and its
-    # client ID.
+    # A provider representing an Amazon Cognito user pool and its client ID.
     #
     # @note When making an API call, you may pass CognitoIdentityProvider
     #   data as a hash:
@@ -21,17 +20,26 @@ module Aws::CognitoIdentity
     #       }
     #
     # @!attribute [rw] provider_name
-    #   The provider name for an Amazon Cognito Identity User Pool. For
-    #   example, `cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789`.
+    #   The provider name for an Amazon Cognito user pool. For example,
+    #   `cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789`.
     #   @return [String]
     #
     # @!attribute [rw] client_id
-    #   The client ID for the Amazon Cognito Identity User Pool.
+    #   The client ID for the Amazon Cognito user pool.
     #   @return [String]
     #
     # @!attribute [rw] server_side_token_check
     #   TRUE if server-side token validation is enabled for the identity
     #   provider’s token.
+    #
+    #   Once you set `ServerSideTokenCheck` to TRUE for an identity pool,
+    #   that identity pool will check with the integrated user pools to make
+    #   sure that the user has not been globally signed out or deleted
+    #   before the identity pool provides an OIDC token or AWS credentials
+    #   for the user.
+    #
+    #   If the user is signed out or deleted, the identity pool will return
+    #   a 400 Not Authorized error.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/CognitoIdentityProvider AWS API Documentation
@@ -64,6 +72,9 @@ module Aws::CognitoIdentity
     #           },
     #         ],
     #         saml_provider_arns: ["ARNString"],
+    #         identity_pool_tags: {
+    #           "TagKeysType" => "TagValueType",
+    #         },
     #       }
     #
     # @!attribute [rw] identity_pool_name
@@ -94,7 +105,7 @@ module Aws::CognitoIdentity
     #   @return [Array<String>]
     #
     # @!attribute [rw] cognito_identity_providers
-    #   An array of Amazon Cognito Identity user pools and their client IDs.
+    #   An array of Amazon Cognito user pools and their client IDs.
     #   @return [Array<Types::CognitoIdentityProvider>]
     #
     # @!attribute [rw] saml_provider_arns
@@ -102,6 +113,12 @@ module Aws::CognitoIdentity
     #   your identity pool.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] identity_pool_tags
+    #   Tags to assign to the identity pool. A tag is a label that you can
+    #   apply to identity pools to categorize and manage them in different
+    #   ways, such as by purpose, owner, environment, or other criteria.
+    #   @return [Hash<String,String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/CreateIdentityPoolInput AWS API Documentation
     #
     class CreateIdentityPoolInput < Struct.new(
@@ -111,7 +128,8 @@ module Aws::CognitoIdentity
       :developer_provider_name,
       :open_id_connect_provider_arns,
       :cognito_identity_providers,
-      :saml_provider_arns)
+      :saml_provider_arns,
+      :identity_pool_tags)
       include Aws::Structure
     end
 
@@ -256,7 +274,20 @@ module Aws::CognitoIdentity
     #
     # @!attribute [rw] logins
     #   A set of optional name-value pairs that map provider names to
-    #   provider tokens.
+    #   provider tokens. The name-value pair will follow the syntax
+    #   "provider\_name": "provider\_user\_identifier".
+    #
+    #   Logins should not be specified when trying to get credentials for an
+    #   unauthenticated identity.
+    #
+    #   The Logins parameter is required when using identities associated
+    #   with external identity providers such as FaceBook. For examples of
+    #   `Logins` maps, see the code examples in the [External Identity
+    #   Providers][1] section of the Amazon Cognito Developer Guide.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/cognito/latest/developerguide/external-identity-providers.html
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] custom_role_arn
@@ -323,8 +354,10 @@ module Aws::CognitoIdentity
     #
     #   * Facebook: `graph.facebook.com`
     #
-    #   * Amazon Cognito Identity Provider:
-    #     `cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789`
+    #   * Amazon Cognito user pool:
+    #     `cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>`, for
+    #     example,
+    #     `cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789`.
     #
     #   * Google: `accounts.google.com`
     #
@@ -392,7 +425,7 @@ module Aws::CognitoIdentity
     #   How users for a specific identity provider are to mapped to roles.
     #   This is a String-to-RoleMapping object map. The string identifies
     #   the identity provider, for example, "graph.facebook.com" or
-    #   "cognito-idp-east-1.amazonaws.com/us-east-1\_abcdefghi:app\_client\_id".
+    #   "cognito-idp.us-east-1.amazonaws.com/us-east-1\_abcdefghi:app\_client\_id".
     #   @return [Hash<String,Types::RoleMapping>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/GetIdentityPoolRolesResponse AWS API Documentation
@@ -500,7 +533,7 @@ module Aws::CognitoIdentity
     #   A set of optional name-value pairs that map provider names to
     #   provider tokens. When using graph.facebook.com and www.amazon.com,
     #   supply the access\_token returned from the provider's authflow. For
-    #   accounts.google.com, an Amazon Cognito Identity Provider, or any
+    #   accounts.google.com, an Amazon Cognito user pool provider, or any
     #   other OpenId Connect provider, always include the `id_token`.
     #   @return [Hash<String,String>]
     #
@@ -520,7 +553,7 @@ module Aws::CognitoIdentity
     #   @return [String]
     #
     # @!attribute [rw] token
-    #   An OpenID token, valid for 15 minutes.
+    #   An OpenID token, valid for 10 minutes.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/GetOpenIdTokenResponse AWS API Documentation
@@ -538,8 +571,7 @@ module Aws::CognitoIdentity
     #   @return [String]
     #
     # @!attribute [rw] logins
-    #   A set of optional name-value pairs that map provider names to
-    #   provider tokens.
+    #   The provider names.
     #   @return [Array<String>]
     #
     # @!attribute [rw] creation_date
@@ -582,6 +614,9 @@ module Aws::CognitoIdentity
     #           },
     #         ],
     #         saml_provider_arns: ["ARNString"],
+    #         identity_pool_tags: {
+    #           "TagKeysType" => "TagValueType",
+    #         },
     #       }
     #
     # @!attribute [rw] identity_pool_id
@@ -609,8 +644,7 @@ module Aws::CognitoIdentity
     #   @return [Array<String>]
     #
     # @!attribute [rw] cognito_identity_providers
-    #   A list representing an Amazon Cognito Identity User Pool and its
-    #   client ID.
+    #   A list representing an Amazon Cognito user pool and its client ID.
     #   @return [Array<Types::CognitoIdentityProvider>]
     #
     # @!attribute [rw] saml_provider_arns
@@ -618,6 +652,13 @@ module Aws::CognitoIdentity
     #   your identity pool.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] identity_pool_tags
+    #   The tags that are assigned to the identity pool. A tag is a label
+    #   that you can apply to identity pools to categorize and manage them
+    #   in different ways, such as by purpose, owner, environment, or other
+    #   criteria.
+    #   @return [Hash<String,String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/IdentityPool AWS API Documentation
     #
     class IdentityPool < Struct.new(
@@ -628,7 +669,8 @@ module Aws::CognitoIdentity
       :developer_provider_name,
       :open_id_connect_provider_arns,
       :cognito_identity_providers,
-      :saml_provider_arns)
+      :saml_provider_arns,
+      :identity_pool_tags)
       include Aws::Structure
     end
 
@@ -757,6 +799,36 @@ module Aws::CognitoIdentity
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListTagsForResourceInput
+    #   data as a hash:
+    #
+    #       {
+    #         resource_arn: "ARNString", # required
+    #       }
+    #
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the identity pool that the tags
+    #   are assigned to.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/ListTagsForResourceInput AWS API Documentation
+    #
+    class ListTagsForResourceInput < Struct.new(
+      :resource_arn)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] tags
+    #   The tags that are assigned to the identity pool.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/ListTagsForResourceResponse AWS API Documentation
+    #
+    class ListTagsForResourceResponse < Struct.new(
+      :tags)
+      include Aws::Structure
+    end
+
     # Input to the `LookupDeveloperIdentityInput` action.
     #
     # @note When making an API call, you may pass LookupDeveloperIdentityInput
@@ -1081,6 +1153,37 @@ module Aws::CognitoIdentity
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass TagResourceInput
+    #   data as a hash:
+    #
+    #       {
+    #         resource_arn: "ARNString", # required
+    #         tags: {
+    #           "TagKeysType" => "TagValueType",
+    #         },
+    #       }
+    #
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the identity pool to assign the
+    #   tags to.
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   The tags to assign to the identity pool.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/TagResourceInput AWS API Documentation
+    #
+    class TagResourceInput < Struct.new(
+      :resource_arn,
+      :tags)
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/TagResourceResponse AWS API Documentation
+    #
+    class TagResourceResponse < Aws::EmptyStructure; end
+
     # Input to the `UnlinkDeveloperIdentity` action.
     #
     # @note When making an API call, you may pass UnlinkDeveloperIdentityInput
@@ -1174,5 +1277,34 @@ module Aws::CognitoIdentity
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass UntagResourceInput
+    #   data as a hash:
+    #
+    #       {
+    #         resource_arn: "ARNString", # required
+    #         tag_keys: ["TagKeysType"],
+    #       }
+    #
+    # @!attribute [rw] resource_arn
+    #   The Amazon Resource Name (ARN) of the identity pool that the tags
+    #   are assigned to.
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_keys
+    #   The keys of the tags to remove from the user pool.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/UntagResourceInput AWS API Documentation
+    #
+    class UntagResourceInput < Struct.new(
+      :resource_arn,
+      :tag_keys)
+      include Aws::Structure
+    end
+
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-identity-2014-06-30/UntagResourceResponse AWS API Documentation
+    #
+    class UntagResourceResponse < Aws::EmptyStructure; end
+
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cognitoidentity
 version: !ruby/object:Gem::Version
-  version: 1.8.0
+  version: 1.9.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-18 00:00:00.000000000 Z
+date: 2019-03-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core