aws-sdk-cognitoidentityprovider 1.103.0 → 1.105.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3d85e3e53d5476cf5924296d2bf78c4ea289362387a50ab35d2326b35e1e672d
-  data.tar.gz: dbedb8bda94fc87b5c5ecc8eece998c855d934a57e831259d75472428fa4001d
+  metadata.gz: d9fc8575d67e9ff99ce987b2069fae44996e8baa744815adddb645e2a7a3dc96
+  data.tar.gz: 29cc79804ec28dae5efc4e6aaa5e066c12156afe26ba447b8b4666aab4d0be2b
 SHA512:
-  metadata.gz: 3acbae1bbc3f3d09a3d0eea8224300177577aee6bbbf3dac04cacfc768d6233127d743ab3d75a5c46da0eaabee32dbf9e291e633692b3706994b527822131883
-  data.tar.gz: 49ac3c1571fd773b64f8b3e371278bcb8cef6f241ab282c1aeffa3fd21c8c299c9ffeec308d07d7fa6273e659f6792e28639a6caad7183d92bd38422915c9003
+  metadata.gz: 8b982252d13391647f33e4a5e84b9ab4088a1c49c941818caafc4b3114348fb3b6827be4edc5e9b5bd6ea8f615db8e5e0e0ba2461e08a45d4f6ab498cf4b0929
+  data.tar.gz: 30c7b4862c17a264078024e53b291ec66ffbe0aa0ce4a42fda860b8be6de0f7505750ad7909c24f95e990edc28276183083da998ec5782615368832992731f94

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.105.0 (2024-09-20)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.104.0 (2024-09-12)
+------------------
+
+* Feature - Added email MFA option to user pools with advanced security features.
+
 1.103.0 (2024-09-11)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.103.0
+1.105.0

data/lib/aws-sdk-cognitoidentityprovider/client.rb

@@ -130,13 +130,15 @@ module Aws::CognitoIdentityProvider
     #     locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
-    #     * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
-    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
+    #     * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
+    #       `:account_id` options.
+    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
+    #       ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
     #     * `~/.aws/credentials`
     #     * `~/.aws/config`
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
     #       enable retries and extended timeouts. Instance profile credential
     #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
     #       to true.
@@ -155,6 +157,8 @@ module Aws::CognitoIdentityProvider
     #
     #   @option options [String] :access_key_id
     #
+    #   @option options [String] :account_id
+    #
     #   @option options [Boolean] :active_endpoint_cache (false)
     #     When set to `true`, a thread polling for endpoints will be running in
     #     the background every 60 secs (default). Defaults to `false`.
@@ -376,7 +380,9 @@ module Aws::CognitoIdentityProvider
     #     sending the request.
     #
     #   @option options [Aws::CognitoIdentityProvider::EndpointProvider] :endpoint_provider
-    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::CognitoIdentityProvider::EndpointParameters`
+    #     The endpoint provider used to resolve endpoints. Any object that responds to
+    #     `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
+    #     `Aws::CognitoIdentityProvider::EndpointParameters`.
     #
     #   @option options [Float] :http_continue_timeout (1)
     #     The number of seconds to wait for a 100-continue response before sending the
@@ -676,7 +682,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -1474,7 +1480,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -1685,7 +1691,7 @@ module Aws::CognitoIdentityProvider
     #
     # @example Response structure
     #
-    #   resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
+    #   resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
     #   resp.session #=> String
     #   resp.challenge_parameters #=> Hash
     #   resp.challenge_parameters["StringType"] #=> String
@@ -2135,7 +2141,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -2266,7 +2272,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -2323,11 +2329,21 @@ module Aws::CognitoIdentityProvider
     #   SMS\_MFA
     #
     #   : `"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
-    #     "[SMS_code]", "USERNAME": "[username]"\}`
+    #     "[code]", "USERNAME": "[username]"\}`
+    #
+    #   EMAIL\_OTP
+    #
+    #   : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
+    #     \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
     #
     #   PASSWORD\_VERIFIER
     #
-    #   : `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
+    #   : This challenge response is part of the SRP flow. Amazon Cognito
+    #     requires that your application respond to this challenge within a
+    #     few seconds. When the response time exceeds this period, your user
+    #     pool returns a `NotAuthorizedException` error.
+    #
+    #     `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
     #     \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
     #     "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
     #     [timestamp], "USERNAME": "[username]"\}`
@@ -2486,7 +2502,7 @@ module Aws::CognitoIdentityProvider
     #   resp = client.admin_respond_to_auth_challenge({
     #     user_pool_id: "UserPoolIdType", # required
     #     client_id: "ClientIdType", # required
-    #     challenge_name: "SMS_MFA", # required, accepts SMS_MFA, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
+    #     challenge_name: "SMS_MFA", # required, accepts SMS_MFA, EMAIL_OTP, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
     #     challenge_responses: {
     #       "StringType" => "StringType",
     #     },
@@ -2513,7 +2529,7 @@ module Aws::CognitoIdentityProvider
     #
     # @example Response structure
     #
-    #   resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
+    #   resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
     #   resp.session #=> String
     #   resp.challenge_parameters #=> Hash
     #   resp.challenge_parameters["StringType"] #=> String
@@ -2534,12 +2550,12 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
-    # The user's multi-factor authentication (MFA) preference, including
-    # which MFA options are activated, and if any are preferred. Only one
-    # factor can be set as preferred. The preferred MFA factor will be used
-    # to authenticate a user if multiple factors are activated. If multiple
-    # options are activated and no preference is set, a challenge to choose
-    # an MFA option will be returned during sign-in.
+    # Sets the user's multi-factor authentication (MFA) preference,
+    # including which MFA options are activated, and if any are preferred.
+    # Only one factor can be set as preferred. The preferred MFA factor will
+    # be used to authenticate a user if multiple factors are activated. If
+    # multiple options are activated and no preference is set, a challenge
+    # to choose an MFA option will be returned during sign-in.
     #
     # <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
     # in requests for this API operation. For this operation, you must use
@@ -2560,10 +2576,24 @@ module Aws::CognitoIdentityProvider
     # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
     #
     # @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
-    #   The SMS text message MFA settings.
+    #   User preferences for SMS message MFA. Activates or deactivates SMS MFA
+    #   and sets it as the preferred MFA method when multiple methods are
+    #   available.
     #
     # @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
-    #   The time-based one-time password software token MFA settings.
+    #   User preferences for time-based one-time password (TOTP) MFA.
+    #   Activates or deactivates TOTP MFA and sets it as the preferred MFA
+    #   method when multiple methods are available.
+    #
+    # @option params [Types::EmailMfaSettingsType] :email_mfa_settings
+    #   User preferences for email message MFA. Activates or deactivates email
+    #   MFA and sets it as the preferred MFA method when multiple methods are
+    #   available. To activate this setting, [ advanced security features][1]
+    #   must be active in your user pool.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
     #
     # @option params [required, String] :username
     #   The username of the user that you want to query or modify. The value
@@ -2573,7 +2603,8 @@ module Aws::CognitoIdentityProvider
     #   username of a user from a third-party IdP.
     #
     # @option params [required, String] :user_pool_id
-    #   The user pool ID.
+    #   The ID of the user pool where you want to set a user's MFA
+    #   preferences.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -2588,6 +2619,10 @@ module Aws::CognitoIdentityProvider
     #       enabled: false,
     #       preferred_mfa: false,
     #     },
+    #     email_mfa_settings: {
+    #       enabled: false,
+    #       preferred_mfa: false,
+    #     },
     #     username: "UsernameType", # required
     #     user_pool_id: "UserPoolIdType", # required
     #   })
@@ -2876,7 +2911,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -3970,7 +4005,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -4960,9 +4995,9 @@ module Aws::CognitoIdentityProvider
     #   are hours.
     #
     # @option params [Array<String>] :read_attributes
-    #   The list of user attributes that you want your app client to have
-    #   read-only access to. After your user authenticates in your app, their
-    #   access token authorizes them to read their own attribute value for any
+    #   The list of user attributes that you want your app client to have read
+    #   access to. After your user authenticates in your app, their access
+    #   token authorizes them to read their own attribute value for any
     #   attribute in this list. An example of this kind of activity is when
     #   your user selects a link to view their profile information. Your app
     #   makes a [GetUser][1] API request to retrieve and display your user's
@@ -4970,11 +5005,11 @@ module Aws::CognitoIdentityProvider
     #
     #   When you don't specify the `ReadAttributes` for your app client, your
     #   app can read the values of `email_verified`, `phone_number_verified`,
-    #   and the Standard attributes of your user pool. When your user pool has
-    #   read access to these default attributes, `ReadAttributes` doesn't
-    #   return any information. Amazon Cognito only populates `ReadAttributes`
-    #   in the API response if you have specified your own custom set of read
-    #   attributes.
+    #   and the Standard attributes of your user pool. When your user pool app
+    #   client has read access to these default attributes, `ReadAttributes`
+    #   doesn't return any information. Amazon Cognito only populates
+    #   `ReadAttributes` in the API response if you have specified your own
+    #   custom set of read attributes.
     #
     #
     #
@@ -6282,7 +6317,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -6770,7 +6805,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -6870,6 +6905,7 @@ module Aws::CognitoIdentityProvider
     #
     #   * {Types::GetUserPoolMfaConfigResponse#sms_mfa_configuration #sms_mfa_configuration} => Types::SmsMfaConfigType
     #   * {Types::GetUserPoolMfaConfigResponse#software_token_mfa_configuration #software_token_mfa_configuration} => Types::SoftwareTokenMfaConfigType
+    #   * {Types::GetUserPoolMfaConfigResponse#email_mfa_configuration #email_mfa_configuration} => Types::EmailMfaConfigType
     #   * {Types::GetUserPoolMfaConfigResponse#mfa_configuration #mfa_configuration} => String
     #
     # @example Request syntax with placeholder values
@@ -6885,6 +6921,8 @@ module Aws::CognitoIdentityProvider
     #   resp.sms_mfa_configuration.sms_configuration.external_id #=> String
     #   resp.sms_mfa_configuration.sms_configuration.sns_region #=> String
     #   resp.software_token_mfa_configuration.enabled #=> Boolean
+    #   resp.email_mfa_configuration.message #=> String
+    #   resp.email_mfa_configuration.subject #=> String
     #   resp.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetUserPoolMfaConfig AWS API Documentation
@@ -6983,7 +7021,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -7202,7 +7240,7 @@ module Aws::CognitoIdentityProvider
     #
     # @example Response structure
     #
-    #   resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
+    #   resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
     #   resp.session #=> String
     #   resp.challenge_parameters #=> Hash
     #   resp.challenge_parameters["StringType"] #=> String
@@ -8073,7 +8111,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -8219,7 +8257,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -8268,11 +8306,21 @@ module Aws::CognitoIdentityProvider
     #   SMS\_MFA
     #
     #   : `"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
-    #     "[SMS_code]", "USERNAME": "[username]"\}`
+    #     "[code]", "USERNAME": "[username]"\}`
+    #
+    #   EMAIL\_OTP
+    #
+    #   : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
+    #     \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
     #
     #   PASSWORD\_VERIFIER
     #
-    #   : `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
+    #   : This challenge response is part of the SRP flow. Amazon Cognito
+    #     requires that your application respond to this challenge within a
+    #     few seconds. When the response time exceeds this period, your user
+    #     pool returns a `NotAuthorizedException` error.
+    #
+    #     `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
     #     \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
     #     "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
     #     [timestamp], "USERNAME": "[username]"\}`
@@ -8407,7 +8455,7 @@ module Aws::CognitoIdentityProvider
     #
     #   resp = client.respond_to_auth_challenge({
     #     client_id: "ClientIdType", # required
-    #     challenge_name: "SMS_MFA", # required, accepts SMS_MFA, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
+    #     challenge_name: "SMS_MFA", # required, accepts SMS_MFA, EMAIL_OTP, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
     #     session: "SessionType",
     #     challenge_responses: {
     #       "StringType" => "StringType",
@@ -8426,7 +8474,7 @@ module Aws::CognitoIdentityProvider
     #
     # @example Response structure
     #
-    #   resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
+    #   resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
     #   resp.session #=> String
     #   resp.challenge_parameters #=> Hash
     #   resp.challenge_parameters["StringType"] #=> String
@@ -8762,10 +8810,24 @@ module Aws::CognitoIdentityProvider
     # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
     #
     # @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
-    #   The SMS text message multi-factor authentication (MFA) settings.
+    #   User preferences for SMS message MFA. Activates or deactivates SMS MFA
+    #   and sets it as the preferred MFA method when multiple methods are
+    #   available.
     #
     # @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
-    #   The time-based one-time password (TOTP) software token MFA settings.
+    #   User preferences for time-based one-time password (TOTP) MFA.
+    #   Activates or deactivates TOTP MFA and sets it as the preferred MFA
+    #   method when multiple methods are available.
+    #
+    # @option params [Types::EmailMfaSettingsType] :email_mfa_settings
+    #   User preferences for email message MFA. Activates or deactivates email
+    #   MFA and sets it as the preferred MFA method when multiple methods are
+    #   available. To activate this setting, [ advanced security features][1]
+    #   must be active in your user pool.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
     #
     # @option params [required, String] :access_token
     #   A valid access token that Amazon Cognito issued to the user whose MFA
@@ -8784,6 +8846,10 @@ module Aws::CognitoIdentityProvider
     #       enabled: false,
     #       preferred_mfa: false,
     #     },
+    #     email_mfa_settings: {
+    #       enabled: false,
+    #       preferred_mfa: false,
+    #     },
     #     access_token: "TokenModelType", # required
     #   })
     #
@@ -8808,7 +8874,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -8828,10 +8894,22 @@ module Aws::CognitoIdentityProvider
     #   The user pool ID.
     #
     # @option params [Types::SmsMfaConfigType] :sms_mfa_configuration
-    #   The SMS text message MFA configuration.
+    #   Configures user pool SMS messages for MFA. Sets the message template
+    #   and the SMS message sending configuration for Amazon SNS.
     #
     # @option params [Types::SoftwareTokenMfaConfigType] :software_token_mfa_configuration
-    #   The software token MFA configuration.
+    #   Configures a user pool for time-based one-time password (TOTP) MFA.
+    #   Enables or disables TOTP.
+    #
+    # @option params [Types::EmailMfaConfigType] :email_mfa_configuration
+    #   Configures user pool email messages for MFA. Sets the subject and body
+    #   of the email message template for MFA messages. To activate this
+    #   setting, [ advanced security features][1] must be active in your user
+    #   pool.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
     #
     # @option params [String] :mfa_configuration
     #   The MFA configuration. If you set the MfaConfiguration value to ‘ON’,
@@ -8854,6 +8932,7 @@ module Aws::CognitoIdentityProvider
     #
     #   * {Types::SetUserPoolMfaConfigResponse#sms_mfa_configuration #sms_mfa_configuration} => Types::SmsMfaConfigType
     #   * {Types::SetUserPoolMfaConfigResponse#software_token_mfa_configuration #software_token_mfa_configuration} => Types::SoftwareTokenMfaConfigType
+    #   * {Types::SetUserPoolMfaConfigResponse#email_mfa_configuration #email_mfa_configuration} => Types::EmailMfaConfigType
     #   * {Types::SetUserPoolMfaConfigResponse#mfa_configuration #mfa_configuration} => String
     #
     # @example Request syntax with placeholder values
@@ -8871,6 +8950,10 @@ module Aws::CognitoIdentityProvider
     #     software_token_mfa_configuration: {
     #       enabled: false,
     #     },
+    #     email_mfa_configuration: {
+    #       message: "EmailMfaMessageType",
+    #       subject: "EmailMfaSubjectType",
+    #     },
     #     mfa_configuration: "OFF", # accepts OFF, ON, OPTIONAL
     #   })
     #
@@ -8881,6 +8964,8 @@ module Aws::CognitoIdentityProvider
     #   resp.sms_mfa_configuration.sms_configuration.external_id #=> String
     #   resp.sms_mfa_configuration.sms_configuration.sns_region #=> String
     #   resp.software_token_mfa_configuration.enabled #=> Boolean
+    #   resp.email_mfa_configuration.message #=> String
+    #   resp.email_mfa_configuration.subject #=> String
     #   resp.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetUserPoolMfaConfig AWS API Documentation
@@ -8967,7 +9052,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -9778,7 +9863,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -9893,7 +9978,7 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Services service, Amazon Simple Notification Service
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
     # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
@@ -10282,9 +10367,9 @@ module Aws::CognitoIdentityProvider
     #   default for ID and access tokens is hours.
     #
     # @option params [Array<String>] :read_attributes
-    #   The list of user attributes that you want your app client to have
-    #   read-only access to. After your user authenticates in your app, their
-    #   access token authorizes them to read their own attribute value for any
+    #   The list of user attributes that you want your app client to have read
+    #   access to. After your user authenticates in your app, their access
+    #   token authorizes them to read their own attribute value for any
     #   attribute in this list. An example of this kind of activity is when
     #   your user selects a link to view their profile information. Your app
     #   makes a [GetUser][1] API request to retrieve and display your user's
@@ -10292,11 +10377,11 @@ module Aws::CognitoIdentityProvider
     #
     #   When you don't specify the `ReadAttributes` for your app client, your
     #   app can read the values of `email_verified`, `phone_number_verified`,
-    #   and the Standard attributes of your user pool. When your user pool has
-    #   read access to these default attributes, `ReadAttributes` doesn't
-    #   return any information. Amazon Cognito only populates `ReadAttributes`
-    #   in the API response if you have specified your own custom set of read
-    #   attributes.
+    #   and the Standard attributes of your user pool. When your user pool app
+    #   client has read access to these default attributes, `ReadAttributes`
+    #   doesn't return any information. Amazon Cognito only populates
+    #   `ReadAttributes` in the API response if you have specified your own
+    #   custom set of read attributes.
     #
     #
     #
@@ -10854,7 +10939,7 @@ module Aws::CognitoIdentityProvider
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.103.0'
+      context[:gem_version] = '1.105.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cognitoidentityprovider/client_api.rb

@@ -202,6 +202,10 @@ module Aws::CognitoIdentityProvider
     DuplicateProviderException = Shapes::StructureShape.new(name: 'DuplicateProviderException')
     EmailAddressType = Shapes::StringShape.new(name: 'EmailAddressType')
     EmailConfigurationType = Shapes::StructureShape.new(name: 'EmailConfigurationType')
+    EmailMfaConfigType = Shapes::StructureShape.new(name: 'EmailMfaConfigType')
+    EmailMfaMessageType = Shapes::StringShape.new(name: 'EmailMfaMessageType')
+    EmailMfaSettingsType = Shapes::StructureShape.new(name: 'EmailMfaSettingsType')
+    EmailMfaSubjectType = Shapes::StringShape.new(name: 'EmailMfaSubjectType')
     EmailNotificationBodyType = Shapes::StringShape.new(name: 'EmailNotificationBodyType')
     EmailNotificationSubjectType = Shapes::StringShape.new(name: 'EmailNotificationSubjectType')
     EmailSendingAccountType = Shapes::StringShape.new(name: 'EmailSendingAccountType')
@@ -691,6 +695,7 @@ module Aws::CognitoIdentityProvider
 
     AdminSetUserMFAPreferenceRequest.add_member(:sms_mfa_settings, Shapes::ShapeRef.new(shape: SMSMfaSettingsType, location_name: "SMSMfaSettings"))
     AdminSetUserMFAPreferenceRequest.add_member(:software_token_mfa_settings, Shapes::ShapeRef.new(shape: SoftwareTokenMfaSettingsType, location_name: "SoftwareTokenMfaSettings"))
+    AdminSetUserMFAPreferenceRequest.add_member(:email_mfa_settings, Shapes::ShapeRef.new(shape: EmailMfaSettingsType, location_name: "EmailMfaSettings"))
     AdminSetUserMFAPreferenceRequest.add_member(:username, Shapes::ShapeRef.new(shape: UsernameType, required: true, location_name: "Username"))
     AdminSetUserMFAPreferenceRequest.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, required: true, location_name: "UserPoolId"))
     AdminSetUserMFAPreferenceRequest.struct_class = Types::AdminSetUserMFAPreferenceRequest
@@ -1132,6 +1137,14 @@ module Aws::CognitoIdentityProvider
     EmailConfigurationType.add_member(:configuration_set, Shapes::ShapeRef.new(shape: SESConfigurationSet, location_name: "ConfigurationSet"))
     EmailConfigurationType.struct_class = Types::EmailConfigurationType
 
+    EmailMfaConfigType.add_member(:message, Shapes::ShapeRef.new(shape: EmailMfaMessageType, location_name: "Message"))
+    EmailMfaConfigType.add_member(:subject, Shapes::ShapeRef.new(shape: EmailMfaSubjectType, location_name: "Subject"))
+    EmailMfaConfigType.struct_class = Types::EmailMfaConfigType
+
+    EmailMfaSettingsType.add_member(:enabled, Shapes::ShapeRef.new(shape: BooleanType, location_name: "Enabled"))
+    EmailMfaSettingsType.add_member(:preferred_mfa, Shapes::ShapeRef.new(shape: BooleanType, location_name: "PreferredMfa"))
+    EmailMfaSettingsType.struct_class = Types::EmailMfaSettingsType
+
     EnableSoftwareTokenMFAException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
     EnableSoftwareTokenMFAException.struct_class = Types::EnableSoftwareTokenMFAException
 
@@ -1240,6 +1253,7 @@ module Aws::CognitoIdentityProvider
 
     GetUserPoolMfaConfigResponse.add_member(:sms_mfa_configuration, Shapes::ShapeRef.new(shape: SmsMfaConfigType, location_name: "SmsMfaConfiguration"))
     GetUserPoolMfaConfigResponse.add_member(:software_token_mfa_configuration, Shapes::ShapeRef.new(shape: SoftwareTokenMfaConfigType, location_name: "SoftwareTokenMfaConfiguration"))
+    GetUserPoolMfaConfigResponse.add_member(:email_mfa_configuration, Shapes::ShapeRef.new(shape: EmailMfaConfigType, location_name: "EmailMfaConfiguration"))
     GetUserPoolMfaConfigResponse.add_member(:mfa_configuration, Shapes::ShapeRef.new(shape: UserPoolMfaType, location_name: "MfaConfiguration"))
     GetUserPoolMfaConfigResponse.struct_class = Types::GetUserPoolMfaConfigResponse
 
@@ -1655,6 +1669,7 @@ module Aws::CognitoIdentityProvider
 
     SetUserMFAPreferenceRequest.add_member(:sms_mfa_settings, Shapes::ShapeRef.new(shape: SMSMfaSettingsType, location_name: "SMSMfaSettings"))
     SetUserMFAPreferenceRequest.add_member(:software_token_mfa_settings, Shapes::ShapeRef.new(shape: SoftwareTokenMfaSettingsType, location_name: "SoftwareTokenMfaSettings"))
+    SetUserMFAPreferenceRequest.add_member(:email_mfa_settings, Shapes::ShapeRef.new(shape: EmailMfaSettingsType, location_name: "EmailMfaSettings"))
     SetUserMFAPreferenceRequest.add_member(:access_token, Shapes::ShapeRef.new(shape: TokenModelType, required: true, location_name: "AccessToken"))
     SetUserMFAPreferenceRequest.struct_class = Types::SetUserMFAPreferenceRequest
 
@@ -1663,11 +1678,13 @@ module Aws::CognitoIdentityProvider
     SetUserPoolMfaConfigRequest.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, required: true, location_name: "UserPoolId"))
     SetUserPoolMfaConfigRequest.add_member(:sms_mfa_configuration, Shapes::ShapeRef.new(shape: SmsMfaConfigType, location_name: "SmsMfaConfiguration"))
     SetUserPoolMfaConfigRequest.add_member(:software_token_mfa_configuration, Shapes::ShapeRef.new(shape: SoftwareTokenMfaConfigType, location_name: "SoftwareTokenMfaConfiguration"))
+    SetUserPoolMfaConfigRequest.add_member(:email_mfa_configuration, Shapes::ShapeRef.new(shape: EmailMfaConfigType, location_name: "EmailMfaConfiguration"))
     SetUserPoolMfaConfigRequest.add_member(:mfa_configuration, Shapes::ShapeRef.new(shape: UserPoolMfaType, location_name: "MfaConfiguration"))
     SetUserPoolMfaConfigRequest.struct_class = Types::SetUserPoolMfaConfigRequest
 
     SetUserPoolMfaConfigResponse.add_member(:sms_mfa_configuration, Shapes::ShapeRef.new(shape: SmsMfaConfigType, location_name: "SmsMfaConfiguration"))
     SetUserPoolMfaConfigResponse.add_member(:software_token_mfa_configuration, Shapes::ShapeRef.new(shape: SoftwareTokenMfaConfigType, location_name: "SoftwareTokenMfaConfiguration"))
+    SetUserPoolMfaConfigResponse.add_member(:email_mfa_configuration, Shapes::ShapeRef.new(shape: EmailMfaConfigType, location_name: "EmailMfaConfiguration"))
     SetUserPoolMfaConfigResponse.add_member(:mfa_configuration, Shapes::ShapeRef.new(shape: UserPoolMfaType, location_name: "MfaConfiguration"))
     SetUserPoolMfaConfigResponse.struct_class = Types::SetUserPoolMfaConfigResponse
 
@@ -2298,6 +2315,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: InvalidLambdaResponseException)
         o.errors << Shapes::ShapeRef.new(shape: MFAMethodNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleAccessPolicyException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidEmailRoleAccessPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
         o.errors << Shapes::ShapeRef.new(shape: PasswordResetRequiredException)
         o.errors << Shapes::ShapeRef.new(shape: UserNotFoundException)
@@ -2430,6 +2448,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: InvalidUserPoolConfigurationException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
         o.errors << Shapes::ShapeRef.new(shape: MFAMethodNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidEmailRoleAccessPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleAccessPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
         o.errors << Shapes::ShapeRef.new(shape: AliasExistsException)
@@ -3217,6 +3236,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleAccessPolicyException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidEmailRoleAccessPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
         o.errors << Shapes::ShapeRef.new(shape: ForbiddenException)
       end)
@@ -3450,6 +3470,7 @@ module Aws::CognitoIdentityProvider
         o.errors << Shapes::ShapeRef.new(shape: UserNotConfirmedException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleAccessPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidSmsRoleTrustRelationshipException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidEmailRoleAccessPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: AliasExistsException)
         o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
         o.errors << Shapes::ShapeRef.new(shape: SoftwareTokenMFANotFoundException)