aws-sdk-cognitoidentityprovider 1.43.0 → 1.48.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7b6ac655b806a0dc5a6704b845c9fbe080aa79366883d8dc5aa6803140571271
-  data.tar.gz: 18d558b605615d5c11b1fb2c96dc413942e7b84d7a02120470c90dd52922ddb5
+  metadata.gz: 2aeaf9e91919db21d3db364967058f99e7c3508600f788e6ccedcf549ffbb4db
+  data.tar.gz: 247f2a12b2c5fdec7817d2c632b260353a86c57e27b9c2b02b19c3097cee640e
 SHA512:
-  metadata.gz: 128c94db366737299919700d2691680916cca0411192984a7159d70f5040824bc38f4e189c138bc38f41cac0772c101fdceb53a93a2059fca290e6df7961d2f9
-  data.tar.gz: 0b4da76cd9964e0f7799fb0813c5af0c2d4c72cca42acbbbeb157261be7df8acb50952c57353bf15f05d8b6223cb6d01a04c1f31ece78f56973effbe8e5651f8
+  metadata.gz: 47fdb42508be0fdf33788ac955698025fbd692a769986b9074ca5be87f8dc32765984a98588987a844d65ec417a7d1f2327e4a1dd207619c57267206fc183b2e
+  data.tar.gz: 444db0a838c66192a31ff49bfc06968887d5fc0007e9e3d4da1d398955482c51d44246377a97d74e62987eeb986664d45cc0d67d511eb908987c64325a58a2e4

data/lib/aws-sdk-cognitoidentityprovider.rb

@@ -7,6 +7,7 @@
 #
 # WARNING ABOUT GENERATED CODE
 
+
 require 'aws-sdk-core'
 require 'aws-sigv4'
 
@@ -44,9 +45,9 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
 #
 # See {Errors} for more information.
 #
-# @service
+# @!group service
 module Aws::CognitoIdentityProvider
 
-  GEM_VERSION = '1.43.0'
+  GEM_VERSION = '1.48.0'
 
 end

data/lib/aws-sdk-cognitoidentityprovider/client.rb

@@ -85,13 +85,28 @@ module Aws::CognitoIdentityProvider
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
     #
+    #     * `Aws::SharedCredentials` - Used for loading static credentials from a
+    #       shared file, such as `~/.aws/config`.
+    #
+    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #
+    #     * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
+    #       assume a role after providing credentials via the web.
+    #
+    #     * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
+    #       access token generated from `aws login`.
+    #
+    #     * `Aws::ProcessCredentials` - Used for loading credentials from a
+    #       process that outputs to stdout.
+    #
     #     * `Aws::InstanceProfileCredentials` - Used for loading credentials
     #       from an EC2 IMDS on an EC2 instance.
     #
-    #     * `Aws::SharedCredentials` - Used for loading credentials from a
-    #       shared file, such as `~/.aws/config`.
+    #     * `Aws::ECSCredentials` - Used for loading credentials from
+    #       instances running in ECS.
     #
-    #     * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
+    #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
+    #       from the Cognito Identity service.
     #
     #     When `:credentials` are not configured directly, the following
     #     locations will be searched for credentials:
@@ -101,10 +116,10 @@ module Aws::CognitoIdentityProvider
     #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
     #     * `~/.aws/credentials`
     #     * `~/.aws/config`
-    #     * EC2 IMDS instance profile - When used by default, the timeouts are
-    #       very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentails` to enable retries and extended
-    #       timeouts.
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
+    #       are very aggressive. Construct and pass an instance of
+    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -2731,9 +2746,21 @@ module Aws::CognitoIdentityProvider
     #
     # @option params [String] :email_verification_message
     #   A string representing the email verification message.
+    #   EmailVerificationMessage is allowed only if [EmailSendingAccount][1]
+    #   is DEVELOPER.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
     #
     # @option params [String] :email_verification_subject
     #   A string representing the email verification subject.
+    #   EmailVerificationSubject is allowed only if [EmailSendingAccount][1]
+    #   is DEVELOPER.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
     #
     # @option params [Types::VerificationMessageTemplateType] :verification_message_template
     #   The template for the verification message that the user sees when the
@@ -2819,6 +2846,15 @@ module Aws::CognitoIdentityProvider
     #       verify_auth_challenge_response: "ArnType",
     #       pre_token_generation: "ArnType",
     #       user_migration: "ArnType",
+    #       custom_sms_sender: {
+    #         lambda_version: "V1_0", # required, accepts V1_0
+    #         lambda_arn: "ArnType", # required
+    #       },
+    #       custom_email_sender: {
+    #         lambda_version: "V1_0", # required, accepts V1_0
+    #         lambda_arn: "ArnType", # required
+    #       },
+    #       kms_key_id: "ArnType",
     #     },
     #     auto_verified_attributes: ["phone_number"], # accepts phone_number, email
     #     alias_attributes: ["phone_number"], # accepts phone_number, email, preferred_username
@@ -2916,6 +2952,11 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.lambda_config.verify_auth_challenge_response #=> String
     #   resp.user_pool.lambda_config.pre_token_generation #=> String
     #   resp.user_pool.lambda_config.user_migration #=> String
+    #   resp.user_pool.lambda_config.custom_sms_sender.lambda_version #=> String, one of "V1_0"
+    #   resp.user_pool.lambda_config.custom_sms_sender.lambda_arn #=> String
+    #   resp.user_pool.lambda_config.custom_email_sender.lambda_version #=> String, one of "V1_0"
+    #   resp.user_pool.lambda_config.custom_email_sender.lambda_arn #=> String
+    #   resp.user_pool.lambda_config.kms_key_id #=> String
     #   resp.user_pool.status #=> String, one of "Enabled", "Disabled"
     #   resp.user_pool.last_modified_date #=> Time
     #   resp.user_pool.creation_date #=> Time
@@ -3198,9 +3239,10 @@ module Aws::CognitoIdentityProvider
     #     allowed_o_auth_scopes: ["ScopeType"],
     #     allowed_o_auth_flows_user_pool_client: false,
     #     analytics_configuration: {
-    #       application_id: "HexStringType", # required
-    #       role_arn: "ArnType", # required
-    #       external_id: "StringType", # required
+    #       application_id: "HexStringType",
+    #       application_arn: "ArnType",
+    #       role_arn: "ArnType",
+    #       external_id: "StringType",
     #       user_data_shared: false,
     #     },
     #     prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
@@ -3239,6 +3281,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
     #   resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
     #   resp.user_pool_client.analytics_configuration.application_id #=> String
+    #   resp.user_pool_client.analytics_configuration.application_arn #=> String
     #   resp.user_pool_client.analytics_configuration.role_arn #=> String
     #   resp.user_pool_client.analytics_configuration.external_id #=> String
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
@@ -3729,6 +3772,11 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.lambda_config.verify_auth_challenge_response #=> String
     #   resp.user_pool.lambda_config.pre_token_generation #=> String
     #   resp.user_pool.lambda_config.user_migration #=> String
+    #   resp.user_pool.lambda_config.custom_sms_sender.lambda_version #=> String, one of "V1_0"
+    #   resp.user_pool.lambda_config.custom_sms_sender.lambda_arn #=> String
+    #   resp.user_pool.lambda_config.custom_email_sender.lambda_version #=> String, one of "V1_0"
+    #   resp.user_pool.lambda_config.custom_email_sender.lambda_arn #=> String
+    #   resp.user_pool.lambda_config.kms_key_id #=> String
     #   resp.user_pool.status #=> String, one of "Enabled", "Disabled"
     #   resp.user_pool.last_modified_date #=> Time
     #   resp.user_pool.creation_date #=> Time
@@ -3849,6 +3897,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
     #   resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
     #   resp.user_pool_client.analytics_configuration.application_id #=> String
+    #   resp.user_pool_client.analytics_configuration.application_arn #=> String
     #   resp.user_pool_client.analytics_configuration.role_arn #=> String
     #   resp.user_pool_client.analytics_configuration.external_id #=> String
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
@@ -4979,6 +5028,11 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pools[0].lambda_config.verify_auth_challenge_response #=> String
     #   resp.user_pools[0].lambda_config.pre_token_generation #=> String
     #   resp.user_pools[0].lambda_config.user_migration #=> String
+    #   resp.user_pools[0].lambda_config.custom_sms_sender.lambda_version #=> String, one of "V1_0"
+    #   resp.user_pools[0].lambda_config.custom_sms_sender.lambda_arn #=> String
+    #   resp.user_pools[0].lambda_config.custom_email_sender.lambda_version #=> String, one of "V1_0"
+    #   resp.user_pools[0].lambda_config.custom_email_sender.lambda_arn #=> String
+    #   resp.user_pools[0].lambda_config.kms_key_id #=> String
     #   resp.user_pools[0].status #=> String, one of "Enabled", "Disabled"
     #   resp.user_pools[0].last_modified_date #=> Time
     #   resp.user_pools[0].creation_date #=> Time
@@ -5601,7 +5655,12 @@ module Aws::CognitoIdentityProvider
     # one factor can be set as preferred. The preferred MFA factor will be
     # used to authenticate a user if multiple factors are enabled. If
     # multiple options are enabled and no preference is set, a challenge to
-    # choose an MFA option will be returned during sign in.
+    # choose an MFA option will be returned during sign in. If an MFA type
+    # is enabled for a user, the user will be prompted for MFA during all
+    # sign in attempts, unless device tracking is turned on and the device
+    # has been trusted. If you would like MFA to be applied selectively
+    # based on the assessed risk level of sign in attempts, disable MFA for
+    # users and turn on Adaptive Authentication for the user pool.
     #
     # @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
     #   The SMS text message multi-factor authentication (MFA) settings.
@@ -6464,6 +6523,15 @@ module Aws::CognitoIdentityProvider
     #       verify_auth_challenge_response: "ArnType",
     #       pre_token_generation: "ArnType",
     #       user_migration: "ArnType",
+    #       custom_sms_sender: {
+    #         lambda_version: "V1_0", # required, accepts V1_0
+    #         lambda_arn: "ArnType", # required
+    #       },
+    #       custom_email_sender: {
+    #         lambda_version: "V1_0", # required, accepts V1_0
+    #         lambda_arn: "ArnType", # required
+    #       },
+    #       kms_key_id: "ArnType",
     #     },
     #     auto_verified_attributes: ["phone_number"], # accepts phone_number, email
     #     sms_verification_message: "SmsVerificationMessageType",
@@ -6735,9 +6803,10 @@ module Aws::CognitoIdentityProvider
     #     allowed_o_auth_scopes: ["ScopeType"],
     #     allowed_o_auth_flows_user_pool_client: false,
     #     analytics_configuration: {
-    #       application_id: "HexStringType", # required
-    #       role_arn: "ArnType", # required
-    #       external_id: "StringType", # required
+    #       application_id: "HexStringType",
+    #       application_arn: "ArnType",
+    #       role_arn: "ArnType",
+    #       external_id: "StringType",
     #       user_data_shared: false,
     #     },
     #     prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
@@ -6776,6 +6845,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.allowed_o_auth_scopes[0] #=> String
     #   resp.user_pool_client.allowed_o_auth_flows_user_pool_client #=> Boolean
     #   resp.user_pool_client.analytics_configuration.application_id #=> String
+    #   resp.user_pool_client.analytics_configuration.application_arn #=> String
     #   resp.user_pool_client.analytics_configuration.role_arn #=> String
     #   resp.user_pool_client.analytics_configuration.external_id #=> String
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
@@ -6962,7 +7032,7 @@ module Aws::CognitoIdentityProvider
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.43.0'
+      context[:gem_version] = '1.48.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cognitoidentityprovider/client_api.rb

@@ -149,6 +149,10 @@ module Aws::CognitoIdentityProvider
     CustomAttributeNameType = Shapes::StringShape.new(name: 'CustomAttributeNameType')
     CustomAttributesListType = Shapes::ListShape.new(name: 'CustomAttributesListType')
     CustomDomainConfigType = Shapes::StructureShape.new(name: 'CustomDomainConfigType')
+    CustomEmailLambdaVersionConfigType = Shapes::StructureShape.new(name: 'CustomEmailLambdaVersionConfigType')
+    CustomEmailSenderLambdaVersionType = Shapes::StringShape.new(name: 'CustomEmailSenderLambdaVersionType')
+    CustomSMSLambdaVersionConfigType = Shapes::StructureShape.new(name: 'CustomSMSLambdaVersionConfigType')
+    CustomSMSSenderLambdaVersionType = Shapes::StringShape.new(name: 'CustomSMSSenderLambdaVersionType')
     DateType = Shapes::TimestampShape.new(name: 'DateType')
     DefaultEmailOptionType = Shapes::StringShape.new(name: 'DefaultEmailOptionType')
     DeleteGroupRequest = Shapes::StructureShape.new(name: 'DeleteGroupRequest')
@@ -713,9 +717,10 @@ module Aws::CognitoIdentityProvider
     AliasExistsException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))
     AliasExistsException.struct_class = Types::AliasExistsException
 
-    AnalyticsConfigurationType.add_member(:application_id, Shapes::ShapeRef.new(shape: HexStringType, required: true, location_name: "ApplicationId"))
-    AnalyticsConfigurationType.add_member(:role_arn, Shapes::ShapeRef.new(shape: ArnType, required: true, location_name: "RoleArn"))
-    AnalyticsConfigurationType.add_member(:external_id, Shapes::ShapeRef.new(shape: StringType, required: true, location_name: "ExternalId"))
+    AnalyticsConfigurationType.add_member(:application_id, Shapes::ShapeRef.new(shape: HexStringType, location_name: "ApplicationId"))
+    AnalyticsConfigurationType.add_member(:application_arn, Shapes::ShapeRef.new(shape: ArnType, location_name: "ApplicationArn"))
+    AnalyticsConfigurationType.add_member(:role_arn, Shapes::ShapeRef.new(shape: ArnType, location_name: "RoleArn"))
+    AnalyticsConfigurationType.add_member(:external_id, Shapes::ShapeRef.new(shape: StringType, location_name: "ExternalId"))
     AnalyticsConfigurationType.add_member(:user_data_shared, Shapes::ShapeRef.new(shape: BooleanType, location_name: "UserDataShared"))
     AnalyticsConfigurationType.struct_class = Types::AnalyticsConfigurationType
 
@@ -956,6 +961,14 @@ module Aws::CognitoIdentityProvider
     CustomDomainConfigType.add_member(:certificate_arn, Shapes::ShapeRef.new(shape: ArnType, required: true, location_name: "CertificateArn"))
     CustomDomainConfigType.struct_class = Types::CustomDomainConfigType
 
+    CustomEmailLambdaVersionConfigType.add_member(:lambda_version, Shapes::ShapeRef.new(shape: CustomEmailSenderLambdaVersionType, required: true, location_name: "LambdaVersion"))
+    CustomEmailLambdaVersionConfigType.add_member(:lambda_arn, Shapes::ShapeRef.new(shape: ArnType, required: true, location_name: "LambdaArn"))
+    CustomEmailLambdaVersionConfigType.struct_class = Types::CustomEmailLambdaVersionConfigType
+
+    CustomSMSLambdaVersionConfigType.add_member(:lambda_version, Shapes::ShapeRef.new(shape: CustomSMSSenderLambdaVersionType, required: true, location_name: "LambdaVersion"))
+    CustomSMSLambdaVersionConfigType.add_member(:lambda_arn, Shapes::ShapeRef.new(shape: ArnType, required: true, location_name: "LambdaArn"))
+    CustomSMSLambdaVersionConfigType.struct_class = Types::CustomSMSLambdaVersionConfigType
+
     DeleteGroupRequest.add_member(:group_name, Shapes::ShapeRef.new(shape: GroupNameType, required: true, location_name: "GroupName"))
     DeleteGroupRequest.add_member(:user_pool_id, Shapes::ShapeRef.new(shape: UserPoolIdType, required: true, location_name: "UserPoolId"))
     DeleteGroupRequest.struct_class = Types::DeleteGroupRequest
@@ -1273,6 +1286,9 @@ module Aws::CognitoIdentityProvider
     LambdaConfigType.add_member(:verify_auth_challenge_response, Shapes::ShapeRef.new(shape: ArnType, location_name: "VerifyAuthChallengeResponse"))
     LambdaConfigType.add_member(:pre_token_generation, Shapes::ShapeRef.new(shape: ArnType, location_name: "PreTokenGeneration"))
     LambdaConfigType.add_member(:user_migration, Shapes::ShapeRef.new(shape: ArnType, location_name: "UserMigration"))
+    LambdaConfigType.add_member(:custom_sms_sender, Shapes::ShapeRef.new(shape: CustomSMSLambdaVersionConfigType, location_name: "CustomSMSSender"))
+    LambdaConfigType.add_member(:custom_email_sender, Shapes::ShapeRef.new(shape: CustomEmailLambdaVersionConfigType, location_name: "CustomEmailSender"))
+    LambdaConfigType.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: ArnType, location_name: "KMSKeyID"))
     LambdaConfigType.struct_class = Types::LambdaConfigType
 
     LimitExceededException.add_member(:message, Shapes::ShapeRef.new(shape: MessageType, location_name: "message"))

data/lib/aws-sdk-cognitoidentityprovider/types.rb

@@ -2181,9 +2181,10 @@ module Aws::CognitoIdentityProvider
     #   data as a hash:
     #
     #       {
-    #         application_id: "HexStringType", # required
-    #         role_arn: "ArnType", # required
-    #         external_id: "StringType", # required
+    #         application_id: "HexStringType",
+    #         application_arn: "ArnType",
+    #         role_arn: "ArnType",
+    #         external_id: "StringType",
     #         user_data_shared: false,
     #       }
     #
@@ -2191,6 +2192,13 @@ module Aws::CognitoIdentityProvider
     #   The application ID for an Amazon Pinpoint application.
     #   @return [String]
     #
+    # @!attribute [rw] application_arn
+    #   The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You
+    #   can use the Amazon Pinpoint project for Pinpoint integration with
+    #   the chosen User Pool Client. Amazon Cognito publishes events to the
+    #   pinpoint project declared by the app ARN.
+    #   @return [String]
+    #
     # @!attribute [rw] role_arn
     #   The ARN of an IAM role that authorizes Amazon Cognito to publish
     #   events to Amazon Pinpoint analytics.
@@ -2209,6 +2217,7 @@ module Aws::CognitoIdentityProvider
     #
     class AnalyticsConfigurationType < Struct.new(
       :application_id,
+      :application_arn,
       :role_arn,
       :external_id,
       :user_data_shared)
@@ -3278,9 +3287,10 @@ module Aws::CognitoIdentityProvider
     #         allowed_o_auth_scopes: ["ScopeType"],
     #         allowed_o_auth_flows_user_pool_client: false,
     #         analytics_configuration: {
-    #           application_id: "HexStringType", # required
-    #           role_arn: "ArnType", # required
-    #           external_id: "StringType", # required
+    #           application_id: "HexStringType",
+    #           application_arn: "ArnType",
+    #           role_arn: "ArnType",
+    #           external_id: "StringType",
     #           user_data_shared: false,
     #         },
     #         prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
@@ -3618,6 +3628,15 @@ module Aws::CognitoIdentityProvider
     #           verify_auth_challenge_response: "ArnType",
     #           pre_token_generation: "ArnType",
     #           user_migration: "ArnType",
+    #           custom_sms_sender: {
+    #             lambda_version: "V1_0", # required, accepts V1_0
+    #             lambda_arn: "ArnType", # required
+    #           },
+    #           custom_email_sender: {
+    #             lambda_version: "V1_0", # required, accepts V1_0
+    #             lambda_arn: "ArnType", # required
+    #           },
+    #           kms_key_id: "ArnType",
     #         },
     #         auto_verified_attributes: ["phone_number"], # accepts phone_number, email
     #         alias_attributes: ["phone_number"], # accepts phone_number, email, preferred_username
@@ -3747,10 +3766,22 @@ module Aws::CognitoIdentityProvider
     #
     # @!attribute [rw] email_verification_message
     #   A string representing the email verification message.
+    #   EmailVerificationMessage is allowed only if [EmailSendingAccount][1]
+    #   is DEVELOPER.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
     #   @return [String]
     #
     # @!attribute [rw] email_verification_subject
     #   A string representing the email verification subject.
+    #   EmailVerificationSubject is allowed only if [EmailSendingAccount][1]
+    #   is DEVELOPER.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
     #   @return [String]
     #
     # @!attribute [rw] verification_message_template
@@ -3888,6 +3919,66 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
+    # A custom email sender Lambda configuration type.
+    #
+    # @note When making an API call, you may pass CustomEmailLambdaVersionConfigType
+    #   data as a hash:
+    #
+    #       {
+    #         lambda_version: "V1_0", # required, accepts V1_0
+    #         lambda_arn: "ArnType", # required
+    #       }
+    #
+    # @!attribute [rw] lambda_version
+    #   The Lambda version represents the signature of the "request"
+    #   attribute in the "event" information Amazon Cognito passes to your
+    #   custom email Lambda function. The only supported value is `V1_0`.
+    #   @return [String]
+    #
+    # @!attribute [rw] lambda_arn
+    #   The Lambda Amazon Resource Name of the Lambda function that Amazon
+    #   Cognito triggers to send email notifications to users.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CustomEmailLambdaVersionConfigType AWS API Documentation
+    #
+    class CustomEmailLambdaVersionConfigType < Struct.new(
+      :lambda_version,
+      :lambda_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A custom SMS sender Lambda configuration type.
+    #
+    # @note When making an API call, you may pass CustomSMSLambdaVersionConfigType
+    #   data as a hash:
+    #
+    #       {
+    #         lambda_version: "V1_0", # required, accepts V1_0
+    #         lambda_arn: "ArnType", # required
+    #       }
+    #
+    # @!attribute [rw] lambda_version
+    #   The Lambda version represents the signature of the "request"
+    #   attribute in the "event" information Amazon Cognito passes to your
+    #   custom SMS Lambda function. The only supported value is `V1_0`.
+    #   @return [String]
+    #
+    # @!attribute [rw] lambda_arn
+    #   The Lambda Amazon Resource Name of the Lambda function that Amazon
+    #   Cognito triggers to send SMS notifications to users.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CustomSMSLambdaVersionConfigType AWS API Documentation
+    #
+    class CustomSMSLambdaVersionConfigType < Struct.new(
+      :lambda_version,
+      :lambda_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteGroupRequest
     #   data as a hash:
     #
@@ -4518,6 +4609,16 @@ module Aws::CognitoIdentityProvider
 
     # The email configuration type.
     #
+    # <note markdown="1"> Amazon Cognito has specific regions for use with Amazon SES. For more
+    # information on the supported regions, see [Email Settings for Amazon
+    # Cognito User Pools][1].
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html
+    #
     # @note When making an API call, you may pass EmailConfigurationType
     #   data as a hash:
     #
@@ -4570,6 +4671,29 @@ module Aws::CognitoIdentityProvider
     #     customize the FROM address, provide the ARN of an Amazon SES
     #     verified email address for the `SourceArn` parameter.
     #
+    #     If EmailSendingAccount is COGNITO\_DEFAULT, the following
+    #     parameters aren't allowed:
+    #
+    #     * EmailVerificationMessage
+    #
+    #     * EmailVerificationSubject
+    #
+    #     * InviteMessageTemplate.EmailMessage
+    #
+    #     * InviteMessageTemplate.EmailSubject
+    #
+    #     * VerificationMessageTemplate.EmailMessage
+    #
+    #     * VerificationMessageTemplate.EmailMessageByLink
+    #
+    #     * VerificationMessageTemplate.EmailSubject,
+    #
+    #     * VerificationMessageTemplate.EmailSubjectByLink
+    #
+    #     <note markdown="1"> DEVELOPER EmailSendingAccount is required.
+    #
+    #      </note>
+    #
     #   DEVELOPER
     #
     #   : When Amazon Cognito emails your users, it uses your Amazon SES
@@ -5965,6 +6089,15 @@ module Aws::CognitoIdentityProvider
     #         verify_auth_challenge_response: "ArnType",
     #         pre_token_generation: "ArnType",
     #         user_migration: "ArnType",
+    #         custom_sms_sender: {
+    #           lambda_version: "V1_0", # required, accepts V1_0
+    #           lambda_arn: "ArnType", # required
+    #         },
+    #         custom_email_sender: {
+    #           lambda_version: "V1_0", # required, accepts V1_0
+    #           lambda_arn: "ArnType", # required
+    #         },
+    #         kms_key_id: "ArnType",
     #       }
     #
     # @!attribute [rw] pre_sign_up
@@ -6007,6 +6140,21 @@ module Aws::CognitoIdentityProvider
     #   The user migration Lambda config type.
     #   @return [String]
     #
+    # @!attribute [rw] custom_sms_sender
+    #   A custom SMS sender AWS Lambda trigger.
+    #   @return [Types::CustomSMSLambdaVersionConfigType]
+    #
+    # @!attribute [rw] custom_email_sender
+    #   A custom email sender AWS Lambda trigger.
+    #   @return [Types::CustomEmailLambdaVersionConfigType]
+    #
+    # @!attribute [rw] kms_key_id
+    #   The Amazon Resource Name of Key Management Service [Customer master
+    #   keys](/kms/latest/developerguide/concepts.html#master_keys) . Amazon
+    #   Cognito uses the key to encrypt codes and temporary passwords sent
+    #   to `CustomEmailSender` and `CustomSMSSender`.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/LambdaConfigType AWS API Documentation
     #
     class LambdaConfigType < Struct.new(
@@ -6019,7 +6167,10 @@ module Aws::CognitoIdentityProvider
       :create_auth_challenge,
       :verify_auth_challenge_response,
       :pre_token_generation,
-      :user_migration)
+      :user_migration,
+      :custom_sms_sender,
+      :custom_email_sender,
+      :kms_key_id)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6680,11 +6831,21 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] email_message
-    #   The message template for email messages.
+    #   The message template for email messages. EmailMessage is allowed
+    #   only if [EmailSendingAccount][1] is DEVELOPER.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
     #   @return [String]
     #
     # @!attribute [rw] email_subject
-    #   The subject line for email messages.
+    #   The subject line for email messages. EmailSubject is allowed only if
+    #   [EmailSendingAccount][1] is DEVELOPER.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/MessageTemplateType AWS API Documentation
@@ -7489,7 +7650,13 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
-    # The type used for enabling SMS MFA at the user level.
+    # The type used for enabling SMS MFA at the user level. Phone numbers
+    # don't need to be verified to be used for SMS MFA. If an MFA type is
+    # enabled for a user, the user will be prompted for MFA during all sign
+    # in attempts, unless device tracking is turned on and the device has
+    # been trusted. If you would like MFA to be applied selectively based on
+    # the assessed risk level of sign in attempts, disable MFA for users and
+    # turn on Adaptive Authentication for the user pool.
     #
     # @note When making an API call, you may pass SMSMfaSettingsType
     #   data as a hash:
@@ -7500,7 +7667,10 @@ module Aws::CognitoIdentityProvider
     #       }
     #
     # @!attribute [rw] enabled
-    #   Specifies whether SMS text message MFA is enabled.
+    #   Specifies whether SMS text message MFA is enabled. If an MFA type is
+    #   enabled for a user, the user will be prompted for MFA during all
+    #   sign in attempts, unless device tracking is turned on and the device
+    #   has been trusted.
     #   @return [Boolean]
     #
     # @!attribute [rw] preferred_mfa
@@ -8109,7 +8279,12 @@ module Aws::CognitoIdentityProvider
     # @!attribute [rw] sns_caller_arn
     #   The Amazon Resource Name (ARN) of the Amazon Simple Notification
     #   Service (SNS) caller. This is the ARN of the IAM role in your AWS
-    #   account which Cognito will use to send SMS messages.
+    #   account which Cognito will use to send SMS messages. SMS messages
+    #   are subject to a [spending limit][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html
     #   @return [String]
     #
     # @!attribute [rw] external_id
@@ -8202,7 +8377,13 @@ module Aws::CognitoIdentityProvider
       include Aws::Structure
     end
 
-    # The type used for enabling software token MFA at the user level.
+    # The type used for enabling software token MFA at the user level. If an
+    # MFA type is enabled for a user, the user will be prompted for MFA
+    # during all sign in attempts, unless device tracking is turned on and
+    # the device has been trusted. If you would like MFA to be applied
+    # selectively based on the assessed risk level of sign in attempts,
+    # disable MFA for users and turn on Adaptive Authentication for the user
+    # pool.
     #
     # @note When making an API call, you may pass SoftwareTokenMfaSettingsType
     #   data as a hash:
@@ -8213,7 +8394,10 @@ module Aws::CognitoIdentityProvider
     #       }
     #
     # @!attribute [rw] enabled
-    #   Specifies whether software token MFA is enabled.
+    #   Specifies whether software token MFA is enabled. If an MFA type is
+    #   enabled for a user, the user will be prompted for MFA during all
+    #   sign in attempts, unless device tracking is turned on and the device
+    #   has been trusted.
     #   @return [Boolean]
     #
     # @!attribute [rw] preferred_mfa
@@ -8945,9 +9129,10 @@ module Aws::CognitoIdentityProvider
     #         allowed_o_auth_scopes: ["ScopeType"],
     #         allowed_o_auth_flows_user_pool_client: false,
     #         analytics_configuration: {
-    #           application_id: "HexStringType", # required
-    #           role_arn: "ArnType", # required
-    #           external_id: "StringType", # required
+    #           application_id: "HexStringType",
+    #           application_arn: "ArnType",
+    #           role_arn: "ArnType",
+    #           external_id: "StringType",
     #           user_data_shared: false,
     #         },
     #         prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
@@ -9270,6 +9455,15 @@ module Aws::CognitoIdentityProvider
     #           verify_auth_challenge_response: "ArnType",
     #           pre_token_generation: "ArnType",
     #           user_migration: "ArnType",
+    #           custom_sms_sender: {
+    #             lambda_version: "V1_0", # required, accepts V1_0
+    #             lambda_arn: "ArnType", # required
+    #           },
+    #           custom_email_sender: {
+    #             lambda_version: "V1_0", # required, accepts V1_0
+    #             lambda_arn: "ArnType", # required
+    #           },
+    #           kms_key_id: "ArnType",
     #         },
     #         auto_verified_attributes: ["phone_number"], # accepts phone_number, email
     #         sms_verification_message: "SmsVerificationMessageType",
@@ -10336,21 +10530,41 @@ module Aws::CognitoIdentityProvider
     #   @return [String]
     #
     # @!attribute [rw] email_message
-    #   The email message template.
+    #   The email message template. EmailMessage is allowed only if [
+    #   EmailSendingAccount][1] is DEVELOPER.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
     #   @return [String]
     #
     # @!attribute [rw] email_subject
-    #   The subject line for the email message template.
+    #   The subject line for the email message template. EmailSubject is
+    #   allowed only if [EmailSendingAccount][1] is DEVELOPER.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
     #   @return [String]
     #
     # @!attribute [rw] email_message_by_link
     #   The email message template for sending a confirmation link to the
-    #   user.
+    #   user. EmailMessageByLink is allowed only if [
+    #   EmailSendingAccount][1] is DEVELOPER.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
     #   @return [String]
     #
     # @!attribute [rw] email_subject_by_link
     #   The subject line for the email message template for sending a
-    #   confirmation link to the user.
+    #   confirmation link to the user. EmailSubjectByLink is allowed only [
+    #   EmailSendingAccount][1] is DEVELOPER.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_EmailConfigurationType.html#CognitoUserPools-Type-EmailConfigurationType-EmailSendingAccount
     #   @return [String]
     #
     # @!attribute [rw] default_email_option

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cognitoidentityprovider
 version: !ruby/object:Gem::Version
-  version: 1.43.0
+  version: 1.48.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-13 00:00:00.000000000 Z
+date: 2020-11-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.109.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.109.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement