aws-sdk-cognitoidentityprovider 1.50.0 → 1.54.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2a2ad06d5689bad34d9a5f7ff0e885838ea1cf89e5cbfe396818ca00712074cd
-  data.tar.gz: ee20b6499bd2880d2db93ad9f32878a10d9161ee2463b15cdd152262c3e6ce12
+  metadata.gz: 620c9a34714d58754d0b3478702e781db005442b730ec54a3bac40412289d4f7
+  data.tar.gz: 77a670ca0c6ff8d35bf69dc80530dc74358229081c28fb10a4b4ce127424c78d
 SHA512:
-  metadata.gz: 8f19c84d71d568deedb942a51d791d0e90cfe0edf50e3d9cb8bdbe6dcc24339132afff2b8f0183e0dc41cc90272fd7ff9dc76493becf42e95b6eca99b18fcf3f
-  data.tar.gz: 61f84679de160e86a4bf502543d866cab182a660dc5d55517de61c1f31280a38399df959fb5be7d991f87836519bd075c185377b87248e7e12a6e74a79b9bbfb
+  metadata.gz: 2ec23af280652510382d2eb11aedd05281aa9ca7037dc6f7ca3cbc3b36b4d8572d3d0f203fa196be8dc76dccdfa84f892218327ae0fe7df078db98d75c4670e5
+  data.tar.gz: 2d60ab479fdae25acc0ce6920f3f72ab6a843bc4ec3edd4b5d9ce5b23f03da8059d4749f94667ca5de1e1542c198a9f470cfa7480248e59abe52532c6f5ea7d2

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.54.0 (2021-07-15)
+------------------
+
+* Feature - Documentation updates for cognito-idp
+
+1.53.0 (2021-06-10)
+------------------
+
+* Feature - Amazon Cognito now supports targeted sign out through refresh token revocation
+
+1.52.0 (2021-06-08)
+------------------
+
+* Feature - Documentation updates for cognito-idp
+
+1.51.0 (2021-04-22)
+------------------
+
+* Feature - Documentation updates for cognito-idp
+
 1.50.0 (2021-03-10)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.50.0
+1.54.0

data/lib/aws-sdk-cognitoidentityprovider.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-cognitoidentityprovider/customizations'
 # @!group service
 module Aws::CognitoIdentityProvider
 
-  GEM_VERSION = '1.50.0'
+  GEM_VERSION = '1.54.0'
 
 end

data/lib/aws-sdk-cognitoidentityprovider/client.rb

@@ -428,14 +428,14 @@ module Aws::CognitoIdentityProvider
     #   custom workflows that this action triggers.
     #
     #   If your user pool configuration includes triggers, the
-    #   AdminConfirmSignUp API action invokes the AWS Lambda function that is
+    #   AdminConfirmSignUp API action invokes the Lambda function that is
     #   specified for the *post confirmation* trigger. When Amazon Cognito
     #   invokes this function, it passes a JSON payload, which the function
     #   receives as input. In this payload, the `clientMetadata` attribute
     #   provides the data that you assigned to the ClientMetadata parameter in
-    #   your AdminConfirmSignUp request. In your function code in AWS Lambda,
-    #   you can process the ClientMetadata value to enhance your workflow for
-    #   your specific needs.
+    #   your AdminConfirmSignUp request. In your function code in Lambda, you
+    #   can process the ClientMetadata value to enhance your workflow for your
+    #   specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with Lambda
     #   Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -444,9 +444,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -486,6 +486,27 @@ module Aws::CognitoIdentityProvider
     # If `MessageAction` is not set, the default is to send a welcome
     # message via email or phone (SMS).
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][1]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][2] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
     # This message is based on a template that you configured in your call
     # to create or update a user pool. This template includes your custom
     # sign-up instructions and placeholders for user name and temporary
@@ -499,6 +520,11 @@ module Aws::CognitoIdentityProvider
     #
     # `AdminCreateUser` requires developer credentials.
     #
+    #
+    #
+    # [1]: https://console.aws.amazon.com/pinpoint/home/
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
+    #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool where the user will be created.
     #
@@ -604,14 +630,14 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for any
     #   custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the AdminCreateUser API action, Amazon
-    #   Cognito invokes the function that is assigned to the *pre sign-up*
-    #   trigger. When Amazon Cognito invokes this function, it passes a JSON
-    #   payload, which the function receives as input. This payload contains a
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the AdminCreateUser API action, Amazon Cognito
+    #   invokes the function that is assigned to the *pre sign-up* trigger.
+    #   When Amazon Cognito invokes this function, it passes a JSON payload,
+    #   which the function receives as input. This payload contains a
     #   `clientMetadata` attribute, which provides the data that you assigned
     #   to the ClientMetadata parameter in your AdminCreateUser request. In
-    #   your function code in AWS Lambda, you can process the `clientMetadata`
+    #   your function code in Lambda, you can process the `clientMetadata`
     #   value to enhance your workflow for your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with Lambda
@@ -621,9 +647,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -1015,8 +1041,34 @@ module Aws::CognitoIdentityProvider
 
     # Initiates the authentication flow, as an administrator.
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][1]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][2] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
     # Calling this action requires developer credentials.
     #
+    #
+    #
+    # [1]: https://console.aws.amazon.com/pinpoint/home/
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
+    #
     # @option params [required, String] :user_pool_id
     #   The ID of the Amazon Cognito user pool.
     #
@@ -1087,11 +1139,11 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   certain custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the AdminInitiateAuth API action, Amazon
-    #   Cognito invokes the AWS Lambda functions that are specified for
-    #   various triggers. The ClientMetadata value is passed as input to the
-    #   functions for only the following triggers:
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the AdminInitiateAuth API action, Amazon
+    #   Cognito invokes the Lambda functions that are specified for various
+    #   triggers. The ClientMetadata value is passed as input to the functions
+    #   for only the following triggers:
     #
     #   * Pre signup
     #
@@ -1103,9 +1155,9 @@ module Aws::CognitoIdentityProvider
     #   passes a JSON payload, which the function receives as input. This
     #   payload contains a `validationData` attribute, which provides the data
     #   that you assigned to the ClientMetadata parameter in your
-    #   AdminInitiateAuth request. In your function code in AWS Lambda, you
-    #   can process the `validationData` value to enhance your workflow for
-    #   your specific needs.
+    #   AdminInitiateAuth request. In your function code in Lambda, you can
+    #   process the `validationData` value to enhance your workflow for your
+    #   specific needs.
     #
     #   When you use the AdminInitiateAuth API action, Amazon Cognito also
     #   invokes the functions for the following triggers, but it does not
@@ -1130,9 +1182,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -1526,8 +1578,34 @@ module Aws::CognitoIdentityProvider
     # in sending a message to the end user with the code to change their
     # password.
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][1]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][2] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
     # Calling this action requires developer credentials.
     #
+    #
+    #
+    # [1]: https://console.aws.amazon.com/pinpoint/home/
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
+    #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool where you want to reset the user's
     #   password.
@@ -1539,16 +1617,16 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for any
     #   custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the AdminResetUserPassword API action,
-    #   Amazon Cognito invokes the function that is assigned to the *custom
-    #   message* trigger. When Amazon Cognito invokes this function, it passes
-    #   a JSON payload, which the function receives as input. This payload
-    #   contains a `clientMetadata` attribute, which provides the data that
-    #   you assigned to the ClientMetadata parameter in your
-    #   AdminResetUserPassword request. In your function code in AWS Lambda,
-    #   you can process the `clientMetadata` value to enhance your workflow
-    #   for your specific needs.
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the AdminResetUserPassword API action, Amazon
+    #   Cognito invokes the function that is assigned to the *custom message*
+    #   trigger. When Amazon Cognito invokes this function, it passes a JSON
+    #   payload, which the function receives as input. This payload contains a
+    #   `clientMetadata` attribute, which provides the data that you assigned
+    #   to the ClientMetadata parameter in your AdminResetUserPassword
+    #   request. In your function code in Lambda, you can process the
+    #   `clientMetadata` value to enhance your workflow for your specific
+    #   needs.
     #
     #   For more information, see [Customizing User Pool Workflows with Lambda
     #   Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -1557,9 +1635,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -1596,8 +1674,34 @@ module Aws::CognitoIdentityProvider
 
     # Responds to an authentication challenge, as an administrator.
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][1]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][2] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
     # Calling this action requires developer credentials.
     #
+    #
+    #
+    # [1]: https://console.aws.amazon.com/pinpoint/home/
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
+    #
     # @option params [required, String] :user_pool_id
     #   The ID of the Amazon Cognito user pool.
     #
@@ -1629,6 +1733,9 @@ module Aws::CognitoIdentityProvider
     #     attributes, `USERNAME`, `SECRET_HASH` (if app client is configured
     #     with client secret).
     #
+    #   * `MFA_SETUP` requires `USERNAME`, plus you need to use the session
+    #     value returned by `VerifySoftwareToken` in the `Session` parameter.
+    #
     #   The value of the `USERNAME` attribute must be the user's actual
     #   username, not an alias (such as email address or phone number). To
     #   make this easier, the `AdminInitiateAuth` response includes the actual
@@ -1656,9 +1763,9 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for any
     #   custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the AdminRespondToAuthChallenge API
-    #   action, Amazon Cognito invokes any functions that are assigned to the
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the AdminRespondToAuthChallenge API action,
+    #   Amazon Cognito invokes any functions that are assigned to the
     #   following triggers: *pre sign-up*, *custom message*, *post
     #   authentication*, *user migration*, *pre token generation*, *define
     #   auth challenge*, *create auth challenge*, and *verify auth challenge
@@ -1666,9 +1773,9 @@ module Aws::CognitoIdentityProvider
     #   passes a JSON payload, which the function receives as input. This
     #   payload contains a `clientMetadata` attribute, which provides the data
     #   that you assigned to the ClientMetadata parameter in your
-    #   AdminRespondToAuthChallenge request. In your function code in AWS
-    #   Lambda, you can process the `clientMetadata` value to enhance your
-    #   workflow for your specific needs.
+    #   AdminRespondToAuthChallenge request. In your function code in Lambda,
+    #   you can process the `clientMetadata` value to enhance your workflow
+    #   for your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with Lambda
     #   Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -1677,9 +1784,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -1971,8 +2078,34 @@ module Aws::CognitoIdentityProvider
     # In addition to updating user attributes, this API can also be used to
     # mark phone and email as verified.
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][1]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][2] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
     # Calling this action requires developer credentials.
     #
+    #
+    #
+    # [1]: https://console.aws.amazon.com/pinpoint/home/
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
+    #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool where you want to update user
     #   attributes.
@@ -1990,16 +2123,16 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for any
     #   custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the AdminUpdateUserAttributes API action,
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the AdminUpdateUserAttributes API action,
     #   Amazon Cognito invokes the function that is assigned to the *custom
     #   message* trigger. When Amazon Cognito invokes this function, it passes
     #   a JSON payload, which the function receives as input. This payload
     #   contains a `clientMetadata` attribute, which provides the data that
     #   you assigned to the ClientMetadata parameter in your
-    #   AdminUpdateUserAttributes request. In your function code in AWS
-    #   Lambda, you can process the `clientMetadata` value to enhance your
-    #   workflow for your specific needs.
+    #   AdminUpdateUserAttributes request. In your function code in Lambda,
+    #   you can process the `clientMetadata` value to enhance your workflow
+    #   for your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with Lambda
     #   Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -2008,9 +2141,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -2086,6 +2219,16 @@ module Aws::CognitoIdentityProvider
     # account. The request takes an access token or a session string, but
     # not both.
     #
+    # <note markdown="1"> Calling AssociateSoftwareToken immediately disassociates the existing
+    # software token from the user account. If the user doesn't
+    # subsequently verify the software token, their account is essentially
+    # set up to authenticate without MFA. If MFA config is set to Optional
+    # at the user pool level, the user can then login without MFA. However,
+    # if MFA is set to Required for the user pool, the user will be asked to
+    # setup a new software token MFA during sign in.
+    #
+    #  </note>
+    #
     # @option params [String] :access_token
     #   The access token.
     #
@@ -2234,16 +2377,16 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for any
     #   custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the ConfirmForgotPassword API action,
-    #   Amazon Cognito invokes the function that is assigned to the *post
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the ConfirmForgotPassword API action, Amazon
+    #   Cognito invokes the function that is assigned to the *post
     #   confirmation* trigger. When Amazon Cognito invokes this function, it
     #   passes a JSON payload, which the function receives as input. This
     #   payload contains a `clientMetadata` attribute, which provides the data
     #   that you assigned to the ClientMetadata parameter in your
-    #   ConfirmForgotPassword request. In your function code in AWS Lambda,
-    #   you can process the `clientMetadata` value to enhance your workflow
-    #   for your specific needs.
+    #   ConfirmForgotPassword request. In your function code in Lambda, you
+    #   can process the `clientMetadata` value to enhance your workflow for
+    #   your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with Lambda
     #   Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -2252,9 +2395,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -2338,16 +2481,15 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for any
     #   custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the ConfirmSignUp API action, Amazon
-    #   Cognito invokes the function that is assigned to the *post
-    #   confirmation* trigger. When Amazon Cognito invokes this function, it
-    #   passes a JSON payload, which the function receives as input. This
-    #   payload contains a `clientMetadata` attribute, which provides the data
-    #   that you assigned to the ClientMetadata parameter in your
-    #   ConfirmSignUp request. In your function code in AWS Lambda, you can
-    #   process the `clientMetadata` value to enhance your workflow for your
-    #   specific needs.
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the ConfirmSignUp API action, Amazon Cognito
+    #   invokes the function that is assigned to the *post confirmation*
+    #   trigger. When Amazon Cognito invokes this function, it passes a JSON
+    #   payload, which the function receives as input. This payload contains a
+    #   `clientMetadata` attribute, which provides the data that you assigned
+    #   to the ClientMetadata parameter in your ConfirmSignUp request. In your
+    #   function code in Lambda, you can process the `clientMetadata` value to
+    #   enhance your workflow for your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with Lambda
     #   Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -2356,9 +2498,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -2701,6 +2843,32 @@ module Aws::CognitoIdentityProvider
     # Creates a new Amazon Cognito user pool and sets the password policy
     # for the pool.
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][1]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][2] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://console.aws.amazon.com/pinpoint/home/
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
+    #
     # @option params [required, String] :pool_name
     #   A string used to name the user pool.
     #
@@ -2720,7 +2888,7 @@ module Aws::CognitoIdentityProvider
     #    For more information on using the Lambda API to add permission, see [
     #   AddPermission ][1].
     #
-    #    For adding permission using the AWS CLI, see [ add-permission ][2].
+    #    For adding permission using the CLI, see [ add-permission ][2].
     #
     #    </note>
     #
@@ -3026,6 +3194,14 @@ module Aws::CognitoIdentityProvider
 
     # Creates the user pool client.
     #
+    # When you create a new user pool client, token revocation is
+    # automatically enabled. For more information about revoking tokens, see
+    # [RevokeToken][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
+    #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool where you want to create a user
     #   pool client.
@@ -3168,8 +3344,8 @@ module Aws::CognitoIdentityProvider
     # @option params [Array<String>] :allowed_o_auth_scopes
     #   The allowed OAuth scopes. Possible values provided by OAuth are:
     #   `phone`, `email`, `openid`, and `profile`. Possible values provided by
-    #   AWS are: `aws.cognito.signin.user.admin`. Custom scopes created in
-    #   Resource Servers are also supported.
+    #   Amazon Web Services are: `aws.cognito.signin.user.admin`. Custom
+    #   scopes created in Resource Servers are also supported.
     #
     # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
     #   Set to true if the client is allowed to follow the OAuth protocol when
@@ -3210,6 +3386,17 @@ module Aws::CognitoIdentityProvider
     #
     #    </note>
     #
+    # @option params [Boolean] :enable_token_revocation
+    #   Enables or disables token revocation. For more information about
+    #   revoking tokens, see [RevokeToken][1].
+    #
+    #   If you don't include this parameter, token revocation is
+    #   automatically enabled for the new user pool client.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
+    #
     # @return [Types::CreateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType
@@ -3246,6 +3433,7 @@ module Aws::CognitoIdentityProvider
     #       user_data_shared: false,
     #     },
     #     prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
+    #     enable_token_revocation: false,
     #   })
     #
     # @example Response structure
@@ -3286,6 +3474,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.analytics_configuration.external_id #=> String
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
     #   resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
+    #   resp.user_pool_client.enable_token_revocation #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/CreateUserPoolClient AWS API Documentation
     #
@@ -3346,7 +3535,7 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
-    # Deletes a group. Currently only groups with no members can be deleted.
+    # Deletes a group.
     #
     # Calling this action requires developer credentials.
     #
@@ -3902,6 +4091,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.analytics_configuration.external_id #=> String
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
     #   resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
+    #   resp.user_pool_client.enable_token_revocation #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/DescribeUserPoolClient AWS API Documentation
     #
@@ -3983,10 +4173,33 @@ module Aws::CognitoIdentityProvider
     # `InvalidParameterException` is thrown. To use the confirmation code
     # for resetting the password, call [ConfirmForgotPassword][2].
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][3]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][4] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html
     # [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmForgotPassword.html
+    # [3]: https://console.aws.amazon.com/pinpoint/home/
+    # [4]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
     #
     # @option params [required, String] :client_id
     #   The ID of the client associated with the user pool.
@@ -4013,15 +4226,15 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for any
     #   custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the ForgotPassword API action, Amazon
-    #   Cognito invokes any functions that are assigned to the following
-    #   triggers: *pre sign-up*, *custom message*, and *user migration*. When
-    #   Amazon Cognito invokes any of these functions, it passes a JSON
-    #   payload, which the function receives as input. This payload contains a
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the ForgotPassword API action, Amazon Cognito
+    #   invokes any functions that are assigned to the following triggers:
+    #   *pre sign-up*, *custom message*, and *user migration*. When Amazon
+    #   Cognito invokes any of these functions, it passes a JSON payload,
+    #   which the function receives as input. This payload contains a
     #   `clientMetadata` attribute, which provides the data that you assigned
     #   to the ClientMetadata parameter in your ForgotPassword request. In
-    #   your function code in AWS Lambda, you can process the `clientMetadata`
+    #   your function code in Lambda, you can process the `clientMetadata`
     #   value to enhance your workflow for your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with Lambda
@@ -4031,9 +4244,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -4351,6 +4564,32 @@ module Aws::CognitoIdentityProvider
     # Gets the user attribute verification code for the specified attribute
     # name.
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][1]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][2] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://console.aws.amazon.com/pinpoint/home/
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
+    #
     # @option params [required, String] :access_token
     #   The access token returned by the server response to get the user
     #   attribute verification code.
@@ -4363,14 +4602,14 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for any
     #   custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the GetUserAttributeVerificationCode API
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the GetUserAttributeVerificationCode API
     #   action, Amazon Cognito invokes the function that is assigned to the
     #   *custom message* trigger. When Amazon Cognito invokes this function,
     #   it passes a JSON payload, which the function receives as input. This
     #   payload contains a `clientMetadata` attribute, which provides the data
     #   that you assigned to the ClientMetadata parameter in your
-    #   GetUserAttributeVerificationCode request. In your function code in AWS
+    #   GetUserAttributeVerificationCode request. In your function code in
     #   Lambda, you can process the `clientMetadata` value to enhance your
     #   workflow for your specific needs.
     #
@@ -4381,9 +4620,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -4487,6 +4726,32 @@ module Aws::CognitoIdentityProvider
 
     # Initiates the authentication flow.
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][1]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][2] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://console.aws.amazon.com/pinpoint/home/
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
+    #
     # @option params [required, String] :auth_flow
     #   The authentication flow for this call to execute. The API action will
     #   depend on this value. For example:
@@ -4545,11 +4810,11 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for
     #   certain custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the InitiateAuth API action, Amazon
-    #   Cognito invokes the AWS Lambda functions that are specified for
-    #   various triggers. The ClientMetadata value is passed as input to the
-    #   functions for only the following triggers:
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the InitiateAuth API action, Amazon Cognito
+    #   invokes the Lambda functions that are specified for various triggers.
+    #   The ClientMetadata value is passed as input to the functions for only
+    #   the following triggers:
     #
     #   * Pre signup
     #
@@ -4561,7 +4826,7 @@ module Aws::CognitoIdentityProvider
     #   passes a JSON payload, which the function receives as input. This
     #   payload contains a `validationData` attribute, which provides the data
     #   that you assigned to the ClientMetadata parameter in your InitiateAuth
-    #   request. In your function code in AWS Lambda, you can process the
+    #   request. In your function code in Lambda, you can process the
     #   `validationData` value to enhance your workflow for your specific
     #   needs.
     #
@@ -4588,9 +4853,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -4988,7 +5253,7 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
-    # Lists the user pools associated with an AWS account.
+    # Lists the user pools associated with an account.
     #
     # @option params [String] :next_token
     #   An identifier that was returned from the previous call to this
@@ -5223,6 +5488,32 @@ module Aws::CognitoIdentityProvider
     # Resends the confirmation (for confirmation of registration) to a
     # specific user in the user pool.
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][1]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][2] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://console.aws.amazon.com/pinpoint/home/
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
+    #
     # @option params [required, String] :client_id
     #   The ID of the client associated with the user pool.
     #
@@ -5248,16 +5539,16 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for any
     #   custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the ResendConfirmationCode API action,
-    #   Amazon Cognito invokes the function that is assigned to the *custom
-    #   message* trigger. When Amazon Cognito invokes this function, it passes
-    #   a JSON payload, which the function receives as input. This payload
-    #   contains a `clientMetadata` attribute, which provides the data that
-    #   you assigned to the ClientMetadata parameter in your
-    #   ResendConfirmationCode request. In your function code in AWS Lambda,
-    #   you can process the `clientMetadata` value to enhance your workflow
-    #   for your specific needs.
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the ResendConfirmationCode API action, Amazon
+    #   Cognito invokes the function that is assigned to the *custom message*
+    #   trigger. When Amazon Cognito invokes this function, it passes a JSON
+    #   payload, which the function receives as input. This payload contains a
+    #   `clientMetadata` attribute, which provides the data that you assigned
+    #   to the ClientMetadata parameter in your ResendConfirmationCode
+    #   request. In your function code in Lambda, you can process the
+    #   `clientMetadata` value to enhance your workflow for your specific
+    #   needs.
     #
     #   For more information, see [Customizing User Pool Workflows with Lambda
     #   Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -5266,9 +5557,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -5320,6 +5611,32 @@ module Aws::CognitoIdentityProvider
 
     # Responds to the authentication challenge.
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][1]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][2] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://console.aws.amazon.com/pinpoint/home/
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
+    #
     # @option params [required, String] :client_id
     #   The app client ID.
     #
@@ -5366,6 +5683,9 @@ module Aws::CognitoIdentityProvider
     #   * `DEVICE_PASSWORD_VERIFIER` requires everything that
     #     `PASSWORD_VERIFIER` requires plus `DEVICE_KEY`.
     #
+    #   * `MFA_SETUP` requires `USERNAME`, plus you need to use the session
+    #     value returned by `VerifySoftwareToken` in the `Session` parameter.
+    #
     # @option params [Types::AnalyticsMetadataType] :analytics_metadata
     #   The Amazon Pinpoint analytics metadata for collecting metrics for
     #   `RespondToAuthChallenge` calls.
@@ -5379,18 +5699,18 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for any
     #   custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the RespondToAuthChallenge API action,
-    #   Amazon Cognito invokes any functions that are assigned to the
-    #   following triggers: *post authentication*, *pre token generation*,
-    #   *define auth challenge*, *create auth challenge*, and *verify auth
-    #   challenge*. When Amazon Cognito invokes any of these functions, it
-    #   passes a JSON payload, which the function receives as input. This
-    #   payload contains a `clientMetadata` attribute, which provides the data
-    #   that you assigned to the ClientMetadata parameter in your
-    #   RespondToAuthChallenge request. In your function code in AWS Lambda,
-    #   you can process the `clientMetadata` value to enhance your workflow
-    #   for your specific needs.
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the RespondToAuthChallenge API action, Amazon
+    #   Cognito invokes any functions that are assigned to the following
+    #   triggers: *post authentication*, *pre token generation*, *define auth
+    #   challenge*, *create auth challenge*, and *verify auth challenge*. When
+    #   Amazon Cognito invokes any of these functions, it passes a JSON
+    #   payload, which the function receives as input. This payload contains a
+    #   `clientMetadata` attribute, which provides the data that you assigned
+    #   to the ClientMetadata parameter in your RespondToAuthChallenge
+    #   request. In your function code in Lambda, you can process the
+    #   `clientMetadata` value to enhance your workflow for your specific
+    #   needs.
     #
     #   For more information, see [Customizing User Pool Workflows with Lambda
     #   Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -5399,9 +5719,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -5465,6 +5785,39 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
+    # Revokes all of the access tokens generated by the specified refresh
+    # token. After the token is revoked, you can not use the revoked token
+    # to access Cognito authenticated APIs.
+    #
+    # @option params [required, String] :token
+    #   The token that you want to revoke.
+    #
+    # @option params [required, String] :client_id
+    #   The client ID for the token that you want to revoke.
+    #
+    # @option params [String] :client_secret
+    #   The secret for the client ID. This is required only if the client ID
+    #   has a secret.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.revoke_token({
+    #     token: "TokenModelType", # required
+    #     client_id: "ClientIdType", # required
+    #     client_secret: "ClientSecretType",
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/RevokeToken AWS API Documentation
+    #
+    # @overload revoke_token(params = {})
+    # @param [Hash] params ({})
+    def revoke_token(params = {}, options = {})
+      req = build_request(:revoke_token, params)
+      req.send_request(options)
+    end
+
     # Configures actions on detected risks. To delete the risk configuration
     # for `UserPoolId` or `ClientId`, pass null values for all four
     # configuration types.
@@ -5698,6 +6051,32 @@ module Aws::CognitoIdentityProvider
 
     # Set the user pool multi-factor authentication (MFA) configuration.
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][1]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][2] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://console.aws.amazon.com/pinpoint/home/
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
+    #
     # @option params [required, String] :user_pool_id
     #   The user pool ID.
     #
@@ -5708,7 +6087,11 @@ module Aws::CognitoIdentityProvider
     #   The software token MFA configuration.
     #
     # @option params [String] :mfa_configuration
-    #   The MFA configuration. Valid values include:
+    #   The MFA configuration. Users who don't have an MFA factor set up
+    #   won't be able to sign-in if you set the MfaConfiguration value to
+    #   ‘ON’. See [Adding Multi-Factor Authentication (MFA) to a User
+    #   Pool](cognito/latest/developerguide/user-pool-settings-mfa.html) to
+    #   learn more. Valid values include:
     #
     #   * `OFF` MFA will not be used for any users.
     #
@@ -5798,6 +6181,32 @@ module Aws::CognitoIdentityProvider
     # Registers the user in the specified user pool and creates a user name,
     # password, and user attributes.
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][1]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][2] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://console.aws.amazon.com/pinpoint/home/
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
+    #
     # @option params [required, String] :client_id
     #   The ID of the client associated with the user pool.
     #
@@ -5834,16 +6243,16 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for any
     #   custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the SignUp API action, Amazon Cognito
-    #   invokes any functions that are assigned to the following triggers:
-    #   *pre sign-up*, *custom message*, and *post confirmation*. When Amazon
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the SignUp API action, Amazon Cognito invokes
+    #   any functions that are assigned to the following triggers: *pre
+    #   sign-up*, *custom message*, and *post confirmation*. When Amazon
     #   Cognito invokes any of these functions, it passes a JSON payload,
     #   which the function receives as input. This payload contains a
     #   `clientMetadata` attribute, which provides the data that you assigned
     #   to the ClientMetadata parameter in your SignUp request. In your
-    #   function code in AWS Lambda, you can process the `clientMetadata`
-    #   value to enhance your workflow for your specific needs.
+    #   function code in Lambda, you can process the `clientMetadata` value to
+    #   enhance your workflow for your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with Lambda
     #   Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -5852,9 +6261,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -6160,9 +6569,6 @@ module Aws::CognitoIdentityProvider
     #
     # Calling this action requires developer credentials.
     #
-    # If you don't provide a value for an attribute, it will be set to the
-    # default value.
-    #
     # @option params [required, String] :group_name
     #   The name of the group.
     #
@@ -6332,6 +6738,32 @@ module Aws::CognitoIdentityProvider
 
     # Allows a user to update a specific attribute (one at a time).
     #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][1]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][2] in
+    # the *Amazon Cognito Developer Guide*.
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: https://console.aws.amazon.com/pinpoint/home/
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
+    #
     # @option params [required, Array<Types::AttributeType>] :user_attributes
     #   An array of name-value pairs representing user attributes.
     #
@@ -6345,16 +6777,15 @@ module Aws::CognitoIdentityProvider
     #   A map of custom key-value pairs that you can provide as input for any
     #   custom workflows that this action triggers.
     #
-    #   You create custom workflows by assigning AWS Lambda functions to user
-    #   pool triggers. When you use the UpdateUserAttributes API action,
-    #   Amazon Cognito invokes the function that is assigned to the *custom
-    #   message* trigger. When Amazon Cognito invokes this function, it passes
-    #   a JSON payload, which the function receives as input. This payload
-    #   contains a `clientMetadata` attribute, which provides the data that
-    #   you assigned to the ClientMetadata parameter in your
-    #   UpdateUserAttributes request. In your function code in AWS Lambda, you
-    #   can process the `clientMetadata` value to enhance your workflow for
-    #   your specific needs.
+    #   You create custom workflows by assigning Lambda functions to user pool
+    #   triggers. When you use the UpdateUserAttributes API action, Amazon
+    #   Cognito invokes the function that is assigned to the *custom message*
+    #   trigger. When Amazon Cognito invokes this function, it passes a JSON
+    #   payload, which the function receives as input. This payload contains a
+    #   `clientMetadata` attribute, which provides the data that you assigned
+    #   to the ClientMetadata parameter in your UpdateUserAttributes request.
+    #   In your function code in Lambda, you can process the `clientMetadata`
+    #   value to enhance your workflow for your specific needs.
     #
     #   For more information, see [Customizing User Pool Workflows with Lambda
     #   Triggers][1] in the *Amazon Cognito Developer Guide*.
@@ -6363,9 +6794,9 @@ module Aws::CognitoIdentityProvider
     #   ClientMetadata parameter:
     #
     #    * Amazon Cognito does not store the ClientMetadata value. This data is
-    #     available only to AWS Lambda triggers that are assigned to a user
-    #     pool to support custom workflows. If your user pool configuration
-    #     does not include triggers, the ClientMetadata parameter serves no
+    #     available only to Lambda triggers that are assigned to a user pool
+    #     to support custom workflows. If your user pool configuration does
+    #     not include triggers, the ClientMetadata parameter serves no
     #     purpose.
     #
     #   * Amazon Cognito does not validate the ClientMetadata value.
@@ -6416,14 +6847,35 @@ module Aws::CognitoIdentityProvider
 
     # Updates the specified user pool with the specified attributes. You can
     # get a list of the current user pool settings using
-    # [DescribeUserPool][1].
+    # [DescribeUserPool][1]. If you don't provide a value for an attribute,
+    # it will be set to the default value.
+    #
+    # <note markdown="1"> This action might generate an SMS text message. Starting June 1, 2021,
+    # U.S. telecom carriers require that you register an origination phone
+    # number before you can send SMS messages to U.S. phone numbers. If you
+    # use SMS text messages in Amazon Cognito, you must register a phone
+    # number with [Amazon Pinpoint][2]. Cognito will use the the registered
+    # number automatically. Otherwise, Cognito users that must receive SMS
+    # messages might be unable to sign up, activate their accounts, or sign
+    # in.
+    #
+    #  If you have never used SMS text messages with Amazon Cognito or any
+    # other Amazon Web Service, Amazon SNS might place your account in SMS
+    # sandbox. In <i> <a
+    # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
+    # mode</a> </i>, you’ll have limitations, such as sending messages to
+    # only verified phone numbers. After testing in the sandbox environment,
+    # you can move out of the SMS sandbox and into production. For more
+    # information, see [ SMS message settings for Cognito User Pools][3] in
+    # the *Amazon Cognito Developer Guide*.
     #
-    # If you don't provide a value for an attribute, it will be set to the
-    # default value.
+    #  </note>
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html
+    # [2]: https://console.aws.amazon.com/pinpoint/home/
+    # [3]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-sms-userpool-settings.html
     #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool you want to update.
@@ -6432,8 +6884,8 @@ module Aws::CognitoIdentityProvider
     #   A container with the policies you wish to update in a user pool.
     #
     # @option params [Types::LambdaConfigType] :lambda_config
-    #   The AWS Lambda configuration information from the request to update
-    #   the user pool.
+    #   The Lambda configuration information from the request to update the
+    #   user pool.
     #
     # @option params [Array<String>] :auto_verified_attributes
     #   The attributes that are automatically verified when the Amazon Cognito
@@ -6461,11 +6913,17 @@ module Aws::CognitoIdentityProvider
     #     user registration.
     #
     #   * `ON` - MFA tokens are required for all user registrations. You can
-    #     only specify required when you are initially creating a user pool.
+    #     only specify ON when you are initially creating a user pool. You can
+    #     use the [SetUserPoolMfaConfig][1] API operation to turn MFA "ON"
+    #     for existing user pools.
     #
     #   * `OPTIONAL` - Users have the option when registering to create an MFA
     #     token.
     #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html
+    #
     # @option params [Types::DeviceConfigurationType] :device_configuration
     #   Device configuration.
     #
@@ -6603,9 +7061,14 @@ module Aws::CognitoIdentityProvider
     # If you don't provide a value for an attribute, it will be set to the
     # default value.
     #
+    # You can also use this operation to enable token revocation for user
+    # pool clients. For more information about revoking tokens, see
+    # [RevokeToken][2].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPoolClient.html
+    # [2]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
     #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for the user pool where you want to update the user
@@ -6732,8 +7195,8 @@ module Aws::CognitoIdentityProvider
     # @option params [Array<String>] :allowed_o_auth_scopes
     #   The allowed OAuth scopes. Possible values provided by OAuth are:
     #   `phone`, `email`, `openid`, and `profile`. Possible values provided by
-    #   AWS are: `aws.cognito.signin.user.admin`. Custom scopes created in
-    #   Resource Servers are also supported.
+    #   Amazon Web Services are: `aws.cognito.signin.user.admin`. Custom
+    #   scopes created in Resource Servers are also supported.
     #
     # @option params [Boolean] :allowed_o_auth_flows_user_pool_client
     #   Set to true if the client is allowed to follow the OAuth protocol when
@@ -6774,6 +7237,14 @@ module Aws::CognitoIdentityProvider
     #
     #    </note>
     #
+    # @option params [Boolean] :enable_token_revocation
+    #   Enables or disables token revocation. For more information about
+    #   revoking tokens, see [RevokeToken][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html
+    #
     # @return [Types::UpdateUserPoolClientResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateUserPoolClientResponse#user_pool_client #user_pool_client} => Types::UserPoolClientType
@@ -6810,6 +7281,7 @@ module Aws::CognitoIdentityProvider
     #       user_data_shared: false,
     #     },
     #     prevent_user_existence_errors: "LEGACY", # accepts LEGACY, ENABLED
+    #     enable_token_revocation: false,
     #   })
     #
     # @example Response structure
@@ -6850,6 +7322,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool_client.analytics_configuration.external_id #=> String
     #   resp.user_pool_client.analytics_configuration.user_data_shared #=> Boolean
     #   resp.user_pool_client.prevent_user_existence_errors #=> String, one of "LEGACY", "ENABLED"
+    #   resp.user_pool_client.enable_token_revocation #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/UpdateUserPoolClient AWS API Documentation
     #
@@ -6869,7 +7342,7 @@ module Aws::CognitoIdentityProvider
     #
     # A custom domain is used to host the Amazon Cognito hosted UI, which
     # provides sign-up and sign-in pages for your application. When you set
-    # up a custom domain, you provide a certificate that you manage with AWS
+    # up a custom domain, you provide a certificate that you manage with
     # Certificate Manager (ACM). When necessary, you can use this operation
     # to change the certificate that you applied to your custom domain.
     #
@@ -6883,7 +7356,7 @@ module Aws::CognitoIdentityProvider
     # your custom domain, you must provide this ARN to Amazon Cognito.
     #
     # When you add your new certificate in ACM, you must choose US East (N.
-    # Virginia) as the AWS Region.
+    # Virginia) as the Region.
     #
     # After you submit your request, Amazon Cognito requires up to 1 hour to
     # distribute your new certificate to your custom domain.
@@ -7032,7 +7505,7 @@ module Aws::CognitoIdentityProvider
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.50.0'
+      context[:gem_version] = '1.54.0'
       Seahorse::Client::Request.new(handlers, context)
     end