aws-sdk-cognitoidentityprovider 1.97.0 → 1.107.0

data/lib/aws-sdk-cognitoidentityprovider/client.rb

@@ -32,11 +32,10 @@ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
 require 'aws-sdk-core/plugins/request_compression.rb'
 require 'aws-sdk-core/plugins/defaults_mode.rb'
 require 'aws-sdk-core/plugins/recursion_detection.rb'
+require 'aws-sdk-core/plugins/telemetry.rb'
 require 'aws-sdk-core/plugins/sign.rb'
 require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
 
-Aws::Plugins::GlobalConfiguration.add_identifier(:cognitoidentityprovider)
-
 module Aws::CognitoIdentityProvider
   # An API client for CognitoIdentityProvider.  To construct a client, you need to configure a `:region` and `:credentials`.
   #
@@ -83,6 +82,7 @@ module Aws::CognitoIdentityProvider
     add_plugin(Aws::Plugins::RequestCompression)
     add_plugin(Aws::Plugins::DefaultsMode)
     add_plugin(Aws::Plugins::RecursionDetection)
+    add_plugin(Aws::Plugins::Telemetry)
     add_plugin(Aws::Plugins::Sign)
     add_plugin(Aws::Plugins::Protocols::JsonRpc)
     add_plugin(Aws::CognitoIdentityProvider::Plugins::Endpoints)
@@ -128,13 +128,15 @@ module Aws::CognitoIdentityProvider
     #     locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
-    #     * The `:access_key_id`, `:secret_access_key`, and `:session_token` options.
-    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
+    #     * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
+    #       `:account_id` options.
+    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
+    #       ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
     #     * `~/.aws/credentials`
     #     * `~/.aws/config`
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
+    #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
     #       enable retries and extended timeouts. Instance profile credential
     #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
     #       to true.
@@ -153,6 +155,8 @@ module Aws::CognitoIdentityProvider
     #
     #   @option options [String] :access_key_id
     #
+    #   @option options [String] :account_id
+    #
     #   @option options [Boolean] :active_endpoint_cache (false)
     #     When set to `true`, a thread polling for endpoints will be running in
     #     the background every 60 secs (default). Defaults to `false`.
@@ -337,6 +341,16 @@ module Aws::CognitoIdentityProvider
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Aws::Telemetry::TelemetryProviderBase] :telemetry_provider (Aws::Telemetry::NoOpTelemetryProvider)
+    #     Allows you to provide a telemetry provider, which is used to
+    #     emit telemetry data. By default, uses `NoOpTelemetryProvider` which
+    #     will not record or emit any telemetry data. The SDK supports the
+    #     following telemetry providers:
+    #
+    #     * OpenTelemetry (OTel) - To use the OTel provider, install and require the
+    #     `opentelemetry-sdk` gem and then, pass in an instance of a
+    #     `Aws::Telemetry::OTelProvider` for telemetry provider.
+    #
     #   @option options [Aws::TokenProvider] :token_provider
     #     A Bearer Token Provider. This can be an instance of any one of the
     #     following classes:
@@ -364,7 +378,9 @@ module Aws::CognitoIdentityProvider
     #     sending the request.
     #
     #   @option options [Aws::CognitoIdentityProvider::EndpointProvider] :endpoint_provider
-    #     The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::CognitoIdentityProvider::EndpointParameters`
+    #     The endpoint provider used to resolve endpoints. Any object that responds to
+    #     `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to
+    #     `Aws::CognitoIdentityProvider::EndpointParameters`.
     #
     #   @option options [Float] :http_continue_timeout (1)
     #     The number of seconds to wait for a 100-continue response before sending the
@@ -420,6 +436,12 @@ module Aws::CognitoIdentityProvider
     #   @option options [String] :ssl_ca_store
     #     Sets the X509::Store to verify peer certificate.
     #
+    #   @option options [OpenSSL::X509::Certificate] :ssl_cert
+    #     Sets a client certificate when creating http connections.
+    #
+    #   @option options [OpenSSL::PKey] :ssl_key
+    #     Sets a client key when creating http connections.
+    #
     #   @option options [Float] :ssl_timeout
     #     Sets the SSL timeout in seconds
     #
@@ -547,18 +569,14 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
-    # This IAM-authenticated API operation provides a code that Amazon
-    # Cognito sent to your user when they signed up in your user pool. After
-    # your user enters their code, they confirm ownership of the email
-    # address or phone number that they provided, and their user account
-    # becomes active. Depending on your user pool configuration, your users
-    # will receive their confirmation code in an email or SMS message.
+    # This IAM-authenticated API operation confirms user sign-up as an
+    # administrator. Unlike [ConfirmSignUp][1], your IAM credentials
+    # authorize user account confirmation. No confirmation code is required.
     #
-    # Local users who signed up in your user pool are the only type of user
-    # who can confirm sign-up with a code. Users who federate through an
-    # external identity provider (IdP) have already been confirmed by their
-    # IdP. Administrator-created users confirm their accounts when they
-    # respond to their invitation email message and choose a password.
+    # This request sets a user account active in a user pool that [requires
+    # confirmation of new user accounts][2] before they can sign in. You can
+    # configure your user pool to not send confirmation codes to new users
+    # and instead confirm them with this API operation on the back end.
     #
     # <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
     # in requests for this API operation. For this operation, you must use
@@ -567,16 +585,18 @@ module Aws::CognitoIdentityProvider
     #
     #  **Learn more**
     #
-    #  * [Signing Amazon Web Services API Requests][1]
+    #  * [Signing Amazon Web Services API Requests][3]
     #
-    # * [Using the Amazon Cognito user pools API and user pool endpoints][2]
+    # * [Using the Amazon Cognito user pools API and user pool endpoints][4]
     #
     #  </note>
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
-    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
+    # [1]: https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmSignUp.html
+    # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#signing-up-users-in-your-app-and-confirming-them-as-admin
+    # [3]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html
+    # [4]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
     #
     # @option params [required, String] :user_pool_id
     #   The user pool ID for which you want to confirm user registration.
@@ -660,8 +680,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -1458,8 +1478,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -1669,7 +1689,7 @@ module Aws::CognitoIdentityProvider
     #
     # @example Response structure
     #
-    #   resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
+    #   resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
     #   resp.session #=> String
     #   resp.challenge_parameters #=> Hash
     #   resp.challenge_parameters["StringType"] #=> String
@@ -2119,8 +2139,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -2250,8 +2270,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -2307,11 +2327,21 @@ module Aws::CognitoIdentityProvider
     #   SMS\_MFA
     #
     #   : `"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
-    #     "[SMS_code]", "USERNAME": "[username]"\}`
+    #     "[code]", "USERNAME": "[username]"\}`
+    #
+    #   EMAIL\_OTP
+    #
+    #   : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
+    #     \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
     #
     #   PASSWORD\_VERIFIER
     #
-    #   : `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
+    #   : This challenge response is part of the SRP flow. Amazon Cognito
+    #     requires that your application respond to this challenge within a
+    #     few seconds. When the response time exceeds this period, your user
+    #     pool returns a `NotAuthorizedException` error.
+    #
+    #     `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
     #     \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
     #     "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
     #     [timestamp], "USERNAME": "[username]"\}`
@@ -2470,7 +2500,7 @@ module Aws::CognitoIdentityProvider
     #   resp = client.admin_respond_to_auth_challenge({
     #     user_pool_id: "UserPoolIdType", # required
     #     client_id: "ClientIdType", # required
-    #     challenge_name: "SMS_MFA", # required, accepts SMS_MFA, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
+    #     challenge_name: "SMS_MFA", # required, accepts SMS_MFA, EMAIL_OTP, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
     #     challenge_responses: {
     #       "StringType" => "StringType",
     #     },
@@ -2497,7 +2527,7 @@ module Aws::CognitoIdentityProvider
     #
     # @example Response structure
     #
-    #   resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
+    #   resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
     #   resp.session #=> String
     #   resp.challenge_parameters #=> Hash
     #   resp.challenge_parameters["StringType"] #=> String
@@ -2518,12 +2548,12 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
-    # The user's multi-factor authentication (MFA) preference, including
-    # which MFA options are activated, and if any are preferred. Only one
-    # factor can be set as preferred. The preferred MFA factor will be used
-    # to authenticate a user if multiple factors are activated. If multiple
-    # options are activated and no preference is set, a challenge to choose
-    # an MFA option will be returned during sign-in.
+    # Sets the user's multi-factor authentication (MFA) preference,
+    # including which MFA options are activated, and if any are preferred.
+    # Only one factor can be set as preferred. The preferred MFA factor will
+    # be used to authenticate a user if multiple factors are activated. If
+    # multiple options are activated and no preference is set, a challenge
+    # to choose an MFA option will be returned during sign-in.
     #
     # <note markdown="1"> Amazon Cognito evaluates Identity and Access Management (IAM) policies
     # in requests for this API operation. For this operation, you must use
@@ -2544,10 +2574,24 @@ module Aws::CognitoIdentityProvider
     # [2]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
     #
     # @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
-    #   The SMS text message MFA settings.
+    #   User preferences for SMS message MFA. Activates or deactivates SMS MFA
+    #   and sets it as the preferred MFA method when multiple methods are
+    #   available.
     #
     # @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
-    #   The time-based one-time password software token MFA settings.
+    #   User preferences for time-based one-time password (TOTP) MFA.
+    #   Activates or deactivates TOTP MFA and sets it as the preferred MFA
+    #   method when multiple methods are available.
+    #
+    # @option params [Types::EmailMfaSettingsType] :email_mfa_settings
+    #   User preferences for email message MFA. Activates or deactivates email
+    #   MFA and sets it as the preferred MFA method when multiple methods are
+    #   available. To activate this setting, [ advanced security features][1]
+    #   must be active in your user pool.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
     #
     # @option params [required, String] :username
     #   The username of the user that you want to query or modify. The value
@@ -2557,7 +2601,8 @@ module Aws::CognitoIdentityProvider
     #   username of a user from a third-party IdP.
     #
     # @option params [required, String] :user_pool_id
-    #   The user pool ID.
+    #   The ID of the user pool where you want to set a user's MFA
+    #   preferences.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -2572,6 +2617,10 @@ module Aws::CognitoIdentityProvider
     #       enabled: false,
     #       preferred_mfa: false,
     #     },
+    #     email_mfa_settings: {
+    #       enabled: false,
+    #       preferred_mfa: false,
+    #     },
     #     username: "UsernameType", # required
     #     user_pool_id: "UserPoolIdType", # required
     #   })
@@ -2860,8 +2909,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -3084,7 +3133,7 @@ module Aws::CognitoIdentityProvider
     # require MFA, the user can then authenticate with user name and
     # password credentials alone. If your user pool requires TOTP MFA,
     # Amazon Cognito generates an `MFA_SETUP` or `SOFTWARE_TOKEN_SETUP`
-    # challenge each time your user signs. Complete setup with
+    # challenge each time your user signs in. Complete setup with
     # `AssociateSoftwareToken` and `VerifySoftwareToken`.
     #
     #  After you set up software token MFA for your user, Amazon Cognito
@@ -3954,8 +4003,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -4636,6 +4685,7 @@ module Aws::CognitoIdentityProvider
     #         require_lowercase: false,
     #         require_numbers: false,
     #         require_symbols: false,
+    #         password_history_size: 1,
     #         temporary_password_validity_days: 1,
     #       },
     #     },
@@ -4731,6 +4781,9 @@ module Aws::CognitoIdentityProvider
     #     ],
     #     user_pool_add_ons: {
     #       advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
+    #       advanced_security_additional_flows: {
+    #         custom_auth_mode: "AUDIT", # accepts AUDIT, ENFORCED
+    #       },
     #     },
     #     username_configuration: {
     #       case_sensitive: false, # required
@@ -4754,6 +4807,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.policies.password_policy.require_lowercase #=> Boolean
     #   resp.user_pool.policies.password_policy.require_numbers #=> Boolean
     #   resp.user_pool.policies.password_policy.require_symbols #=> Boolean
+    #   resp.user_pool.policies.password_policy.password_history_size #=> Integer
     #   resp.user_pool.policies.password_policy.temporary_password_validity_days #=> Integer
     #   resp.user_pool.deletion_protection #=> String, one of "ACTIVE", "INACTIVE"
     #   resp.user_pool.lambda_config.pre_sign_up #=> String
@@ -4828,6 +4882,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_message #=> String
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
     #   resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
+    #   resp.user_pool.user_pool_add_ons.advanced_security_additional_flows.custom_auth_mode #=> String, one of "AUDIT", "ENFORCED"
     #   resp.user_pool.username_configuration.case_sensitive #=> Boolean
     #   resp.user_pool.arn #=> String
     #   resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
@@ -4938,9 +4993,9 @@ module Aws::CognitoIdentityProvider
     #   are hours.
     #
     # @option params [Array<String>] :read_attributes
-    #   The list of user attributes that you want your app client to have
-    #   read-only access to. After your user authenticates in your app, their
-    #   access token authorizes them to read their own attribute value for any
+    #   The list of user attributes that you want your app client to have read
+    #   access to. After your user authenticates in your app, their access
+    #   token authorizes them to read their own attribute value for any
     #   attribute in this list. An example of this kind of activity is when
     #   your user selects a link to view their profile information. Your app
     #   makes a [GetUser][1] API request to retrieve and display your user's
@@ -4948,11 +5003,11 @@ module Aws::CognitoIdentityProvider
     #
     #   When you don't specify the `ReadAttributes` for your app client, your
     #   app can read the values of `email_verified`, `phone_number_verified`,
-    #   and the Standard attributes of your user pool. When your user pool has
-    #   read access to these default attributes, `ReadAttributes` doesn't
-    #   return any information. Amazon Cognito only populates `ReadAttributes`
-    #   in the API response if you have specified your own custom set of read
-    #   attributes.
+    #   and the Standard attributes of your user pool. When your user pool app
+    #   client has read access to these default attributes, `ReadAttributes`
+    #   doesn't return any information. Amazon Cognito only populates
+    #   `ReadAttributes` in the API response if you have specified your own
+    #   custom set of read attributes.
     #
     #
     #
@@ -5163,6 +5218,8 @@ module Aws::CognitoIdentityProvider
     #   * `LEGACY` - This represents the early behavior of Amazon Cognito
     #     where user existence related errors aren't prevented.
     #
+    #   Defaults to `LEGACY` when you don't provide a value.
+    #
     # @option params [Boolean] :enable_token_revocation
     #   Activates or deactivates token revocation. For more information about
     #   revoking tokens, see [RevokeToken][1].
@@ -5959,6 +6016,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.policies.password_policy.require_lowercase #=> Boolean
     #   resp.user_pool.policies.password_policy.require_numbers #=> Boolean
     #   resp.user_pool.policies.password_policy.require_symbols #=> Boolean
+    #   resp.user_pool.policies.password_policy.password_history_size #=> Integer
     #   resp.user_pool.policies.password_policy.temporary_password_validity_days #=> Integer
     #   resp.user_pool.deletion_protection #=> String, one of "ACTIVE", "INACTIVE"
     #   resp.user_pool.lambda_config.pre_sign_up #=> String
@@ -6033,6 +6091,7 @@ module Aws::CognitoIdentityProvider
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_message #=> String
     #   resp.user_pool.admin_create_user_config.invite_message_template.email_subject #=> String
     #   resp.user_pool.user_pool_add_ons.advanced_security_mode #=> String, one of "OFF", "AUDIT", "ENFORCED"
+    #   resp.user_pool.user_pool_add_ons.advanced_security_additional_flows.custom_auth_mode #=> String, one of "AUDIT", "ENFORCED"
     #   resp.user_pool.username_configuration.case_sensitive #=> Boolean
     #   resp.user_pool.arn #=> String
     #   resp.user_pool.account_recovery_setting.recovery_mechanisms #=> Array
@@ -6256,8 +6315,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -6548,11 +6607,11 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
-    # Gets the detailed activity logging configuration for a user pool.
+    # Gets the logging configuration of a user pool.
     #
     # @option params [required, String] :user_pool_id
-    #   The ID of the user pool where you want to view detailed activity
-    #   logging configuration.
+    #   The ID of the user pool that has the logging configuration that you
+    #   want to view.
     #
     # @return [Types::GetLogDeliveryConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -6568,9 +6627,11 @@ module Aws::CognitoIdentityProvider
     #
     #   resp.log_delivery_configuration.user_pool_id #=> String
     #   resp.log_delivery_configuration.log_configurations #=> Array
-    #   resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR"
-    #   resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification"
+    #   resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR", "INFO"
+    #   resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification", "userAuthEvents"
     #   resp.log_delivery_configuration.log_configurations[0].cloud_watch_logs_configuration.log_group_arn #=> String
+    #   resp.log_delivery_configuration.log_configurations[0].s3_configuration.bucket_arn #=> String
+    #   resp.log_delivery_configuration.log_configurations[0].firehose_configuration.stream_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetLogDeliveryConfiguration AWS API Documentation
     #
@@ -6742,8 +6803,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -6842,6 +6903,7 @@ module Aws::CognitoIdentityProvider
     #
     #   * {Types::GetUserPoolMfaConfigResponse#sms_mfa_configuration #sms_mfa_configuration} => Types::SmsMfaConfigType
     #   * {Types::GetUserPoolMfaConfigResponse#software_token_mfa_configuration #software_token_mfa_configuration} => Types::SoftwareTokenMfaConfigType
+    #   * {Types::GetUserPoolMfaConfigResponse#email_mfa_configuration #email_mfa_configuration} => Types::EmailMfaConfigType
     #   * {Types::GetUserPoolMfaConfigResponse#mfa_configuration #mfa_configuration} => String
     #
     # @example Request syntax with placeholder values
@@ -6857,6 +6919,8 @@ module Aws::CognitoIdentityProvider
     #   resp.sms_mfa_configuration.sms_configuration.external_id #=> String
     #   resp.sms_mfa_configuration.sms_configuration.sns_region #=> String
     #   resp.software_token_mfa_configuration.enabled #=> Boolean
+    #   resp.email_mfa_configuration.message #=> String
+    #   resp.email_mfa_configuration.subject #=> String
     #   resp.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/GetUserPoolMfaConfig AWS API Documentation
@@ -6955,8 +7019,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -7174,7 +7238,7 @@ module Aws::CognitoIdentityProvider
     #
     # @example Response structure
     #
-    #   resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
+    #   resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
     #   resp.session #=> String
     #   resp.challenge_parameters #=> Hash
     #   resp.challenge_parameters["StringType"] #=> String
@@ -8045,8 +8109,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -8191,8 +8255,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -8240,11 +8304,21 @@ module Aws::CognitoIdentityProvider
     #   SMS\_MFA
     #
     #   : `"ChallengeName": "SMS_MFA", "ChallengeResponses": \{"SMS_MFA_CODE":
-    #     "[SMS_code]", "USERNAME": "[username]"\}`
+    #     "[code]", "USERNAME": "[username]"\}`
+    #
+    #   EMAIL\_OTP
+    #
+    #   : `"ChallengeName": "EMAIL_OTP", "ChallengeResponses":
+    #     \{"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"\}`
     #
     #   PASSWORD\_VERIFIER
     #
-    #   : `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
+    #   : This challenge response is part of the SRP flow. Amazon Cognito
+    #     requires that your application respond to this challenge within a
+    #     few seconds. When the response time exceeds this period, your user
+    #     pool returns a `NotAuthorizedException` error.
+    #
+    #     `"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
     #     \{"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]",
     #     "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP":
     #     [timestamp], "USERNAME": "[username]"\}`
@@ -8379,7 +8453,7 @@ module Aws::CognitoIdentityProvider
     #
     #   resp = client.respond_to_auth_challenge({
     #     client_id: "ClientIdType", # required
-    #     challenge_name: "SMS_MFA", # required, accepts SMS_MFA, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
+    #     challenge_name: "SMS_MFA", # required, accepts SMS_MFA, EMAIL_OTP, SOFTWARE_TOKEN_MFA, SELECT_MFA_TYPE, MFA_SETUP, PASSWORD_VERIFIER, CUSTOM_CHALLENGE, DEVICE_SRP_AUTH, DEVICE_PASSWORD_VERIFIER, ADMIN_NO_SRP_AUTH, NEW_PASSWORD_REQUIRED
     #     session: "SessionType",
     #     challenge_responses: {
     #       "StringType" => "StringType",
@@ -8398,7 +8472,7 @@ module Aws::CognitoIdentityProvider
     #
     # @example Response structure
     #
-    #   resp.challenge_name #=> String, one of "SMS_MFA", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
+    #   resp.challenge_name #=> String, one of "SMS_MFA", "EMAIL_OTP", "SOFTWARE_TOKEN_MFA", "SELECT_MFA_TYPE", "MFA_SETUP", "PASSWORD_VERIFIER", "CUSTOM_CHALLENGE", "DEVICE_SRP_AUTH", "DEVICE_PASSWORD_VERIFIER", "ADMIN_NO_SRP_AUTH", "NEW_PASSWORD_REQUIRED"
     #   resp.session #=> String
     #   resp.challenge_parameters #=> Hash
     #   resp.challenge_parameters["StringType"] #=> String
@@ -8466,16 +8540,15 @@ module Aws::CognitoIdentityProvider
       req.send_request(options)
     end
 
-    # Sets up or modifies the detailed activity logging configuration of a
-    # user pool.
+    # Sets up or modifies the logging configuration of a user pool. User
+    # pools can export user notification logs and advanced security features
+    # user activity logs.
     #
     # @option params [required, String] :user_pool_id
-    #   The ID of the user pool where you want to configure detailed activity
-    #   logging .
+    #   The ID of the user pool where you want to configure logging.
     #
     # @option params [required, Array<Types::LogConfigurationType>] :log_configurations
-    #   A collection of all of the detailed activity logging configurations
-    #   for a user pool.
+    #   A collection of the logging configurations for a user pool.
     #
     # @return [Types::SetLogDeliveryConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -8487,11 +8560,17 @@ module Aws::CognitoIdentityProvider
     #     user_pool_id: "UserPoolIdType", # required
     #     log_configurations: [ # required
     #       {
-    #         log_level: "ERROR", # required, accepts ERROR
-    #         event_source: "userNotification", # required, accepts userNotification
+    #         log_level: "ERROR", # required, accepts ERROR, INFO
+    #         event_source: "userNotification", # required, accepts userNotification, userAuthEvents
     #         cloud_watch_logs_configuration: {
     #           log_group_arn: "ArnType",
     #         },
+    #         s3_configuration: {
+    #           bucket_arn: "S3ArnType",
+    #         },
+    #         firehose_configuration: {
+    #           stream_arn: "ArnType",
+    #         },
     #       },
     #     ],
     #   })
@@ -8500,9 +8579,11 @@ module Aws::CognitoIdentityProvider
     #
     #   resp.log_delivery_configuration.user_pool_id #=> String
     #   resp.log_delivery_configuration.log_configurations #=> Array
-    #   resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR"
-    #   resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification"
+    #   resp.log_delivery_configuration.log_configurations[0].log_level #=> String, one of "ERROR", "INFO"
+    #   resp.log_delivery_configuration.log_configurations[0].event_source #=> String, one of "userNotification", "userAuthEvents"
     #   resp.log_delivery_configuration.log_configurations[0].cloud_watch_logs_configuration.log_group_arn #=> String
+    #   resp.log_delivery_configuration.log_configurations[0].s3_configuration.bucket_arn #=> String
+    #   resp.log_delivery_configuration.log_configurations[0].firehose_configuration.stream_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetLogDeliveryConfiguration AWS API Documentation
     #
@@ -8727,10 +8808,24 @@ module Aws::CognitoIdentityProvider
     # [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pools-API-operations.html
     #
     # @option params [Types::SMSMfaSettingsType] :sms_mfa_settings
-    #   The SMS text message multi-factor authentication (MFA) settings.
+    #   User preferences for SMS message MFA. Activates or deactivates SMS MFA
+    #   and sets it as the preferred MFA method when multiple methods are
+    #   available.
     #
     # @option params [Types::SoftwareTokenMfaSettingsType] :software_token_mfa_settings
-    #   The time-based one-time password (TOTP) software token MFA settings.
+    #   User preferences for time-based one-time password (TOTP) MFA.
+    #   Activates or deactivates TOTP MFA and sets it as the preferred MFA
+    #   method when multiple methods are available.
+    #
+    # @option params [Types::EmailMfaSettingsType] :email_mfa_settings
+    #   User preferences for email message MFA. Activates or deactivates email
+    #   MFA and sets it as the preferred MFA method when multiple methods are
+    #   available. To activate this setting, [ advanced security features][1]
+    #   must be active in your user pool.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
     #
     # @option params [required, String] :access_token
     #   A valid access token that Amazon Cognito issued to the user whose MFA
@@ -8749,6 +8844,10 @@ module Aws::CognitoIdentityProvider
     #       enabled: false,
     #       preferred_mfa: false,
     #     },
+    #     email_mfa_settings: {
+    #       enabled: false,
+    #       preferred_mfa: false,
+    #     },
     #     access_token: "TokenModelType", # required
     #   })
     #
@@ -8773,8 +8872,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -8793,10 +8892,22 @@ module Aws::CognitoIdentityProvider
     #   The user pool ID.
     #
     # @option params [Types::SmsMfaConfigType] :sms_mfa_configuration
-    #   The SMS text message MFA configuration.
+    #   Configures user pool SMS messages for MFA. Sets the message template
+    #   and the SMS message sending configuration for Amazon SNS.
     #
     # @option params [Types::SoftwareTokenMfaConfigType] :software_token_mfa_configuration
-    #   The software token MFA configuration.
+    #   Configures a user pool for time-based one-time password (TOTP) MFA.
+    #   Enables or disables TOTP.
+    #
+    # @option params [Types::EmailMfaConfigType] :email_mfa_configuration
+    #   Configures user pool email messages for MFA. Sets the subject and body
+    #   of the email message template for MFA messages. To activate this
+    #   setting, [ advanced security features][1] must be active in your user
+    #   pool.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html
     #
     # @option params [String] :mfa_configuration
     #   The MFA configuration. If you set the MfaConfiguration value to ‘ON’,
@@ -8819,6 +8930,7 @@ module Aws::CognitoIdentityProvider
     #
     #   * {Types::SetUserPoolMfaConfigResponse#sms_mfa_configuration #sms_mfa_configuration} => Types::SmsMfaConfigType
     #   * {Types::SetUserPoolMfaConfigResponse#software_token_mfa_configuration #software_token_mfa_configuration} => Types::SoftwareTokenMfaConfigType
+    #   * {Types::SetUserPoolMfaConfigResponse#email_mfa_configuration #email_mfa_configuration} => Types::EmailMfaConfigType
     #   * {Types::SetUserPoolMfaConfigResponse#mfa_configuration #mfa_configuration} => String
     #
     # @example Request syntax with placeholder values
@@ -8836,6 +8948,10 @@ module Aws::CognitoIdentityProvider
     #     software_token_mfa_configuration: {
     #       enabled: false,
     #     },
+    #     email_mfa_configuration: {
+    #       message: "EmailMfaMessageType",
+    #       subject: "EmailMfaSubjectType",
+    #     },
     #     mfa_configuration: "OFF", # accepts OFF, ON, OPTIONAL
     #   })
     #
@@ -8846,6 +8962,8 @@ module Aws::CognitoIdentityProvider
     #   resp.sms_mfa_configuration.sms_configuration.external_id #=> String
     #   resp.sms_mfa_configuration.sms_configuration.sns_region #=> String
     #   resp.software_token_mfa_configuration.enabled #=> Boolean
+    #   resp.email_mfa_configuration.message #=> String
+    #   resp.email_mfa_configuration.subject #=> String
     #   resp.mfa_configuration #=> String, one of "OFF", "ON", "OPTIONAL"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/SetUserPoolMfaConfig AWS API Documentation
@@ -8932,8 +9050,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -9743,8 +9861,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -9858,8 +9976,8 @@ module Aws::CognitoIdentityProvider
     # sign in.
     #
     #  If you have never used SMS text messages with Amazon Cognito or any
-    # other Amazon Web Service, Amazon Simple Notification Service might
-    # place your account in the SMS sandbox. In <i> <a
+    # other Amazon Web Servicesservice, Amazon Simple Notification Service
+    # might place your account in the SMS sandbox. In <i> <a
     # href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
     # mode</a> </i>, you can send messages only to verified phone numbers.
     # After you test your app while in the sandbox environment, you can move
@@ -10050,6 +10168,7 @@ module Aws::CognitoIdentityProvider
     #         require_lowercase: false,
     #         require_numbers: false,
     #         require_symbols: false,
+    #         password_history_size: 1,
     #         temporary_password_validity_days: 1,
     #       },
     #     },
@@ -10126,6 +10245,9 @@ module Aws::CognitoIdentityProvider
     #     },
     #     user_pool_add_ons: {
     #       advanced_security_mode: "OFF", # required, accepts OFF, AUDIT, ENFORCED
+    #       advanced_security_additional_flows: {
+    #         custom_auth_mode: "AUDIT", # accepts AUDIT, ENFORCED
+    #       },
     #     },
     #     account_recovery_setting: {
     #       recovery_mechanisms: [
@@ -10243,9 +10365,9 @@ module Aws::CognitoIdentityProvider
     #   default for ID and access tokens is hours.
     #
     # @option params [Array<String>] :read_attributes
-    #   The list of user attributes that you want your app client to have
-    #   read-only access to. After your user authenticates in your app, their
-    #   access token authorizes them to read their own attribute value for any
+    #   The list of user attributes that you want your app client to have read
+    #   access to. After your user authenticates in your app, their access
+    #   token authorizes them to read their own attribute value for any
     #   attribute in this list. An example of this kind of activity is when
     #   your user selects a link to view their profile information. Your app
     #   makes a [GetUser][1] API request to retrieve and display your user's
@@ -10253,11 +10375,11 @@ module Aws::CognitoIdentityProvider
     #
     #   When you don't specify the `ReadAttributes` for your app client, your
     #   app can read the values of `email_verified`, `phone_number_verified`,
-    #   and the Standard attributes of your user pool. When your user pool has
-    #   read access to these default attributes, `ReadAttributes` doesn't
-    #   return any information. Amazon Cognito only populates `ReadAttributes`
-    #   in the API response if you have specified your own custom set of read
-    #   attributes.
+    #   and the Standard attributes of your user pool. When your user pool app
+    #   client has read access to these default attributes, `ReadAttributes`
+    #   doesn't return any information. Amazon Cognito only populates
+    #   `ReadAttributes` in the API response if you have specified your own
+    #   custom set of read attributes.
     #
     #
     #
@@ -10463,6 +10585,8 @@ module Aws::CognitoIdentityProvider
     #   * `LEGACY` - This represents the early behavior of Amazon Cognito
     #     where user existence related errors aren't prevented.
     #
+    #   Defaults to `LEGACY` when you don't provide a value.
+    #
     # @option params [Boolean] :enable_token_revocation
     #   Activates or deactivates token revocation. For more information about
     #   revoking tokens, see [RevokeToken][1].
@@ -10801,14 +10925,19 @@ module Aws::CognitoIdentityProvider
     # @api private
     def build_request(operation_name, params = {})
       handlers = @handlers.for(operation_name)
+      tracer = config.telemetry_provider.tracer_provider.tracer(
+        Aws::Telemetry.module_to_tracer_name('Aws::CognitoIdentityProvider')
+      )
       context = Seahorse::Client::RequestContext.new(
         operation_name: operation_name,
         operation: config.api.operation(operation_name),
         client: self,
         params: params,
-        config: config)
+        config: config,
+        tracer: tracer
+      )
       context[:gem_name] = 'aws-sdk-cognitoidentityprovider'
-      context[:gem_version] = '1.97.0'
+      context[:gem_version] = '1.107.0'
       Seahorse::Client::Request.new(handlers, context)
     end