aws-sdk-elasticloadbalancingv2 1.9.0 → 1.10.0

data/lib/aws-sdk-elasticloadbalancingv2/client_api.rb

@@ -12,6 +12,7 @@ module Aws::ElasticLoadBalancingV2
     include Seahorse::Model
 
     Action = Shapes::StructureShape.new(name: 'Action')
+    ActionOrder = Shapes::IntegerShape.new(name: 'ActionOrder')
     ActionTypeEnum = Shapes::StringShape.new(name: 'ActionTypeEnum')
     Actions = Shapes::ListShape.new(name: 'Actions')
     AddListenerCertificatesInput = Shapes::StructureShape.new(name: 'AddListenerCertificatesInput')
@@ -20,6 +21,31 @@ module Aws::ElasticLoadBalancingV2
     AddTagsOutput = Shapes::StructureShape.new(name: 'AddTagsOutput')
     AllocationId = Shapes::StringShape.new(name: 'AllocationId')
     AllocationIdNotFoundException = Shapes::StructureShape.new(name: 'AllocationIdNotFoundException')
+    AuthenticateCognitoActionAuthenticationRequestExtraParams = Shapes::MapShape.new(name: 'AuthenticateCognitoActionAuthenticationRequestExtraParams')
+    AuthenticateCognitoActionAuthenticationRequestParamName = Shapes::StringShape.new(name: 'AuthenticateCognitoActionAuthenticationRequestParamName')
+    AuthenticateCognitoActionAuthenticationRequestParamValue = Shapes::StringShape.new(name: 'AuthenticateCognitoActionAuthenticationRequestParamValue')
+    AuthenticateCognitoActionConditionalBehaviorEnum = Shapes::StringShape.new(name: 'AuthenticateCognitoActionConditionalBehaviorEnum')
+    AuthenticateCognitoActionConfig = Shapes::StructureShape.new(name: 'AuthenticateCognitoActionConfig')
+    AuthenticateCognitoActionScope = Shapes::StringShape.new(name: 'AuthenticateCognitoActionScope')
+    AuthenticateCognitoActionSessionCookieName = Shapes::StringShape.new(name: 'AuthenticateCognitoActionSessionCookieName')
+    AuthenticateCognitoActionSessionTimeout = Shapes::IntegerShape.new(name: 'AuthenticateCognitoActionSessionTimeout')
+    AuthenticateCognitoActionUserPoolArn = Shapes::StringShape.new(name: 'AuthenticateCognitoActionUserPoolArn')
+    AuthenticateCognitoActionUserPoolClientId = Shapes::StringShape.new(name: 'AuthenticateCognitoActionUserPoolClientId')
+    AuthenticateCognitoActionUserPoolDomain = Shapes::StringShape.new(name: 'AuthenticateCognitoActionUserPoolDomain')
+    AuthenticateOidcActionAuthenticationRequestExtraParams = Shapes::MapShape.new(name: 'AuthenticateOidcActionAuthenticationRequestExtraParams')
+    AuthenticateOidcActionAuthenticationRequestParamName = Shapes::StringShape.new(name: 'AuthenticateOidcActionAuthenticationRequestParamName')
+    AuthenticateOidcActionAuthenticationRequestParamValue = Shapes::StringShape.new(name: 'AuthenticateOidcActionAuthenticationRequestParamValue')
+    AuthenticateOidcActionAuthorizationEndpoint = Shapes::StringShape.new(name: 'AuthenticateOidcActionAuthorizationEndpoint')
+    AuthenticateOidcActionClientId = Shapes::StringShape.new(name: 'AuthenticateOidcActionClientId')
+    AuthenticateOidcActionClientSecret = Shapes::StringShape.new(name: 'AuthenticateOidcActionClientSecret')
+    AuthenticateOidcActionConditionalBehaviorEnum = Shapes::StringShape.new(name: 'AuthenticateOidcActionConditionalBehaviorEnum')
+    AuthenticateOidcActionConfig = Shapes::StructureShape.new(name: 'AuthenticateOidcActionConfig')
+    AuthenticateOidcActionIssuer = Shapes::StringShape.new(name: 'AuthenticateOidcActionIssuer')
+    AuthenticateOidcActionScope = Shapes::StringShape.new(name: 'AuthenticateOidcActionScope')
+    AuthenticateOidcActionSessionCookieName = Shapes::StringShape.new(name: 'AuthenticateOidcActionSessionCookieName')
+    AuthenticateOidcActionSessionTimeout = Shapes::IntegerShape.new(name: 'AuthenticateOidcActionSessionTimeout')
+    AuthenticateOidcActionTokenEndpoint = Shapes::StringShape.new(name: 'AuthenticateOidcActionTokenEndpoint')
+    AuthenticateOidcActionUserInfoEndpoint = Shapes::StringShape.new(name: 'AuthenticateOidcActionUserInfoEndpoint')
     AvailabilityZone = Shapes::StructureShape.new(name: 'AvailabilityZone')
     AvailabilityZoneNotSupportedException = Shapes::StructureShape.new(name: 'AvailabilityZoneNotSupportedException')
     AvailabilityZones = Shapes::ListShape.new(name: 'AvailabilityZones')
@@ -89,6 +115,7 @@ module Aws::ElasticLoadBalancingV2
     HttpCode = Shapes::StringShape.new(name: 'HttpCode')
     IncompatibleProtocolsException = Shapes::StructureShape.new(name: 'IncompatibleProtocolsException')
     InvalidConfigurationRequestException = Shapes::StructureShape.new(name: 'InvalidConfigurationRequestException')
+    InvalidLoadBalancerActionException = Shapes::StructureShape.new(name: 'InvalidLoadBalancerActionException')
     InvalidSchemeException = Shapes::StructureShape.new(name: 'InvalidSchemeException')
     InvalidSecurityGroupException = Shapes::StructureShape.new(name: 'InvalidSecurityGroupException')
     InvalidSubnetException = Shapes::StructureShape.new(name: 'InvalidSubnetException')
@@ -213,6 +240,7 @@ module Aws::ElasticLoadBalancingV2
     TargetHealthStateEnum = Shapes::StringShape.new(name: 'TargetHealthStateEnum')
     TargetId = Shapes::StringShape.new(name: 'TargetId')
     TargetTypeEnum = Shapes::StringShape.new(name: 'TargetTypeEnum')
+    TooManyActionsException = Shapes::StructureShape.new(name: 'TooManyActionsException')
     TooManyCertificatesException = Shapes::StructureShape.new(name: 'TooManyCertificatesException')
     TooManyListenersException = Shapes::StructureShape.new(name: 'TooManyListenersException')
     TooManyLoadBalancersException = Shapes::StructureShape.new(name: 'TooManyLoadBalancersException')
@@ -226,7 +254,10 @@ module Aws::ElasticLoadBalancingV2
     ZoneName = Shapes::StringShape.new(name: 'ZoneName')
 
     Action.add_member(:type, Shapes::ShapeRef.new(shape: ActionTypeEnum, required: true, location_name: "Type"))
-    Action.add_member(:target_group_arn, Shapes::ShapeRef.new(shape: TargetGroupArn, required: true, location_name: "TargetGroupArn"))
+    Action.add_member(:target_group_arn, Shapes::ShapeRef.new(shape: TargetGroupArn, location_name: "TargetGroupArn"))
+    Action.add_member(:authenticate_oidc_config, Shapes::ShapeRef.new(shape: AuthenticateOidcActionConfig, location_name: "AuthenticateOidcConfig"))
+    Action.add_member(:authenticate_cognito_config, Shapes::ShapeRef.new(shape: AuthenticateCognitoActionConfig, location_name: "AuthenticateCognitoConfig"))
+    Action.add_member(:order, Shapes::ShapeRef.new(shape: ActionOrder, location_name: "Order"))
     Action.struct_class = Types::Action
 
     Actions.member = Shapes::ShapeRef.new(shape: Action)
@@ -244,6 +275,35 @@ module Aws::ElasticLoadBalancingV2
 
     AddTagsOutput.struct_class = Types::AddTagsOutput
 
+    AuthenticateCognitoActionAuthenticationRequestExtraParams.key = Shapes::ShapeRef.new(shape: AuthenticateCognitoActionAuthenticationRequestParamName)
+    AuthenticateCognitoActionAuthenticationRequestExtraParams.value = Shapes::ShapeRef.new(shape: AuthenticateCognitoActionAuthenticationRequestParamValue)
+
+    AuthenticateCognitoActionConfig.add_member(:user_pool_arn, Shapes::ShapeRef.new(shape: AuthenticateCognitoActionUserPoolArn, required: true, location_name: "UserPoolArn"))
+    AuthenticateCognitoActionConfig.add_member(:user_pool_client_id, Shapes::ShapeRef.new(shape: AuthenticateCognitoActionUserPoolClientId, required: true, location_name: "UserPoolClientId"))
+    AuthenticateCognitoActionConfig.add_member(:user_pool_domain, Shapes::ShapeRef.new(shape: AuthenticateCognitoActionUserPoolDomain, required: true, location_name: "UserPoolDomain"))
+    AuthenticateCognitoActionConfig.add_member(:session_cookie_name, Shapes::ShapeRef.new(shape: AuthenticateCognitoActionSessionCookieName, location_name: "SessionCookieName"))
+    AuthenticateCognitoActionConfig.add_member(:scope, Shapes::ShapeRef.new(shape: AuthenticateCognitoActionScope, location_name: "Scope"))
+    AuthenticateCognitoActionConfig.add_member(:session_timeout, Shapes::ShapeRef.new(shape: AuthenticateCognitoActionSessionTimeout, location_name: "SessionTimeout"))
+    AuthenticateCognitoActionConfig.add_member(:authentication_request_extra_params, Shapes::ShapeRef.new(shape: AuthenticateCognitoActionAuthenticationRequestExtraParams, location_name: "AuthenticationRequestExtraParams"))
+    AuthenticateCognitoActionConfig.add_member(:on_unauthenticated_request, Shapes::ShapeRef.new(shape: AuthenticateCognitoActionConditionalBehaviorEnum, location_name: "OnUnauthenticatedRequest"))
+    AuthenticateCognitoActionConfig.struct_class = Types::AuthenticateCognitoActionConfig
+
+    AuthenticateOidcActionAuthenticationRequestExtraParams.key = Shapes::ShapeRef.new(shape: AuthenticateOidcActionAuthenticationRequestParamName)
+    AuthenticateOidcActionAuthenticationRequestExtraParams.value = Shapes::ShapeRef.new(shape: AuthenticateOidcActionAuthenticationRequestParamValue)
+
+    AuthenticateOidcActionConfig.add_member(:issuer, Shapes::ShapeRef.new(shape: AuthenticateOidcActionIssuer, required: true, location_name: "Issuer"))
+    AuthenticateOidcActionConfig.add_member(:authorization_endpoint, Shapes::ShapeRef.new(shape: AuthenticateOidcActionAuthorizationEndpoint, required: true, location_name: "AuthorizationEndpoint"))
+    AuthenticateOidcActionConfig.add_member(:token_endpoint, Shapes::ShapeRef.new(shape: AuthenticateOidcActionTokenEndpoint, required: true, location_name: "TokenEndpoint"))
+    AuthenticateOidcActionConfig.add_member(:user_info_endpoint, Shapes::ShapeRef.new(shape: AuthenticateOidcActionUserInfoEndpoint, required: true, location_name: "UserInfoEndpoint"))
+    AuthenticateOidcActionConfig.add_member(:client_id, Shapes::ShapeRef.new(shape: AuthenticateOidcActionClientId, required: true, location_name: "ClientId"))
+    AuthenticateOidcActionConfig.add_member(:client_secret, Shapes::ShapeRef.new(shape: AuthenticateOidcActionClientSecret, required: true, location_name: "ClientSecret"))
+    AuthenticateOidcActionConfig.add_member(:session_cookie_name, Shapes::ShapeRef.new(shape: AuthenticateOidcActionSessionCookieName, location_name: "SessionCookieName"))
+    AuthenticateOidcActionConfig.add_member(:scope, Shapes::ShapeRef.new(shape: AuthenticateOidcActionScope, location_name: "Scope"))
+    AuthenticateOidcActionConfig.add_member(:session_timeout, Shapes::ShapeRef.new(shape: AuthenticateOidcActionSessionTimeout, location_name: "SessionTimeout"))
+    AuthenticateOidcActionConfig.add_member(:authentication_request_extra_params, Shapes::ShapeRef.new(shape: AuthenticateOidcActionAuthenticationRequestExtraParams, location_name: "AuthenticationRequestExtraParams"))
+    AuthenticateOidcActionConfig.add_member(:on_unauthenticated_request, Shapes::ShapeRef.new(shape: AuthenticateOidcActionConditionalBehaviorEnum, location_name: "OnUnauthenticatedRequest"))
+    AuthenticateOidcActionConfig.struct_class = Types::AuthenticateOidcActionConfig
+
     AvailabilityZone.add_member(:zone_name, Shapes::ShapeRef.new(shape: ZoneName, location_name: "ZoneName"))
     AvailabilityZone.add_member(:subnet_id, Shapes::ShapeRef.new(shape: SubnetId, location_name: "SubnetId"))
     AvailabilityZone.add_member(:load_balancer_addresses, Shapes::ShapeRef.new(shape: LoadBalancerAddresses, location_name: "LoadBalancerAddresses"))
@@ -605,7 +665,7 @@ module Aws::ElasticLoadBalancingV2
     SetSecurityGroupsOutput.struct_class = Types::SetSecurityGroupsOutput
 
     SetSubnetsInput.add_member(:load_balancer_arn, Shapes::ShapeRef.new(shape: LoadBalancerArn, required: true, location_name: "LoadBalancerArn"))
-    SetSubnetsInput.add_member(:subnets, Shapes::ShapeRef.new(shape: Subnets, required: true, location_name: "Subnets"))
+    SetSubnetsInput.add_member(:subnets, Shapes::ShapeRef.new(shape: Subnets, location_name: "Subnets"))
     SetSubnetsInput.add_member(:subnet_mappings, Shapes::ShapeRef.new(shape: SubnetMappings, location_name: "SubnetMappings"))
     SetSubnetsInput.struct_class = Types::SetSubnetsInput
 
@@ -749,6 +809,8 @@ module Aws::ElasticLoadBalancingV2
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedProtocolException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyRegistrationsForTargetIdException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyTargetsException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyActionsException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidLoadBalancerActionException)
       end)
 
       api.add_operation(:create_load_balancer, Seahorse::Model::Operation.new.tap do |o|
@@ -788,6 +850,9 @@ module Aws::ElasticLoadBalancingV2
         o.errors << Shapes::ShapeRef.new(shape: InvalidConfigurationRequestException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyRegistrationsForTargetIdException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyTargetsException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedProtocolException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyActionsException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidLoadBalancerActionException)
       end)
 
       api.add_operation(:create_target_group, Seahorse::Model::Operation.new.tap do |o|
@@ -875,6 +940,7 @@ module Aws::ElasticLoadBalancingV2
         o.output = Shapes::ShapeRef.new(shape: DescribeListenersOutput)
         o.errors << Shapes::ShapeRef.new(shape: ListenerNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: LoadBalancerNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedProtocolException)
         o[:pager] = Aws::Pager.new(
           tokens: {
             "next_marker" => "marker"
@@ -913,6 +979,7 @@ module Aws::ElasticLoadBalancingV2
         o.output = Shapes::ShapeRef.new(shape: DescribeRulesOutput)
         o.errors << Shapes::ShapeRef.new(shape: ListenerNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: RuleNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedProtocolException)
       end)
 
       api.add_operation(:describe_ssl_policies, Seahorse::Model::Operation.new.tap do |o|
@@ -990,6 +1057,8 @@ module Aws::ElasticLoadBalancingV2
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedProtocolException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyRegistrationsForTargetIdException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyTargetsException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyActionsException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidLoadBalancerActionException)
       end)
 
       api.add_operation(:modify_load_balancer_attributes, Seahorse::Model::Operation.new.tap do |o|
@@ -1015,6 +1084,9 @@ module Aws::ElasticLoadBalancingV2
         o.errors << Shapes::ShapeRef.new(shape: TooManyRegistrationsForTargetIdException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyTargetsException)
         o.errors << Shapes::ShapeRef.new(shape: TargetGroupNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedProtocolException)
+        o.errors << Shapes::ShapeRef.new(shape: TooManyActionsException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidLoadBalancerActionException)
       end)
 
       api.add_operation(:modify_target_group, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-elasticloadbalancingv2/types.rb

@@ -14,23 +14,77 @@ module Aws::ElasticLoadBalancingV2
     #   data as a hash:
     #
     #       {
-    #         type: "forward", # required, accepts forward
-    #         target_group_arn: "TargetGroupArn", # required
+    #         type: "forward", # required, accepts forward, authenticate-oidc, authenticate-cognito
+    #         target_group_arn: "TargetGroupArn",
+    #         authenticate_oidc_config: {
+    #           issuer: "AuthenticateOidcActionIssuer", # required
+    #           authorization_endpoint: "AuthenticateOidcActionAuthorizationEndpoint", # required
+    #           token_endpoint: "AuthenticateOidcActionTokenEndpoint", # required
+    #           user_info_endpoint: "AuthenticateOidcActionUserInfoEndpoint", # required
+    #           client_id: "AuthenticateOidcActionClientId", # required
+    #           client_secret: "AuthenticateOidcActionClientSecret", # required
+    #           session_cookie_name: "AuthenticateOidcActionSessionCookieName",
+    #           scope: "AuthenticateOidcActionScope",
+    #           session_timeout: 1,
+    #           authentication_request_extra_params: {
+    #             "AuthenticateOidcActionAuthenticationRequestParamName" => "AuthenticateOidcActionAuthenticationRequestParamValue",
+    #           },
+    #           on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
+    #         },
+    #         authenticate_cognito_config: {
+    #           user_pool_arn: "AuthenticateCognitoActionUserPoolArn", # required
+    #           user_pool_client_id: "AuthenticateCognitoActionUserPoolClientId", # required
+    #           user_pool_domain: "AuthenticateCognitoActionUserPoolDomain", # required
+    #           session_cookie_name: "AuthenticateCognitoActionSessionCookieName",
+    #           scope: "AuthenticateCognitoActionScope",
+    #           session_timeout: 1,
+    #           authentication_request_extra_params: {
+    #             "AuthenticateCognitoActionAuthenticationRequestParamName" => "AuthenticateCognitoActionAuthenticationRequestParamValue",
+    #           },
+    #           on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
+    #         },
+    #         order: 1,
     #       }
     #
     # @!attribute [rw] type
-    #   The type of action.
+    #   The type of action. Each rule must include one forward action.
     #   @return [String]
     #
     # @!attribute [rw] target_group_arn
-    #   The Amazon Resource Name (ARN) of the target group.
-    #   @return [String]
+    #   The Amazon Resource Name (ARN) of the target group. Specify only
+    #   when `Type` is `forward`.
+    #
+    #   For a default rule, the protocol of the target group must be HTTP or
+    #   HTTPS for an Application Load Balancer or TCP for a Network Load
+    #   Balancer.
+    #   @return [String]
+    #
+    # @!attribute [rw] authenticate_oidc_config
+    #   \[HTTPS listener\] Information about an identity provider that is
+    #   compliant with OpenID Connect (OIDC). Specify only when `Type` is
+    #   `authenticate-oidc`.
+    #   @return [Types::AuthenticateOidcActionConfig]
+    #
+    # @!attribute [rw] authenticate_cognito_config
+    #   \[HTTPS listener\] Information for using Amazon Cognito to
+    #   authenticate users. Specify only when `Type` is
+    #   `authenticate-cognito`.
+    #   @return [Types::AuthenticateCognitoActionConfig]
+    #
+    # @!attribute [rw] order
+    #   The order for the action. This value is required for rules with
+    #   multiple actions. The action with the lowest value for order is
+    #   performed first. The forward action must be performed last.
+    #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/Action AWS API Documentation
     #
     class Action < Struct.new(
       :type,
-      :target_group_arn)
+      :target_group_arn,
+      :authenticate_oidc_config,
+      :authenticate_cognito_config,
+      :order)
       include Aws::Structure
     end
 
@@ -107,6 +161,189 @@ module Aws::ElasticLoadBalancingV2
     #
     class AddTagsOutput < Aws::EmptyStructure; end
 
+    # Request parameters to use when integrating with Amazon Cognito to
+    # authenticate users.
+    #
+    # @note When making an API call, you may pass AuthenticateCognitoActionConfig
+    #   data as a hash:
+    #
+    #       {
+    #         user_pool_arn: "AuthenticateCognitoActionUserPoolArn", # required
+    #         user_pool_client_id: "AuthenticateCognitoActionUserPoolClientId", # required
+    #         user_pool_domain: "AuthenticateCognitoActionUserPoolDomain", # required
+    #         session_cookie_name: "AuthenticateCognitoActionSessionCookieName",
+    #         scope: "AuthenticateCognitoActionScope",
+    #         session_timeout: 1,
+    #         authentication_request_extra_params: {
+    #           "AuthenticateCognitoActionAuthenticationRequestParamName" => "AuthenticateCognitoActionAuthenticationRequestParamValue",
+    #         },
+    #         on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
+    #       }
+    #
+    # @!attribute [rw] user_pool_arn
+    #   The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
+    #   @return [String]
+    #
+    # @!attribute [rw] user_pool_client_id
+    #   The ID of the Amazon Cognito user pool client.
+    #   @return [String]
+    #
+    # @!attribute [rw] user_pool_domain
+    #   The domain prefix or fully-qualified domain name of the Amazon
+    #   Cognito user pool.
+    #   @return [String]
+    #
+    # @!attribute [rw] session_cookie_name
+    #   The name of the cookie used to maintain session information. The
+    #   default is AWSELBAuthSessionCookie.
+    #   @return [String]
+    #
+    # @!attribute [rw] scope
+    #   The set of user claims to be requested from the IdP. The default is
+    #   `openid`.
+    #
+    #   To verify which scope values your IdP supports and how to separate
+    #   multiple values, see the documentation for your IdP.
+    #   @return [String]
+    #
+    # @!attribute [rw] session_timeout
+    #   The maximum duration of the authentication session, in seconds. The
+    #   default is 604800 seconds (7 days).
+    #   @return [Integer]
+    #
+    # @!attribute [rw] authentication_request_extra_params
+    #   The query parameters (up to 10) to include in the redirect request
+    #   to the authorization endpoint.
+    #   @return [Hash<String,String>]
+    #
+    # @!attribute [rw] on_unauthenticated_request
+    #   The behavior if the user is not authenticated. The following are
+    #   possible values:
+    #
+    #   * deny`` - Return an HTTP 401 Unauthorized error.
+    #
+    #   * allow`` - Allow the request to be forwarded to the target.
+    #
+    #   * authenticate`` - Redirect the request to the IdP authorization
+    #     endpoint. This is the default value.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/AuthenticateCognitoActionConfig AWS API Documentation
+    #
+    class AuthenticateCognitoActionConfig < Struct.new(
+      :user_pool_arn,
+      :user_pool_client_id,
+      :user_pool_domain,
+      :session_cookie_name,
+      :scope,
+      :session_timeout,
+      :authentication_request_extra_params,
+      :on_unauthenticated_request)
+      include Aws::Structure
+    end
+
+    # Request parameters when using an identity provider (IdP) that is
+    # compliant with OpenID Connect (OIDC) to authenticate users.
+    #
+    # @note When making an API call, you may pass AuthenticateOidcActionConfig
+    #   data as a hash:
+    #
+    #       {
+    #         issuer: "AuthenticateOidcActionIssuer", # required
+    #         authorization_endpoint: "AuthenticateOidcActionAuthorizationEndpoint", # required
+    #         token_endpoint: "AuthenticateOidcActionTokenEndpoint", # required
+    #         user_info_endpoint: "AuthenticateOidcActionUserInfoEndpoint", # required
+    #         client_id: "AuthenticateOidcActionClientId", # required
+    #         client_secret: "AuthenticateOidcActionClientSecret", # required
+    #         session_cookie_name: "AuthenticateOidcActionSessionCookieName",
+    #         scope: "AuthenticateOidcActionScope",
+    #         session_timeout: 1,
+    #         authentication_request_extra_params: {
+    #           "AuthenticateOidcActionAuthenticationRequestParamName" => "AuthenticateOidcActionAuthenticationRequestParamValue",
+    #         },
+    #         on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
+    #       }
+    #
+    # @!attribute [rw] issuer
+    #   The OIDC issuer identifier of the IdP. This must be a full URL,
+    #   including the HTTPS protocol, the domain, and the path.
+    #   @return [String]
+    #
+    # @!attribute [rw] authorization_endpoint
+    #   The authorization endpoint of the IdP. This must be a full URL,
+    #   including the HTTPS protocol, the domain, and the path.
+    #   @return [String]
+    #
+    # @!attribute [rw] token_endpoint
+    #   The token endpoint of the IdP. This must be a full URL, including
+    #   the HTTPS protocol, the domain, and the path.
+    #   @return [String]
+    #
+    # @!attribute [rw] user_info_endpoint
+    #   The user info endpoint of the IdP. This must be a full URL,
+    #   including the HTTPS protocol, the domain, and the path.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_id
+    #   The OAuth 2.0 client identifier.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_secret
+    #   The OAuth 2.0 client secret.
+    #   @return [String]
+    #
+    # @!attribute [rw] session_cookie_name
+    #   The name of the cookie used to maintain session information. The
+    #   default is AWSELBAuthSessionCookie.
+    #   @return [String]
+    #
+    # @!attribute [rw] scope
+    #   The set of user claims to be requested from the IdP. The default is
+    #   `openid`.
+    #
+    #   To verify which scope values your IdP supports and how to separate
+    #   multiple values, see the documentation for your IdP.
+    #   @return [String]
+    #
+    # @!attribute [rw] session_timeout
+    #   The maximum duration of the authentication session, in seconds. The
+    #   default is 604800 seconds (7 days).
+    #   @return [Integer]
+    #
+    # @!attribute [rw] authentication_request_extra_params
+    #   The query parameters (up to 10) to include in the redirect request
+    #   to the authorization endpoint.
+    #   @return [Hash<String,String>]
+    #
+    # @!attribute [rw] on_unauthenticated_request
+    #   The behavior if the user is not authenticated. The following are
+    #   possible values:
+    #
+    #   * deny`` - Return an HTTP 401 Unauthorized error.
+    #
+    #   * allow`` - Allow the request to be forwarded to the target.
+    #
+    #   * authenticate`` - Redirect the request to the IdP authorization
+    #     endpoint. This is the default value.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/AuthenticateOidcActionConfig AWS API Documentation
+    #
+    class AuthenticateOidcActionConfig < Struct.new(
+      :issuer,
+      :authorization_endpoint,
+      :token_endpoint,
+      :user_info_endpoint,
+      :client_id,
+      :client_secret,
+      :session_cookie_name,
+      :scope,
+      :session_timeout,
+      :authentication_request_extra_params,
+      :on_unauthenticated_request)
+      include Aws::Structure
+    end
+
     # Information about an Availability Zone.
     #
     # @!attribute [rw] zone_name
@@ -190,8 +427,36 @@ module Aws::ElasticLoadBalancingV2
     #         ],
     #         default_actions: [ # required
     #           {
-    #             type: "forward", # required, accepts forward
-    #             target_group_arn: "TargetGroupArn", # required
+    #             type: "forward", # required, accepts forward, authenticate-oidc, authenticate-cognito
+    #             target_group_arn: "TargetGroupArn",
+    #             authenticate_oidc_config: {
+    #               issuer: "AuthenticateOidcActionIssuer", # required
+    #               authorization_endpoint: "AuthenticateOidcActionAuthorizationEndpoint", # required
+    #               token_endpoint: "AuthenticateOidcActionTokenEndpoint", # required
+    #               user_info_endpoint: "AuthenticateOidcActionUserInfoEndpoint", # required
+    #               client_id: "AuthenticateOidcActionClientId", # required
+    #               client_secret: "AuthenticateOidcActionClientSecret", # required
+    #               session_cookie_name: "AuthenticateOidcActionSessionCookieName",
+    #               scope: "AuthenticateOidcActionScope",
+    #               session_timeout: 1,
+    #               authentication_request_extra_params: {
+    #                 "AuthenticateOidcActionAuthenticationRequestParamName" => "AuthenticateOidcActionAuthenticationRequestParamValue",
+    #               },
+    #               on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
+    #             },
+    #             authenticate_cognito_config: {
+    #               user_pool_arn: "AuthenticateCognitoActionUserPoolArn", # required
+    #               user_pool_client_id: "AuthenticateCognitoActionUserPoolClientId", # required
+    #               user_pool_domain: "AuthenticateCognitoActionUserPoolDomain", # required
+    #               session_cookie_name: "AuthenticateCognitoActionSessionCookieName",
+    #               scope: "AuthenticateCognitoActionScope",
+    #               session_timeout: 1,
+    #               authentication_request_extra_params: {
+    #                 "AuthenticateCognitoActionAuthenticationRequestParamName" => "AuthenticateCognitoActionAuthenticationRequestParamValue",
+    #               },
+    #               on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
+    #             },
+    #             order: 1,
     #           },
     #         ],
     #       }
@@ -217,15 +482,25 @@ module Aws::ElasticLoadBalancingV2
     #   @return [String]
     #
     # @!attribute [rw] certificates
-    #   \[HTTPS listeners\] The SSL server certificate. You must provide
-    #   exactly one certificate.
+    #   \[HTTPS listeners\] The default SSL server certificate. You must
+    #   provide exactly one certificate. To create a certificate list, use
+    #   AddListenerCertificates.
     #   @return [Array<Types::Certificate>]
     #
     # @!attribute [rw] default_actions
-    #   The default action for the listener. For Application Load Balancers,
-    #   the protocol of the specified target group must be HTTP or HTTPS.
-    #   For Network Load Balancers, the protocol of the specified target
-    #   group must be TCP.
+    #   The actions for the default rule. The rule must include one forward
+    #   action.
+    #
+    #   If the action type is `forward`, you can specify a single target
+    #   group. The protocol of the target group must be HTTP or HTTPS for an
+    #   Application Load Balancer or TCP for a Network Load Balancer.
+    #
+    #   If the action type is `authenticate-oidc`, you can use an identity
+    #   provider that is OpenID Connect (OIDC) compliant to authenticate
+    #   users as they access your application.
+    #
+    #   If the action type is `authenticate-cognito`, you can use Amazon
+    #   Cognito to authenticate users as they access your application.
     #   @return [Array<Types::Action>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/CreateListenerInput AWS API Documentation
@@ -385,8 +660,36 @@ module Aws::ElasticLoadBalancingV2
     #         priority: 1, # required
     #         actions: [ # required
     #           {
-    #             type: "forward", # required, accepts forward
-    #             target_group_arn: "TargetGroupArn", # required
+    #             type: "forward", # required, accepts forward, authenticate-oidc, authenticate-cognito
+    #             target_group_arn: "TargetGroupArn",
+    #             authenticate_oidc_config: {
+    #               issuer: "AuthenticateOidcActionIssuer", # required
+    #               authorization_endpoint: "AuthenticateOidcActionAuthorizationEndpoint", # required
+    #               token_endpoint: "AuthenticateOidcActionTokenEndpoint", # required
+    #               user_info_endpoint: "AuthenticateOidcActionUserInfoEndpoint", # required
+    #               client_id: "AuthenticateOidcActionClientId", # required
+    #               client_secret: "AuthenticateOidcActionClientSecret", # required
+    #               session_cookie_name: "AuthenticateOidcActionSessionCookieName",
+    #               scope: "AuthenticateOidcActionScope",
+    #               session_timeout: 1,
+    #               authentication_request_extra_params: {
+    #                 "AuthenticateOidcActionAuthenticationRequestParamName" => "AuthenticateOidcActionAuthenticationRequestParamValue",
+    #               },
+    #               on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
+    #             },
+    #             authenticate_cognito_config: {
+    #               user_pool_arn: "AuthenticateCognitoActionUserPoolArn", # required
+    #               user_pool_client_id: "AuthenticateCognitoActionUserPoolClientId", # required
+    #               user_pool_domain: "AuthenticateCognitoActionUserPoolDomain", # required
+    #               session_cookie_name: "AuthenticateCognitoActionSessionCookieName",
+    #               scope: "AuthenticateCognitoActionScope",
+    #               session_timeout: 1,
+    #               authentication_request_extra_params: {
+    #                 "AuthenticateCognitoActionAuthenticationRequestParamName" => "AuthenticateCognitoActionAuthenticationRequestParamValue",
+    #               },
+    #               on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
+    #             },
+    #             order: 1,
     #           },
     #         ],
     #       }
@@ -431,13 +734,22 @@ module Aws::ElasticLoadBalancingV2
     #   @return [Array<Types::RuleCondition>]
     #
     # @!attribute [rw] priority
-    #   The priority for the rule. A listener can't have multiple rules
-    #   with the same priority.
+    #   The rule priority. A listener can't have multiple rules with the
+    #   same priority.
     #   @return [Integer]
     #
     # @!attribute [rw] actions
-    #   An action. Each action has the type `forward` and specifies a target
+    #   The actions. Each rule must include one forward action.
+    #
+    #   If the action type is `forward`, you can specify a single target
     #   group.
+    #
+    #   If the action type is `authenticate-oidc`, you can use an identity
+    #   provider that is OpenID Connect (OIDC) compliant to authenticate
+    #   users as they access your application.
+    #
+    #   If the action type is `authenticate-cognito`, you can use Amazon
+    #   Cognito to authenticate users as they access your application.
     #   @return [Array<Types::Action>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/CreateRuleInput AWS API Documentation
@@ -1527,8 +1839,36 @@ module Aws::ElasticLoadBalancingV2
     #         ],
     #         default_actions: [
     #           {
-    #             type: "forward", # required, accepts forward
-    #             target_group_arn: "TargetGroupArn", # required
+    #             type: "forward", # required, accepts forward, authenticate-oidc, authenticate-cognito
+    #             target_group_arn: "TargetGroupArn",
+    #             authenticate_oidc_config: {
+    #               issuer: "AuthenticateOidcActionIssuer", # required
+    #               authorization_endpoint: "AuthenticateOidcActionAuthorizationEndpoint", # required
+    #               token_endpoint: "AuthenticateOidcActionTokenEndpoint", # required
+    #               user_info_endpoint: "AuthenticateOidcActionUserInfoEndpoint", # required
+    #               client_id: "AuthenticateOidcActionClientId", # required
+    #               client_secret: "AuthenticateOidcActionClientSecret", # required
+    #               session_cookie_name: "AuthenticateOidcActionSessionCookieName",
+    #               scope: "AuthenticateOidcActionScope",
+    #               session_timeout: 1,
+    #               authentication_request_extra_params: {
+    #                 "AuthenticateOidcActionAuthenticationRequestParamName" => "AuthenticateOidcActionAuthenticationRequestParamValue",
+    #               },
+    #               on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
+    #             },
+    #             authenticate_cognito_config: {
+    #               user_pool_arn: "AuthenticateCognitoActionUserPoolArn", # required
+    #               user_pool_client_id: "AuthenticateCognitoActionUserPoolClientId", # required
+    #               user_pool_domain: "AuthenticateCognitoActionUserPoolDomain", # required
+    #               session_cookie_name: "AuthenticateCognitoActionSessionCookieName",
+    #               scope: "AuthenticateCognitoActionScope",
+    #               session_timeout: 1,
+    #               authentication_request_extra_params: {
+    #                 "AuthenticateCognitoActionAuthenticationRequestParamName" => "AuthenticateCognitoActionAuthenticationRequestParamValue",
+    #               },
+    #               on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
+    #             },
+    #             order: 1,
     #           },
     #         ],
     #       }
@@ -1548,9 +1888,9 @@ module Aws::ElasticLoadBalancingV2
     #   @return [String]
     #
     # @!attribute [rw] ssl_policy
-    #   The security policy that defines which protocols and ciphers are
-    #   supported. For more information, see [Security Policies][1] in the
-    #   *Application Load Balancers Guide*.
+    #   \[HTTPS listeners\] The security policy that defines which protocols
+    #   and ciphers are supported. For more information, see [Security
+    #   Policies][1] in the *Application Load Balancers Guide*.
     #
     #
     #
@@ -1558,13 +1898,25 @@ module Aws::ElasticLoadBalancingV2
     #   @return [String]
     #
     # @!attribute [rw] certificates
-    #   The default SSL server certificate.
+    #   \[HTTPS listeners\] The default SSL server certificate. You must
+    #   provide exactly one certificate. To create a certificate list, use
+    #   AddListenerCertificates.
     #   @return [Array<Types::Certificate>]
     #
     # @!attribute [rw] default_actions
-    #   The default action. For Application Load Balancers, the protocol of
-    #   the specified target group must be HTTP or HTTPS. For Network Load
-    #   Balancers, the protocol of the specified target group must be TCP.
+    #   The actions for the default rule. The rule must include one forward
+    #   action.
+    #
+    #   If the action type is `forward`, you can specify a single target
+    #   group. The protocol of the target group must be HTTP or HTTPS for an
+    #   Application Load Balancer or TCP for a Network Load Balancer.
+    #
+    #   If the action type is `authenticate-oidc`, you can use an identity
+    #   provider that is OpenID Connect (OIDC) compliant to authenticate
+    #   users as they access your application.
+    #
+    #   If the action type is `authenticate-cognito`, you can use Amazon
+    #   Cognito to authenticate users as they access your application.
     #   @return [Array<Types::Action>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyListenerInput AWS API Documentation
@@ -1580,7 +1932,7 @@ module Aws::ElasticLoadBalancingV2
     end
 
     # @!attribute [rw] listeners
-    #   Information about the modified listeners.
+    #   Information about the modified listener.
     #   @return [Array<Types::Listener>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyListenerOutput AWS API Documentation
@@ -1643,8 +1995,36 @@ module Aws::ElasticLoadBalancingV2
     #         ],
     #         actions: [
     #           {
-    #             type: "forward", # required, accepts forward
-    #             target_group_arn: "TargetGroupArn", # required
+    #             type: "forward", # required, accepts forward, authenticate-oidc, authenticate-cognito
+    #             target_group_arn: "TargetGroupArn",
+    #             authenticate_oidc_config: {
+    #               issuer: "AuthenticateOidcActionIssuer", # required
+    #               authorization_endpoint: "AuthenticateOidcActionAuthorizationEndpoint", # required
+    #               token_endpoint: "AuthenticateOidcActionTokenEndpoint", # required
+    #               user_info_endpoint: "AuthenticateOidcActionUserInfoEndpoint", # required
+    #               client_id: "AuthenticateOidcActionClientId", # required
+    #               client_secret: "AuthenticateOidcActionClientSecret", # required
+    #               session_cookie_name: "AuthenticateOidcActionSessionCookieName",
+    #               scope: "AuthenticateOidcActionScope",
+    #               session_timeout: 1,
+    #               authentication_request_extra_params: {
+    #                 "AuthenticateOidcActionAuthenticationRequestParamName" => "AuthenticateOidcActionAuthenticationRequestParamValue",
+    #               },
+    #               on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
+    #             },
+    #             authenticate_cognito_config: {
+    #               user_pool_arn: "AuthenticateCognitoActionUserPoolArn", # required
+    #               user_pool_client_id: "AuthenticateCognitoActionUserPoolClientId", # required
+    #               user_pool_domain: "AuthenticateCognitoActionUserPoolDomain", # required
+    #               session_cookie_name: "AuthenticateCognitoActionSessionCookieName",
+    #               scope: "AuthenticateCognitoActionScope",
+    #               session_timeout: 1,
+    #               authentication_request_extra_params: {
+    #                 "AuthenticateCognitoActionAuthenticationRequestParamName" => "AuthenticateCognitoActionAuthenticationRequestParamValue",
+    #               },
+    #               on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
+    #             },
+    #             order: 1,
     #           },
     #         ],
     #       }
@@ -1654,11 +2034,52 @@ module Aws::ElasticLoadBalancingV2
     #   @return [String]
     #
     # @!attribute [rw] conditions
-    #   The conditions.
+    #   The conditions. Each condition specifies a field name and a single
+    #   value.
+    #
+    #   If the field name is `host-header`, you can specify a single host
+    #   name (for example, my.example.com). A host name is case insensitive,
+    #   can be up to 128 characters in length, and can contain any of the
+    #   following characters. Note that you can include up to three wildcard
+    #   characters.
+    #
+    #   * A-Z, a-z, 0-9
+    #
+    #   * \- .
+    #
+    #   * * (matches 0 or more characters)
+    #
+    #   * ? (matches exactly 1 character)
+    #
+    #   If the field name is `path-pattern`, you can specify a single path
+    #   pattern. A path pattern is case sensitive, can be up to 128
+    #   characters in length, and can contain any of the following
+    #   characters. Note that you can include up to three wildcard
+    #   characters.
+    #
+    #   * A-Z, a-z, 0-9
+    #
+    #   * \_ - . $ / ~ " ' @ : +
+    #
+    #   * &amp; (using &amp;amp;)
+    #
+    #   * * (matches 0 or more characters)
+    #
+    #   * ? (matches exactly 1 character)
     #   @return [Array<Types::RuleCondition>]
     #
     # @!attribute [rw] actions
-    #   The actions. The target group must use the HTTP or HTTPS protocol.
+    #   The actions.
+    #
+    #   If the action type is `forward`, you can specify a single target
+    #   group.
+    #
+    #   If the action type is `authenticate-oidc`, you can use an identity
+    #   provider that is OpenID Connect (OIDC) compliant to authenticate
+    #   users as they access your application.
+    #
+    #   If the action type is `authenticate-cognito`, you can use Amazon
+    #   Cognito to authenticate users as they access your application.
     #   @return [Array<Types::Action>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyRuleInput AWS API Documentation
@@ -1671,7 +2092,7 @@ module Aws::ElasticLoadBalancingV2
     end
 
     # @!attribute [rw] rules
-    #   Information about the rule.
+    #   Information about the modified rule.
     #   @return [Array<Types::Rule>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyRuleOutput AWS API Documentation
@@ -1802,7 +2223,7 @@ module Aws::ElasticLoadBalancingV2
     end
 
     # @!attribute [rw] target_groups
-    #   Information about the target group.
+    #   Information about the modified target group.
     #   @return [Array<Types::TargetGroup>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/ModifyTargetGroupOutput AWS API Documentation
@@ -2134,7 +2555,7 @@ module Aws::ElasticLoadBalancingV2
     #
     #       {
     #         load_balancer_arn: "LoadBalancerArn", # required
-    #         subnets: ["SubnetId"], # required
+    #         subnets: ["SubnetId"],
     #         subnet_mappings: [
     #           {
     #             subnet_id: "SubnetId",