aws-sdk-elasticloadbalancingv2 1.141.0 → 1.142.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 52dbaa1a6bdbf36328749c934a18387eabead2175a654c9a7e1af21c203bc029
-  data.tar.gz: d056c12ff01f0e1ace8f32b127c8179078daefb7f4f72a466a7b0760544d0105
+  metadata.gz: 404373b3c0d2ab620f93f929d9550538f308328565bc2bba0fea83caf9f4d03b
+  data.tar.gz: 4c5a72ddcfc0d8c0eb7cd8b6df38bab571d64dbe801cef66e3f0638d80148e2f
 SHA512:
-  metadata.gz: 117ff320c353d5996ccd4d45a38856777fe855fbcfb3ece19460a4a634a8f61b84617607777734ed6f114fcacdefa0d2f82c3cd3d57c6dfd944967d5408b7ab1
-  data.tar.gz: 5d44da29ba58bf5ca702f65a724476ec21b442e3e1e4a49e2587590375add59de966908a0e3c29ea0b69ea12d2e58af9a687c2ac354ef206e54c0f3a33a8a725
+  metadata.gz: 48506224731ff60f6c03ce2c50ade001f733c217631263bbb1ddcacd5a6c208a92e591c1f9ddc9333eae616cb8103cf3188a4411d0ce6831e144c6e51f4720fa
+  data.tar.gz: d55eb10fad6d8508afb246cc6cd08a614a2fa6df5a1ee2278e1051fd28ecef0dc72146846012dabebb87c8b10544e3ba64a1c2c91c6badd0ea5eee4a246089be

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.142.0 (2025-11-12)
+------------------
+
+* Feature - This release expands ALB Authentication to support JWT verification and adds support for a new JWT validation action in listener rule.
+
 1.141.0 (2025-10-21)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.141.0
+1.142.0

data/lib/aws-sdk-elasticloadbalancingv2/client.rb

@@ -820,7 +820,7 @@ module Aws::ElasticLoadBalancingV2
     #     ],
     #     default_actions: [ # required
     #       {
-    #         type: "forward", # required, accepts forward, authenticate-oidc, authenticate-cognito, redirect, fixed-response
+    #         type: "forward", # required, accepts forward, authenticate-oidc, authenticate-cognito, redirect, fixed-response, jwt-validation
     #         target_group_arn: "TargetGroupArn",
     #         authenticate_oidc_config: {
     #           issuer: "AuthenticateOidcActionIssuer", # required
@@ -876,6 +876,17 @@ module Aws::ElasticLoadBalancingV2
     #             duration_seconds: 1,
     #           },
     #         },
+    #         jwt_validation_config: {
+    #           jwks_endpoint: "JwtValidationActionJwksEndpoint", # required
+    #           issuer: "JwtValidationActionIssuer", # required
+    #           additional_claims: [
+    #             {
+    #               format: "single-string", # required, accepts single-string, string-array, space-separated-values
+    #               name: "JwtValidationActionAdditionalClaimName", # required
+    #               values: ["JwtValidationActionAdditionalClaimValue"], # required
+    #             },
+    #           ],
+    #         },
     #       },
     #     ],
     #     alpn_policy: ["AlpnPolicyValue"],
@@ -906,7 +917,7 @@ module Aws::ElasticLoadBalancingV2
     #   resp.listeners[0].certificates[0].is_default #=> Boolean
     #   resp.listeners[0].ssl_policy #=> String
     #   resp.listeners[0].default_actions #=> Array
-    #   resp.listeners[0].default_actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response"
+    #   resp.listeners[0].default_actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response", "jwt-validation"
     #   resp.listeners[0].default_actions[0].target_group_arn #=> String
     #   resp.listeners[0].default_actions[0].authenticate_oidc_config.issuer #=> String
     #   resp.listeners[0].default_actions[0].authenticate_oidc_config.authorization_endpoint #=> String
@@ -945,6 +956,13 @@ module Aws::ElasticLoadBalancingV2
     #   resp.listeners[0].default_actions[0].forward_config.target_groups[0].weight #=> Integer
     #   resp.listeners[0].default_actions[0].forward_config.target_group_stickiness_config.enabled #=> Boolean
     #   resp.listeners[0].default_actions[0].forward_config.target_group_stickiness_config.duration_seconds #=> Integer
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.jwks_endpoint #=> String
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.issuer #=> String
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims #=> Array
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims[0].format #=> String, one of "single-string", "string-array", "space-separated-values"
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims[0].name #=> String
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims[0].values #=> Array
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims[0].values[0] #=> String
     #   resp.listeners[0].alpn_policy #=> Array
     #   resp.listeners[0].alpn_policy[0] #=> String
     #   resp.listeners[0].mutual_authentication.mode #=> String
@@ -1386,7 +1404,7 @@ module Aws::ElasticLoadBalancingV2
     #     priority: 1, # required
     #     actions: [ # required
     #       {
-    #         type: "forward", # required, accepts forward, authenticate-oidc, authenticate-cognito, redirect, fixed-response
+    #         type: "forward", # required, accepts forward, authenticate-oidc, authenticate-cognito, redirect, fixed-response, jwt-validation
     #         target_group_arn: "TargetGroupArn",
     #         authenticate_oidc_config: {
     #           issuer: "AuthenticateOidcActionIssuer", # required
@@ -1442,6 +1460,17 @@ module Aws::ElasticLoadBalancingV2
     #             duration_seconds: 1,
     #           },
     #         },
+    #         jwt_validation_config: {
+    #           jwks_endpoint: "JwtValidationActionJwksEndpoint", # required
+    #           issuer: "JwtValidationActionIssuer", # required
+    #           additional_claims: [
+    #             {
+    #               format: "single-string", # required, accepts single-string, string-array, space-separated-values
+    #               name: "JwtValidationActionAdditionalClaimName", # required
+    #               values: ["JwtValidationActionAdditionalClaimValue"], # required
+    #             },
+    #           ],
+    #         },
     #       },
     #     ],
     #     tags: [
@@ -1505,7 +1534,7 @@ module Aws::ElasticLoadBalancingV2
     #   resp.rules[0].conditions[0].regex_values #=> Array
     #   resp.rules[0].conditions[0].regex_values[0] #=> String
     #   resp.rules[0].actions #=> Array
-    #   resp.rules[0].actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response"
+    #   resp.rules[0].actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response", "jwt-validation"
     #   resp.rules[0].actions[0].target_group_arn #=> String
     #   resp.rules[0].actions[0].authenticate_oidc_config.issuer #=> String
     #   resp.rules[0].actions[0].authenticate_oidc_config.authorization_endpoint #=> String
@@ -1544,6 +1573,13 @@ module Aws::ElasticLoadBalancingV2
     #   resp.rules[0].actions[0].forward_config.target_groups[0].weight #=> Integer
     #   resp.rules[0].actions[0].forward_config.target_group_stickiness_config.enabled #=> Boolean
     #   resp.rules[0].actions[0].forward_config.target_group_stickiness_config.duration_seconds #=> Integer
+    #   resp.rules[0].actions[0].jwt_validation_config.jwks_endpoint #=> String
+    #   resp.rules[0].actions[0].jwt_validation_config.issuer #=> String
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims #=> Array
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].format #=> String, one of "single-string", "string-array", "space-separated-values"
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].name #=> String
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].values #=> Array
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].values[0] #=> String
     #   resp.rules[0].is_default #=> Boolean
     #   resp.rules[0].transforms #=> Array
     #   resp.rules[0].transforms[0].type #=> String, one of "host-header-rewrite", "url-rewrite"
@@ -2423,7 +2459,7 @@ module Aws::ElasticLoadBalancingV2
     #   resp.listeners[0].certificates[0].is_default #=> Boolean
     #   resp.listeners[0].ssl_policy #=> String
     #   resp.listeners[0].default_actions #=> Array
-    #   resp.listeners[0].default_actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response"
+    #   resp.listeners[0].default_actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response", "jwt-validation"
     #   resp.listeners[0].default_actions[0].target_group_arn #=> String
     #   resp.listeners[0].default_actions[0].authenticate_oidc_config.issuer #=> String
     #   resp.listeners[0].default_actions[0].authenticate_oidc_config.authorization_endpoint #=> String
@@ -2462,6 +2498,13 @@ module Aws::ElasticLoadBalancingV2
     #   resp.listeners[0].default_actions[0].forward_config.target_groups[0].weight #=> Integer
     #   resp.listeners[0].default_actions[0].forward_config.target_group_stickiness_config.enabled #=> Boolean
     #   resp.listeners[0].default_actions[0].forward_config.target_group_stickiness_config.duration_seconds #=> Integer
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.jwks_endpoint #=> String
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.issuer #=> String
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims #=> Array
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims[0].format #=> String, one of "single-string", "string-array", "space-separated-values"
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims[0].name #=> String
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims[0].values #=> Array
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims[0].values[0] #=> String
     #   resp.listeners[0].alpn_policy #=> Array
     #   resp.listeners[0].alpn_policy[0] #=> String
     #   resp.listeners[0].mutual_authentication.mode #=> String
@@ -2686,7 +2729,7 @@ module Aws::ElasticLoadBalancingV2
     end
 
     # Describes the specified rules or the rules for the specified listener.
-    # You must specify either a listener or one or more rules.
+    # You must specify either a listener or rules.
     #
     # @option params [String] :listener_arn
     #   The Amazon Resource Name (ARN) of the listener.
@@ -2785,7 +2828,7 @@ module Aws::ElasticLoadBalancingV2
     #   resp.rules[0].conditions[0].regex_values #=> Array
     #   resp.rules[0].conditions[0].regex_values[0] #=> String
     #   resp.rules[0].actions #=> Array
-    #   resp.rules[0].actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response"
+    #   resp.rules[0].actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response", "jwt-validation"
     #   resp.rules[0].actions[0].target_group_arn #=> String
     #   resp.rules[0].actions[0].authenticate_oidc_config.issuer #=> String
     #   resp.rules[0].actions[0].authenticate_oidc_config.authorization_endpoint #=> String
@@ -2824,6 +2867,13 @@ module Aws::ElasticLoadBalancingV2
     #   resp.rules[0].actions[0].forward_config.target_groups[0].weight #=> Integer
     #   resp.rules[0].actions[0].forward_config.target_group_stickiness_config.enabled #=> Boolean
     #   resp.rules[0].actions[0].forward_config.target_group_stickiness_config.duration_seconds #=> Integer
+    #   resp.rules[0].actions[0].jwt_validation_config.jwks_endpoint #=> String
+    #   resp.rules[0].actions[0].jwt_validation_config.issuer #=> String
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims #=> Array
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].format #=> String, one of "single-string", "string-array", "space-separated-values"
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].name #=> String
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].values #=> Array
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].values[0] #=> String
     #   resp.rules[0].is_default #=> Boolean
     #   resp.rules[0].transforms #=> Array
     #   resp.rules[0].transforms[0].type #=> String, one of "host-header-rewrite", "url-rewrite"
@@ -3887,7 +3937,7 @@ module Aws::ElasticLoadBalancingV2
     #     ],
     #     default_actions: [
     #       {
-    #         type: "forward", # required, accepts forward, authenticate-oidc, authenticate-cognito, redirect, fixed-response
+    #         type: "forward", # required, accepts forward, authenticate-oidc, authenticate-cognito, redirect, fixed-response, jwt-validation
     #         target_group_arn: "TargetGroupArn",
     #         authenticate_oidc_config: {
     #           issuer: "AuthenticateOidcActionIssuer", # required
@@ -3943,6 +3993,17 @@ module Aws::ElasticLoadBalancingV2
     #             duration_seconds: 1,
     #           },
     #         },
+    #         jwt_validation_config: {
+    #           jwks_endpoint: "JwtValidationActionJwksEndpoint", # required
+    #           issuer: "JwtValidationActionIssuer", # required
+    #           additional_claims: [
+    #             {
+    #               format: "single-string", # required, accepts single-string, string-array, space-separated-values
+    #               name: "JwtValidationActionAdditionalClaimName", # required
+    #               values: ["JwtValidationActionAdditionalClaimValue"], # required
+    #             },
+    #           ],
+    #         },
     #       },
     #     ],
     #     alpn_policy: ["AlpnPolicyValue"],
@@ -3967,7 +4028,7 @@ module Aws::ElasticLoadBalancingV2
     #   resp.listeners[0].certificates[0].is_default #=> Boolean
     #   resp.listeners[0].ssl_policy #=> String
     #   resp.listeners[0].default_actions #=> Array
-    #   resp.listeners[0].default_actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response"
+    #   resp.listeners[0].default_actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response", "jwt-validation"
     #   resp.listeners[0].default_actions[0].target_group_arn #=> String
     #   resp.listeners[0].default_actions[0].authenticate_oidc_config.issuer #=> String
     #   resp.listeners[0].default_actions[0].authenticate_oidc_config.authorization_endpoint #=> String
@@ -4006,6 +4067,13 @@ module Aws::ElasticLoadBalancingV2
     #   resp.listeners[0].default_actions[0].forward_config.target_groups[0].weight #=> Integer
     #   resp.listeners[0].default_actions[0].forward_config.target_group_stickiness_config.enabled #=> Boolean
     #   resp.listeners[0].default_actions[0].forward_config.target_group_stickiness_config.duration_seconds #=> Integer
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.jwks_endpoint #=> String
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.issuer #=> String
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims #=> Array
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims[0].format #=> String, one of "single-string", "string-array", "space-separated-values"
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims[0].name #=> String
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims[0].values #=> Array
+    #   resp.listeners[0].default_actions[0].jwt_validation_config.additional_claims[0].values[0] #=> String
     #   resp.listeners[0].alpn_policy #=> Array
     #   resp.listeners[0].alpn_policy[0] #=> String
     #   resp.listeners[0].mutual_authentication.mode #=> String
@@ -4348,7 +4416,7 @@ module Aws::ElasticLoadBalancingV2
     #     ],
     #     actions: [
     #       {
-    #         type: "forward", # required, accepts forward, authenticate-oidc, authenticate-cognito, redirect, fixed-response
+    #         type: "forward", # required, accepts forward, authenticate-oidc, authenticate-cognito, redirect, fixed-response, jwt-validation
     #         target_group_arn: "TargetGroupArn",
     #         authenticate_oidc_config: {
     #           issuer: "AuthenticateOidcActionIssuer", # required
@@ -4404,6 +4472,17 @@ module Aws::ElasticLoadBalancingV2
     #             duration_seconds: 1,
     #           },
     #         },
+    #         jwt_validation_config: {
+    #           jwks_endpoint: "JwtValidationActionJwksEndpoint", # required
+    #           issuer: "JwtValidationActionIssuer", # required
+    #           additional_claims: [
+    #             {
+    #               format: "single-string", # required, accepts single-string, string-array, space-separated-values
+    #               name: "JwtValidationActionAdditionalClaimName", # required
+    #               values: ["JwtValidationActionAdditionalClaimValue"], # required
+    #             },
+    #           ],
+    #         },
     #       },
     #     ],
     #     transforms: [
@@ -4462,7 +4541,7 @@ module Aws::ElasticLoadBalancingV2
     #   resp.rules[0].conditions[0].regex_values #=> Array
     #   resp.rules[0].conditions[0].regex_values[0] #=> String
     #   resp.rules[0].actions #=> Array
-    #   resp.rules[0].actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response"
+    #   resp.rules[0].actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response", "jwt-validation"
     #   resp.rules[0].actions[0].target_group_arn #=> String
     #   resp.rules[0].actions[0].authenticate_oidc_config.issuer #=> String
     #   resp.rules[0].actions[0].authenticate_oidc_config.authorization_endpoint #=> String
@@ -4501,6 +4580,13 @@ module Aws::ElasticLoadBalancingV2
     #   resp.rules[0].actions[0].forward_config.target_groups[0].weight #=> Integer
     #   resp.rules[0].actions[0].forward_config.target_group_stickiness_config.enabled #=> Boolean
     #   resp.rules[0].actions[0].forward_config.target_group_stickiness_config.duration_seconds #=> Integer
+    #   resp.rules[0].actions[0].jwt_validation_config.jwks_endpoint #=> String
+    #   resp.rules[0].actions[0].jwt_validation_config.issuer #=> String
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims #=> Array
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].format #=> String, one of "single-string", "string-array", "space-separated-values"
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].name #=> String
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].values #=> Array
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].values[0] #=> String
     #   resp.rules[0].is_default #=> Boolean
     #   resp.rules[0].transforms #=> Array
     #   resp.rules[0].transforms[0].type #=> String, one of "host-header-rewrite", "url-rewrite"
@@ -5130,7 +5216,7 @@ module Aws::ElasticLoadBalancingV2
     #   resp.rules[0].conditions[0].regex_values #=> Array
     #   resp.rules[0].conditions[0].regex_values[0] #=> String
     #   resp.rules[0].actions #=> Array
-    #   resp.rules[0].actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response"
+    #   resp.rules[0].actions[0].type #=> String, one of "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response", "jwt-validation"
     #   resp.rules[0].actions[0].target_group_arn #=> String
     #   resp.rules[0].actions[0].authenticate_oidc_config.issuer #=> String
     #   resp.rules[0].actions[0].authenticate_oidc_config.authorization_endpoint #=> String
@@ -5169,6 +5255,13 @@ module Aws::ElasticLoadBalancingV2
     #   resp.rules[0].actions[0].forward_config.target_groups[0].weight #=> Integer
     #   resp.rules[0].actions[0].forward_config.target_group_stickiness_config.enabled #=> Boolean
     #   resp.rules[0].actions[0].forward_config.target_group_stickiness_config.duration_seconds #=> Integer
+    #   resp.rules[0].actions[0].jwt_validation_config.jwks_endpoint #=> String
+    #   resp.rules[0].actions[0].jwt_validation_config.issuer #=> String
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims #=> Array
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].format #=> String, one of "single-string", "string-array", "space-separated-values"
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].name #=> String
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].values #=> Array
+    #   resp.rules[0].actions[0].jwt_validation_config.additional_claims[0].values[0] #=> String
     #   resp.rules[0].is_default #=> Boolean
     #   resp.rules[0].transforms #=> Array
     #   resp.rules[0].transforms[0].type #=> String, one of "host-header-rewrite", "url-rewrite"
@@ -5207,7 +5300,8 @@ module Aws::ElasticLoadBalancingV2
     # @option params [String] :enforce_security_group_inbound_rules_on_private_link_traffic
     #   Indicates whether to evaluate inbound security group rules for traffic
     #   sent to a Network Load Balancer through Amazon Web Services
-    #   PrivateLink. The default is `on`.
+    #   PrivateLink. Applies only if the load balancer has an associated
+    #   security group. The default is `on`.
     #
     # @return [Types::SetSecurityGroupsOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -5421,7 +5515,7 @@ module Aws::ElasticLoadBalancingV2
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-elasticloadbalancingv2'
-      context[:gem_version] = '1.141.0'
+      context[:gem_version] = '1.142.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-elasticloadbalancingv2/client_api.rb

@@ -195,6 +195,15 @@ module Aws::ElasticLoadBalancingV2
     IpamPoolId = Shapes::StringShape.new(name: 'IpamPoolId')
     IpamPools = Shapes::StructureShape.new(name: 'IpamPools')
     IsDefault = Shapes::BooleanShape.new(name: 'IsDefault')
+    JwtValidationActionAdditionalClaim = Shapes::StructureShape.new(name: 'JwtValidationActionAdditionalClaim')
+    JwtValidationActionAdditionalClaimFormatEnum = Shapes::StringShape.new(name: 'JwtValidationActionAdditionalClaimFormatEnum')
+    JwtValidationActionAdditionalClaimName = Shapes::StringShape.new(name: 'JwtValidationActionAdditionalClaimName')
+    JwtValidationActionAdditionalClaimValue = Shapes::StringShape.new(name: 'JwtValidationActionAdditionalClaimValue')
+    JwtValidationActionAdditionalClaimValues = Shapes::ListShape.new(name: 'JwtValidationActionAdditionalClaimValues')
+    JwtValidationActionAdditionalClaims = Shapes::ListShape.new(name: 'JwtValidationActionAdditionalClaims')
+    JwtValidationActionConfig = Shapes::StructureShape.new(name: 'JwtValidationActionConfig')
+    JwtValidationActionIssuer = Shapes::StringShape.new(name: 'JwtValidationActionIssuer')
+    JwtValidationActionJwksEndpoint = Shapes::StringShape.new(name: 'JwtValidationActionJwksEndpoint')
     LastModifiedTime = Shapes::TimestampShape.new(name: 'LastModifiedTime')
     Limit = Shapes::StructureShape.new(name: 'Limit')
     Limits = Shapes::ListShape.new(name: 'Limits')
@@ -430,6 +439,7 @@ module Aws::ElasticLoadBalancingV2
     Action.add_member(:redirect_config, Shapes::ShapeRef.new(shape: RedirectActionConfig, location_name: "RedirectConfig"))
     Action.add_member(:fixed_response_config, Shapes::ShapeRef.new(shape: FixedResponseActionConfig, location_name: "FixedResponseConfig"))
     Action.add_member(:forward_config, Shapes::ShapeRef.new(shape: ForwardActionConfig, location_name: "ForwardConfig"))
+    Action.add_member(:jwt_validation_config, Shapes::ShapeRef.new(shape: JwtValidationActionConfig, location_name: "JwtValidationConfig"))
     Action.struct_class = Types::Action
 
     Actions.member = Shapes::ShapeRef.new(shape: Action)
@@ -870,6 +880,20 @@ module Aws::ElasticLoadBalancingV2
     IpamPools.add_member(:ipv_4_ipam_pool_id, Shapes::ShapeRef.new(shape: IpamPoolId, location_name: "Ipv4IpamPoolId"))
     IpamPools.struct_class = Types::IpamPools
 
+    JwtValidationActionAdditionalClaim.add_member(:format, Shapes::ShapeRef.new(shape: JwtValidationActionAdditionalClaimFormatEnum, required: true, location_name: "Format"))
+    JwtValidationActionAdditionalClaim.add_member(:name, Shapes::ShapeRef.new(shape: JwtValidationActionAdditionalClaimName, required: true, location_name: "Name"))
+    JwtValidationActionAdditionalClaim.add_member(:values, Shapes::ShapeRef.new(shape: JwtValidationActionAdditionalClaimValues, required: true, location_name: "Values"))
+    JwtValidationActionAdditionalClaim.struct_class = Types::JwtValidationActionAdditionalClaim
+
+    JwtValidationActionAdditionalClaimValues.member = Shapes::ShapeRef.new(shape: JwtValidationActionAdditionalClaimValue)
+
+    JwtValidationActionAdditionalClaims.member = Shapes::ShapeRef.new(shape: JwtValidationActionAdditionalClaim)
+
+    JwtValidationActionConfig.add_member(:jwks_endpoint, Shapes::ShapeRef.new(shape: JwtValidationActionJwksEndpoint, required: true, location_name: "JwksEndpoint"))
+    JwtValidationActionConfig.add_member(:issuer, Shapes::ShapeRef.new(shape: JwtValidationActionIssuer, required: true, location_name: "Issuer"))
+    JwtValidationActionConfig.add_member(:additional_claims, Shapes::ShapeRef.new(shape: JwtValidationActionAdditionalClaims, location_name: "AdditionalClaims"))
+    JwtValidationActionConfig.struct_class = Types::JwtValidationActionConfig
+
     Limit.add_member(:name, Shapes::ShapeRef.new(shape: Name, location_name: "Name"))
     Limit.add_member(:max, Shapes::ShapeRef.new(shape: Max, location_name: "Max"))
     Limit.struct_class = Types::Limit

data/lib/aws-sdk-elasticloadbalancingv2/types.rb

@@ -18,10 +18,14 @@ module Aws::ElasticLoadBalancingV2
 
     # Information about an action.
     #
-    # Each rule must include exactly one of the following types of actions:
+    # Each rule must include exactly one of the following routing actions:
     # `forward`, `fixed-response`, or `redirect`, and it must be the last
     # action to be performed.
     #
+    # Optionally, a rule for an HTTPS listener can also include one of the
+    # following user authentication actions: `authenticate-oidc`,
+    # `authenticate-cognito`, or `jwt-validation`.
+    #
     # @!attribute [rw] type
     #   The type of action.
     #   @return [String]
@@ -29,8 +33,8 @@ module Aws::ElasticLoadBalancingV2
     # @!attribute [rw] target_group_arn
     #   The Amazon Resource Name (ARN) of the target group. Specify only
     #   when `Type` is `forward` and you want to route to a single target
-    #   group. To route to one or more target groups, use `ForwardConfig`
-    #   instead.
+    #   group. To route to multiple target groups, you must use
+    #   `ForwardConfig` instead.
     #   @return [String]
     #
     # @!attribute [rw] authenticate_oidc_config
@@ -64,13 +68,18 @@ module Aws::ElasticLoadBalancingV2
     #
     # @!attribute [rw] forward_config
     #   Information for creating an action that distributes requests among
-    #   one or more target groups. For Network Load Balancers, you can
-    #   specify a single target group. Specify only when `Type` is
-    #   `forward`. If you specify both `ForwardConfig` and `TargetGroupArn`,
-    #   you can specify only one target group using `ForwardConfig` and it
-    #   must be the same target group specified in `TargetGroupArn`.
+    #   multiple target groups. Specify only when `Type` is `forward`.
+    #
+    #   If you specify both `ForwardConfig` and `TargetGroupArn`, you can
+    #   specify only one target group using `ForwardConfig` and it must be
+    #   the same target group specified in `TargetGroupArn`.
     #   @return [Types::ForwardActionConfig]
     #
+    # @!attribute [rw] jwt_validation_config
+    #   \[HTTPS listeners\] Information for validating JWT access tokens in
+    #   client requests. Specify only when `Type` is `jwt-validation`.
+    #   @return [Types::JwtValidationActionConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/Action AWS API Documentation
     #
     class Action < Struct.new(
@@ -81,7 +90,8 @@ module Aws::ElasticLoadBalancingV2
       :order,
       :redirect_config,
       :fixed_response_config,
-      :forward_config)
+      :forward_config,
+      :jwt_validation_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1878,8 +1888,7 @@ module Aws::ElasticLoadBalancingV2
     # Information about a forward action.
     #
     # @!attribute [rw] target_groups
-    #   The target groups. For Network Load Balancers, you can specify a
-    #   single target group.
+    #   The target groups.
     #   @return [Array<Types::TargetGroupTuple>]
     #
     # @!attribute [rw] target_group_stickiness_config
@@ -2181,6 +2190,63 @@ module Aws::ElasticLoadBalancingV2
       include Aws::Structure
     end
 
+    # Information about an additional claim to validate.
+    #
+    # @!attribute [rw] format
+    #   The format of the claim value.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the claim. You can't specify `exp`, `iss`, `nbf`, or
+    #   `iat` because we validate them by default.
+    #   @return [String]
+    #
+    # @!attribute [rw] values
+    #   The claim value. The maximum size of the list is 10. Each value can
+    #   be up to 256 characters in length. If the format is
+    #   `space-separated-values`, the values can't include spaces.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/JwtValidationActionAdditionalClaim AWS API Documentation
+    #
+    class JwtValidationActionAdditionalClaim < Struct.new(
+      :format,
+      :name,
+      :values)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Information about a JSON Web Token (JWT) validation action.
+    #
+    # @!attribute [rw] jwks_endpoint
+    #   The JSON Web Key Set (JWKS) endpoint. This endpoint contains JSON
+    #   Web Keys (JWK) that are used to validate signatures from the
+    #   provider.
+    #
+    #   This must be a full URL, including the HTTPS protocol, the domain,
+    #   and the path. The maximum length is 256 characters.
+    #   @return [String]
+    #
+    # @!attribute [rw] issuer
+    #   The issuer of the JWT. The maximum length is 256 characters.
+    #   @return [String]
+    #
+    # @!attribute [rw] additional_claims
+    #   Additional claims to validate. The maximum size of the list is 10.
+    #   We validate the `exp`, `iss`, `nbf`, and `iat` claims by default.
+    #   @return [Array<Types::JwtValidationActionAdditionalClaim>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/JwtValidationActionConfig AWS API Documentation
+    #
+    class JwtValidationActionConfig < Struct.new(
+      :jwks_endpoint,
+      :issuer,
+      :additional_claims)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Information about an Elastic Load Balancing resource limit for your
     # Amazon Web Services account.
     #
@@ -3887,7 +3953,8 @@ module Aws::ElasticLoadBalancingV2
     # @!attribute [rw] enforce_security_group_inbound_rules_on_private_link_traffic
     #   Indicates whether to evaluate inbound security group rules for
     #   traffic sent to a Network Load Balancer through Amazon Web Services
-    #   PrivateLink. The default is `on`.
+    #   PrivateLink. Applies only if the load balancer has an associated
+    #   security group. The default is `on`.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/SetSecurityGroupsInput AWS API Documentation
@@ -4542,10 +4609,10 @@ module Aws::ElasticLoadBalancingV2
     #   @return [Boolean]
     #
     # @!attribute [rw] duration_seconds
-    #   The time period, in seconds, during which requests from a client
-    #   should be routed to the same target group. The range is 1-604800
-    #   seconds (7 days). You must specify this value when enabling target
-    #   group stickiness.
+    #   \[Application Load Balancers\] The time period, in seconds, during
+    #   which requests from a client should be routed to the same target
+    #   group. The range is 1-604800 seconds (7 days). You must specify this
+    #   value when enabling target group stickiness.
     #   @return [Integer]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/TargetGroupStickinessConfig AWS API Documentation
@@ -4602,18 +4669,16 @@ module Aws::ElasticLoadBalancingV2
     #   the following values:
     #
     #   * `Target.ResponseCodeMismatch` - The health checks did not return
-    #     an expected HTTP code. Applies only to Application Load Balancers
-    #     and Gateway Load Balancers.
+    #     an expected HTTP code.
     #
-    #   * `Target.Timeout` - The health check requests timed out. Applies
-    #     only to Application Load Balancers and Gateway Load Balancers.
+    #   * `Target.Timeout` - The health check requests timed out.
     #
     #   * `Target.FailedHealthChecks` - The load balancer received an error
     #     while establishing a connection to the target or the target
     #     response was malformed.
     #
     #   * `Elb.InternalError` - The health checks failed due to an internal
-    #     error. Applies only to Application Load Balancers.
+    #     error.
     #
     #   If the target state is `unused`, the reason code can be one of the
     #   following values:
@@ -4644,10 +4709,10 @@ module Aws::ElasticLoadBalancingV2
     #   following value:
     #
     #   * `Target.HealthCheckDisabled` - Health checks are disabled for the
-    #     target group. Applies only to Application Load Balancers.
+    #     target group.
     #
     #   * `Elb.InternalError` - Target health is unavailable due to an
-    #     internal error. Applies only to Network Load Balancers.
+    #     internal error.
     #   @return [String]
     #
     # @!attribute [rw] description

data/lib/aws-sdk-elasticloadbalancingv2.rb

@@ -55,7 +55,7 @@ module Aws::ElasticLoadBalancingV2
   autoload :EndpointProvider, 'aws-sdk-elasticloadbalancingv2/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-elasticloadbalancingv2/endpoints'
 
-  GEM_VERSION = '1.141.0'
+  GEM_VERSION = '1.142.0'
 
 end
 

data/sig/client.rbs

@@ -145,7 +145,7 @@ module Aws
                              ],
                              default_actions: Array[
                                {
-                                 type: ("forward" | "authenticate-oidc" | "authenticate-cognito" | "redirect" | "fixed-response"),
+                                 type: ("forward" | "authenticate-oidc" | "authenticate-cognito" | "redirect" | "fixed-response" | "jwt-validation"),
                                  target_group_arn: ::String?,
                                  authenticate_oidc_config: {
                                    issuer: ::String,
@@ -196,6 +196,17 @@ module Aws
                                      enabled: bool?,
                                      duration_seconds: ::Integer?
                                    }?
+                                 }?,
+                                 jwt_validation_config: {
+                                   jwks_endpoint: ::String,
+                                   issuer: ::String,
+                                   additional_claims: Array[
+                                     {
+                                       format: ("single-string" | "string-array" | "space-separated-values"),
+                                       name: ::String,
+                                       values: Array[::String]
+                                     },
+                                   ]?
                                  }?
                                },
                              ],
@@ -295,7 +306,7 @@ module Aws
                          priority: ::Integer,
                          actions: Array[
                            {
-                             type: ("forward" | "authenticate-oidc" | "authenticate-cognito" | "redirect" | "fixed-response"),
+                             type: ("forward" | "authenticate-oidc" | "authenticate-cognito" | "redirect" | "fixed-response" | "jwt-validation"),
                              target_group_arn: ::String?,
                              authenticate_oidc_config: {
                                issuer: ::String,
@@ -346,6 +357,17 @@ module Aws
                                  enabled: bool?,
                                  duration_seconds: ::Integer?
                                }?
+                             }?,
+                             jwt_validation_config: {
+                               jwks_endpoint: ::String,
+                               issuer: ::String,
+                               additional_claims: Array[
+                                 {
+                                   format: ("single-string" | "string-array" | "space-separated-values"),
+                                   name: ::String,
+                                   values: Array[::String]
+                                 },
+                               ]?
                              }?
                            },
                          ],
@@ -791,7 +813,7 @@ module Aws
                              ],
                              ?default_actions: Array[
                                {
-                                 type: ("forward" | "authenticate-oidc" | "authenticate-cognito" | "redirect" | "fixed-response"),
+                                 type: ("forward" | "authenticate-oidc" | "authenticate-cognito" | "redirect" | "fixed-response" | "jwt-validation"),
                                  target_group_arn: ::String?,
                                  authenticate_oidc_config: {
                                    issuer: ::String,
@@ -842,6 +864,17 @@ module Aws
                                      enabled: bool?,
                                      duration_seconds: ::Integer?
                                    }?
+                                 }?,
+                                 jwt_validation_config: {
+                                   jwks_endpoint: ::String,
+                                   issuer: ::String,
+                                   additional_claims: Array[
+                                     {
+                                       format: ("single-string" | "string-array" | "space-separated-values"),
+                                       name: ::String,
+                                       values: Array[::String]
+                                     },
+                                   ]?
                                  }?
                                },
                              ],
@@ -931,7 +964,7 @@ module Aws
                          ],
                          ?actions: Array[
                            {
-                             type: ("forward" | "authenticate-oidc" | "authenticate-cognito" | "redirect" | "fixed-response"),
+                             type: ("forward" | "authenticate-oidc" | "authenticate-cognito" | "redirect" | "fixed-response" | "jwt-validation"),
                              target_group_arn: ::String?,
                              authenticate_oidc_config: {
                                issuer: ::String,
@@ -982,6 +1015,17 @@ module Aws
                                  enabled: bool?,
                                  duration_seconds: ::Integer?
                                }?
+                             }?,
+                             jwt_validation_config: {
+                               jwks_endpoint: ::String,
+                               issuer: ::String,
+                               additional_claims: Array[
+                                 {
+                                   format: ("single-string" | "string-array" | "space-separated-values"),
+                                   name: ::String,
+                                   values: Array[::String]
+                                 },
+                               ]?
                              }?
                            },
                          ],

data/sig/types.rbs

@@ -12,7 +12,7 @@ module Aws::ElasticLoadBalancingV2
     end
 
     class Action
-      attr_accessor type: ("forward" | "authenticate-oidc" | "authenticate-cognito" | "redirect" | "fixed-response")
+      attr_accessor type: ("forward" | "authenticate-oidc" | "authenticate-cognito" | "redirect" | "fixed-response" | "jwt-validation")
       attr_accessor target_group_arn: ::String
       attr_accessor authenticate_oidc_config: Types::AuthenticateOidcActionConfig
       attr_accessor authenticate_cognito_config: Types::AuthenticateCognitoActionConfig
@@ -20,6 +20,7 @@ module Aws::ElasticLoadBalancingV2
       attr_accessor redirect_config: Types::RedirectActionConfig
       attr_accessor fixed_response_config: Types::FixedResponseActionConfig
       attr_accessor forward_config: Types::ForwardActionConfig
+      attr_accessor jwt_validation_config: Types::JwtValidationActionConfig
       SENSITIVE: []
     end
 
@@ -627,6 +628,20 @@ module Aws::ElasticLoadBalancingV2
       SENSITIVE: []
     end
 
+    class JwtValidationActionAdditionalClaim
+      attr_accessor format: ("single-string" | "string-array" | "space-separated-values")
+      attr_accessor name: ::String
+      attr_accessor values: ::Array[::String]
+      SENSITIVE: []
+    end
+
+    class JwtValidationActionConfig
+      attr_accessor jwks_endpoint: ::String
+      attr_accessor issuer: ::String
+      attr_accessor additional_claims: ::Array[Types::JwtValidationActionAdditionalClaim]
+      SENSITIVE: []
+    end
+
     class Limit
       attr_accessor name: ::String
       attr_accessor max: ::String

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-elasticloadbalancingv2
 version: !ruby/object:Gem::Version
-  version: 1.141.0
+  version: 1.142.0
 platform: ruby
 authors:
 - Amazon Web Services