aws-sdk-iam 1.115.0 → 1.116.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fba2a138c819bcfdf668c6ea67c01e609325a91b3d25a5343d77cffbe5d21c7c
-  data.tar.gz: 559fd859da110e00823a4952db6934a86683f2d61ba83c2282e132a839e2bcd9
+  metadata.gz: e1bda553c4d7c8c92f0afa82ed604e211f83e8ba33e01a5cdae5ef22654d0e54
+  data.tar.gz: ba256563bea3926a818a21734db8054dc2873ac58729ed254b805e8ad8d62498
 SHA512:
-  metadata.gz: '023814f1895b52888402ff1dd2b8f182f839cb20310efde8097d80ba013e47973e3b0e74f5091c0cdd0554b0845a645b34d5fce8b6eb9761dec5b50520971e42'
-  data.tar.gz: 01bf17ce824a16f90902603207ec2f39d8fc32d84a5068c88502f8cf0872c003aeb6880ea17f0ca7dc3c47391f6d103d11f6db6779aa22dd8028c99e624e1b2c
+  metadata.gz: 03c82968dd555fce32979c3699e08624d5db77bd4cc75a1bd9b8059cfdf6c453a7c35d4985cd2129e15c80a3522da4a8b7e0bcd7a4f0beff6930fffddb445b99
+  data.tar.gz: 9f0a9e74dccf48df8f8c05bab331d40733e7acf0a729ce42bc9012146d38267e8235c431722ce1b16f8b3e781b23e36a23cc20624ff8ebc6f140a61d83b7648b

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.116.0 (2025-02-04)
+------------------
+
+* Feature - This release adds support for accepting encrypted SAML assertions. Customers can now configure their identity provider to encrypt the SAML assertions it sends to IAM.
+
 1.115.0 (2025-01-15)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.115.0
+1.116.0

data/lib/aws-sdk-iam/client.rb

@@ -529,17 +529,27 @@ module Aws::IAM
     #
     #  </note>
     #
-    # For more information about roles, see [IAM roles][4] in the *IAM User
+    # When using the [iam:AssociatedResourceArn][4] condition in a policy to
+    # restrict the [PassRole][5] IAM action, special considerations apply if
+    # the policy is intended to define access for the
+    # `AddRoleToInstanceProfile` action. In this case, you cannot specify a
+    # Region or instance ID in the EC2 instance ARN. The ARN value must be
+    # `arn:aws:ec2:*:CallerAccountId:instance/*`. Using any other ARN value
+    # may lead to unexpected evaluation results.
+    #
+    # For more information about roles, see [IAM roles][6] in the *IAM User
     # Guide*. For more information about instance profiles, see [Using
-    # instance profiles][5] in the *IAM User Guide*.
+    # instance profiles][7] in the *IAM User Guide*.
     #
     #
     #
     # [1]: https://en.wikipedia.org/wiki/Eventual_consistency
     # [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html
     # [3]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html
-    # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
-    # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
+    # [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#available-keys-for-iam
+    # [5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html
+    # [6]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html
+    # [7]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html
     #
     # @option params [required, String] :instance_profile_name
     #   The name of the instance profile to update.
@@ -2102,6 +2112,14 @@ module Aws::IAM
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
     #
+    # @option params [String] :assertion_encryption_mode
+    #   Specifies the encryption setting for the SAML provider.
+    #
+    # @option params [String] :add_private_key
+    #   The private key generated from your external identity provider. The
+    #   private key must be a .pem file that uses AES-GCM or AES-CBC
+    #   encryption algorithm to decrypt SAML assertions.
+    #
     # @return [Types::CreateSAMLProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateSAMLProviderResponse#saml_provider_arn #saml_provider_arn} => String
@@ -2118,6 +2136,8 @@ module Aws::IAM
     #         value: "tagValueType", # required
     #       },
     #     ],
+    #     assertion_encryption_mode: "Required", # accepts Required, Allowed
+    #     add_private_key: "privateKeyType",
     #   })
     #
     # @example Response structure
@@ -3907,7 +3927,7 @@ module Aws::IAM
 
     # Disables the management of privileged root user credentials across
     # member accounts in your organization. When you disable this feature,
-    # the management account and the delegated admininstrator for IAM can no
+    # the management account and the delegated administrator for IAM can no
     # longer manage root user credentials for member accounts in your
     # organization.
     #
@@ -3950,7 +3970,7 @@ module Aws::IAM
 
     # Disables root user sessions for privileged tasks across member
     # accounts in your organization. When you disable this feature, the
-    # management account and the delegated admininstrator for IAM can no
+    # management account and the delegated administrator for IAM can no
     # longer perform privileged tasks on member accounts in your
     # organization.
     #
@@ -4074,7 +4094,7 @@ module Aws::IAM
     # Enables the management of privileged root user credentials across
     # member accounts in your organization. When you enable root credentials
     # management for [centralized root access][1], the management account
-    # and the delegated admininstrator for IAM can manage root user
+    # and the delegated administrator for IAM can manage root user
     # credentials for member accounts in your organization.
     #
     # Before you enable centralized root access, you must have an account
@@ -4091,7 +4111,7 @@ module Aws::IAM
     #
     # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html#id_root-user-access-management
     # [2]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html
-    # [3]: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-ra.html
+    # [3]: https://docs.aws.amazon.com/organizations/latest/userguide/services-that-can-integrate-iam.html
     #
     # @return [Types::EnableOrganizationsRootCredentialsManagementResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -5967,10 +5987,13 @@ module Aws::IAM
     #
     # @return [Types::GetSAMLProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
+    #   * {Types::GetSAMLProviderResponse#saml_provider_uuid #saml_provider_uuid} => String
     #   * {Types::GetSAMLProviderResponse#saml_metadata_document #saml_metadata_document} => String
     #   * {Types::GetSAMLProviderResponse#create_date #create_date} => Time
     #   * {Types::GetSAMLProviderResponse#valid_until #valid_until} => Time
     #   * {Types::GetSAMLProviderResponse#tags #tags} => Array&lt;Types::Tag&gt;
+    #   * {Types::GetSAMLProviderResponse#assertion_encryption_mode #assertion_encryption_mode} => String
+    #   * {Types::GetSAMLProviderResponse#private_key_list #private_key_list} => Array&lt;Types::SAMLPrivateKey&gt;
     #
     # @example Request syntax with placeholder values
     #
@@ -5980,12 +6003,17 @@ module Aws::IAM
     #
     # @example Response structure
     #
+    #   resp.saml_provider_uuid #=> String
     #   resp.saml_metadata_document #=> String
     #   resp.create_date #=> Time
     #   resp.valid_until #=> Time
     #   resp.tags #=> Array
     #   resp.tags[0].key #=> String
     #   resp.tags[0].value #=> String
+    #   resp.assertion_encryption_mode #=> String, one of "Required", "Allowed"
+    #   resp.private_key_list #=> Array
+    #   resp.private_key_list[0].key_id #=> String
+    #   resp.private_key_list[0].timestamp #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSAMLProvider AWS API Documentation
     #
@@ -6748,12 +6776,12 @@ module Aws::IAM
     # Lists the account alias associated with the Amazon Web Services
     # account (Note: you can have only one). For information about using an
     # Amazon Web Services account alias, see [Creating, deleting, and
-    # listing an Amazon Web Services account alias][1] in the *Amazon Web
-    # Services Sign-In User Guide*.
+    # listing an Amazon Web Services account alias][1] in the *IAM User
+    # Guide*.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/signin/latest/userguide/CreateAccountAlias.html
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html#CreateAccountAlias
     #
     # @option params [String] :marker
     #   Use this parameter only when paginating results and only after you
@@ -13000,24 +13028,17 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Updates the metadata document for an existing SAML provider resource
-    # object.
-    #
-    # <note markdown="1"> This operation requires [Signature Version 4][1].
-    #
-    #  </note>
-    #
+    # Updates the metadata document, SAML encryption settings, and private
+    # keys for an existing SAML provider. To rotate private keys, add your
+    # new private key and then remove the old key in a separate request.
     #
-    #
-    # [1]: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
-    #
-    # @option params [required, String] :saml_metadata_document
+    # @option params [String] :saml_metadata_document
     #   An XML document generated by an identity provider (IdP) that supports
     #   SAML 2.0. The document includes the issuer's name, expiration
     #   information, and keys that can be used to validate the SAML
     #   authentication response (assertions) that are received from the IdP.
     #   You must generate the metadata document using the identity management
-    #   software that is used as your organization's IdP.
+    #   software that is used as your IdP.
     #
     # @option params [required, String] :saml_provider_arn
     #   The Amazon Resource Name (ARN) of the SAML provider to update.
@@ -13029,6 +13050,17 @@ module Aws::IAM
     #
     #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
     #
+    # @option params [String] :assertion_encryption_mode
+    #   Specifies the encryption setting for the SAML provider.
+    #
+    # @option params [String] :add_private_key
+    #   Specifies the new private key from your external identity provider.
+    #   The private key must be a .pem file that uses AES-GCM or AES-CBC
+    #   encryption algorithm to decrypt SAML assertions.
+    #
+    # @option params [String] :remove_private_key
+    #   The Key ID of the private key to remove.
+    #
     # @return [Types::UpdateSAMLProviderResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateSAMLProviderResponse#saml_provider_arn #saml_provider_arn} => String
@@ -13036,8 +13068,11 @@ module Aws::IAM
     # @example Request syntax with placeholder values
     #
     #   resp = client.update_saml_provider({
-    #     saml_metadata_document: "SAMLMetadataDocumentType", # required
+    #     saml_metadata_document: "SAMLMetadataDocumentType",
     #     saml_provider_arn: "arnType", # required
+    #     assertion_encryption_mode: "Required", # accepts Required, Allowed
+    #     add_private_key: "privateKeyType",
+    #     remove_private_key: "privateKeyIdType",
     #   })
     #
     # @example Response structure
@@ -13835,7 +13870,7 @@ module Aws::IAM
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.115.0'
+      context[:gem_version] = '1.116.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-iam/client_api.rb

@@ -332,6 +332,7 @@ module Aws::IAM
     RoleUsageListType = Shapes::ListShape.new(name: 'RoleUsageListType')
     RoleUsageType = Shapes::StructureShape.new(name: 'RoleUsageType')
     SAMLMetadataDocumentType = Shapes::StringShape.new(name: 'SAMLMetadataDocumentType')
+    SAMLPrivateKey = Shapes::StructureShape.new(name: 'SAMLPrivateKey')
     SAMLProviderListEntry = Shapes::StructureShape.new(name: 'SAMLProviderListEntry')
     SAMLProviderListType = Shapes::ListShape.new(name: 'SAMLProviderListType')
     SAMLProviderNameType = Shapes::StringShape.new(name: 'SAMLProviderNameType')
@@ -410,6 +411,7 @@ module Aws::IAM
     accountAliasListType = Shapes::ListShape.new(name: 'accountAliasListType')
     accountAliasType = Shapes::StringShape.new(name: 'accountAliasType')
     arnType = Shapes::StringShape.new(name: 'arnType')
+    assertionEncryptionModeType = Shapes::StringShape.new(name: 'assertionEncryptionModeType')
     assignmentStatusType = Shapes::StringShape.new(name: 'assignmentStatusType')
     attachedPoliciesListType = Shapes::ListShape.new(name: 'attachedPoliciesListType')
     attachmentCountType = Shapes::IntegerShape.new(name: 'attachmentCountType')
@@ -487,6 +489,8 @@ module Aws::IAM
     policyScopeType = Shapes::StringShape.new(name: 'policyScopeType')
     policyType = Shapes::StringShape.new(name: 'policyType')
     policyVersionIdType = Shapes::StringShape.new(name: 'policyVersionIdType')
+    privateKeyIdType = Shapes::StringShape.new(name: 'privateKeyIdType')
+    privateKeyList = Shapes::ListShape.new(name: 'privateKeyList')
     privateKeyType = Shapes::StringShape.new(name: 'privateKeyType')
     publicKeyFingerprintType = Shapes::StringShape.new(name: 'publicKeyFingerprintType')
     publicKeyIdType = Shapes::StringShape.new(name: 'publicKeyIdType')
@@ -694,6 +698,8 @@ module Aws::IAM
     CreateSAMLProviderRequest.add_member(:saml_metadata_document, Shapes::ShapeRef.new(shape: SAMLMetadataDocumentType, required: true, location_name: "SAMLMetadataDocument"))
     CreateSAMLProviderRequest.add_member(:name, Shapes::ShapeRef.new(shape: SAMLProviderNameType, required: true, location_name: "Name"))
     CreateSAMLProviderRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
+    CreateSAMLProviderRequest.add_member(:assertion_encryption_mode, Shapes::ShapeRef.new(shape: assertionEncryptionModeType, location_name: "AssertionEncryptionMode"))
+    CreateSAMLProviderRequest.add_member(:add_private_key, Shapes::ShapeRef.new(shape: privateKeyType, location_name: "AddPrivateKey"))
     CreateSAMLProviderRequest.struct_class = Types::CreateSAMLProviderRequest
 
     CreateSAMLProviderResponse.add_member(:saml_provider_arn, Shapes::ShapeRef.new(shape: arnType, location_name: "SAMLProviderArn"))
@@ -1075,10 +1081,13 @@ module Aws::IAM
     GetSAMLProviderRequest.add_member(:saml_provider_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "SAMLProviderArn"))
     GetSAMLProviderRequest.struct_class = Types::GetSAMLProviderRequest
 
+    GetSAMLProviderResponse.add_member(:saml_provider_uuid, Shapes::ShapeRef.new(shape: privateKeyIdType, location_name: "SAMLProviderUUID"))
     GetSAMLProviderResponse.add_member(:saml_metadata_document, Shapes::ShapeRef.new(shape: SAMLMetadataDocumentType, location_name: "SAMLMetadataDocument"))
     GetSAMLProviderResponse.add_member(:create_date, Shapes::ShapeRef.new(shape: dateType, location_name: "CreateDate"))
     GetSAMLProviderResponse.add_member(:valid_until, Shapes::ShapeRef.new(shape: dateType, location_name: "ValidUntil"))
     GetSAMLProviderResponse.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
+    GetSAMLProviderResponse.add_member(:assertion_encryption_mode, Shapes::ShapeRef.new(shape: assertionEncryptionModeType, location_name: "AssertionEncryptionMode"))
+    GetSAMLProviderResponse.add_member(:private_key_list, Shapes::ShapeRef.new(shape: privateKeyList, location_name: "PrivateKeyList"))
     GetSAMLProviderResponse.struct_class = Types::GetSAMLProviderResponse
 
     GetSSHPublicKeyRequest.add_member(:user_name, Shapes::ShapeRef.new(shape: userNameType, required: true, location_name: "UserName"))
@@ -1767,6 +1776,10 @@ module Aws::IAM
     RoleUsageType.add_member(:resources, Shapes::ShapeRef.new(shape: ArnListType, location_name: "Resources"))
     RoleUsageType.struct_class = Types::RoleUsageType
 
+    SAMLPrivateKey.add_member(:key_id, Shapes::ShapeRef.new(shape: privateKeyIdType, location_name: "KeyId"))
+    SAMLPrivateKey.add_member(:timestamp, Shapes::ShapeRef.new(shape: dateType, location_name: "Timestamp"))
+    SAMLPrivateKey.struct_class = Types::SAMLPrivateKey
+
     SAMLProviderListEntry.add_member(:arn, Shapes::ShapeRef.new(shape: arnType, location_name: "Arn"))
     SAMLProviderListEntry.add_member(:valid_until, Shapes::ShapeRef.new(shape: dateType, location_name: "ValidUntil"))
     SAMLProviderListEntry.add_member(:create_date, Shapes::ShapeRef.new(shape: dateType, location_name: "CreateDate"))
@@ -2028,8 +2041,11 @@ module Aws::IAM
 
     UpdateRoleResponse.struct_class = Types::UpdateRoleResponse
 
-    UpdateSAMLProviderRequest.add_member(:saml_metadata_document, Shapes::ShapeRef.new(shape: SAMLMetadataDocumentType, required: true, location_name: "SAMLMetadataDocument"))
+    UpdateSAMLProviderRequest.add_member(:saml_metadata_document, Shapes::ShapeRef.new(shape: SAMLMetadataDocumentType, location_name: "SAMLMetadataDocument"))
     UpdateSAMLProviderRequest.add_member(:saml_provider_arn, Shapes::ShapeRef.new(shape: arnType, required: true, location_name: "SAMLProviderArn"))
+    UpdateSAMLProviderRequest.add_member(:assertion_encryption_mode, Shapes::ShapeRef.new(shape: assertionEncryptionModeType, location_name: "AssertionEncryptionMode"))
+    UpdateSAMLProviderRequest.add_member(:add_private_key, Shapes::ShapeRef.new(shape: privateKeyType, location_name: "AddPrivateKey"))
+    UpdateSAMLProviderRequest.add_member(:remove_private_key, Shapes::ShapeRef.new(shape: privateKeyIdType, location_name: "RemovePrivateKey"))
     UpdateSAMLProviderRequest.struct_class = Types::UpdateSAMLProviderRequest
 
     UpdateSAMLProviderResponse.add_member(:saml_provider_arn, Shapes::ShapeRef.new(shape: arnType, location_name: "SAMLProviderArn"))
@@ -2152,6 +2168,8 @@ module Aws::IAM
 
     policyNameListType.member = Shapes::ShapeRef.new(shape: policyNameType)
 
+    privateKeyList.member = Shapes::ShapeRef.new(shape: SAMLPrivateKey)
+
     roleDetailListType.member = Shapes::ShapeRef.new(shape: RoleDetail)
 
     roleListType.member = Shapes::ShapeRef.new(shape: Role)

data/lib/aws-sdk-iam/resource.rb

@@ -580,6 +580,8 @@ module Aws::IAM
     #         value: "tagValueType", # required
     #       },
     #     ],
+    #     assertion_encryption_mode: "Required", # accepts Required, Allowed
+    #     add_private_key: "privateKeyType",
     #   })
     # @param [Hash] options ({})
     # @option options [required, String] :saml_metadata_document
@@ -622,6 +624,12 @@ module Aws::IAM
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
+    # @option options [String] :assertion_encryption_mode
+    #   Specifies the encryption setting for the SAML provider.
+    # @option options [String] :add_private_key
+    #   The private key generated from your external identity provider. The
+    #   private key must be a .pem file that uses AES-GCM or AES-CBC
+    #   encryption algorithm to decrypt SAML assertions.
     # @return [SamlProvider]
     def create_saml_provider(options = {})
       resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do

data/lib/aws-sdk-iam/saml_provider.rb

@@ -34,6 +34,12 @@ module Aws::IAM
       @arn
     end
 
+    # The unique identifier assigned to the SAML provider.
+    # @return [String]
+    def saml_provider_uuid
+      data[:saml_provider_uuid]
+    end
+
     # The XML metadata document that includes information about an identity
     # provider.
     # @return [String]
@@ -65,6 +71,18 @@ module Aws::IAM
       data[:tags]
     end
 
+    # Specifies the encryption setting for the SAML provider.
+    # @return [String]
+    def assertion_encryption_mode
+      data[:assertion_encryption_mode]
+    end
+
+    # The private key metadata for the SAML provider.
+    # @return [Array<Types::SAMLPrivateKey>]
+    def private_key_list
+      data[:private_key_list]
+    end
+
     # @!endgroup
 
     # @return [Client]
@@ -219,16 +237,27 @@ module Aws::IAM
     # @example Request syntax with placeholder values
     #
     #   saml_provider.update({
-    #     saml_metadata_document: "SAMLMetadataDocumentType", # required
+    #     saml_metadata_document: "SAMLMetadataDocumentType",
+    #     assertion_encryption_mode: "Required", # accepts Required, Allowed
+    #     add_private_key: "privateKeyType",
+    #     remove_private_key: "privateKeyIdType",
     #   })
     # @param [Hash] options ({})
-    # @option options [required, String] :saml_metadata_document
+    # @option options [String] :saml_metadata_document
     #   An XML document generated by an identity provider (IdP) that supports
     #   SAML 2.0. The document includes the issuer's name, expiration
     #   information, and keys that can be used to validate the SAML
     #   authentication response (assertions) that are received from the IdP.
     #   You must generate the metadata document using the identity management
-    #   software that is used as your organization's IdP.
+    #   software that is used as your IdP.
+    # @option options [String] :assertion_encryption_mode
+    #   Specifies the encryption setting for the SAML provider.
+    # @option options [String] :add_private_key
+    #   Specifies the new private key from your external identity provider.
+    #   The private key must be a .pem file that uses AES-GCM or AES-CBC
+    #   encryption algorithm to decrypt SAML assertions.
+    # @option options [String] :remove_private_key
+    #   The Key ID of the private key to remove.
     # @return [Types::UpdateSAMLProviderResponse]
     def update(options = {})
       options = options.merge(saml_provider_arn: @arn)

data/lib/aws-sdk-iam/types.rb

@@ -1401,13 +1401,25 @@ module Aws::IAM
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] assertion_encryption_mode
+    #   Specifies the encryption setting for the SAML provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] add_private_key
+    #   The private key generated from your external identity provider. The
+    #   private key must be a .pem file that uses AES-GCM or AES-CBC
+    #   encryption algorithm to decrypt SAML assertions.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateSAMLProviderRequest AWS API Documentation
     #
     class CreateSAMLProviderRequest < Struct.new(
       :saml_metadata_document,
       :name,
-      :tags)
-      SENSITIVE = []
+      :tags,
+      :assertion_encryption_mode,
+      :add_private_key)
+      SENSITIVE = [:add_private_key]
       include Aws::Structure
     end
 
@@ -3995,6 +4007,10 @@ module Aws::IAM
 
     # Contains the response to a successful GetSAMLProvider request.
     #
+    # @!attribute [rw] saml_provider_uuid
+    #   The unique identifier assigned to the SAML provider.
+    #   @return [String]
+    #
     # @!attribute [rw] saml_metadata_document
     #   The XML metadata document that includes information about an
     #   identity provider.
@@ -4019,13 +4035,24 @@ module Aws::IAM
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] assertion_encryption_mode
+    #   Specifies the encryption setting for the SAML provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] private_key_list
+    #   The private key metadata for the SAML provider.
+    #   @return [Array<Types::SAMLPrivateKey>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/GetSAMLProviderResponse AWS API Documentation
     #
     class GetSAMLProviderResponse < Struct.new(
+      :saml_provider_uuid,
       :saml_metadata_document,
       :create_date,
       :valid_until,
-      :tags)
+      :tags,
+      :assertion_encryption_mode,
+      :private_key_list)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9192,6 +9219,33 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # Contains the private keys for the SAML provider.
+    #
+    # This data type is used as a response element in the GetSAMLProvider
+    # operation.
+    #
+    # @!attribute [rw] key_id
+    #   The unique identifier for the SAML private key.
+    #   @return [String]
+    #
+    # @!attribute [rw] timestamp
+    #   The date and time, in [ISO 8601 date-time ][1] format, when the
+    #   private key was uploaded.
+    #
+    #
+    #
+    #   [1]: http://www.iso.org/iso/iso8601
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/SAMLPrivateKey AWS API Documentation
+    #
+    class SAMLPrivateKey < Struct.new(
+      :key_id,
+      :timestamp)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains the list of SAML providers for this account.
     #
     # @!attribute [rw] arn
@@ -11345,7 +11399,7 @@ module Aws::IAM
     #   expiration information, and keys that can be used to validate the
     #   SAML authentication response (assertions) that are received from the
     #   IdP. You must generate the metadata document using the identity
-    #   management software that is used as your organization's IdP.
+    #   management software that is used as your IdP.
     #   @return [String]
     #
     # @!attribute [rw] saml_provider_arn
@@ -11359,12 +11413,29 @@ module Aws::IAM
     #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
     #   @return [String]
     #
+    # @!attribute [rw] assertion_encryption_mode
+    #   Specifies the encryption setting for the SAML provider.
+    #   @return [String]
+    #
+    # @!attribute [rw] add_private_key
+    #   Specifies the new private key from your external identity provider.
+    #   The private key must be a .pem file that uses AES-GCM or AES-CBC
+    #   encryption algorithm to decrypt SAML assertions.
+    #   @return [String]
+    #
+    # @!attribute [rw] remove_private_key
+    #   The Key ID of the private key to remove.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/UpdateSAMLProviderRequest AWS API Documentation
     #
     class UpdateSAMLProviderRequest < Struct.new(
       :saml_metadata_document,
-      :saml_provider_arn)
-      SENSITIVE = []
+      :saml_provider_arn,
+      :assertion_encryption_mode,
+      :add_private_key,
+      :remove_private_key)
+      SENSITIVE = [:add_private_key]
       include Aws::Structure
     end
 

data/lib/aws-sdk-iam.rb

@@ -76,7 +76,7 @@ module Aws::IAM
   autoload :UserPolicy, 'aws-sdk-iam/user_policy'
   autoload :VirtualMfaDevice, 'aws-sdk-iam/virtual_mfa_device'
 
-  GEM_VERSION = '1.115.0'
+  GEM_VERSION = '1.116.0'
 
 end
 

data/sig/client.rbs

@@ -267,7 +267,9 @@ module Aws
                                       key: ::String,
                                       value: ::String
                                     },
-                                  ]
+                                  ],
+                                  ?assertion_encryption_mode: ("Required" | "Allowed"),
+                                  ?add_private_key: ::String
                                 ) -> _CreateSAMLProviderResponseSuccess
                               | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateSAMLProviderResponseSuccess
 
@@ -803,10 +805,13 @@ module Aws
 
       interface _GetSAMLProviderResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GetSAMLProviderResponse]
+        def saml_provider_uuid: () -> ::String
         def saml_metadata_document: () -> ::String
         def create_date: () -> ::Time
         def valid_until: () -> ::Time
         def tags: () -> ::Array[Types::Tag]
+        def assertion_encryption_mode: () -> ("Required" | "Allowed")
+        def private_key_list: () -> ::Array[Types::SAMLPrivateKey]
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#get_saml_provider-instance_method
       def get_saml_provider: (
@@ -1770,8 +1775,11 @@ module Aws
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/Client.html#update_saml_provider-instance_method
       def update_saml_provider: (
-                                  saml_metadata_document: ::String,
-                                  saml_provider_arn: ::String
+                                  ?saml_metadata_document: ::String,
+                                  saml_provider_arn: ::String,
+                                  ?assertion_encryption_mode: ("Required" | "Allowed"),
+                                  ?add_private_key: ::String,
+                                  ?remove_private_key: ::String
                                 ) -> _UpdateSAMLProviderResponseSuccess
                               | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateSAMLProviderResponseSuccess
 

data/sig/resource.rbs

@@ -167,7 +167,9 @@ module Aws
                                       key: ::String,
                                       value: ::String
                                     },
-                                  ]
+                                  ],
+                                  ?assertion_encryption_mode: ("Required" | "Allowed"),
+                                  ?add_private_key: ::String
                                 ) -> SamlProvider
                               | (?Hash[Symbol, untyped]) -> SamlProvider
 

data/sig/saml_provider.rbs

@@ -17,6 +17,9 @@ module Aws
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/SamlProvider.html#arn-instance_method
       def arn: () -> String
 
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/SamlProvider.html#saml_provider_uuid-instance_method
+      def saml_provider_uuid: () -> ::String
+
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/SamlProvider.html#saml_metadata_document-instance_method
       def saml_metadata_document: () -> ::String
 
@@ -29,6 +32,12 @@ module Aws
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/SamlProvider.html#tags-instance_method
       def tags: () -> ::Array[Types::Tag]
 
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/SamlProvider.html#assertion_encryption_mode-instance_method
+      def assertion_encryption_mode: () -> ("Required" | "Allowed")
+
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/SamlProvider.html#private_key_list-instance_method
+      def private_key_list: () -> ::Array[Types::SAMLPrivateKey]
+
       def client: () -> Client
 
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/SamlProvider.html#load-instance_method
@@ -49,7 +58,10 @@ module Aws
 
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IAM/SamlProvider.html#update-instance_method
       def update: (
-                    saml_metadata_document: ::String
+                    ?saml_metadata_document: ::String,
+                    ?assertion_encryption_mode: ("Required" | "Allowed"),
+                    ?add_private_key: ::String,
+                    ?remove_private_key: ::String
                   ) -> Types::UpdateSAMLProviderResponse
                 | (?Hash[Symbol, untyped]) -> Types::UpdateSAMLProviderResponse
 

data/sig/types.rbs

@@ -224,7 +224,9 @@ module Aws::IAM
       attr_accessor saml_metadata_document: ::String
       attr_accessor name: ::String
       attr_accessor tags: ::Array[Types::Tag]
-      SENSITIVE: []
+      attr_accessor assertion_encryption_mode: ("Required" | "Allowed")
+      attr_accessor add_private_key: ::String
+      SENSITIVE: [:add_private_key]
     end
 
     class CreateSAMLProviderResponse
@@ -788,10 +790,13 @@ module Aws::IAM
     end
 
     class GetSAMLProviderResponse
+      attr_accessor saml_provider_uuid: ::String
       attr_accessor saml_metadata_document: ::String
       attr_accessor create_date: ::Time
       attr_accessor valid_until: ::Time
       attr_accessor tags: ::Array[Types::Tag]
+      attr_accessor assertion_encryption_mode: ("Required" | "Allowed")
+      attr_accessor private_key_list: ::Array[Types::SAMLPrivateKey]
       SENSITIVE: []
     end
 
@@ -1732,6 +1737,12 @@ module Aws::IAM
       SENSITIVE: []
     end
 
+    class SAMLPrivateKey
+      attr_accessor key_id: ::String
+      attr_accessor timestamp: ::Time
+      SENSITIVE: []
+    end
+
     class SAMLProviderListEntry
       attr_accessor arn: ::String
       attr_accessor valid_until: ::Time
@@ -2076,7 +2087,10 @@ module Aws::IAM
     class UpdateSAMLProviderRequest
       attr_accessor saml_metadata_document: ::String
       attr_accessor saml_provider_arn: ::String
-      SENSITIVE: []
+      attr_accessor assertion_encryption_mode: ("Required" | "Allowed")
+      attr_accessor add_private_key: ::String
+      attr_accessor remove_private_key: ::String
+      SENSITIVE: [:add_private_key]
     end
 
     class UpdateSAMLProviderResponse

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iam
 version: !ruby/object:Gem::Version
-  version: 1.115.0
+  version: 1.116.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-01-15 00:00:00.000000000 Z
+date: 2025-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core