aws-sdk-iam 1.94.0 → 1.95.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8ab9625991b6f50258c11e826f62a322978de2cbe43c3465c85ef73d3fcea961
4
- data.tar.gz: 3a27293575786f40911aace0393ab679f86501ba781df51d94432113fd75898f
3
+ metadata.gz: 5b1babaf1113737628781613a10bcdbb3fa4f7ca9feb75fad5b6e753f56ff904
4
+ data.tar.gz: b87db6c6cf3de1820478094f84bf31af1b3bad2559d8e0b5d3aae3b5be64be8c
5
5
  SHA512:
6
- metadata.gz: 63fdb3d81a24006417c075e96bf4bccf4c5431830154f7c5871df84cba645ef7a5a49001bfb630807ea4704563ce3aef9d06028a2f0736fd28310d51e6fec246
7
- data.tar.gz: 8ad19cf33fb700fe603ef91a4bd94f951baca50a0a29ff277822ed5f7a322dae44fdcb1ab901747971abb9c3eef0249d48384f4b80699286cb98f882931ae77e
6
+ metadata.gz: 6fa5f05f98660acd3bf706c7c2d8932a45542d219f2a51b60eda0028efe664c422a737aa82401e195891d6ecc14ad932a8dde511e61cc1c319f88562b5345785
7
+ data.tar.gz: 7cce096cae8761f3179c58f44080612109991111dbe98e84ed30ac9fd5b771e74e406af5891a6675d40e59ba51a3ca6b10b87e347f3bd389f249fcb67050ab2c
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.95.0 (2024-04-11)
5
+ ------------------
6
+
7
+ * Feature - For CreateOpenIDConnectProvider API, the ThumbprintList parameter is no longer required.
8
+
4
9
  1.94.0 (2024-01-26)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.94.0
1
+ 1.95.0
@@ -1372,20 +1372,23 @@ module Aws::IAM
1372
1372
  # `CreateOpenIDConnectProviderRequest` operation accepts client IDs up
1373
1373
  # to 255 characters long.
1374
1374
  #
1375
- # @option params [required, Array<String>] :thumbprint_list
1375
+ # @option params [Array<String>] :thumbprint_list
1376
1376
  # A list of server certificate thumbprints for the OpenID Connect (OIDC)
1377
1377
  # identity provider's server certificates. Typically this list includes
1378
1378
  # only one entry. However, IAM lets you have up to five thumbprints for
1379
1379
  # an OIDC provider. This lets you maintain multiple thumbprints if the
1380
1380
  # identity provider is rotating certificates.
1381
1381
  #
1382
+ # This parameter is optional. If it is not included, IAM will retrieve
1383
+ # and use the top intermediate certificate authority (CA) thumbprint of
1384
+ # the OpenID Connect identity provider server certificate.
1385
+ #
1382
1386
  # The server certificate thumbprint is the hex-encoded SHA-1 hash value
1383
1387
  # of the X.509 certificate used by the domain where the OpenID Connect
1384
1388
  # provider makes its keys available. It is always a 40-character string.
1385
1389
  #
1386
- # You must provide at least one thumbprint when creating an IAM OIDC
1387
- # provider. For example, assume that the OIDC provider is
1388
- # `server.example.com` and the provider stores its keys at
1390
+ # For example, assume that the OIDC provider is `server.example.com` and
1391
+ # the provider stores its keys at
1389
1392
  # https://keys.server.example.com/openid-connect. In that case, the
1390
1393
  # thumbprint string would be the hex-encoded SHA-1 hash value of the
1391
1394
  # certificate used by `https://keys.server.example.com.`
@@ -1445,7 +1448,7 @@ module Aws::IAM
1445
1448
  # resp = client.create_open_id_connect_provider({
1446
1449
  # url: "OpenIDConnectProviderUrlType", # required
1447
1450
  # client_id_list: ["clientIDType"],
1448
- # thumbprint_list: ["thumbprintType"], # required
1451
+ # thumbprint_list: ["thumbprintType"],
1449
1452
  # tags: [
1450
1453
  # {
1451
1454
  # key: "tagKeyType", # required
@@ -9878,7 +9881,7 @@ module Aws::IAM
9878
9881
  req.send_request(options)
9879
9882
  end
9880
9883
 
9881
- # Removes the specified IAM role from the specified EC2 instance
9884
+ # Removes the specified IAM role from the specified Amazon EC2 instance
9882
9885
  # profile.
9883
9886
  #
9884
9887
  # Make sure that you do not have any Amazon EC2 instances running with
@@ -10465,13 +10468,13 @@ module Aws::IAM
10465
10468
  # following list shows each of the supported scenario values and the
10466
10469
  # resources that you must define to run the simulation.
10467
10470
  #
10468
- # Each of the EC2 scenarios requires that you specify instance, image,
10469
- # and security group resources. If your scenario includes an EBS volume,
10470
- # then you must specify that volume as a resource. If the EC2 scenario
10471
- # includes VPC, then you must supply the network interface resource. If
10472
- # it includes an IP subnet, then you must specify the subnet resource.
10473
- # For more information on the EC2 scenario options, see [Supported
10474
- # platforms][1] in the *Amazon EC2 User Guide*.
10471
+ # Each of the Amazon EC2 scenarios requires that you specify instance,
10472
+ # image, and security group resources. If your scenario includes an EBS
10473
+ # volume, then you must specify that volume as a resource. If the Amazon
10474
+ # EC2 scenario includes VPC, then you must supply the network interface
10475
+ # resource. If it includes an IP subnet, then you must specify the
10476
+ # subnet resource. For more information on the Amazon EC2 scenario
10477
+ # options, see [Supported platforms][1] in the *Amazon EC2 User Guide*.
10475
10478
  #
10476
10479
  # * **EC2-VPC-InstanceStore**
10477
10480
  #
@@ -10830,13 +10833,13 @@ module Aws::IAM
10830
10833
  # following list shows each of the supported scenario values and the
10831
10834
  # resources that you must define to run the simulation.
10832
10835
  #
10833
- # Each of the EC2 scenarios requires that you specify instance, image,
10834
- # and security group resources. If your scenario includes an EBS volume,
10835
- # then you must specify that volume as a resource. If the EC2 scenario
10836
- # includes VPC, then you must supply the network interface resource. If
10837
- # it includes an IP subnet, then you must specify the subnet resource.
10838
- # For more information on the EC2 scenario options, see [Supported
10839
- # platforms][1] in the *Amazon EC2 User Guide*.
10836
+ # Each of the Amazon EC2 scenarios requires that you specify instance,
10837
+ # image, and security group resources. If your scenario includes an EBS
10838
+ # volume, then you must specify that volume as a resource. If the Amazon
10839
+ # EC2 scenario includes VPC, then you must supply the network interface
10840
+ # resource. If it includes an IP subnet, then you must specify the
10841
+ # subnet resource. For more information on the Amazon EC2 scenario
10842
+ # options, see [Supported platforms][1] in the *Amazon EC2 User Guide*.
10840
10843
  #
10841
10844
  # * **EC2-VPC-InstanceStore**
10842
10845
  #
@@ -12564,6 +12567,11 @@ module Aws::IAM
12564
12567
  # when you use those operations to create a console URL. For more
12565
12568
  # information, see [Using IAM roles][1] in the *IAM User Guide*.
12566
12569
  #
12570
+ # <note markdown="1"> IAM role credentials provided by Amazon EC2 instances assigned to the
12571
+ # role are not subject to the specified maximum session duration.
12572
+ #
12573
+ # </note>
12574
+ #
12567
12575
  #
12568
12576
  #
12569
12577
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
@@ -13467,7 +13475,7 @@ module Aws::IAM
13467
13475
  params: params,
13468
13476
  config: config)
13469
13477
  context[:gem_name] = 'aws-sdk-iam'
13470
- context[:gem_version] = '1.94.0'
13478
+ context[:gem_version] = '1.95.0'
13471
13479
  Seahorse::Client::Request.new(handlers, context)
13472
13480
  end
13473
13481
 
@@ -262,6 +262,7 @@ module Aws::IAM
262
262
  OpenIDConnectProviderListEntry = Shapes::StructureShape.new(name: 'OpenIDConnectProviderListEntry')
263
263
  OpenIDConnectProviderListType = Shapes::ListShape.new(name: 'OpenIDConnectProviderListType')
264
264
  OpenIDConnectProviderUrlType = Shapes::StringShape.new(name: 'OpenIDConnectProviderUrlType')
265
+ OpenIdIdpCommunicationErrorException = Shapes::StructureShape.new(name: 'OpenIdIdpCommunicationErrorException')
265
266
  OrganizationsDecisionDetail = Shapes::StructureShape.new(name: 'OrganizationsDecisionDetail')
266
267
  PasswordPolicy = Shapes::StructureShape.new(name: 'PasswordPolicy')
267
268
  PasswordPolicyViolationException = Shapes::StructureShape.new(name: 'PasswordPolicyViolationException')
@@ -444,6 +445,7 @@ module Aws::IAM
444
445
  mfaDeviceListType = Shapes::ListShape.new(name: 'mfaDeviceListType')
445
446
  minimumPasswordLengthType = Shapes::IntegerShape.new(name: 'minimumPasswordLengthType')
446
447
  noSuchEntityMessage = Shapes::StringShape.new(name: 'noSuchEntityMessage')
448
+ openIdIdpCommunicationErrorExceptionMessage = Shapes::StringShape.new(name: 'openIdIdpCommunicationErrorExceptionMessage')
447
449
  organizationsEntityPathType = Shapes::StringShape.new(name: 'organizationsEntityPathType')
448
450
  organizationsPolicyIdType = Shapes::StringShape.new(name: 'organizationsPolicyIdType')
449
451
  passwordPolicyViolationMessage = Shapes::StringShape.new(name: 'passwordPolicyViolationMessage')
@@ -628,7 +630,7 @@ module Aws::IAM
628
630
 
629
631
  CreateOpenIDConnectProviderRequest.add_member(:url, Shapes::ShapeRef.new(shape: OpenIDConnectProviderUrlType, required: true, location_name: "Url"))
630
632
  CreateOpenIDConnectProviderRequest.add_member(:client_id_list, Shapes::ShapeRef.new(shape: clientIDListType, location_name: "ClientIDList"))
631
- CreateOpenIDConnectProviderRequest.add_member(:thumbprint_list, Shapes::ShapeRef.new(shape: thumbprintListType, required: true, location_name: "ThumbprintList"))
633
+ CreateOpenIDConnectProviderRequest.add_member(:thumbprint_list, Shapes::ShapeRef.new(shape: thumbprintListType, location_name: "ThumbprintList"))
632
634
  CreateOpenIDConnectProviderRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
633
635
  CreateOpenIDConnectProviderRequest.struct_class = Types::CreateOpenIDConnectProviderRequest
634
636
 
@@ -1523,6 +1525,9 @@ module Aws::IAM
1523
1525
 
1524
1526
  OpenIDConnectProviderListType.member = Shapes::ShapeRef.new(shape: OpenIDConnectProviderListEntry)
1525
1527
 
1528
+ OpenIdIdpCommunicationErrorException.add_member(:message, Shapes::ShapeRef.new(shape: openIdIdpCommunicationErrorExceptionMessage, location_name: "message"))
1529
+ OpenIdIdpCommunicationErrorException.struct_class = Types::OpenIdIdpCommunicationErrorException
1530
+
1526
1531
  OrganizationsDecisionDetail.add_member(:allowed_by_organizations, Shapes::ShapeRef.new(shape: booleanType, location_name: "AllowedByOrganizations"))
1527
1532
  OrganizationsDecisionDetail.struct_class = Types::OrganizationsDecisionDetail
1528
1533
 
@@ -2290,6 +2295,7 @@ module Aws::IAM
2290
2295
  o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
2291
2296
  o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
2292
2297
  o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
2298
+ o.errors << Shapes::ShapeRef.new(shape: OpenIdIdpCommunicationErrorException)
2293
2299
  end)
2294
2300
 
2295
2301
  api.add_operation(:create_policy, Seahorse::Model::Operation.new.tap do |o|
@@ -46,6 +46,7 @@ module Aws::IAM
46
46
  # * {MalformedCertificateException}
47
47
  # * {MalformedPolicyDocumentException}
48
48
  # * {NoSuchEntityException}
49
+ # * {OpenIdIdpCommunicationErrorException}
49
50
  # * {PasswordPolicyViolationException}
50
51
  # * {PolicyEvaluationException}
51
52
  # * {PolicyNotAttachableException}
@@ -346,6 +347,21 @@ module Aws::IAM
346
347
  end
347
348
  end
348
349
 
350
+ class OpenIdIdpCommunicationErrorException < ServiceError
351
+
352
+ # @param [Seahorse::Client::RequestContext] context
353
+ # @param [String] message
354
+ # @param [Aws::IAM::Types::OpenIdIdpCommunicationErrorException] data
355
+ def initialize(context, message, data = Aws::EmptyStructure.new)
356
+ super(context, message, data)
357
+ end
358
+
359
+ # @return [String]
360
+ def message
361
+ @message || @data[:message]
362
+ end
363
+ end
364
+
349
365
  class PasswordPolicyViolationException < ServiceError
350
366
 
351
367
  # @param [Seahorse::Client::RequestContext] context
@@ -877,14 +877,17 @@ module Aws::IAM
877
877
  # thumbprints for an OIDC provider. This lets you maintain multiple
878
878
  # thumbprints if the identity provider is rotating certificates.
879
879
  #
880
+ # This parameter is optional. If it is not included, IAM will retrieve
881
+ # and use the top intermediate certificate authority (CA) thumbprint
882
+ # of the OpenID Connect identity provider server certificate.
883
+ #
880
884
  # The server certificate thumbprint is the hex-encoded SHA-1 hash
881
885
  # value of the X.509 certificate used by the domain where the OpenID
882
886
  # Connect provider makes its keys available. It is always a
883
887
  # 40-character string.
884
888
  #
885
- # You must provide at least one thumbprint when creating an IAM OIDC
886
- # provider. For example, assume that the OIDC provider is
887
- # `server.example.com` and the provider stores its keys at
889
+ # For example, assume that the OIDC provider is `server.example.com`
890
+ # and the provider stores its keys at
888
891
  # https://keys.server.example.com/openid-connect. In that case, the
889
892
  # thumbprint string would be the hex-encoded SHA-1 hash value of the
890
893
  # certificate used by `https://keys.server.example.com.`
@@ -7573,6 +7576,20 @@ module Aws::IAM
7573
7576
  include Aws::Structure
7574
7577
  end
7575
7578
 
7579
+ # The request failed because IAM cannot connect to the OpenID Connect
7580
+ # identity provider URL.
7581
+ #
7582
+ # @!attribute [rw] message
7583
+ # @return [String]
7584
+ #
7585
+ # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/OpenIdIdpCommunicationErrorException AWS API Documentation
7586
+ #
7587
+ class OpenIdIdpCommunicationErrorException < Struct.new(
7588
+ :message)
7589
+ SENSITIVE = []
7590
+ include Aws::Structure
7591
+ end
7592
+
7576
7593
  # Contains information about the effect that Organizations has on a
7577
7594
  # policy simulation.
7578
7595
  #
@@ -9723,13 +9740,14 @@ module Aws::IAM
9723
9740
  # scenario values and the resources that you must define to run the
9724
9741
  # simulation.
9725
9742
  #
9726
- # Each of the EC2 scenarios requires that you specify instance, image,
9727
- # and security group resources. If your scenario includes an EBS
9728
- # volume, then you must specify that volume as a resource. If the EC2
9729
- # scenario includes VPC, then you must supply the network interface
9730
- # resource. If it includes an IP subnet, then you must specify the
9731
- # subnet resource. For more information on the EC2 scenario options,
9732
- # see [Supported platforms][1] in the *Amazon EC2 User Guide*.
9743
+ # Each of the Amazon EC2 scenarios requires that you specify instance,
9744
+ # image, and security group resources. If your scenario includes an
9745
+ # EBS volume, then you must specify that volume as a resource. If the
9746
+ # Amazon EC2 scenario includes VPC, then you must supply the network
9747
+ # interface resource. If it includes an IP subnet, then you must
9748
+ # specify the subnet resource. For more information on the Amazon EC2
9749
+ # scenario options, see [Supported platforms][1] in the *Amazon EC2
9750
+ # User Guide*.
9733
9751
  #
9734
9752
  # * **EC2-VPC-InstanceStore**
9735
9753
  #
@@ -10030,13 +10048,14 @@ module Aws::IAM
10030
10048
  # scenario values and the resources that you must define to run the
10031
10049
  # simulation.
10032
10050
  #
10033
- # Each of the EC2 scenarios requires that you specify instance, image,
10034
- # and security group resources. If your scenario includes an EBS
10035
- # volume, then you must specify that volume as a resource. If the EC2
10036
- # scenario includes VPC, then you must supply the network interface
10037
- # resource. If it includes an IP subnet, then you must specify the
10038
- # subnet resource. For more information on the EC2 scenario options,
10039
- # see [Supported platforms][1] in the *Amazon EC2 User Guide*.
10051
+ # Each of the Amazon EC2 scenarios requires that you specify instance,
10052
+ # image, and security group resources. If your scenario includes an
10053
+ # EBS volume, then you must specify that volume as a resource. If the
10054
+ # Amazon EC2 scenario includes VPC, then you must supply the network
10055
+ # interface resource. If it includes an IP subnet, then you must
10056
+ # specify the subnet resource. For more information on the Amazon EC2
10057
+ # scenario options, see [Supported platforms][1] in the *Amazon EC2
10058
+ # User Guide*.
10040
10059
  #
10041
10060
  # * **EC2-VPC-InstanceStore**
10042
10061
  #
@@ -11104,6 +11123,11 @@ module Aws::IAM
11104
11123
  # URL. For more information, see [Using IAM roles][1] in the *IAM User
11105
11124
  # Guide*.
11106
11125
  #
11126
+ # <note markdown="1"> IAM role credentials provided by Amazon EC2 instances assigned to
11127
+ # the role are not subject to the specified maximum session duration.
11128
+ #
11129
+ # </note>
11130
+ #
11107
11131
  #
11108
11132
  #
11109
11133
  # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
data/lib/aws-sdk-iam.rb CHANGED
@@ -74,6 +74,6 @@ require_relative 'aws-sdk-iam/customizations'
74
74
  # @!group service
75
75
  module Aws::IAM
76
76
 
77
- GEM_VERSION = '1.94.0'
77
+ GEM_VERSION = '1.95.0'
78
78
 
79
79
  end
data/sig/client.rbs CHANGED
@@ -186,7 +186,7 @@ module Aws
186
186
  def create_open_id_connect_provider: (
187
187
  url: ::String,
188
188
  ?client_id_list: Array[::String],
189
- thumbprint_list: Array[::String],
189
+ ?thumbprint_list: Array[::String],
190
190
  ?tags: Array[
191
191
  {
192
192
  key: ::String,
data/sig/errors.rbs CHANGED
@@ -68,6 +68,9 @@ module Aws
68
68
  class NoSuchEntityException < ::Aws::Errors::ServiceError
69
69
  def message: () -> ::String
70
70
  end
71
+ class OpenIdIdpCommunicationErrorException < ::Aws::Errors::ServiceError
72
+ def message: () -> ::String
73
+ end
71
74
  class PasswordPolicyViolationException < ::Aws::Errors::ServiceError
72
75
  def message: () -> ::String
73
76
  end
data/sig/types.rbs CHANGED
@@ -1440,6 +1440,11 @@ module Aws::IAM
1440
1440
  SENSITIVE: []
1441
1441
  end
1442
1442
 
1443
+ class OpenIdIdpCommunicationErrorException
1444
+ attr_accessor message: ::String
1445
+ SENSITIVE: []
1446
+ end
1447
+
1443
1448
  class OrganizationsDecisionDetail
1444
1449
  attr_accessor allowed_by_organizations: bool
1445
1450
  SENSITIVE: []
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-iam
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.94.0
4
+ version: 1.95.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-01-26 00:00:00.000000000 Z
11
+ date: 2024-04-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core