aws-sdk-iam 1.94.0 → 1.95.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8ab9625991b6f50258c11e826f62a322978de2cbe43c3465c85ef73d3fcea961
-  data.tar.gz: 3a27293575786f40911aace0393ab679f86501ba781df51d94432113fd75898f
+  metadata.gz: 5b1babaf1113737628781613a10bcdbb3fa4f7ca9feb75fad5b6e753f56ff904
+  data.tar.gz: b87db6c6cf3de1820478094f84bf31af1b3bad2559d8e0b5d3aae3b5be64be8c
 SHA512:
-  metadata.gz: 63fdb3d81a24006417c075e96bf4bccf4c5431830154f7c5871df84cba645ef7a5a49001bfb630807ea4704563ce3aef9d06028a2f0736fd28310d51e6fec246
-  data.tar.gz: 8ad19cf33fb700fe603ef91a4bd94f951baca50a0a29ff277822ed5f7a322dae44fdcb1ab901747971abb9c3eef0249d48384f4b80699286cb98f882931ae77e
+  metadata.gz: 6fa5f05f98660acd3bf706c7c2d8932a45542d219f2a51b60eda0028efe664c422a737aa82401e195891d6ecc14ad932a8dde511e61cc1c319f88562b5345785
+  data.tar.gz: 7cce096cae8761f3179c58f44080612109991111dbe98e84ed30ac9fd5b771e74e406af5891a6675d40e59ba51a3ca6b10b87e347f3bd389f249fcb67050ab2c

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.95.0 (2024-04-11)
+------------------
+
+* Feature - For CreateOpenIDConnectProvider API, the ThumbprintList parameter is no longer required.
+
 1.94.0 (2024-01-26)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.94.0
+1.95.0

data/lib/aws-sdk-iam/client.rb

@@ -1372,20 +1372,23 @@ module Aws::IAM
     #   `CreateOpenIDConnectProviderRequest` operation accepts client IDs up
     #   to 255 characters long.
     #
-    # @option params [required, Array<String>] :thumbprint_list
+    # @option params [Array<String>] :thumbprint_list
     #   A list of server certificate thumbprints for the OpenID Connect (OIDC)
     #   identity provider's server certificates. Typically this list includes
     #   only one entry. However, IAM lets you have up to five thumbprints for
     #   an OIDC provider. This lets you maintain multiple thumbprints if the
     #   identity provider is rotating certificates.
     #
+    #   This parameter is optional. If it is not included, IAM will retrieve
+    #   and use the top intermediate certificate authority (CA) thumbprint of
+    #   the OpenID Connect identity provider server certificate.
+    #
     #   The server certificate thumbprint is the hex-encoded SHA-1 hash value
     #   of the X.509 certificate used by the domain where the OpenID Connect
     #   provider makes its keys available. It is always a 40-character string.
     #
-    #   You must provide at least one thumbprint when creating an IAM OIDC
-    #   provider. For example, assume that the OIDC provider is
-    #   `server.example.com` and the provider stores its keys at
+    #   For example, assume that the OIDC provider is `server.example.com` and
+    #   the provider stores its keys at
     #   https://keys.server.example.com/openid-connect. In that case, the
     #   thumbprint string would be the hex-encoded SHA-1 hash value of the
     #   certificate used by `https://keys.server.example.com.`
@@ -1445,7 +1448,7 @@ module Aws::IAM
     #   resp = client.create_open_id_connect_provider({
     #     url: "OpenIDConnectProviderUrlType", # required
     #     client_id_list: ["clientIDType"],
-    #     thumbprint_list: ["thumbprintType"], # required
+    #     thumbprint_list: ["thumbprintType"],
     #     tags: [
     #       {
     #         key: "tagKeyType", # required
@@ -9878,7 +9881,7 @@ module Aws::IAM
       req.send_request(options)
     end
 
-    # Removes the specified IAM role from the specified EC2 instance
+    # Removes the specified IAM role from the specified Amazon EC2 instance
     # profile.
     #
     # Make sure that you do not have any Amazon EC2 instances running with
@@ -10465,13 +10468,13 @@ module Aws::IAM
     #   following list shows each of the supported scenario values and the
     #   resources that you must define to run the simulation.
     #
-    #   Each of the EC2 scenarios requires that you specify instance, image,
-    #   and security group resources. If your scenario includes an EBS volume,
-    #   then you must specify that volume as a resource. If the EC2 scenario
-    #   includes VPC, then you must supply the network interface resource. If
-    #   it includes an IP subnet, then you must specify the subnet resource.
-    #   For more information on the EC2 scenario options, see [Supported
-    #   platforms][1] in the *Amazon EC2 User Guide*.
+    #   Each of the Amazon EC2 scenarios requires that you specify instance,
+    #   image, and security group resources. If your scenario includes an EBS
+    #   volume, then you must specify that volume as a resource. If the Amazon
+    #   EC2 scenario includes VPC, then you must supply the network interface
+    #   resource. If it includes an IP subnet, then you must specify the
+    #   subnet resource. For more information on the Amazon EC2 scenario
+    #   options, see [Supported platforms][1] in the *Amazon EC2 User Guide*.
     #
     #   * **EC2-VPC-InstanceStore**
     #
@@ -10830,13 +10833,13 @@ module Aws::IAM
     #   following list shows each of the supported scenario values and the
     #   resources that you must define to run the simulation.
     #
-    #   Each of the EC2 scenarios requires that you specify instance, image,
-    #   and security group resources. If your scenario includes an EBS volume,
-    #   then you must specify that volume as a resource. If the EC2 scenario
-    #   includes VPC, then you must supply the network interface resource. If
-    #   it includes an IP subnet, then you must specify the subnet resource.
-    #   For more information on the EC2 scenario options, see [Supported
-    #   platforms][1] in the *Amazon EC2 User Guide*.
+    #   Each of the Amazon EC2 scenarios requires that you specify instance,
+    #   image, and security group resources. If your scenario includes an EBS
+    #   volume, then you must specify that volume as a resource. If the Amazon
+    #   EC2 scenario includes VPC, then you must supply the network interface
+    #   resource. If it includes an IP subnet, then you must specify the
+    #   subnet resource. For more information on the Amazon EC2 scenario
+    #   options, see [Supported platforms][1] in the *Amazon EC2 User Guide*.
     #
     #   * **EC2-VPC-InstanceStore**
     #
@@ -12564,6 +12567,11 @@ module Aws::IAM
     #   when you use those operations to create a console URL. For more
     #   information, see [Using IAM roles][1] in the *IAM User Guide*.
     #
+    #   <note markdown="1"> IAM role credentials provided by Amazon EC2 instances assigned to the
+    #   role are not subject to the specified maximum session duration.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
@@ -13467,7 +13475,7 @@ module Aws::IAM
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.94.0'
+      context[:gem_version] = '1.95.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-iam/client_api.rb

@@ -262,6 +262,7 @@ module Aws::IAM
     OpenIDConnectProviderListEntry = Shapes::StructureShape.new(name: 'OpenIDConnectProviderListEntry')
     OpenIDConnectProviderListType = Shapes::ListShape.new(name: 'OpenIDConnectProviderListType')
     OpenIDConnectProviderUrlType = Shapes::StringShape.new(name: 'OpenIDConnectProviderUrlType')
+    OpenIdIdpCommunicationErrorException = Shapes::StructureShape.new(name: 'OpenIdIdpCommunicationErrorException')
     OrganizationsDecisionDetail = Shapes::StructureShape.new(name: 'OrganizationsDecisionDetail')
     PasswordPolicy = Shapes::StructureShape.new(name: 'PasswordPolicy')
     PasswordPolicyViolationException = Shapes::StructureShape.new(name: 'PasswordPolicyViolationException')
@@ -444,6 +445,7 @@ module Aws::IAM
     mfaDeviceListType = Shapes::ListShape.new(name: 'mfaDeviceListType')
     minimumPasswordLengthType = Shapes::IntegerShape.new(name: 'minimumPasswordLengthType')
     noSuchEntityMessage = Shapes::StringShape.new(name: 'noSuchEntityMessage')
+    openIdIdpCommunicationErrorExceptionMessage = Shapes::StringShape.new(name: 'openIdIdpCommunicationErrorExceptionMessage')
     organizationsEntityPathType = Shapes::StringShape.new(name: 'organizationsEntityPathType')
     organizationsPolicyIdType = Shapes::StringShape.new(name: 'organizationsPolicyIdType')
     passwordPolicyViolationMessage = Shapes::StringShape.new(name: 'passwordPolicyViolationMessage')
@@ -628,7 +630,7 @@ module Aws::IAM
 
     CreateOpenIDConnectProviderRequest.add_member(:url, Shapes::ShapeRef.new(shape: OpenIDConnectProviderUrlType, required: true, location_name: "Url"))
     CreateOpenIDConnectProviderRequest.add_member(:client_id_list, Shapes::ShapeRef.new(shape: clientIDListType, location_name: "ClientIDList"))
-    CreateOpenIDConnectProviderRequest.add_member(:thumbprint_list, Shapes::ShapeRef.new(shape: thumbprintListType, required: true, location_name: "ThumbprintList"))
+    CreateOpenIDConnectProviderRequest.add_member(:thumbprint_list, Shapes::ShapeRef.new(shape: thumbprintListType, location_name: "ThumbprintList"))
     CreateOpenIDConnectProviderRequest.add_member(:tags, Shapes::ShapeRef.new(shape: tagListType, location_name: "Tags"))
     CreateOpenIDConnectProviderRequest.struct_class = Types::CreateOpenIDConnectProviderRequest
 
@@ -1523,6 +1525,9 @@ module Aws::IAM
 
     OpenIDConnectProviderListType.member = Shapes::ShapeRef.new(shape: OpenIDConnectProviderListEntry)
 
+    OpenIdIdpCommunicationErrorException.add_member(:message, Shapes::ShapeRef.new(shape: openIdIdpCommunicationErrorExceptionMessage, location_name: "message"))
+    OpenIdIdpCommunicationErrorException.struct_class = Types::OpenIdIdpCommunicationErrorException
+
     OrganizationsDecisionDetail.add_member(:allowed_by_organizations, Shapes::ShapeRef.new(shape: booleanType, location_name: "AllowedByOrganizations"))
     OrganizationsDecisionDetail.struct_class = Types::OrganizationsDecisionDetail
 
@@ -2290,6 +2295,7 @@ module Aws::IAM
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceFailureException)
+        o.errors << Shapes::ShapeRef.new(shape: OpenIdIdpCommunicationErrorException)
       end)
 
       api.add_operation(:create_policy, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-iam/errors.rb

@@ -46,6 +46,7 @@ module Aws::IAM
   # * {MalformedCertificateException}
   # * {MalformedPolicyDocumentException}
   # * {NoSuchEntityException}
+  # * {OpenIdIdpCommunicationErrorException}
   # * {PasswordPolicyViolationException}
   # * {PolicyEvaluationException}
   # * {PolicyNotAttachableException}
@@ -346,6 +347,21 @@ module Aws::IAM
       end
     end
 
+    class OpenIdIdpCommunicationErrorException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::IAM::Types::OpenIdIdpCommunicationErrorException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     class PasswordPolicyViolationException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-iam/types.rb

@@ -877,14 +877,17 @@ module Aws::IAM
     #   thumbprints for an OIDC provider. This lets you maintain multiple
     #   thumbprints if the identity provider is rotating certificates.
     #
+    #   This parameter is optional. If it is not included, IAM will retrieve
+    #   and use the top intermediate certificate authority (CA) thumbprint
+    #   of the OpenID Connect identity provider server certificate.
+    #
     #   The server certificate thumbprint is the hex-encoded SHA-1 hash
     #   value of the X.509 certificate used by the domain where the OpenID
     #   Connect provider makes its keys available. It is always a
     #   40-character string.
     #
-    #   You must provide at least one thumbprint when creating an IAM OIDC
-    #   provider. For example, assume that the OIDC provider is
-    #   `server.example.com` and the provider stores its keys at
+    #   For example, assume that the OIDC provider is `server.example.com`
+    #   and the provider stores its keys at
     #   https://keys.server.example.com/openid-connect. In that case, the
     #   thumbprint string would be the hex-encoded SHA-1 hash value of the
     #   certificate used by `https://keys.server.example.com.`
@@ -7573,6 +7576,20 @@ module Aws::IAM
       include Aws::Structure
     end
 
+    # The request failed because IAM cannot connect to the OpenID Connect
+    # identity provider URL.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/OpenIdIdpCommunicationErrorException AWS API Documentation
+    #
+    class OpenIdIdpCommunicationErrorException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains information about the effect that Organizations has on a
     # policy simulation.
     #
@@ -9723,13 +9740,14 @@ module Aws::IAM
     #   scenario values and the resources that you must define to run the
     #   simulation.
     #
-    #   Each of the EC2 scenarios requires that you specify instance, image,
-    #   and security group resources. If your scenario includes an EBS
-    #   volume, then you must specify that volume as a resource. If the EC2
-    #   scenario includes VPC, then you must supply the network interface
-    #   resource. If it includes an IP subnet, then you must specify the
-    #   subnet resource. For more information on the EC2 scenario options,
-    #   see [Supported platforms][1] in the *Amazon EC2 User Guide*.
+    #   Each of the Amazon EC2 scenarios requires that you specify instance,
+    #   image, and security group resources. If your scenario includes an
+    #   EBS volume, then you must specify that volume as a resource. If the
+    #   Amazon EC2 scenario includes VPC, then you must supply the network
+    #   interface resource. If it includes an IP subnet, then you must
+    #   specify the subnet resource. For more information on the Amazon EC2
+    #   scenario options, see [Supported platforms][1] in the *Amazon EC2
+    #   User Guide*.
     #
     #   * **EC2-VPC-InstanceStore**
     #
@@ -10030,13 +10048,14 @@ module Aws::IAM
     #   scenario values and the resources that you must define to run the
     #   simulation.
     #
-    #   Each of the EC2 scenarios requires that you specify instance, image,
-    #   and security group resources. If your scenario includes an EBS
-    #   volume, then you must specify that volume as a resource. If the EC2
-    #   scenario includes VPC, then you must supply the network interface
-    #   resource. If it includes an IP subnet, then you must specify the
-    #   subnet resource. For more information on the EC2 scenario options,
-    #   see [Supported platforms][1] in the *Amazon EC2 User Guide*.
+    #   Each of the Amazon EC2 scenarios requires that you specify instance,
+    #   image, and security group resources. If your scenario includes an
+    #   EBS volume, then you must specify that volume as a resource. If the
+    #   Amazon EC2 scenario includes VPC, then you must supply the network
+    #   interface resource. If it includes an IP subnet, then you must
+    #   specify the subnet resource. For more information on the Amazon EC2
+    #   scenario options, see [Supported platforms][1] in the *Amazon EC2
+    #   User Guide*.
     #
     #   * **EC2-VPC-InstanceStore**
     #
@@ -11104,6 +11123,11 @@ module Aws::IAM
     #   URL. For more information, see [Using IAM roles][1] in the *IAM User
     #   Guide*.
     #
+    #   <note markdown="1"> IAM role credentials provided by Amazon EC2 instances assigned to
+    #   the role are not subject to the specified maximum session duration.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html

data/lib/aws-sdk-iam.rb

@@ -74,6 +74,6 @@ require_relative 'aws-sdk-iam/customizations'
 # @!group service
 module Aws::IAM
 
-  GEM_VERSION = '1.94.0'
+  GEM_VERSION = '1.95.0'
 
 end

data/sig/client.rbs

@@ -186,7 +186,7 @@ module Aws
       def create_open_id_connect_provider: (
                                              url: ::String,
                                              ?client_id_list: Array[::String],
-                                             thumbprint_list: Array[::String],
+                                             ?thumbprint_list: Array[::String],
                                              ?tags: Array[
                                                {
                                                  key: ::String,

data/sig/errors.rbs

@@ -68,6 +68,9 @@ module Aws
       class NoSuchEntityException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
+      class OpenIdIdpCommunicationErrorException < ::Aws::Errors::ServiceError
+        def message: () -> ::String
+      end
       class PasswordPolicyViolationException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end

data/sig/types.rbs

@@ -1440,6 +1440,11 @@ module Aws::IAM
       SENSITIVE: []
     end
 
+    class OpenIdIdpCommunicationErrorException
+      attr_accessor message: ::String
+      SENSITIVE: []
+    end
+
     class OrganizationsDecisionDetail
       attr_accessor allowed_by_organizations: bool
       SENSITIVE: []

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iam
 version: !ruby/object:Gem::Version
-  version: 1.94.0
+  version: 1.95.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-26 00:00:00.000000000 Z
+date: 2024-04-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core