aws-sdk-iot 1.149.0 → 1.151.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: efb02b417b3aa52579826a917bcfc4a25a9fd1b67220d46588861c8e931d6b5b
-  data.tar.gz: ade700f15b77a1c8443fa06dd8799232e32f9ca612a0104d9eeb059c72c2dd51
+  metadata.gz: 00d820a97b0c130237c7193f87b9c110ea5e9d037e3193e567d41156dde27659
+  data.tar.gz: 9cf9c38975433c0d5d24705792f648a4066d68ba8adbb148b63ac7cb96763017
 SHA512:
-  metadata.gz: 3ee8be35c6525f553e22988cbc48585197467ed02813f0d06827f25aa2be1ad1f069980641fefd91f75b1b3aee307a39a4216dd17907d5164260b019261f2741
-  data.tar.gz: a752ef0cecb755ffce1457a80636cbba962a1baf1e928a5ce1c5333ae8209ac7289fe45e5f074c7eff17edadafc5b1a4ff0b59fde4512657d23bc00a613ecd94
+  metadata.gz: 3d3c53375709c973c268644df257ce832f6bfe7d849aa6e14c53527ec0e79b617a804249c5c7d4deaa568de79b76463862ec858af4a08ccd6dbfc5ed50182334
+  data.tar.gz: 1f8203ef800332335f30892bc876a6095687c515e31924101153b52994b80e533054c21a8c42265db845ece56f56f18f2eb800a01b7f0130b4e2c1972b5c2fb1

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.151.0 (2025-07-31)
+------------------
+
+* Feature - This release allows AWS IoT Core users to use their own AWS KMS keys for data protection
+
+1.150.0 (2025-07-21)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.149.0 (2025-06-02)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.149.0
+1.151.0

data/lib/aws-sdk-iot/client.rb

@@ -95,7 +95,7 @@ module Aws::IoT
     #     class name or an instance of a plugin class.
     #
     #   @option options [required, Aws::CredentialProvider] :credentials
-    #     Your AWS credentials. This can be an instance of any one of the
+    #     Your AWS credentials used for authentication. This can be an instance of any one of the
     #     following classes:
     #
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
@@ -128,18 +128,23 @@ module Aws::IoT
     #     locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
+    #
     #     * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
     #       `:account_id` options.
-    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
-    #       ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
+    #
+    #     * `ENV['AWS_ACCESS_KEY_ID']`, `ENV['AWS_SECRET_ACCESS_KEY']`,
+    #       `ENV['AWS_SESSION_TOKEN']`, and `ENV['AWS_ACCOUNT_ID']`.
+    #
     #     * `~/.aws/credentials`
+    #
     #     * `~/.aws/config`
+    #
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
     #       enable retries and extended timeouts. Instance profile credential
-    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
-    #       to true.
+    #       fetching can be disabled by setting `ENV['AWS_EC2_METADATA_DISABLED']`
+    #       to `true`.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -167,6 +172,11 @@ module Aws::IoT
     #     When false, the request will raise a `RetryCapacityNotAvailableError` and will
     #     not retry instead of sleeping.
     #
+    #   @option options [Array<String>] :auth_scheme_preference
+    #     A list of preferred authentication schemes to use when making a request. Supported values are:
+    #     `sigv4`, `sigv4a`, `httpBearerAuth`, and `noAuth`. When set using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or in
+    #     shared config as `auth_scheme_preference`, the value should be a comma-separated list.
+    #
     #   @option options [Boolean] :client_side_monitoring (false)
     #     When `true`, client-side metrics will be collected for all API requests from
     #     this client.
@@ -253,8 +263,8 @@ module Aws::IoT
     #     4 times. Used in `standard` and `adaptive` retry modes.
     #
     #   @option options [String] :profile ("default")
-    #     Used when loading credentials from the shared credentials file
-    #     at HOME/.aws/credentials.  When not specified, 'default' is used.
+    #     Used when loading credentials from the shared credentials file at `HOME/.aws/credentials`.
+    #     When not specified, 'default' is used.
     #
     #   @option options [String] :request_checksum_calculation ("when_supported")
     #     Determines when a checksum will be calculated for request payloads. Values are:
@@ -367,7 +377,7 @@ module Aws::IoT
     #     `Aws::Telemetry::OTelProvider` for telemetry provider.
     #
     #   @option options [Aws::TokenProvider] :token_provider
-    #     A Bearer Token Provider. This can be an instance of any one of the
+    #     Your Bearer token used for authentication. This can be an instance of any one of the
     #     following classes:
     #
     #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
@@ -6368,6 +6378,59 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Retrieves the encryption configuration for resources and data of your
+    # Amazon Web Services account in Amazon Web Services IoT Core. For more
+    # information, see [Key management in IoT][1] from the *Amazon Web
+    # Services IoT Core Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/iot/latest/developerguide/key-management.html
+    #
+    # @return [Types::DescribeEncryptionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeEncryptionConfigurationResponse#encryption_type #encryption_type} => String
+    #   * {Types::DescribeEncryptionConfigurationResponse#kms_key_arn #kms_key_arn} => String
+    #   * {Types::DescribeEncryptionConfigurationResponse#kms_access_role_arn #kms_access_role_arn} => String
+    #   * {Types::DescribeEncryptionConfigurationResponse#configuration_details #configuration_details} => Types::ConfigurationDetails
+    #   * {Types::DescribeEncryptionConfigurationResponse#last_modified_date #last_modified_date} => Time
+    #
+    #
+    # @example Example: DescribeEncryptionConfiguration
+    #
+    #   # DescribeEncryptionConfiguration API operation example
+    #
+    #   resp = client.describe_encryption_configuration({
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     configuration_details: {
+    #       configuration_status: "HEALTHY", 
+    #     }, 
+    #     encryption_type: "CUSTOMER_MANAGED_KMS_KEY", 
+    #     kms_access_role_arn: "arn:aws:iam:us-west-2:111122223333:role/myrole", 
+    #     kms_key_arn: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", 
+    #     last_modified_date: Time.parse("2024-09-26T22:01:02.365000-07:00"), 
+    #   }
+    #
+    # @example Response structure
+    #
+    #   resp.encryption_type #=> String, one of "CUSTOMER_MANAGED_KMS_KEY", "AWS_OWNED_KMS_KEY"
+    #   resp.kms_key_arn #=> String
+    #   resp.kms_access_role_arn #=> String
+    #   resp.configuration_details.configuration_status #=> String, one of "HEALTHY", "UNHEALTHY"
+    #   resp.configuration_details.error_code #=> String
+    #   resp.configuration_details.error_message #=> String
+    #   resp.last_modified_date #=> Time
+    #
+    # @overload describe_encryption_configuration(params = {})
+    # @param [Hash] params ({})
+    def describe_encryption_configuration(params = {}, options = {})
+      req = build_request(:describe_encryption_configuration, params)
+      req.send_request(options)
+    end
+
     # Returns or creates a unique endpoint specific to the Amazon Web
     # Services account making the call.
     #
@@ -14323,15 +14386,39 @@ module Aws::IoT
     #
     # You can cancel the transfer until it is acknowledged by the recipient.
     #
-    # No notification is sent to the transfer destination's account. It is
+    # No notification is sent to the transfer destination's account. It's
     # up to the caller to notify the transfer target.
     #
-    # The certificate being transferred must not be in the ACTIVE state. You
-    # can use the UpdateCertificate action to deactivate it.
+    # The certificate being transferred must not be in the `ACTIVE` state.
+    # You can use the UpdateCertificate action to deactivate it.
     #
     # The certificate must not have any policies attached to it. You can use
     # the DetachPolicy action to detach them.
     #
+    # **Customer managed key behavior:** When you use a customer managed key
+    # to secure your data and then transfer the key to a customer in a
+    # different account using the TransferCertificate operation, the
+    # certificates will no longer be protected by their customer managed key
+    # configuration. During the transfer process, certificates are encrypted
+    # using IoT owned keys.
+    #
+    # While a certificate is in the **PENDING\_TRANSFER** state, it's
+    # always protected by IoT owned keys, regardless of the customer managed
+    # key configuration of either the source or destination account.
+    #
+    # Once the transfer is completed through AcceptCertificateTransfer,
+    # RejectCertificateTransfer, or CancelCertificateTransfer, the
+    # certificate will be protected by the customer managed key
+    # configuration of the account that owns the certificate after the
+    # transfer operation:
+    #
+    # * If the transfer is accepted: The certificate is protected by the
+    #   destination account's customer managed key configuration.
+    #
+    # * If the transfer is rejected or cancelled: The certificate is
+    #   protected by the source account's customer managed key
+    #   configuration.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
@@ -15124,6 +15211,57 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Updates the encryption configuration. By default, all Amazon Web
+    # Services IoT Core data at rest is encrypted using Amazon Web Services
+    # owned keys. Amazon Web Services IoT Core also supports symmetric
+    # customer managed keys from Amazon Web Services Key Management Service
+    # (KMS). With customer managed keys, you create, own, and manage the KMS
+    # keys in your Amazon Web Services account. For more information, see
+    # [Data encryption][1] in the *Amazon Web Services IoT Core Developer
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/iot/latest/developerguide/data-encryption.html
+    #
+    # @option params [required, String] :encryption_type
+    #   The type of the Amazon Web Services Key Management Service (KMS) key.
+    #
+    # @option params [String] :kms_key_arn
+    #   The ARN of the customer-managed KMS key.
+    #
+    # @option params [String] :kms_access_role_arn
+    #   The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web
+    #   Services IoT Core to call KMS on behalf of the customer.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    #
+    # @example Example: UpdateEncryptionConfiguration example
+    #
+    #   # This operation updates the encryption configuration. 
+    #
+    #   resp = client.update_encryption_configuration({
+    #     encryption_type: "CUSTOMER_MANAGED_KMS_KEY", 
+    #     kms_access_role_arn: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", 
+    #     kms_key_arn: "arn:aws:iam:us-west-2:111122223333:role/myrole", 
+    #   })
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_encryption_configuration({
+    #     encryption_type: "CUSTOMER_MANAGED_KMS_KEY", # required, accepts CUSTOMER_MANAGED_KMS_KEY, AWS_OWNED_KMS_KEY
+    #     kms_key_arn: "KmsKeyArn",
+    #     kms_access_role_arn: "KmsAccessRoleArn",
+    #   })
+    #
+    # @overload update_encryption_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_encryption_configuration(params = {}, options = {})
+      req = build_request(:update_encryption_configuration, params)
+      req.send_request(options)
+    end
+
     # Updates the event configurations.
     #
     # Requires permission to access the [UpdateEventConfigurations][1]
@@ -16411,7 +16549,7 @@ module Aws::IoT
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-iot'
-      context[:gem_version] = '1.149.0'
+      context[:gem_version] = '1.151.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-iot/client_api.rb

@@ -270,6 +270,8 @@ module Aws::IoT
     ConfigName = Shapes::StringShape.new(name: 'ConfigName')
     ConfigValue = Shapes::StringShape.new(name: 'ConfigValue')
     Configuration = Shapes::StructureShape.new(name: 'Configuration')
+    ConfigurationDetails = Shapes::StructureShape.new(name: 'ConfigurationDetails')
+    ConfigurationStatus = Shapes::StringShape.new(name: 'ConfigurationStatus')
     ConfirmTopicRuleDestinationRequest = Shapes::StructureShape.new(name: 'ConfirmTopicRuleDestinationRequest')
     ConfirmTopicRuleDestinationResponse = Shapes::StructureShape.new(name: 'ConfirmTopicRuleDestinationResponse')
     ConfirmationToken = Shapes::StringShape.new(name: 'ConfirmationToken')
@@ -465,6 +467,8 @@ module Aws::IoT
     DescribeDimensionResponse = Shapes::StructureShape.new(name: 'DescribeDimensionResponse')
     DescribeDomainConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeDomainConfigurationRequest')
     DescribeDomainConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeDomainConfigurationResponse')
+    DescribeEncryptionConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeEncryptionConfigurationRequest')
+    DescribeEncryptionConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeEncryptionConfigurationResponse')
     DescribeEndpointRequest = Shapes::StructureShape.new(name: 'DescribeEndpointRequest')
     DescribeEndpointResponse = Shapes::StructureShape.new(name: 'DescribeEndpointResponse')
     DescribeEventConfigurationsRequest = Shapes::StructureShape.new(name: 'DescribeEventConfigurationsRequest')
@@ -572,6 +576,7 @@ module Aws::IoT
     EnableTopicRuleRequest = Shapes::StructureShape.new(name: 'EnableTopicRuleRequest')
     Enabled = Shapes::BooleanShape.new(name: 'Enabled')
     EnabledBoolean = Shapes::BooleanShape.new(name: 'EnabledBoolean')
+    EncryptionType = Shapes::StringShape.new(name: 'EncryptionType')
     EndpointAddress = Shapes::StringShape.new(name: 'EndpointAddress')
     EndpointType = Shapes::StringShape.new(name: 'EndpointType')
     Environment = Shapes::StringShape.new(name: 'Environment')
@@ -756,6 +761,8 @@ module Aws::IoT
     KeyPair = Shapes::StructureShape.new(name: 'KeyPair')
     KeyValue = Shapes::StringShape.new(name: 'KeyValue')
     KinesisAction = Shapes::StructureShape.new(name: 'KinesisAction')
+    KmsAccessRoleArn = Shapes::StringShape.new(name: 'KmsAccessRoleArn')
+    KmsKeyArn = Shapes::StringShape.new(name: 'KmsKeyArn')
     LambdaAction = Shapes::StructureShape.new(name: 'LambdaAction')
     LaserMaxResults = Shapes::IntegerShape.new(name: 'LaserMaxResults')
     LastModifiedDate = Shapes::TimestampShape.new(name: 'LastModifiedDate')
@@ -1406,6 +1413,8 @@ module Aws::IoT
     UpdateDomainConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateDomainConfigurationResponse')
     UpdateDynamicThingGroupRequest = Shapes::StructureShape.new(name: 'UpdateDynamicThingGroupRequest')
     UpdateDynamicThingGroupResponse = Shapes::StructureShape.new(name: 'UpdateDynamicThingGroupResponse')
+    UpdateEncryptionConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateEncryptionConfigurationRequest')
+    UpdateEncryptionConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateEncryptionConfigurationResponse')
     UpdateEventConfigurationsRequest = Shapes::StructureShape.new(name: 'UpdateEventConfigurationsRequest')
     UpdateEventConfigurationsResponse = Shapes::StructureShape.new(name: 'UpdateEventConfigurationsResponse')
     UpdateFleetMetricRequest = Shapes::StructureShape.new(name: 'UpdateFleetMetricRequest')
@@ -2063,6 +2072,11 @@ module Aws::IoT
     Configuration.add_member(:enabled, Shapes::ShapeRef.new(shape: Enabled, location_name: "Enabled"))
     Configuration.struct_class = Types::Configuration
 
+    ConfigurationDetails.add_member(:configuration_status, Shapes::ShapeRef.new(shape: ConfigurationStatus, location_name: "configurationStatus"))
+    ConfigurationDetails.add_member(:error_code, Shapes::ShapeRef.new(shape: ErrorCode, location_name: "errorCode"))
+    ConfigurationDetails.add_member(:error_message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "errorMessage"))
+    ConfigurationDetails.struct_class = Types::ConfigurationDetails
+
     ConfirmTopicRuleDestinationRequest.add_member(:confirmation_token, Shapes::ShapeRef.new(shape: ConfirmationToken, required: true, location: "uri", location_name: "confirmationToken"))
     ConfirmTopicRuleDestinationRequest.struct_class = Types::ConfirmTopicRuleDestinationRequest
 
@@ -2823,6 +2837,15 @@ module Aws::IoT
     DescribeDomainConfigurationResponse.add_member(:client_certificate_config, Shapes::ShapeRef.new(shape: ClientCertificateConfig, location_name: "clientCertificateConfig"))
     DescribeDomainConfigurationResponse.struct_class = Types::DescribeDomainConfigurationResponse
 
+    DescribeEncryptionConfigurationRequest.struct_class = Types::DescribeEncryptionConfigurationRequest
+
+    DescribeEncryptionConfigurationResponse.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionType, location_name: "encryptionType"))
+    DescribeEncryptionConfigurationResponse.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: KmsKeyArn, location_name: "kmsKeyArn"))
+    DescribeEncryptionConfigurationResponse.add_member(:kms_access_role_arn, Shapes::ShapeRef.new(shape: KmsAccessRoleArn, location_name: "kmsAccessRoleArn"))
+    DescribeEncryptionConfigurationResponse.add_member(:configuration_details, Shapes::ShapeRef.new(shape: ConfigurationDetails, location_name: "configurationDetails"))
+    DescribeEncryptionConfigurationResponse.add_member(:last_modified_date, Shapes::ShapeRef.new(shape: DateType, location_name: "lastModifiedDate"))
+    DescribeEncryptionConfigurationResponse.struct_class = Types::DescribeEncryptionConfigurationResponse
+
     DescribeEndpointRequest.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location: "querystring", location_name: "endpointType"))
     DescribeEndpointRequest.struct_class = Types::DescribeEndpointRequest
 
@@ -5421,6 +5444,13 @@ module Aws::IoT
     UpdateDynamicThingGroupResponse.add_member(:version, Shapes::ShapeRef.new(shape: Version, location_name: "version"))
     UpdateDynamicThingGroupResponse.struct_class = Types::UpdateDynamicThingGroupResponse
 
+    UpdateEncryptionConfigurationRequest.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionType, required: true, location_name: "encryptionType"))
+    UpdateEncryptionConfigurationRequest.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: KmsKeyArn, location_name: "kmsKeyArn"))
+    UpdateEncryptionConfigurationRequest.add_member(:kms_access_role_arn, Shapes::ShapeRef.new(shape: KmsAccessRoleArn, location_name: "kmsAccessRoleArn"))
+    UpdateEncryptionConfigurationRequest.struct_class = Types::UpdateEncryptionConfigurationRequest
+
+    UpdateEncryptionConfigurationResponse.struct_class = Types::UpdateEncryptionConfigurationResponse
+
     UpdateEventConfigurationsRequest.add_member(:event_configurations, Shapes::ShapeRef.new(shape: EventConfigurations, location_name: "eventConfigurations"))
     UpdateEventConfigurationsRequest.struct_class = Types::UpdateEventConfigurationsRequest
 
@@ -6351,6 +6381,7 @@ module Aws::IoT
         o.errors << Shapes::ShapeRef.new(shape: ResourceAlreadyExistsException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
         o.errors << Shapes::ShapeRef.new(shape: ConflictingResourceUpdateException)
+        o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
       end)
 
       api.add_operation(:create_topic_rule_destination, Seahorse::Model::Operation.new.tap do |o|
@@ -6364,6 +6395,7 @@ module Aws::IoT
         o.errors << Shapes::ShapeRef.new(shape: ResourceAlreadyExistsException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
         o.errors << Shapes::ShapeRef.new(shape: ConflictingResourceUpdateException)
+        o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
       end)
 
       api.add_operation(:delete_account_audit_configuration, Seahorse::Model::Operation.new.tap do |o|
@@ -7044,6 +7076,19 @@ module Aws::IoT
         o.errors << Shapes::ShapeRef.new(shape: InternalFailureException)
       end)
 
+      api.add_operation(:describe_encryption_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DescribeEncryptionConfiguration"
+        o.http_method = "GET"
+        o.http_request_uri = "/encryption-configuration"
+        o.input = Shapes::ShapeRef.new(shape: DescribeEncryptionConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: DescribeEncryptionConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalFailureException)
+      end)
+
       api.add_operation(:describe_endpoint, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DescribeEndpoint"
         o.http_method = "GET"
@@ -8814,6 +8859,7 @@ module Aws::IoT
         o.errors << Shapes::ShapeRef.new(shape: InternalException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+        o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
         o[:pager] = Aws::Pager.new(
           limit_key: "max_results",
           tokens: {
@@ -9361,6 +9407,19 @@ module Aws::IoT
         o.errors << Shapes::ShapeRef.new(shape: InvalidQueryException)
       end)
 
+      api.add_operation(:update_encryption_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateEncryptionConfiguration"
+        o.http_method = "PATCH"
+        o.http_request_uri = "/encryption-configuration"
+        o.input = Shapes::ShapeRef.new(shape: UpdateEncryptionConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateEncryptionConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalFailureException)
+      end)
+
       api.add_operation(:update_event_configurations, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateEventConfigurations"
         o.http_method = "PATCH"

data/lib/aws-sdk-iot/types.rb

@@ -2456,6 +2456,35 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # The encryption configuration details that include the status
+    # information of the Amazon Web Services Key Management Service (KMS)
+    # key and the KMS access role.
+    #
+    # @!attribute [rw] configuration_status
+    #   The health status of KMS key and KMS access role. If either KMS key
+    #   or KMS access role is `UNHEALTHY`, the return value will be
+    #   `UNHEALTHY`. To use a customer-managed KMS key, the value of
+    #   `configurationStatus` must be `HEALTHY`.
+    #   @return [String]
+    #
+    # @!attribute [rw] error_code
+    #   The error code that indicates either the KMS key or the KMS access
+    #   role is `UNHEALTHY`. Valid values: `KMS_KEY_VALIDATION_ERROR` and
+    #   `ROLE_VALIDATION_ERROR`.
+    #   @return [String]
+    #
+    # @!attribute [rw] error_message
+    #   The detailed error message that corresponds to the `errorCode`.
+    #   @return [String]
+    #
+    class ConfigurationDetails < Struct.new(
+      :configuration_status,
+      :error_code,
+      :error_message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] confirmation_token
     #   The token used to confirm ownership or access to the topic rule
     #   confirmation URL.
@@ -6089,6 +6118,43 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @api private
+    #
+    class DescribeEncryptionConfigurationRequest < Aws::EmptyStructure; end
+
+    # @!attribute [rw] encryption_type
+    #   The type of the Amazon Web Services Key Management Service (KMS)
+    #   key.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_arn
+    #   The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web
+    #   Services IoT Core to call KMS on behalf of the customer.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_access_role_arn
+    #   The ARN of the customer-managed KMS key.
+    #   @return [String]
+    #
+    # @!attribute [rw] configuration_details
+    #   The encryption configuration details that include the status
+    #   information of the KMS key and the KMS access role.
+    #   @return [Types::ConfigurationDetails]
+    #
+    # @!attribute [rw] last_modified_date
+    #   The date when encryption configuration is last updated.
+    #   @return [Time]
+    #
+    class DescribeEncryptionConfigurationResponse < Struct.new(
+      :encryption_type,
+      :kms_key_arn,
+      :kms_access_role_arn,
+      :configuration_details,
+      :last_modified_date)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The input for the DescribeEndpoint operation.
     #
     # @!attribute [rw] endpoint_type
@@ -17716,6 +17782,30 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @!attribute [rw] encryption_type
+    #   The type of the Amazon Web Services Key Management Service (KMS)
+    #   key.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_arn
+    #   The ARN of the customer-managed KMS key.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_access_role_arn
+    #   The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web
+    #   Services IoT Core to call KMS on behalf of the customer.
+    #   @return [String]
+    #
+    class UpdateEncryptionConfigurationRequest < Struct.new(
+      :encryption_type,
+      :kms_key_arn,
+      :kms_access_role_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    class UpdateEncryptionConfigurationResponse < Aws::EmptyStructure; end
+
     # @!attribute [rw] event_configurations
     #   The new event configuration values.
     #   @return [Hash<String,Types::Configuration>]

data/lib/aws-sdk-iot.rb

@@ -54,7 +54,7 @@ module Aws::IoT
   autoload :EndpointProvider, 'aws-sdk-iot/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-iot/endpoints'
 
-  GEM_VERSION = '1.149.0'
+  GEM_VERSION = '1.151.0'
 
 end
 

data/sig/client.rbs

@@ -18,6 +18,7 @@ module Aws
                       ?account_id: String,
                       ?active_endpoint_cache: bool,
                       ?adaptive_retry_wait_to_fill: bool,
+                      ?auth_scheme_preference: Array[String],
                       ?client_side_monitoring: bool,
                       ?client_side_monitoring_client_id: String,
                       ?client_side_monitoring_host: String,
@@ -2199,6 +2200,19 @@ module Aws
                                          ) -> _DescribeDomainConfigurationResponseSuccess
                                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DescribeDomainConfigurationResponseSuccess
 
+      interface _DescribeEncryptionConfigurationResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::DescribeEncryptionConfigurationResponse]
+        def encryption_type: () -> ("CUSTOMER_MANAGED_KMS_KEY" | "AWS_OWNED_KMS_KEY")
+        def kms_key_arn: () -> ::String
+        def kms_access_role_arn: () -> ::String
+        def configuration_details: () -> Types::ConfigurationDetails
+        def last_modified_date: () -> ::Time
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IoT/Client.html#describe_encryption_configuration-instance_method
+      def describe_encryption_configuration: (
+                                             ) -> _DescribeEncryptionConfigurationResponseSuccess
+                                           | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DescribeEncryptionConfigurationResponseSuccess
+
       interface _DescribeEndpointResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::DescribeEndpointResponse]
         def endpoint_address: () -> ::String
@@ -4762,6 +4776,17 @@ module Aws
                                       ) -> _UpdateDynamicThingGroupResponseSuccess
                                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateDynamicThingGroupResponseSuccess
 
+      interface _UpdateEncryptionConfigurationResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::UpdateEncryptionConfigurationResponse]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IoT/Client.html#update_encryption_configuration-instance_method
+      def update_encryption_configuration: (
+                                             encryption_type: ("CUSTOMER_MANAGED_KMS_KEY" | "AWS_OWNED_KMS_KEY"),
+                                             ?kms_key_arn: ::String,
+                                             ?kms_access_role_arn: ::String
+                                           ) -> _UpdateEncryptionConfigurationResponseSuccess
+                                         | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateEncryptionConfigurationResponseSuccess
+
       interface _UpdateEventConfigurationsResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::UpdateEventConfigurationsResponse]
       end

data/sig/resource.rbs

@@ -18,6 +18,7 @@ module Aws
                         ?account_id: String,
                         ?active_endpoint_cache: bool,
                         ?adaptive_retry_wait_to_fill: bool,
+                        ?auth_scheme_preference: Array[String],
                         ?client_side_monitoring: bool,
                         ?client_side_monitoring_client_id: String,
                         ?client_side_monitoring_host: String,

data/sig/types.rbs

@@ -664,6 +664,13 @@ module Aws::IoT
       SENSITIVE: []
     end
 
+    class ConfigurationDetails
+      attr_accessor configuration_status: ("HEALTHY" | "UNHEALTHY")
+      attr_accessor error_code: ::String
+      attr_accessor error_message: ::String
+      SENSITIVE: []
+    end
+
     class ConfirmTopicRuleDestinationRequest
       attr_accessor confirmation_token: ::String
       SENSITIVE: []
@@ -1720,6 +1727,18 @@ module Aws::IoT
       SENSITIVE: []
     end
 
+    class DescribeEncryptionConfigurationRequest < Aws::EmptyStructure
+    end
+
+    class DescribeEncryptionConfigurationResponse
+      attr_accessor encryption_type: ("CUSTOMER_MANAGED_KMS_KEY" | "AWS_OWNED_KMS_KEY")
+      attr_accessor kms_key_arn: ::String
+      attr_accessor kms_access_role_arn: ::String
+      attr_accessor configuration_details: Types::ConfigurationDetails
+      attr_accessor last_modified_date: ::Time
+      SENSITIVE: []
+    end
+
     class DescribeEndpointRequest
       attr_accessor endpoint_type: ::String
       SENSITIVE: []
@@ -5021,6 +5040,16 @@ module Aws::IoT
       SENSITIVE: []
     end
 
+    class UpdateEncryptionConfigurationRequest
+      attr_accessor encryption_type: ("CUSTOMER_MANAGED_KMS_KEY" | "AWS_OWNED_KMS_KEY")
+      attr_accessor kms_key_arn: ::String
+      attr_accessor kms_access_role_arn: ::String
+      SENSITIVE: []
+    end
+
+    class UpdateEncryptionConfigurationResponse < Aws::EmptyStructure
+    end
+
     class UpdateEventConfigurationsRequest
       attr_accessor event_configurations: ::Hash[("THING" | "THING_GROUP" | "THING_TYPE" | "THING_GROUP_MEMBERSHIP" | "THING_GROUP_HIERARCHY" | "THING_TYPE_ASSOCIATION" | "JOB" | "JOB_EXECUTION" | "POLICY" | "CERTIFICATE" | "CA_CERTIFICATE"), Types::Configuration]
       SENSITIVE: []

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iot
 version: !ruby/object:Gem::Version
-  version: 1.149.0
+  version: 1.151.0
 platform: ruby
 authors:
 - Amazon Web Services
@@ -18,7 +18,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.225.0
+        version: 3.228.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -28,7 +28,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.225.0
+        version: 3.228.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement