aws-sdk-iot 1.150.0 → 1.152.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0e6e7b2b6d1e9a89be04a99c47236d0c025e4ba2bdd6be4a9eab1310de5efad5
-  data.tar.gz: 7f86dab30f0ce0c00a6a0ce0fdc1d46eb0d88dda55f1463d7c07d2674dcf4f40
+  metadata.gz: 4135b37136c6092d1dc81ecc0463704bfc78c1ae528639b814c4f735154dd325
+  data.tar.gz: e01f0b474152be1929325a6c25800c5037b9b030513a2535bbd48c9e2a955a47
 SHA512:
-  metadata.gz: e597343c358194397b82a9c7394be7cf79f08ced7fad4a766e026684e5d75c5763841f60360e94730129a915c01300b38d9758a6fcbe18d5d55eff4a014cc374
-  data.tar.gz: e0df8182e084cb865068208f408ee99c4f0f36e981bacb8e71a9dc43c6c35aa6ea0cd0a9dddac27b5e9ff83453f3ba52ccf2f24aa9b771175c5c190ccf223880
+  metadata.gz: ea7354d3d9c3d71866391a606e4a651f94e1ee19fde3709b6da663a7173b6e25817d9e8f92a715976644ed0aeff02ea3eb990a7370a20a342acbdcacd4608217
+  data.tar.gz: 67f291bf2201e62880f7be861079a18a5749bf7204b2cfa36f49fa98dc2a74b06f2c50f7d51ad5f22bb2678b520ff645227bc5a799a657f889c8c55119dba228

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.152.0 (2025-08-04)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.151.0 (2025-07-31)
+------------------
+
+* Feature - This release allows AWS IoT Core users to use their own AWS KMS keys for data protection
+
 1.150.0 (2025-07-21)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.150.0
+1.152.0

data/lib/aws-sdk-iot/client.rb

@@ -95,8 +95,8 @@ module Aws::IoT
     #     class name or an instance of a plugin class.
     #
     #   @option options [required, Aws::CredentialProvider] :credentials
-    #     Your AWS credentials used for authentication. This can be an instance of any one of the
-    #     following classes:
+    #     Your AWS credentials used for authentication. This can be any class that includes and implements
+    #     `Aws::CredentialProvider`, or instance of any one of the following classes:
     #
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
     #       credentials.
@@ -124,8 +124,7 @@ module Aws::IoT
     #     * `Aws::CognitoIdentityCredentials` - Used for loading credentials
     #       from the Cognito Identity service.
     #
-    #     When `:credentials` are not configured directly, the following
-    #     locations will be searched for credentials:
+    #     When `:credentials` are not configured directly, the following locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
     #
@@ -139,12 +138,10 @@ module Aws::IoT
     #
     #     * `~/.aws/config`
     #
-    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
-    #       are very aggressive. Construct and pass an instance of
-    #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts. Instance profile credential
-    #       fetching can be disabled by setting `ENV['AWS_EC2_METADATA_DISABLED']`
-    #       to `true`.
+    #     * EC2/ECS IMDS instance profile - When used by default, the timeouts are very aggressive.
+    #       Construct and pass an instance of `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
+    #       enable retries and extended timeouts. Instance profile credential fetching can be disabled by
+    #       setting `ENV['AWS_EC2_METADATA_DISABLED']` to `true`.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -377,8 +374,8 @@ module Aws::IoT
     #     `Aws::Telemetry::OTelProvider` for telemetry provider.
     #
     #   @option options [Aws::TokenProvider] :token_provider
-    #     Your Bearer token used for authentication. This can be an instance of any one of the
-    #     following classes:
+    #     Your Bearer token used for authentication. This can be any class that includes and implements
+    #     `Aws::TokenProvider`, or instance of any one of the following classes:
     #
     #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
     #       tokens.
@@ -6378,6 +6375,59 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Retrieves the encryption configuration for resources and data of your
+    # Amazon Web Services account in Amazon Web Services IoT Core. For more
+    # information, see [Key management in IoT][1] from the *Amazon Web
+    # Services IoT Core Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/iot/latest/developerguide/key-management.html
+    #
+    # @return [Types::DescribeEncryptionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeEncryptionConfigurationResponse#encryption_type #encryption_type} => String
+    #   * {Types::DescribeEncryptionConfigurationResponse#kms_key_arn #kms_key_arn} => String
+    #   * {Types::DescribeEncryptionConfigurationResponse#kms_access_role_arn #kms_access_role_arn} => String
+    #   * {Types::DescribeEncryptionConfigurationResponse#configuration_details #configuration_details} => Types::ConfigurationDetails
+    #   * {Types::DescribeEncryptionConfigurationResponse#last_modified_date #last_modified_date} => Time
+    #
+    #
+    # @example Example: DescribeEncryptionConfiguration
+    #
+    #   # DescribeEncryptionConfiguration API operation example
+    #
+    #   resp = client.describe_encryption_configuration({
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     configuration_details: {
+    #       configuration_status: "HEALTHY", 
+    #     }, 
+    #     encryption_type: "CUSTOMER_MANAGED_KMS_KEY", 
+    #     kms_access_role_arn: "arn:aws:iam:us-west-2:111122223333:role/myrole", 
+    #     kms_key_arn: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", 
+    #     last_modified_date: Time.parse("2024-09-26T22:01:02.365000-07:00"), 
+    #   }
+    #
+    # @example Response structure
+    #
+    #   resp.encryption_type #=> String, one of "CUSTOMER_MANAGED_KMS_KEY", "AWS_OWNED_KMS_KEY"
+    #   resp.kms_key_arn #=> String
+    #   resp.kms_access_role_arn #=> String
+    #   resp.configuration_details.configuration_status #=> String, one of "HEALTHY", "UNHEALTHY"
+    #   resp.configuration_details.error_code #=> String
+    #   resp.configuration_details.error_message #=> String
+    #   resp.last_modified_date #=> Time
+    #
+    # @overload describe_encryption_configuration(params = {})
+    # @param [Hash] params ({})
+    def describe_encryption_configuration(params = {}, options = {})
+      req = build_request(:describe_encryption_configuration, params)
+      req.send_request(options)
+    end
+
     # Returns or creates a unique endpoint specific to the Amazon Web
     # Services account making the call.
     #
@@ -14333,15 +14383,39 @@ module Aws::IoT
     #
     # You can cancel the transfer until it is acknowledged by the recipient.
     #
-    # No notification is sent to the transfer destination's account. It is
+    # No notification is sent to the transfer destination's account. It's
     # up to the caller to notify the transfer target.
     #
-    # The certificate being transferred must not be in the ACTIVE state. You
-    # can use the UpdateCertificate action to deactivate it.
+    # The certificate being transferred must not be in the `ACTIVE` state.
+    # You can use the UpdateCertificate action to deactivate it.
     #
     # The certificate must not have any policies attached to it. You can use
     # the DetachPolicy action to detach them.
     #
+    # **Customer managed key behavior:** When you use a customer managed key
+    # to secure your data and then transfer the key to a customer in a
+    # different account using the TransferCertificate operation, the
+    # certificates will no longer be protected by their customer managed key
+    # configuration. During the transfer process, certificates are encrypted
+    # using IoT owned keys.
+    #
+    # While a certificate is in the **PENDING\_TRANSFER** state, it's
+    # always protected by IoT owned keys, regardless of the customer managed
+    # key configuration of either the source or destination account.
+    #
+    # Once the transfer is completed through AcceptCertificateTransfer,
+    # RejectCertificateTransfer, or CancelCertificateTransfer, the
+    # certificate will be protected by the customer managed key
+    # configuration of the account that owns the certificate after the
+    # transfer operation:
+    #
+    # * If the transfer is accepted: The certificate is protected by the
+    #   destination account's customer managed key configuration.
+    #
+    # * If the transfer is rejected or cancelled: The certificate is
+    #   protected by the source account's customer managed key
+    #   configuration.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
@@ -15134,6 +15208,57 @@ module Aws::IoT
       req.send_request(options)
     end
 
+    # Updates the encryption configuration. By default, all Amazon Web
+    # Services IoT Core data at rest is encrypted using Amazon Web Services
+    # owned keys. Amazon Web Services IoT Core also supports symmetric
+    # customer managed keys from Amazon Web Services Key Management Service
+    # (KMS). With customer managed keys, you create, own, and manage the KMS
+    # keys in your Amazon Web Services account. For more information, see
+    # [Data encryption][1] in the *Amazon Web Services IoT Core Developer
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/iot/latest/developerguide/data-encryption.html
+    #
+    # @option params [required, String] :encryption_type
+    #   The type of the Amazon Web Services Key Management Service (KMS) key.
+    #
+    # @option params [String] :kms_key_arn
+    #   The ARN of the customer-managed KMS key.
+    #
+    # @option params [String] :kms_access_role_arn
+    #   The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web
+    #   Services IoT Core to call KMS on behalf of the customer.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    #
+    # @example Example: UpdateEncryptionConfiguration example
+    #
+    #   # This operation updates the encryption configuration. 
+    #
+    #   resp = client.update_encryption_configuration({
+    #     encryption_type: "CUSTOMER_MANAGED_KMS_KEY", 
+    #     kms_access_role_arn: "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", 
+    #     kms_key_arn: "arn:aws:iam:us-west-2:111122223333:role/myrole", 
+    #   })
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_encryption_configuration({
+    #     encryption_type: "CUSTOMER_MANAGED_KMS_KEY", # required, accepts CUSTOMER_MANAGED_KMS_KEY, AWS_OWNED_KMS_KEY
+    #     kms_key_arn: "KmsKeyArn",
+    #     kms_access_role_arn: "KmsAccessRoleArn",
+    #   })
+    #
+    # @overload update_encryption_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_encryption_configuration(params = {}, options = {})
+      req = build_request(:update_encryption_configuration, params)
+      req.send_request(options)
+    end
+
     # Updates the event configurations.
     #
     # Requires permission to access the [UpdateEventConfigurations][1]
@@ -16421,7 +16546,7 @@ module Aws::IoT
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-iot'
-      context[:gem_version] = '1.150.0'
+      context[:gem_version] = '1.152.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-iot/client_api.rb

@@ -270,6 +270,8 @@ module Aws::IoT
     ConfigName = Shapes::StringShape.new(name: 'ConfigName')
     ConfigValue = Shapes::StringShape.new(name: 'ConfigValue')
     Configuration = Shapes::StructureShape.new(name: 'Configuration')
+    ConfigurationDetails = Shapes::StructureShape.new(name: 'ConfigurationDetails')
+    ConfigurationStatus = Shapes::StringShape.new(name: 'ConfigurationStatus')
     ConfirmTopicRuleDestinationRequest = Shapes::StructureShape.new(name: 'ConfirmTopicRuleDestinationRequest')
     ConfirmTopicRuleDestinationResponse = Shapes::StructureShape.new(name: 'ConfirmTopicRuleDestinationResponse')
     ConfirmationToken = Shapes::StringShape.new(name: 'ConfirmationToken')
@@ -465,6 +467,8 @@ module Aws::IoT
     DescribeDimensionResponse = Shapes::StructureShape.new(name: 'DescribeDimensionResponse')
     DescribeDomainConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeDomainConfigurationRequest')
     DescribeDomainConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeDomainConfigurationResponse')
+    DescribeEncryptionConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeEncryptionConfigurationRequest')
+    DescribeEncryptionConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeEncryptionConfigurationResponse')
     DescribeEndpointRequest = Shapes::StructureShape.new(name: 'DescribeEndpointRequest')
     DescribeEndpointResponse = Shapes::StructureShape.new(name: 'DescribeEndpointResponse')
     DescribeEventConfigurationsRequest = Shapes::StructureShape.new(name: 'DescribeEventConfigurationsRequest')
@@ -572,6 +576,7 @@ module Aws::IoT
     EnableTopicRuleRequest = Shapes::StructureShape.new(name: 'EnableTopicRuleRequest')
     Enabled = Shapes::BooleanShape.new(name: 'Enabled')
     EnabledBoolean = Shapes::BooleanShape.new(name: 'EnabledBoolean')
+    EncryptionType = Shapes::StringShape.new(name: 'EncryptionType')
     EndpointAddress = Shapes::StringShape.new(name: 'EndpointAddress')
     EndpointType = Shapes::StringShape.new(name: 'EndpointType')
     Environment = Shapes::StringShape.new(name: 'Environment')
@@ -756,6 +761,8 @@ module Aws::IoT
     KeyPair = Shapes::StructureShape.new(name: 'KeyPair')
     KeyValue = Shapes::StringShape.new(name: 'KeyValue')
     KinesisAction = Shapes::StructureShape.new(name: 'KinesisAction')
+    KmsAccessRoleArn = Shapes::StringShape.new(name: 'KmsAccessRoleArn')
+    KmsKeyArn = Shapes::StringShape.new(name: 'KmsKeyArn')
     LambdaAction = Shapes::StructureShape.new(name: 'LambdaAction')
     LaserMaxResults = Shapes::IntegerShape.new(name: 'LaserMaxResults')
     LastModifiedDate = Shapes::TimestampShape.new(name: 'LastModifiedDate')
@@ -1406,6 +1413,8 @@ module Aws::IoT
     UpdateDomainConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateDomainConfigurationResponse')
     UpdateDynamicThingGroupRequest = Shapes::StructureShape.new(name: 'UpdateDynamicThingGroupRequest')
     UpdateDynamicThingGroupResponse = Shapes::StructureShape.new(name: 'UpdateDynamicThingGroupResponse')
+    UpdateEncryptionConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateEncryptionConfigurationRequest')
+    UpdateEncryptionConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateEncryptionConfigurationResponse')
     UpdateEventConfigurationsRequest = Shapes::StructureShape.new(name: 'UpdateEventConfigurationsRequest')
     UpdateEventConfigurationsResponse = Shapes::StructureShape.new(name: 'UpdateEventConfigurationsResponse')
     UpdateFleetMetricRequest = Shapes::StructureShape.new(name: 'UpdateFleetMetricRequest')
@@ -2063,6 +2072,11 @@ module Aws::IoT
     Configuration.add_member(:enabled, Shapes::ShapeRef.new(shape: Enabled, location_name: "Enabled"))
     Configuration.struct_class = Types::Configuration
 
+    ConfigurationDetails.add_member(:configuration_status, Shapes::ShapeRef.new(shape: ConfigurationStatus, location_name: "configurationStatus"))
+    ConfigurationDetails.add_member(:error_code, Shapes::ShapeRef.new(shape: ErrorCode, location_name: "errorCode"))
+    ConfigurationDetails.add_member(:error_message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "errorMessage"))
+    ConfigurationDetails.struct_class = Types::ConfigurationDetails
+
     ConfirmTopicRuleDestinationRequest.add_member(:confirmation_token, Shapes::ShapeRef.new(shape: ConfirmationToken, required: true, location: "uri", location_name: "confirmationToken"))
     ConfirmTopicRuleDestinationRequest.struct_class = Types::ConfirmTopicRuleDestinationRequest
 
@@ -2823,6 +2837,15 @@ module Aws::IoT
     DescribeDomainConfigurationResponse.add_member(:client_certificate_config, Shapes::ShapeRef.new(shape: ClientCertificateConfig, location_name: "clientCertificateConfig"))
     DescribeDomainConfigurationResponse.struct_class = Types::DescribeDomainConfigurationResponse
 
+    DescribeEncryptionConfigurationRequest.struct_class = Types::DescribeEncryptionConfigurationRequest
+
+    DescribeEncryptionConfigurationResponse.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionType, location_name: "encryptionType"))
+    DescribeEncryptionConfigurationResponse.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: KmsKeyArn, location_name: "kmsKeyArn"))
+    DescribeEncryptionConfigurationResponse.add_member(:kms_access_role_arn, Shapes::ShapeRef.new(shape: KmsAccessRoleArn, location_name: "kmsAccessRoleArn"))
+    DescribeEncryptionConfigurationResponse.add_member(:configuration_details, Shapes::ShapeRef.new(shape: ConfigurationDetails, location_name: "configurationDetails"))
+    DescribeEncryptionConfigurationResponse.add_member(:last_modified_date, Shapes::ShapeRef.new(shape: DateType, location_name: "lastModifiedDate"))
+    DescribeEncryptionConfigurationResponse.struct_class = Types::DescribeEncryptionConfigurationResponse
+
     DescribeEndpointRequest.add_member(:endpoint_type, Shapes::ShapeRef.new(shape: EndpointType, location: "querystring", location_name: "endpointType"))
     DescribeEndpointRequest.struct_class = Types::DescribeEndpointRequest
 
@@ -5421,6 +5444,13 @@ module Aws::IoT
     UpdateDynamicThingGroupResponse.add_member(:version, Shapes::ShapeRef.new(shape: Version, location_name: "version"))
     UpdateDynamicThingGroupResponse.struct_class = Types::UpdateDynamicThingGroupResponse
 
+    UpdateEncryptionConfigurationRequest.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionType, required: true, location_name: "encryptionType"))
+    UpdateEncryptionConfigurationRequest.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: KmsKeyArn, location_name: "kmsKeyArn"))
+    UpdateEncryptionConfigurationRequest.add_member(:kms_access_role_arn, Shapes::ShapeRef.new(shape: KmsAccessRoleArn, location_name: "kmsAccessRoleArn"))
+    UpdateEncryptionConfigurationRequest.struct_class = Types::UpdateEncryptionConfigurationRequest
+
+    UpdateEncryptionConfigurationResponse.struct_class = Types::UpdateEncryptionConfigurationResponse
+
     UpdateEventConfigurationsRequest.add_member(:event_configurations, Shapes::ShapeRef.new(shape: EventConfigurations, location_name: "eventConfigurations"))
     UpdateEventConfigurationsRequest.struct_class = Types::UpdateEventConfigurationsRequest
 
@@ -6351,6 +6381,7 @@ module Aws::IoT
         o.errors << Shapes::ShapeRef.new(shape: ResourceAlreadyExistsException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
         o.errors << Shapes::ShapeRef.new(shape: ConflictingResourceUpdateException)
+        o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
       end)
 
       api.add_operation(:create_topic_rule_destination, Seahorse::Model::Operation.new.tap do |o|
@@ -6364,6 +6395,7 @@ module Aws::IoT
         o.errors << Shapes::ShapeRef.new(shape: ResourceAlreadyExistsException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
         o.errors << Shapes::ShapeRef.new(shape: ConflictingResourceUpdateException)
+        o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
       end)
 
       api.add_operation(:delete_account_audit_configuration, Seahorse::Model::Operation.new.tap do |o|
@@ -7044,6 +7076,19 @@ module Aws::IoT
         o.errors << Shapes::ShapeRef.new(shape: InternalFailureException)
       end)
 
+      api.add_operation(:describe_encryption_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DescribeEncryptionConfiguration"
+        o.http_method = "GET"
+        o.http_request_uri = "/encryption-configuration"
+        o.input = Shapes::ShapeRef.new(shape: DescribeEncryptionConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: DescribeEncryptionConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalFailureException)
+      end)
+
       api.add_operation(:describe_endpoint, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DescribeEndpoint"
         o.http_method = "GET"
@@ -8814,6 +8859,7 @@ module Aws::IoT
         o.errors << Shapes::ShapeRef.new(shape: InternalException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+        o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
         o[:pager] = Aws::Pager.new(
           limit_key: "max_results",
           tokens: {
@@ -9361,6 +9407,19 @@ module Aws::IoT
         o.errors << Shapes::ShapeRef.new(shape: InvalidQueryException)
       end)
 
+      api.add_operation(:update_encryption_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateEncryptionConfiguration"
+        o.http_method = "PATCH"
+        o.http_request_uri = "/encryption-configuration"
+        o.input = Shapes::ShapeRef.new(shape: UpdateEncryptionConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateEncryptionConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: UnauthorizedException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalFailureException)
+      end)
+
       api.add_operation(:update_event_configurations, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateEventConfigurations"
         o.http_method = "PATCH"

data/lib/aws-sdk-iot/types.rb

@@ -2456,6 +2456,35 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # The encryption configuration details that include the status
+    # information of the Amazon Web Services Key Management Service (KMS)
+    # key and the KMS access role.
+    #
+    # @!attribute [rw] configuration_status
+    #   The health status of KMS key and KMS access role. If either KMS key
+    #   or KMS access role is `UNHEALTHY`, the return value will be
+    #   `UNHEALTHY`. To use a customer-managed KMS key, the value of
+    #   `configurationStatus` must be `HEALTHY`.
+    #   @return [String]
+    #
+    # @!attribute [rw] error_code
+    #   The error code that indicates either the KMS key or the KMS access
+    #   role is `UNHEALTHY`. Valid values: `KMS_KEY_VALIDATION_ERROR` and
+    #   `ROLE_VALIDATION_ERROR`.
+    #   @return [String]
+    #
+    # @!attribute [rw] error_message
+    #   The detailed error message that corresponds to the `errorCode`.
+    #   @return [String]
+    #
+    class ConfigurationDetails < Struct.new(
+      :configuration_status,
+      :error_code,
+      :error_message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] confirmation_token
     #   The token used to confirm ownership or access to the topic rule
     #   confirmation URL.
@@ -6089,6 +6118,43 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @api private
+    #
+    class DescribeEncryptionConfigurationRequest < Aws::EmptyStructure; end
+
+    # @!attribute [rw] encryption_type
+    #   The type of the Amazon Web Services Key Management Service (KMS)
+    #   key.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_arn
+    #   The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web
+    #   Services IoT Core to call KMS on behalf of the customer.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_access_role_arn
+    #   The ARN of the customer-managed KMS key.
+    #   @return [String]
+    #
+    # @!attribute [rw] configuration_details
+    #   The encryption configuration details that include the status
+    #   information of the KMS key and the KMS access role.
+    #   @return [Types::ConfigurationDetails]
+    #
+    # @!attribute [rw] last_modified_date
+    #   The date when encryption configuration is last updated.
+    #   @return [Time]
+    #
+    class DescribeEncryptionConfigurationResponse < Struct.new(
+      :encryption_type,
+      :kms_key_arn,
+      :kms_access_role_arn,
+      :configuration_details,
+      :last_modified_date)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The input for the DescribeEndpoint operation.
     #
     # @!attribute [rw] endpoint_type
@@ -17716,6 +17782,30 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @!attribute [rw] encryption_type
+    #   The type of the Amazon Web Services Key Management Service (KMS)
+    #   key.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_arn
+    #   The ARN of the customer-managed KMS key.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_access_role_arn
+    #   The Amazon Resource Name (ARN) of the IAM role assumed by Amazon Web
+    #   Services IoT Core to call KMS on behalf of the customer.
+    #   @return [String]
+    #
+    class UpdateEncryptionConfigurationRequest < Struct.new(
+      :encryption_type,
+      :kms_key_arn,
+      :kms_access_role_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    class UpdateEncryptionConfigurationResponse < Aws::EmptyStructure; end
+
     # @!attribute [rw] event_configurations
     #   The new event configuration values.
     #   @return [Hash<String,Types::Configuration>]

data/lib/aws-sdk-iot.rb

@@ -54,7 +54,7 @@ module Aws::IoT
   autoload :EndpointProvider, 'aws-sdk-iot/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-iot/endpoints'
 
-  GEM_VERSION = '1.150.0'
+  GEM_VERSION = '1.152.0'
 
 end
 

data/sig/client.rbs

@@ -2200,6 +2200,19 @@ module Aws
                                          ) -> _DescribeDomainConfigurationResponseSuccess
                                        | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DescribeDomainConfigurationResponseSuccess
 
+      interface _DescribeEncryptionConfigurationResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::DescribeEncryptionConfigurationResponse]
+        def encryption_type: () -> ("CUSTOMER_MANAGED_KMS_KEY" | "AWS_OWNED_KMS_KEY")
+        def kms_key_arn: () -> ::String
+        def kms_access_role_arn: () -> ::String
+        def configuration_details: () -> Types::ConfigurationDetails
+        def last_modified_date: () -> ::Time
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IoT/Client.html#describe_encryption_configuration-instance_method
+      def describe_encryption_configuration: (
+                                             ) -> _DescribeEncryptionConfigurationResponseSuccess
+                                           | (?Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _DescribeEncryptionConfigurationResponseSuccess
+
       interface _DescribeEndpointResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::DescribeEndpointResponse]
         def endpoint_address: () -> ::String
@@ -4763,6 +4776,17 @@ module Aws
                                       ) -> _UpdateDynamicThingGroupResponseSuccess
                                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateDynamicThingGroupResponseSuccess
 
+      interface _UpdateEncryptionConfigurationResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::UpdateEncryptionConfigurationResponse]
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/IoT/Client.html#update_encryption_configuration-instance_method
+      def update_encryption_configuration: (
+                                             encryption_type: ("CUSTOMER_MANAGED_KMS_KEY" | "AWS_OWNED_KMS_KEY"),
+                                             ?kms_key_arn: ::String,
+                                             ?kms_access_role_arn: ::String
+                                           ) -> _UpdateEncryptionConfigurationResponseSuccess
+                                         | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateEncryptionConfigurationResponseSuccess
+
       interface _UpdateEventConfigurationsResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::UpdateEventConfigurationsResponse]
       end

data/sig/types.rbs

@@ -664,6 +664,13 @@ module Aws::IoT
       SENSITIVE: []
     end
 
+    class ConfigurationDetails
+      attr_accessor configuration_status: ("HEALTHY" | "UNHEALTHY")
+      attr_accessor error_code: ::String
+      attr_accessor error_message: ::String
+      SENSITIVE: []
+    end
+
     class ConfirmTopicRuleDestinationRequest
       attr_accessor confirmation_token: ::String
       SENSITIVE: []
@@ -1720,6 +1727,18 @@ module Aws::IoT
       SENSITIVE: []
     end
 
+    class DescribeEncryptionConfigurationRequest < Aws::EmptyStructure
+    end
+
+    class DescribeEncryptionConfigurationResponse
+      attr_accessor encryption_type: ("CUSTOMER_MANAGED_KMS_KEY" | "AWS_OWNED_KMS_KEY")
+      attr_accessor kms_key_arn: ::String
+      attr_accessor kms_access_role_arn: ::String
+      attr_accessor configuration_details: Types::ConfigurationDetails
+      attr_accessor last_modified_date: ::Time
+      SENSITIVE: []
+    end
+
     class DescribeEndpointRequest
       attr_accessor endpoint_type: ::String
       SENSITIVE: []
@@ -5021,6 +5040,16 @@ module Aws::IoT
       SENSITIVE: []
     end
 
+    class UpdateEncryptionConfigurationRequest
+      attr_accessor encryption_type: ("CUSTOMER_MANAGED_KMS_KEY" | "AWS_OWNED_KMS_KEY")
+      attr_accessor kms_key_arn: ::String
+      attr_accessor kms_access_role_arn: ::String
+      SENSITIVE: []
+    end
+
+    class UpdateEncryptionConfigurationResponse < Aws::EmptyStructure
+    end
+
     class UpdateEventConfigurationsRequest
       attr_accessor event_configurations: ::Hash[("THING" | "THING_GROUP" | "THING_TYPE" | "THING_GROUP_MEMBERSHIP" | "THING_GROUP_HIERARCHY" | "THING_TYPE_ASSOCIATION" | "JOB" | "JOB_EXECUTION" | "POLICY" | "CERTIFICATE" | "CA_CERTIFICATE"), Types::Configuration]
       SENSITIVE: []

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iot
 version: !ruby/object:Gem::Version
-  version: 1.150.0
+  version: 1.152.0
 platform: ruby
 authors:
 - Amazon Web Services
@@ -18,7 +18,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.227.0
+        version: 3.228.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -28,7 +28,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.227.0
+        version: 3.228.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement