aws-sdk-iot 1.54.0 → 1.59.0

data/lib/aws-sdk-iot/types.rb

@@ -232,6 +232,21 @@ module Aws::IoT
     #           state_machine_name: "StateMachineName", # required
     #           role_arn: "AwsArn", # required
     #         },
+    #         timestream: {
+    #           role_arn: "AwsArn", # required
+    #           database_name: "TimestreamDatabaseName", # required
+    #           table_name: "TimestreamTableName", # required
+    #           dimensions: [ # required
+    #             {
+    #               name: "TimestreamDimensionName", # required
+    #               value: "TimestreamDimensionValue", # required
+    #             },
+    #           ],
+    #           timestamp: {
+    #             value: "TimestreamTimestampValue", # required
+    #             unit: "TimestreamTimestampUnit", # required
+    #           },
+    #         },
     #         http: {
     #           url: "Url", # required
     #           confirmation_url: "Url",
@@ -326,6 +341,16 @@ module Aws::IoT
     #   Starts execution of a Step Functions state machine.
     #   @return [Types::StepFunctionsAction]
     #
+    # @!attribute [rw] timestream
+    #   The Timestream rule action writes attributes (measures) from an MQTT
+    #   message into an Amazon Timestream table. For more information, see
+    #   the [Timestream][1] topic rule action documentation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/iot/latest/developerguide/timestream-rule-action.html
+    #   @return [Types::TimestreamAction]
+    #
     # @!attribute [rw] http
     #   Send data to an HTTPS endpoint.
     #   @return [Types::HttpAction]
@@ -349,6 +374,7 @@ module Aws::IoT
       :iot_events,
       :iot_site_wise,
       :step_functions,
+      :timestream,
       :http)
       SENSITIVE = []
       include Aws::Structure
@@ -899,6 +925,11 @@ module Aws::IoT
     #   check.
     #   @return [Integer]
     #
+    # @!attribute [rw] suppressed_non_compliant_resources_count
+    #   Describes how many of the non-compliant resources created during the
+    #   evaluation of an audit check were marked as suppressed.
+    #   @return [Integer]
+    #
     # @!attribute [rw] error_code
     #   The code of any error encountered when this check is performed
     #   during this audit. One of "INSUFFICIENT\_PERMISSIONS" or
@@ -915,6 +946,7 @@ module Aws::IoT
       :check_compliant,
       :total_resources_count,
       :non_compliant_resources_count,
+      :suppressed_non_compliant_resources_count,
       :error_code,
       :message)
       SENSITIVE = []
@@ -964,6 +996,11 @@ module Aws::IoT
     #   A code that indicates the reason that the resource was noncompliant.
     #   @return [String]
     #
+    # @!attribute [rw] is_suppressed
+    #   Indicates whether the audit finding was suppressed or not during
+    #   reporting.
+    #   @return [Boolean]
+    #
     class AuditFinding < Struct.new(
       :finding_id,
       :task_id,
@@ -974,7 +1011,8 @@ module Aws::IoT
       :non_compliant_resource,
       :related_resources,
       :reason_for_non_compliance,
-      :reason_for_non_compliance_code)
+      :reason_for_non_compliance_code,
+      :is_suppressed)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1133,6 +1171,43 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # Filters out specific findings of a Device Defender audit.
+    #
+    # @!attribute [rw] check_name
+    #   An audit check name. Checks must be enabled for your account. (Use
+    #   `DescribeAccountAuditConfiguration` to see the list of all checks,
+    #   including those that are enabled or use
+    #   `UpdateAccountAuditConfiguration` to select which checks are
+    #   enabled.)
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_identifier
+    #   Information that identifies the noncompliant resource.
+    #   @return [Types::ResourceIdentifier]
+    #
+    # @!attribute [rw] expiration_date
+    #   The expiration date (epoch timestamp in seconds) that you want the
+    #   suppression to adhere to.
+    #   @return [Time]
+    #
+    # @!attribute [rw] suppress_indefinitely
+    #   Indicates whether a suppression should exist indefinitely or not.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] description
+    #   The description of the audit suppression.
+    #   @return [String]
+    #
+    class AuditSuppression < Struct.new(
+      :check_name,
+      :resource_identifier,
+      :expiration_date,
+      :suppress_indefinitely,
+      :description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The audits that were performed.
     #
     # @!attribute [rw] task_id
@@ -2416,6 +2491,74 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CreateAuditSuppressionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         check_name: "AuditCheckName", # required
+    #         resource_identifier: { # required
+    #           device_certificate_id: "CertificateId",
+    #           ca_certificate_id: "CertificateId",
+    #           cognito_identity_pool_id: "CognitoIdentityPoolId",
+    #           client_id: "ClientId",
+    #           policy_version_identifier: {
+    #             policy_name: "PolicyName",
+    #             policy_version_id: "PolicyVersionId",
+    #           },
+    #           account: "AwsAccountId",
+    #           iam_role_arn: "RoleArn",
+    #           role_alias_arn: "RoleAliasArn",
+    #         },
+    #         expiration_date: Time.now,
+    #         suppress_indefinitely: false,
+    #         description: "AuditDescription",
+    #         client_request_token: "ClientRequestToken", # required
+    #       }
+    #
+    # @!attribute [rw] check_name
+    #   An audit check name. Checks must be enabled for your account. (Use
+    #   `DescribeAccountAuditConfiguration` to see the list of all checks,
+    #   including those that are enabled or use
+    #   `UpdateAccountAuditConfiguration` to select which checks are
+    #   enabled.)
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_identifier
+    #   Information that identifies the noncompliant resource.
+    #   @return [Types::ResourceIdentifier]
+    #
+    # @!attribute [rw] expiration_date
+    #   The epoch timestamp in seconds at which this suppression expires.
+    #   @return [Time]
+    #
+    # @!attribute [rw] suppress_indefinitely
+    #   Indicates whether a suppression should exist indefinitely or not.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] description
+    #   The description of the audit suppression.
+    #   @return [String]
+    #
+    # @!attribute [rw] client_request_token
+    #   The epoch timestamp in seconds at which this suppression expires.
+    #
+    #   **A suitable default value is auto-generated.** You should normally
+    #   not need to pass this option.
+    #   @return [String]
+    #
+    class CreateAuditSuppressionRequest < Struct.new(
+      :check_name,
+      :resource_identifier,
+      :expiration_date,
+      :suppress_indefinitely,
+      :description,
+      :client_request_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    class CreateAuditSuppressionResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass CreateAuthorizerRequest
     #   data as a hash:
     #
@@ -3918,12 +4061,12 @@ module Aws::IoT
     #   @return [Hash<String,Types::AlertTarget>]
     #
     # @!attribute [rw] additional_metrics_to_retain
+    #   *Please use CreateSecurityProfileRequest$additionalMetricsToRetainV2
+    #   instead.*
+    #
     #   A list of metrics whose data is retained (stored). By default, data
     #   is retained for any metric used in the profile's `behaviors`, but
     #   it is also retained for any metric specified here.
-    #
-    #   **Note:** This API field is deprecated. Please use
-    #   CreateSecurityProfileRequest$additionalMetricsToRetainV2 instead.
     #   @return [Array<String>]
     #
     # @!attribute [rw] additional_metrics_to_retain_v2
@@ -4411,6 +4554,21 @@ module Aws::IoT
     #                 state_machine_name: "StateMachineName", # required
     #                 role_arn: "AwsArn", # required
     #               },
+    #               timestream: {
+    #                 role_arn: "AwsArn", # required
+    #                 database_name: "TimestreamDatabaseName", # required
+    #                 table_name: "TimestreamTableName", # required
+    #                 dimensions: [ # required
+    #                   {
+    #                     name: "TimestreamDimensionName", # required
+    #                     value: "TimestreamDimensionValue", # required
+    #                   },
+    #                 ],
+    #                 timestamp: {
+    #                   value: "TimestreamTimestampValue", # required
+    #                   unit: "TimestreamTimestampUnit", # required
+    #                 },
+    #               },
     #               http: {
     #                 url: "Url", # required
     #                 confirmation_url: "Url",
@@ -4555,6 +4713,21 @@ module Aws::IoT
     #               state_machine_name: "StateMachineName", # required
     #               role_arn: "AwsArn", # required
     #             },
+    #             timestream: {
+    #               role_arn: "AwsArn", # required
+    #               database_name: "TimestreamDatabaseName", # required
+    #               table_name: "TimestreamTableName", # required
+    #               dimensions: [ # required
+    #                 {
+    #                   name: "TimestreamDimensionName", # required
+    #                   value: "TimestreamDimensionValue", # required
+    #                 },
+    #               ],
+    #               timestamp: {
+    #                 value: "TimestreamTimestampValue", # required
+    #                 unit: "TimestreamTimestampUnit", # required
+    #               },
+    #             },
     #             http: {
     #               url: "Url", # required
     #               confirmation_url: "Url",
@@ -4669,6 +4842,47 @@ module Aws::IoT
 
     class DeleteAccountAuditConfigurationResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass DeleteAuditSuppressionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         check_name: "AuditCheckName", # required
+    #         resource_identifier: { # required
+    #           device_certificate_id: "CertificateId",
+    #           ca_certificate_id: "CertificateId",
+    #           cognito_identity_pool_id: "CognitoIdentityPoolId",
+    #           client_id: "ClientId",
+    #           policy_version_identifier: {
+    #             policy_name: "PolicyName",
+    #             policy_version_id: "PolicyVersionId",
+    #           },
+    #           account: "AwsAccountId",
+    #           iam_role_arn: "RoleArn",
+    #           role_alias_arn: "RoleAliasArn",
+    #         },
+    #       }
+    #
+    # @!attribute [rw] check_name
+    #   An audit check name. Checks must be enabled for your account. (Use
+    #   `DescribeAccountAuditConfiguration` to see the list of all checks,
+    #   including those that are enabled or use
+    #   `UpdateAccountAuditConfiguration` to select which checks are
+    #   enabled.)
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_identifier
+    #   Information that identifies the noncompliant resource.
+    #   @return [Types::ResourceIdentifier]
+    #
+    class DeleteAuditSuppressionRequest < Struct.new(
+      :check_name,
+      :resource_identifier)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    class DeleteAuditSuppressionResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass DeleteAuthorizerRequest
     #   data as a hash:
     #
@@ -5479,6 +5693,79 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DescribeAuditSuppressionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         check_name: "AuditCheckName", # required
+    #         resource_identifier: { # required
+    #           device_certificate_id: "CertificateId",
+    #           ca_certificate_id: "CertificateId",
+    #           cognito_identity_pool_id: "CognitoIdentityPoolId",
+    #           client_id: "ClientId",
+    #           policy_version_identifier: {
+    #             policy_name: "PolicyName",
+    #             policy_version_id: "PolicyVersionId",
+    #           },
+    #           account: "AwsAccountId",
+    #           iam_role_arn: "RoleArn",
+    #           role_alias_arn: "RoleAliasArn",
+    #         },
+    #       }
+    #
+    # @!attribute [rw] check_name
+    #   An audit check name. Checks must be enabled for your account. (Use
+    #   `DescribeAccountAuditConfiguration` to see the list of all checks,
+    #   including those that are enabled or use
+    #   `UpdateAccountAuditConfiguration` to select which checks are
+    #   enabled.)
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_identifier
+    #   Information that identifies the noncompliant resource.
+    #   @return [Types::ResourceIdentifier]
+    #
+    class DescribeAuditSuppressionRequest < Struct.new(
+      :check_name,
+      :resource_identifier)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] check_name
+    #   An audit check name. Checks must be enabled for your account. (Use
+    #   `DescribeAccountAuditConfiguration` to see the list of all checks,
+    #   including those that are enabled or use
+    #   `UpdateAccountAuditConfiguration` to select which checks are
+    #   enabled.)
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_identifier
+    #   Information that identifies the noncompliant resource.
+    #   @return [Types::ResourceIdentifier]
+    #
+    # @!attribute [rw] expiration_date
+    #   The epoch timestamp in seconds at which this suppression expires.
+    #   @return [Time]
+    #
+    # @!attribute [rw] suppress_indefinitely
+    #   Indicates whether a suppression should exist indefinitely or not.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] description
+    #   The description of the audit suppression.
+    #   @return [String]
+    #
+    class DescribeAuditSuppressionResponse < Struct.new(
+      :check_name,
+      :resource_identifier,
+      :expiration_date,
+      :suppress_indefinitely,
+      :description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DescribeAuditTaskRequest
     #   data as a hash:
     #
@@ -5800,6 +6087,11 @@ module Aws::IoT
     #   The type of the domain.
     #   @return [String]
     #
+    # @!attribute [rw] last_status_change_date
+    #   The date and time the domain configuration's status was last
+    #   changed.
+    #   @return [Time]
+    #
     class DescribeDomainConfigurationResponse < Struct.new(
       :domain_configuration_name,
       :domain_configuration_arn,
@@ -5808,7 +6100,8 @@ module Aws::IoT
       :authorizer_config,
       :domain_configuration_status,
       :service_type,
-      :domain_type)
+      :domain_type,
+      :last_status_change_date)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -6333,12 +6626,13 @@ module Aws::IoT
     #   @return [Hash<String,Types::AlertTarget>]
     #
     # @!attribute [rw] additional_metrics_to_retain
+    #   *Please use
+    #   DescribeSecurityProfileResponse$additionalMetricsToRetainV2
+    #   instead.*
+    #
     #   A list of metrics whose data is retained (stored). By default, data
     #   is retained for any metric used in the profile's `behaviors`, but
     #   it is also retained for any metric specified here.
-    #
-    #   **Note:** This API field is deprecated. Please use
-    #   DescribeSecurityProfileResponse$additionalMetricsToRetainV2 instead.
     #   @return [Array<String>]
     #
     # @!attribute [rw] additional_metrics_to_retain_v2
@@ -6756,9 +7050,11 @@ module Aws::IoT
     # @!attribute [rw] principal
     #   The principal.
     #
-    #   If the principal is a certificate, specify the certificate ARN. If
-    #   the principal is an Amazon Cognito identity, specify the identity
-    #   ID.
+    #   Valid principals are CertificateArn
+    #   (arn:aws:iot:*region*\:*accountId*\:cert/*certificateId*),
+    #   thingGroupArn
+    #   (arn:aws:iot:*region*\:*accountId*\:thinggroup/*groupName*) and
+    #   CognitoId (*region*\:*id*).
     #   @return [String]
     #
     class DetachPrincipalPolicyRequest < Struct.new(
@@ -7173,13 +7469,13 @@ module Aws::IoT
     #
     # @!attribute [rw] increment_factor
     #   The exponential factor to increase the rate of rollout for a job.
+    #
+    #   AWS IoT supports up to one digit after the decimal (for example,
+    #   1.5, but not 1.55).
     #   @return [Float]
     #
     # @!attribute [rw] rate_increase_criteria
     #   The criteria to initiate the increase in rate of rollout for a job.
-    #
-    #   AWS IoT supports up to one digit after the decimal (for example,
-    #   1.5, but not 1.55).
     #   @return [Types::RateIncreaseCriteria]
     #
     class ExponentialRolloutRate < Struct.new(
@@ -7337,7 +7633,11 @@ module Aws::IoT
     #       }
     #
     # @!attribute [rw] principal
-    #   The principal.
+    #   The principal. Valid principals are CertificateArn
+    #   (arn:aws:iot:*region*\:*accountId*\:cert/*certificateId*),
+    #   thingGroupArn
+    #   (arn:aws:iot:*region*\:*accountId*\:thinggroup/*groupName*) and
+    #   CognitoId (*region*\:*id*).
     #   @return [String]
     #
     # @!attribute [rw] cognito_identity_pool_id
@@ -8784,7 +9084,12 @@ module Aws::IoT
     #       }
     #
     # @!attribute [rw] target
-    #   The group or principal for which the policies will be listed.
+    #   The group or principal for which the policies will be listed. Valid
+    #   principals are CertificateArn
+    #   (arn:aws:iot:*region*\:*accountId*\:cert/*certificateId*),
+    #   thingGroupArn
+    #   (arn:aws:iot:*region*\:*accountId*\:thinggroup/*groupName*) and
+    #   CognitoId (*region*\:*id*).
     #   @return [String]
     #
     # @!attribute [rw] recursive
@@ -8847,6 +9152,7 @@ module Aws::IoT
     #         next_token: "NextToken",
     #         start_time: Time.now,
     #         end_time: Time.now,
+    #         list_suppressed_findings: false,
     #       }
     #
     # @!attribute [rw] task_id
@@ -8885,6 +9191,13 @@ module Aws::IoT
     #   not both.
     #   @return [Time]
     #
+    # @!attribute [rw] list_suppressed_findings
+    #   Boolean flag indicating whether only the suppressed findings or the
+    #   unsuppressed findings should be listed. If this parameter isn't
+    #   provided, the response will list both suppressed and unsuppressed
+    #   findings.
+    #   @return [Boolean]
+    #
     class ListAuditFindingsRequest < Struct.new(
       :task_id,
       :check_name,
@@ -8892,7 +9205,8 @@ module Aws::IoT
       :max_results,
       :next_token,
       :start_time,
-      :end_time)
+      :end_time,
+      :list_suppressed_findings)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9050,6 +9364,82 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListAuditSuppressionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         check_name: "AuditCheckName",
+    #         resource_identifier: {
+    #           device_certificate_id: "CertificateId",
+    #           ca_certificate_id: "CertificateId",
+    #           cognito_identity_pool_id: "CognitoIdentityPoolId",
+    #           client_id: "ClientId",
+    #           policy_version_identifier: {
+    #             policy_name: "PolicyName",
+    #             policy_version_id: "PolicyVersionId",
+    #           },
+    #           account: "AwsAccountId",
+    #           iam_role_arn: "RoleArn",
+    #           role_alias_arn: "RoleAliasArn",
+    #         },
+    #         ascending_order: false,
+    #         next_token: "NextToken",
+    #         max_results: 1,
+    #       }
+    #
+    # @!attribute [rw] check_name
+    #   An audit check name. Checks must be enabled for your account. (Use
+    #   `DescribeAccountAuditConfiguration` to see the list of all checks,
+    #   including those that are enabled or use
+    #   `UpdateAccountAuditConfiguration` to select which checks are
+    #   enabled.)
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_identifier
+    #   Information that identifies the noncompliant resource.
+    #   @return [Types::ResourceIdentifier]
+    #
+    # @!attribute [rw] ascending_order
+    #   Determines whether suppressions are listed in ascending order by
+    #   expiration date or not. If parameter isn't provided,
+    #   `ascendingOrder=true`.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of results.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of results to return at one time. The default is
+    #   25.
+    #   @return [Integer]
+    #
+    class ListAuditSuppressionsRequest < Struct.new(
+      :check_name,
+      :resource_identifier,
+      :ascending_order,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] suppressions
+    #   List of audit suppressions.
+    #   @return [Array<Types::AuditSuppression>]
+    #
+    # @!attribute [rw] next_token
+    #   A token that can be used to retrieve the next set of results, or
+    #   `null` if there are no additional results.
+    #   @return [String]
+    #
+    class ListAuditSuppressionsResponse < Struct.new(
+      :suppressions,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListAuditTasksRequest
     #   data as a hash:
     #
@@ -9064,7 +9454,7 @@ module Aws::IoT
     #
     # @!attribute [rw] start_time
     #   The beginning of the time period. Audit information is retained for
-    #   a limited time (180 days). Requesting a start time prior to what is
+    #   a limited time (90 days). Requesting a start time prior to what is
     #   retained results in an "InvalidRequestException".
     #   @return [Time]
     #
@@ -9959,7 +10349,11 @@ module Aws::IoT
     #       }
     #
     # @!attribute [rw] principal
-    #   The principal.
+    #   The principal. Valid principals are CertificateArn
+    #   (arn:aws:iot:*region*\:*accountId*\:cert/*certificateId*),
+    #   thingGroupArn
+    #   (arn:aws:iot:*region*\:*accountId*\:thinggroup/*groupName*) and
+    #   CognitoId (*region*\:*id*).
     #   @return [String]
     #
     # @!attribute [rw] marker
@@ -10580,8 +10974,8 @@ module Aws::IoT
     #   @return [Array<Types::GroupNameAndArn>]
     #
     # @!attribute [rw] next_token
-    #   The token used to get the next set of results, or **null** if there
-    #   are no additional results.
+    #   The token used to get the next set of results. Will not be returned
+    #   if operation has returned all results.
     #   @return [String]
     #
     class ListThingGroupsResponse < Struct.new(
@@ -10761,8 +11155,8 @@ module Aws::IoT
     #   @return [Array<Types::ThingTypeDefinition>]
     #
     # @!attribute [rw] next_token
-    #   The token for the next set of results, or **null** if there are no
-    #   additional results.
+    #   The token for the next set of results. Will not be returned if
+    #   operation has returned all results.
     #   @return [String]
     #
     class ListThingTypesResponse < Struct.new(
@@ -10806,8 +11200,8 @@ module Aws::IoT
     #   @return [Array<String>]
     #
     # @!attribute [rw] next_token
-    #   The token used to get the next set of results, or **null** if there
-    #   are no additional results.
+    #   The token used to get the next set of results. Will not be returned
+    #   if operation has returned all results.
     #   @return [String]
     #
     class ListThingsInBillingGroupResponse < Struct.new(
@@ -10919,8 +11313,8 @@ module Aws::IoT
     #   @return [Array<Types::ThingAttribute>]
     #
     # @!attribute [rw] next_token
-    #   The token used to get the next set of results, or **null** if there
-    #   are no additional results.
+    #   The token used to get the next set of results. Will not be returned
+    #   if operation has returned all results.
     #   @return [String]
     #
     class ListThingsResponse < Struct.new(
@@ -12617,6 +13011,21 @@ module Aws::IoT
     #                 state_machine_name: "StateMachineName", # required
     #                 role_arn: "AwsArn", # required
     #               },
+    #               timestream: {
+    #                 role_arn: "AwsArn", # required
+    #                 database_name: "TimestreamDatabaseName", # required
+    #                 table_name: "TimestreamTableName", # required
+    #                 dimensions: [ # required
+    #                   {
+    #                     name: "TimestreamDimensionName", # required
+    #                     value: "TimestreamDimensionValue", # required
+    #                   },
+    #                 ],
+    #                 timestamp: {
+    #                   value: "TimestreamTimestampValue", # required
+    #                   unit: "TimestreamTimestampUnit", # required
+    #                 },
+    #               },
     #               http: {
     #                 url: "Url", # required
     #                 confirmation_url: "Url",
@@ -12761,6 +13170,21 @@ module Aws::IoT
     #               state_machine_name: "StateMachineName", # required
     #               role_arn: "AwsArn", # required
     #             },
+    #             timestream: {
+    #               role_arn: "AwsArn", # required
+    #               database_name: "TimestreamDatabaseName", # required
+    #               table_name: "TimestreamTableName", # required
+    #               dimensions: [ # required
+    #                 {
+    #                   name: "TimestreamDimensionName", # required
+    #                   value: "TimestreamDimensionValue", # required
+    #                 },
+    #               ],
+    #               timestamp: {
+    #                 value: "TimestreamTimestampValue", # required
+    #                 unit: "TimestreamTimestampUnit", # required
+    #               },
+    #             },
     #             http: {
     #               url: "Url", # required
     #               confirmation_url: "Url",
@@ -14181,7 +14605,11 @@ module Aws::IoT
     #       }
     #
     # @!attribute [rw] principal
-    #   The principal.
+    #   The principal. Valid principals are CertificateArn
+    #   (arn:aws:iot:*region*\:*accountId*\:cert/*certificateId*),
+    #   thingGroupArn
+    #   (arn:aws:iot:*region*\:*accountId*\:thinggroup/*groupName*) and
+    #   CognitoId (*region*\:*id*).
     #   @return [String]
     #
     # @!attribute [rw] cognito_identity_pool_id
@@ -14736,6 +15164,136 @@ module Aws::IoT
       include Aws::Structure
     end
 
+    # The Timestream rule action writes attributes (measures) from an MQTT
+    # message into an Amazon Timestream table. For more information, see the
+    # [Timestream][1] topic rule action documentation.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/iot/latest/developerguide/timestream-rule-action.html
+    #
+    # @note When making an API call, you may pass TimestreamAction
+    #   data as a hash:
+    #
+    #       {
+    #         role_arn: "AwsArn", # required
+    #         database_name: "TimestreamDatabaseName", # required
+    #         table_name: "TimestreamTableName", # required
+    #         dimensions: [ # required
+    #           {
+    #             name: "TimestreamDimensionName", # required
+    #             value: "TimestreamDimensionValue", # required
+    #           },
+    #         ],
+    #         timestamp: {
+    #           value: "TimestreamTimestampValue", # required
+    #           unit: "TimestreamTimestampUnit", # required
+    #         },
+    #       }
+    #
+    # @!attribute [rw] role_arn
+    #   The ARN of the role that grants permission to write to the Amazon
+    #   Timestream database table.
+    #   @return [String]
+    #
+    # @!attribute [rw] database_name
+    #   The name of an Amazon Timestream database.
+    #   @return [String]
+    #
+    # @!attribute [rw] table_name
+    #   The name of the database table into which to write the measure
+    #   records.
+    #   @return [String]
+    #
+    # @!attribute [rw] dimensions
+    #   Metadata attributes of the time series that are written in each
+    #   measure record.
+    #   @return [Array<Types::TimestreamDimension>]
+    #
+    # @!attribute [rw] timestamp
+    #   Specifies an application-defined value to replace the default value
+    #   assigned to the Timestream record's timestamp in the `time` column.
+    #
+    #   You can use this property to specify the value and the precision of
+    #   the Timestream record's timestamp. You can specify a value from the
+    #   message payload or a value computed by a substitution template.
+    #
+    #   If omitted, the topic rule action assigns the timestamp, in
+    #   milliseconds, at the time it processed the rule.
+    #   @return [Types::TimestreamTimestamp]
+    #
+    class TimestreamAction < Struct.new(
+      :role_arn,
+      :database_name,
+      :table_name,
+      :dimensions,
+      :timestamp)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Metadata attributes of the time series that are written in each
+    # measure record.
+    #
+    # @note When making an API call, you may pass TimestreamDimension
+    #   data as a hash:
+    #
+    #       {
+    #         name: "TimestreamDimensionName", # required
+    #         value: "TimestreamDimensionValue", # required
+    #       }
+    #
+    # @!attribute [rw] name
+    #   The metadata dimension name. This is the name of the column in the
+    #   Amazon Timestream database table record.
+    #
+    #   Dimensions cannot be named: `measure_name`, `measure_value`, or
+    #   `time`. These names are reserved. Dimension names cannot start with
+    #   `ts_` or `measure_value` and they cannot contain the colon (`:`)
+    #   character.
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   The value to write in this column of the database record.
+    #   @return [String]
+    #
+    class TimestreamDimension < Struct.new(
+      :name,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Describes how to interpret an application-defined timestamp value from
+    # an MQTT message payload and the precision of that value.
+    #
+    # @note When making an API call, you may pass TimestreamTimestamp
+    #   data as a hash:
+    #
+    #       {
+    #         value: "TimestreamTimestampValue", # required
+    #         unit: "TimestreamTimestampUnit", # required
+    #       }
+    #
+    # @!attribute [rw] value
+    #   An expression that returns a long epoch time value.
+    #   @return [String]
+    #
+    # @!attribute [rw] unit
+    #   The precision of the timestamp value that results from the
+    #   expression described in `value`.
+    #
+    #   Valid values: `SECONDS` \| `MILLISECONDS` \| `MICROSECONDS` \|
+    #   `NANOSECONDS`. The default is `MILLISECONDS`.
+    #   @return [String]
+    #
+    class TimestreamTimestamp < Struct.new(
+      :value,
+      :unit)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies the TLS context to use for the test authorizer request.
     #
     # @note When making an API call, you may pass TlsContext
@@ -15101,6 +15659,21 @@ module Aws::IoT
     #               state_machine_name: "StateMachineName", # required
     #               role_arn: "AwsArn", # required
     #             },
+    #             timestream: {
+    #               role_arn: "AwsArn", # required
+    #               database_name: "TimestreamDatabaseName", # required
+    #               table_name: "TimestreamTableName", # required
+    #               dimensions: [ # required
+    #                 {
+    #                   name: "TimestreamDimensionName", # required
+    #                   value: "TimestreamDimensionValue", # required
+    #                 },
+    #               ],
+    #               timestamp: {
+    #                 value: "TimestreamTimestampValue", # required
+    #                 unit: "TimestreamTimestampUnit", # required
+    #               },
+    #             },
     #             http: {
     #               url: "Url", # required
     #               confirmation_url: "Url",
@@ -15245,6 +15818,21 @@ module Aws::IoT
     #             state_machine_name: "StateMachineName", # required
     #             role_arn: "AwsArn", # required
     #           },
+    #           timestream: {
+    #             role_arn: "AwsArn", # required
+    #             database_name: "TimestreamDatabaseName", # required
+    #             table_name: "TimestreamTableName", # required
+    #             dimensions: [ # required
+    #               {
+    #                 name: "TimestreamDimensionName", # required
+    #                 value: "TimestreamDimensionValue", # required
+    #               },
+    #             ],
+    #             timestamp: {
+    #               value: "TimestreamTimestampValue", # required
+    #               unit: "TimestreamTimestampUnit", # required
+    #             },
+    #           },
     #           http: {
     #             url: "Url", # required
     #             confirmation_url: "Url",
@@ -15271,7 +15859,7 @@ module Aws::IoT
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html#aws-iot-sql-reference
+    #   [1]: https://docs.aws.amazon.com/iot/latest/developerguide/iot-sql-reference.html
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -15500,6 +16088,66 @@ module Aws::IoT
 
     class UpdateAccountAuditConfigurationResponse < Aws::EmptyStructure; end
 
+    # @note When making an API call, you may pass UpdateAuditSuppressionRequest
+    #   data as a hash:
+    #
+    #       {
+    #         check_name: "AuditCheckName", # required
+    #         resource_identifier: { # required
+    #           device_certificate_id: "CertificateId",
+    #           ca_certificate_id: "CertificateId",
+    #           cognito_identity_pool_id: "CognitoIdentityPoolId",
+    #           client_id: "ClientId",
+    #           policy_version_identifier: {
+    #             policy_name: "PolicyName",
+    #             policy_version_id: "PolicyVersionId",
+    #           },
+    #           account: "AwsAccountId",
+    #           iam_role_arn: "RoleArn",
+    #           role_alias_arn: "RoleAliasArn",
+    #         },
+    #         expiration_date: Time.now,
+    #         suppress_indefinitely: false,
+    #         description: "AuditDescription",
+    #       }
+    #
+    # @!attribute [rw] check_name
+    #   An audit check name. Checks must be enabled for your account. (Use
+    #   `DescribeAccountAuditConfiguration` to see the list of all checks,
+    #   including those that are enabled or use
+    #   `UpdateAccountAuditConfiguration` to select which checks are
+    #   enabled.)
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_identifier
+    #   Information that identifies the noncompliant resource.
+    #   @return [Types::ResourceIdentifier]
+    #
+    # @!attribute [rw] expiration_date
+    #   The expiration date (epoch timestamp in seconds) that you want the
+    #   suppression to adhere to.
+    #   @return [Time]
+    #
+    # @!attribute [rw] suppress_indefinitely
+    #   Indicates whether a suppression should exist indefinitely or not.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] description
+    #   The description of the audit suppression.
+    #   @return [String]
+    #
+    class UpdateAuditSuppressionRequest < Struct.new(
+      :check_name,
+      :resource_identifier,
+      :expiration_date,
+      :suppress_indefinitely,
+      :description)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    class UpdateAuditSuppressionResponse < Aws::EmptyStructure; end
+
     # @note When making an API call, you may pass UpdateAuthorizerRequest
     #   data as a hash:
     #
@@ -16378,12 +17026,12 @@ module Aws::IoT
     #   @return [Hash<String,Types::AlertTarget>]
     #
     # @!attribute [rw] additional_metrics_to_retain
+    #   *Please use UpdateSecurityProfileRequest$additionalMetricsToRetainV2
+    #   instead.*
+    #
     #   A list of metrics whose data is retained (stored). By default, data
     #   is retained for any metric used in the profile's `behaviors`, but
     #   it is also retained for any metric specified here.
-    #
-    #   **Note:** This API field is deprecated. Please use
-    #   UpdateSecurityProfileRequest$additionalMetricsToRetainV2 instead.
     #   @return [Array<String>]
     #
     # @!attribute [rw] additional_metrics_to_retain_v2
@@ -16454,12 +17102,12 @@ module Aws::IoT
     #   @return [Hash<String,Types::AlertTarget>]
     #
     # @!attribute [rw] additional_metrics_to_retain
+    #   *Please use
+    #   UpdateSecurityProfileResponse$additionalMetricsToRetainV2 instead.*
+    #
     #   A list of metrics whose data is retained (stored). By default, data
     #   is retained for any metric used in the security profile's
     #   `behaviors`, but it is also retained for any metric specified here.
-    #
-    #   **Note:** This API field is deprecated. Please use
-    #   UpdateSecurityProfileResponse$additionalMetricsToRetainV2 instead.
     #   @return [Array<String>]
     #
     # @!attribute [rw] additional_metrics_to_retain_v2