aws-sdk-iot 1.91.0 → 1.92.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 602be22a185a234f50eccf37f1a6146ff446ff58687bc97c9c6fb69e99b24ceb
-  data.tar.gz: 9e4712d551631cfcb8ee2fdef975a5bba8dfb695ffeeb0860446962b3a782e20
+  metadata.gz: 9283fd04d9f3c1ecfb6fe9139ca25d86936a6f2724869c0ba934661e67281260
+  data.tar.gz: 27a06475760c8cbad48c37bcd8cb48461e7897ac20aa014085caece4555d6eab
 SHA512:
-  metadata.gz: 7c08960fee42ada0154a6165018bcfd7abce3cb6165ef5b9517fdba4968133b21522fa27a71bb59201fe82beec83e798058308c323eba84437f6425a4803008d
-  data.tar.gz: 3a59039d1ab187fc50a9484d2c10b3cd6b9dc5dcf37be98e9d0ed6a65fc55b2ac8b736345623333123904d207302d4bf2695a9e33631901b63bfab3b6beb368f
+  metadata.gz: d1bcdd45880e8c961cd8a1dad75898a06c426f14c8fc39fe301f95e354cd9f4c37eaf8a3fd0bc9196b722e320605033f49cb8c406494b3d6a551d3052221642b
+  data.tar.gz: cdfce80213ed22b13333c1c8d40d5a8eeaeb832708542783be02eee40b7f82aff58f865832c33ccfa1d9b9e6b10d92c094a1941b050d817fc9fd8b8d60fcdfe2

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.92.0 (2022-07-07)
+------------------
+
+* Feature - This release adds support to register a CA certificate without having to provide a verification certificate. This also allows multiple AWS accounts to register the same CA in the same region.
+
 1.91.0 (2022-06-27)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.91.0
+1.92.0

data/lib/aws-sdk-iot/client.rb

@@ -4997,6 +4997,7 @@ module Aws::IoT
     #   resp.certificate_description.generation_id #=> String
     #   resp.certificate_description.validity.not_before #=> Time
     #   resp.certificate_description.validity.not_after #=> Time
+    #   resp.certificate_description.certificate_mode #=> String, one of "DEFAULT", "SNI_ONLY"
     #   resp.registration_config.template_body #=> String
     #   resp.registration_config.role_arn #=> String
     #
@@ -10636,14 +10637,10 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Registers a CA certificate with IoT. This CA certificate can then be
-    # used to sign device certificates, which can be then registered with
-    # IoT. You can register up to 10 CA certificates per Amazon Web Services
-    # account that have the same subject field. This enables you to have up
-    # to 10 certificate authorities sign your device certificates. If you
-    # have more than one CA certificate registered, make sure you pass the
-    # CA certificate when you register your device certificates with the
-    # RegisterCertificate action.
+    # Registers a CA certificate with Amazon Web Services IoT Core. There is
+    # no limit to the number of CA certificates you can register in your
+    # Amazon Web Services account. You can register up to 10 CA certificates
+    # with the same `CA subject field` per Amazon Web Services account.
     #
     # Requires permission to access the [RegisterCACertificate][1] action.
     #
@@ -10654,8 +10651,11 @@ module Aws::IoT
     # @option params [required, String] :ca_certificate
     #   The CA certificate.
     #
-    # @option params [required, String] :verification_certificate
-    #   The private key verification certificate.
+    # @option params [String] :verification_certificate
+    #   The private key verification certificate. If `certificateMode` is
+    #   `SNI_ONLY`, the `verificationCertificate` field must be empty. If
+    #   `certificateMode` is `DEFAULT` or not provided, the
+    #   `verificationCertificate` field must not be empty.
     #
     # @option params [Boolean] :set_as_active
     #   A boolean value that specifies if the CA certificate is set to active.
@@ -10683,6 +10683,21 @@ module Aws::IoT
     #
     #    </note>
     #
+    # @option params [String] :certificate_mode
+    #   Describes the certificate mode in which the Certificate Authority (CA)
+    #   will be registered. If the `verificationCertificate` field is not
+    #   provided, set `certificateMode` to be `SNI_ONLY`. If the
+    #   `verificationCertificate` field is provided, set `certificateMode` to
+    #   be `DEFAULT`. When `certificateMode` is not provided, it defaults to
+    #   `DEFAULT`. All the device certificates that are registered using this
+    #   CA will be registered in the same certificate mode as the CA. For more
+    #   information about certificate mode for device certificates, see [
+    #   certificate mode][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/iot/latest/apireference/API_CertificateDescription.html#iot-Type-CertificateDescription-certificateMode
+    #
     # @return [Types::RegisterCACertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::RegisterCACertificateResponse#certificate_arn #certificate_arn} => String
@@ -10692,7 +10707,7 @@ module Aws::IoT
     #
     #   resp = client.register_ca_certificate({
     #     ca_certificate: "CertificatePem", # required
-    #     verification_certificate: "CertificatePem", # required
+    #     verification_certificate: "CertificatePem",
     #     set_as_active: false,
     #     allow_auto_registration: false,
     #     registration_config: {
@@ -10705,6 +10720,7 @@ module Aws::IoT
     #         value: "TagValue",
     #       },
     #     ],
+    #     certificate_mode: "DEFAULT", # accepts DEFAULT, SNI_ONLY
     #   })
     #
     # @example Response structure
@@ -10719,16 +10735,17 @@ module Aws::IoT
       req.send_request(options)
     end
 
-    # Registers a device certificate with IoT. If you have more than one CA
-    # certificate that has the same subject field, you must specify the CA
-    # certificate that was used to sign the device certificate being
-    # registered.
+    # Registers a device certificate with IoT in the same [certificate
+    # mode][1] as the signing CA. If you have more than one CA certificate
+    # that has the same subject field, you must specify the CA certificate
+    # that was used to sign the device certificate being registered.
     #
-    # Requires permission to access the [RegisterCertificate][1] action.
+    # Requires permission to access the [RegisterCertificate][2] action.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
+    # [1]: https://docs.aws.amazon.com/iot/latest/apireference/API_CertificateDescription.html#iot-Type-CertificateDescription-certificateMode
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions
     #
     # @option params [required, String] :certificate_pem
     #   The certificate data, in PEM format.
@@ -11397,7 +11414,12 @@ module Aws::IoT
     #   The search index name.
     #
     # @option params [required, String] :query_string
-    #   The search query string.
+    #   The search query string. For more information about the search query
+    #   syntax, see [Query syntax][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/iot/latest/developerguide/query-syntax.html
     #
     # @option params [String] :next_token
     #   The token used to get the next set of results, or `null` if there are
@@ -13694,7 +13716,7 @@ module Aws::IoT
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iot'
-      context[:gem_version] = '1.91.0'
+      context[:gem_version] = '1.92.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-iot/client_api.rb

@@ -1641,6 +1641,7 @@ module Aws::IoT
     CACertificateDescription.add_member(:customer_version, Shapes::ShapeRef.new(shape: CustomerVersion, location_name: "customerVersion"))
     CACertificateDescription.add_member(:generation_id, Shapes::ShapeRef.new(shape: GenerationId, location_name: "generationId"))
     CACertificateDescription.add_member(:validity, Shapes::ShapeRef.new(shape: CertificateValidity, location_name: "validity"))
+    CACertificateDescription.add_member(:certificate_mode, Shapes::ShapeRef.new(shape: CertificateMode, location_name: "certificateMode"))
     CACertificateDescription.struct_class = Types::CACertificateDescription
 
     CACertificates.member = Shapes::ShapeRef.new(shape: CACertificate)
@@ -3926,11 +3927,12 @@ module Aws::IoT
     ReasonForNonComplianceCodes.member = Shapes::ShapeRef.new(shape: ReasonForNonComplianceCode)
 
     RegisterCACertificateRequest.add_member(:ca_certificate, Shapes::ShapeRef.new(shape: CertificatePem, required: true, location_name: "caCertificate"))
-    RegisterCACertificateRequest.add_member(:verification_certificate, Shapes::ShapeRef.new(shape: CertificatePem, required: true, location_name: "verificationCertificate"))
+    RegisterCACertificateRequest.add_member(:verification_certificate, Shapes::ShapeRef.new(shape: CertificatePem, location_name: "verificationCertificate"))
     RegisterCACertificateRequest.add_member(:set_as_active, Shapes::ShapeRef.new(shape: SetAsActive, location: "querystring", location_name: "setAsActive"))
     RegisterCACertificateRequest.add_member(:allow_auto_registration, Shapes::ShapeRef.new(shape: AllowAutoRegistration, location: "querystring", location_name: "allowAutoRegistration"))
     RegisterCACertificateRequest.add_member(:registration_config, Shapes::ShapeRef.new(shape: RegistrationConfig, location_name: "registrationConfig"))
     RegisterCACertificateRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "tags"))
+    RegisterCACertificateRequest.add_member(:certificate_mode, Shapes::ShapeRef.new(shape: CertificateMode, location_name: "certificateMode"))
     RegisterCACertificateRequest.struct_class = Types::RegisterCACertificateRequest
 
     RegisterCACertificateResponse.add_member(:certificate_arn, Shapes::ShapeRef.new(shape: CertificateArn, location_name: "certificateArn"))

data/lib/aws-sdk-iot/types.rb

@@ -2067,6 +2067,18 @@ module Aws::IoT
     #   When the CA certificate is valid.
     #   @return [Types::CertificateValidity]
     #
+    # @!attribute [rw] certificate_mode
+    #   The mode of the CA.
+    #
+    #   All the device certificates that are registered using this CA will
+    #   be registered in the same mode as the CA. For more information about
+    #   certificate mode for device certificates, see [certificate mode][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/iot/latest/apireference/API_CertificateDescription.html#iot-Type-CertificateDescription-certificateMode
+    #   @return [String]
+    #
     class CACertificateDescription < Struct.new(
       :certificate_arn,
       :certificate_id,
@@ -2078,7 +2090,8 @@ module Aws::IoT
       :last_modified_date,
       :customer_version,
       :generation_id,
-      :validity)
+      :validity,
+      :certificate_mode)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2305,6 +2318,19 @@ module Aws::IoT
     #
     # @!attribute [rw] certificate_mode
     #   The mode of the certificate.
+    #
+    #   `DEFAULT`\: A certificate in `DEFAULT` mode is either generated by
+    #   Amazon Web Services IoT Core or registered with an issuer
+    #   certificate authority (CA) in `DEFAULT` mode. Devices with
+    #   certificates in `DEFAULT` mode aren't required to send the Server
+    #   Name Indication (SNI) extension when connecting to Amazon Web
+    #   Services IoT Core. However, to use features such as custom domains
+    #   and VPC endpoints, we recommend that you use the SNI extension when
+    #   connecting to Amazon Web Services IoT Core.
+    #
+    #   `SNI_ONLY`\: A certificate in `SNI_ONLY` mode is registered without
+    #   an issuer CA. Devices with certificates in `SNI_ONLY` mode must send
+    #   the SNI extension when connecting to Amazon Web Services IoT Core.
     #   @return [String]
     #
     # @!attribute [rw] creation_date
@@ -2394,6 +2420,26 @@ module Aws::IoT
     #
     # @!attribute [rw] certificate_mode
     #   The mode of the certificate.
+    #
+    #   `DEFAULT`\: A certificate in `DEFAULT` mode is either generated by
+    #   Amazon Web Services IoT Core or registered with an issuer
+    #   certificate authority (CA) in `DEFAULT` mode. Devices with
+    #   certificates in `DEFAULT` mode aren't required to send the Server
+    #   Name Indication (SNI) extension when connecting to Amazon Web
+    #   Services IoT Core. However, to use features such as custom domains
+    #   and VPC endpoints, we recommend that you use the SNI extension when
+    #   connecting to Amazon Web Services IoT Core.
+    #
+    #   `SNI_ONLY`\: A certificate in `SNI_ONLY` mode is registered without
+    #   an issuer CA. Devices with certificates in `SNI_ONLY` mode must send
+    #   the SNI extension when connecting to Amazon Web Services IoT Core.
+    #
+    #   For more information about the value for SNI extension, see
+    #   [Transport security in IoT][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/iot/latest/developerguide/transport-security.html
     #   @return [String]
     #
     class CertificateDescription < Struct.new(
@@ -10238,6 +10284,9 @@ module Aws::IoT
     #   @return [Hash<String,String>]
     #
     # @!attribute [rw] is_concurrent
+    #   Indicates whether a job is concurrent. Will be true when a job is
+    #   rolling out new job executions or canceling previously created
+    #   executions, otherwise false.
     #   @return [Boolean]
     #
     class Job < Struct.new(
@@ -10599,6 +10648,9 @@ module Aws::IoT
     #   @return [Time]
     #
     # @!attribute [rw] is_concurrent
+    #   Indicates whether a job is concurrent. Will be true when a job is
+    #   rolling out new job executions or canceling previously created
+    #   executions, otherwise false.
     #   @return [Boolean]
     #
     class JobSummary < Struct.new(
@@ -14633,6 +14685,14 @@ module Aws::IoT
     #   The ARN of an IAM role that grants grants permission to download
     #   files from the S3 bucket where the job data/updates are stored. The
     #   role must also grant permission for IoT to download the files.
+    #
+    #   For information about addressing the confused deputy problem, see
+    #   [cross-service confused deputy prevention][1] in the *Amazon Web
+    #   Services IoT Core developer guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/iot/latest/developerguide/cross-service-confused-deputy-prevention.html
     #   @return [String]
     #
     # @!attribute [rw] expires_in_sec
@@ -14912,7 +14972,7 @@ module Aws::IoT
     #
     #       {
     #         ca_certificate: "CertificatePem", # required
-    #         verification_certificate: "CertificatePem", # required
+    #         verification_certificate: "CertificatePem",
     #         set_as_active: false,
     #         allow_auto_registration: false,
     #         registration_config: {
@@ -14925,6 +14985,7 @@ module Aws::IoT
     #             value: "TagValue",
     #           },
     #         ],
+    #         certificate_mode: "DEFAULT", # accepts DEFAULT, SNI_ONLY
     #       }
     #
     # @!attribute [rw] ca_certificate
@@ -14932,7 +14993,10 @@ module Aws::IoT
     #   @return [String]
     #
     # @!attribute [rw] verification_certificate
-    #   The private key verification certificate.
+    #   The private key verification certificate. If `certificateMode` is
+    #   `SNI_ONLY`, the `verificationCertificate` field must be empty. If
+    #   `certificateMode` is `DEFAULT` or not provided, the
+    #   `verificationCertificate` field must not be empty.
     #   @return [String]
     #
     # @!attribute [rw] set_as_active
@@ -14966,13 +15030,30 @@ module Aws::IoT
     #    </note>
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] certificate_mode
+    #   Describes the certificate mode in which the Certificate Authority
+    #   (CA) will be registered. If the `verificationCertificate` field is
+    #   not provided, set `certificateMode` to be `SNI_ONLY`. If the
+    #   `verificationCertificate` field is provided, set `certificateMode`
+    #   to be `DEFAULT`. When `certificateMode` is not provided, it defaults
+    #   to `DEFAULT`. All the device certificates that are registered using
+    #   this CA will be registered in the same certificate mode as the CA.
+    #   For more information about certificate mode for device certificates,
+    #   see [ certificate mode][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/iot/latest/apireference/API_CertificateDescription.html#iot-Type-CertificateDescription-certificateMode
+    #   @return [String]
+    #
     class RegisterCACertificateRequest < Struct.new(
       :ca_certificate,
       :verification_certificate,
       :set_as_active,
       :allow_auto_registration,
       :registration_config,
-      :tags)
+      :tags,
+      :certificate_mode)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -16099,7 +16180,12 @@ module Aws::IoT
     #   @return [String]
     #
     # @!attribute [rw] query_string
-    #   The search query string.
+    #   The search query string. For more information about the search query
+    #   syntax, see [Query syntax][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/iot/latest/developerguide/query-syntax.html
     #   @return [String]
     #
     # @!attribute [rw] next_token

data/lib/aws-sdk-iot.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-iot/customizations'
 # @!group service
 module Aws::IoT
 
-  GEM_VERSION = '1.91.0'
+  GEM_VERSION = '1.92.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iot
 version: !ruby/object:Gem::Version
-  version: 1.91.0
+  version: 1.92.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-06-27 00:00:00.000000000 Z
+date: 2022-07-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core