aws-sdk-iotsitewise 1.10.0 → 1.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d305379c89444298a4b122ef07db07dcce29001e40b3e410c352165cc7c41396
-  data.tar.gz: 9c31118ed6b51bf11500429306db72150213e725156b4874cf1a9905dba2ae7d
+  metadata.gz: ce4560b339387b2c1b2c4cba7c2ce6170c881d0f8c7f76180e49bc7bf61e3cae
+  data.tar.gz: c5fab0c350551d91f196125fbd172f28a5604db23205e54874ecaaa82c4d1a43
 SHA512:
-  metadata.gz: bdac6f7fdc947ddb549cef8f438962551283404bd4a6a6cf02232455a5272c4773c1c7eb3474a49c1306181511bcc6e990836503099e3619325c4bbdfb915a88
-  data.tar.gz: 3fe64c09c3b19457a95ca448a064a3e57eeb2a78519cf72968af4c17b009c7102fda0cd669677b4fa822120d797f889d7d74283109addcde40a4f8732a50f32d
+  metadata.gz: 892e8b4c9afcc4c50e0c959b6a7f2dda45aef5aad618141f45c2e16e642a18fd60a8ac14400591a62bc0e89568d8a45c9e718c17fd637e16a0e081ce4a1f0e37
+  data.tar.gz: 75495f046396dd47b743d2e591c9812dea2082d18be3f3d8fc80f5876594c48cc3027afaf2020a3eb4b3e21c944bd34b5f55a780bbbd448097bb23d937d23534

data/lib/aws-sdk-iotsitewise.rb

@@ -49,6 +49,6 @@ require_relative 'aws-sdk-iotsitewise/customizations'
 # @!group service
 module Aws::IoTSiteWise
 
-  GEM_VERSION = '1.10.0'
+  GEM_VERSION = '1.11.0'
 
 end

data/lib/aws-sdk-iotsitewise/client.rb

@@ -552,17 +552,17 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
-    # Creates an access policy that grants the specified AWS Single Sign-On
-    # user or group access to the specified AWS IoT SiteWise Monitor portal
-    # or project resource.
+    # Creates an access policy that grants the specified identity (AWS SSO
+    # user, AWS SSO group, or IAM user) access to the specified AWS IoT
+    # SiteWise Monitor portal or project resource.
     #
     # @option params [required, Types::Identity] :access_policy_identity
-    #   The identity for this access policy. Choose either a `user` or a
-    #   `group` but not both.
+    #   The identity for this access policy. Choose an AWS SSO user, an AWS
+    #   SSO group, or an IAM user.
     #
     # @option params [required, Types::Resource] :access_policy_resource
     #   The AWS IoT SiteWise Monitor resource for this access policy. Choose
-    #   either `portal` or `project` but not both.
+    #   either a portal or a project.
     #
     # @option params [required, String] :access_policy_permission
     #   The permission level for this access policy. Note that a project
@@ -600,6 +600,9 @@ module Aws::IoTSiteWise
     #       group: {
     #         id: "IdentityId", # required
     #       },
+    #       iam_user: {
+    #         arn: "ARN", # required
+    #       },
     #     },
     #     access_policy_resource: { # required
     #       portal: {
@@ -954,23 +957,19 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
-    # Creates a portal, which can contain projects and dashboards. Before
-    # you can create a portal, you must enable AWS Single Sign-On. AWS IoT
-    # SiteWise Monitor uses AWS SSO to manage user permissions. For more
-    # information, see [Enabling AWS SSO][1] in the *AWS IoT SiteWise User
-    # Guide*.
+    # Creates a portal, which can contain projects and dashboards. AWS IoT
+    # SiteWise Monitor uses AWS SSO or IAM to authenticate portal users and
+    # manage user permissions.
     #
-    # <note markdown="1"> Before you can sign in to a new portal, you must add at least one AWS
-    # SSO user or group to that portal. For more information, see [Adding or
-    # removing portal administrators][2] in the *AWS IoT SiteWise User
-    # Guide*.
+    # <note markdown="1"> Before you can sign in to a new portal, you must add at least one
+    # identity to that portal. For more information, see [Adding or removing
+    # portal administrators][1] in the *AWS IoT SiteWise User Guide*.
     #
     #  </note>
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso
-    # [2]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/administer-portals.html#portal-change-admins
+    # [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/administer-portals.html#portal-change-admins
     #
     # @option params [required, String] :portal_name
     #   A friendly name for the portal.
@@ -1013,6 +1012,30 @@ module Aws::IoTSiteWise
     #
     #   [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html
     #
+    # @option params [String] :portal_auth_mode
+    #   The service to use to authenticate users to the portal. Choose from
+    #   the following options:
+    #
+    #   * `SSO` – The portal uses AWS Single Sign-On to authenticate users and
+    #     manage user permissions. Before you can create a portal that uses
+    #     AWS SSO, you must enable AWS SSO. For more information, see
+    #     [Enabling AWS SSO][1] in the *AWS IoT SiteWise User Guide*. This
+    #     option is only available in AWS Regions other than the China
+    #     Regions.
+    #
+    #   * `IAM` – The portal uses AWS Identity and Access Management (IAM) to
+    #     authenticate users and manage user permissions. IAM users must have
+    #     the `iotsitewise:CreatePresignedPortalUrl` permission to sign in to
+    #     the portal. This option is only available in the China Regions.
+    #
+    #   You can't change this value after you create a portal.
+    #
+    #   Default: `SSO`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso
+    #
     # @return [Types::CreatePortalResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreatePortalResponse#portal_id #portal_id} => String
@@ -1036,6 +1059,7 @@ module Aws::IoTSiteWise
     #     tags: {
     #       "TagKey" => "TagValue",
     #     },
+    #     portal_auth_mode: "IAM", # accepts IAM, SSO
     #   })
     #
     # @example Response structure
@@ -1055,6 +1079,42 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
+    # Creates a pre-signed URL to a portal. Use this operation to create
+    # URLs to portals that use AWS Identity and Access Management (IAM) to
+    # authenticate users. An IAM user with access to a portal can call this
+    # API to get a URL to that portal. The URL contains a session token that
+    # lets the IAM user access the portal.
+    #
+    # @option params [required, String] :portal_id
+    #   The ID of the portal to access.
+    #
+    # @option params [Integer] :session_duration_seconds
+    #   The duration (in seconds) for which the session at the URL is valid.
+    #
+    #   Default: 900 seconds (15 minutes)
+    #
+    # @return [Types::CreatePresignedPortalUrlResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreatePresignedPortalUrlResponse#presigned_portal_url #presigned_portal_url} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_presigned_portal_url({
+    #     portal_id: "ID", # required
+    #     session_duration_seconds: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.presigned_portal_url #=> String
+    #
+    # @overload create_presigned_portal_url(params = {})
+    # @param [Hash] params ({})
+    def create_presigned_portal_url(params = {}, options = {})
+      req = build_request(:create_presigned_portal_url, params)
+      req.send_request(options)
+    end
+
     # Creates a project in the specified portal.
     #
     # @option params [required, String] :portal_id
@@ -1112,10 +1172,9 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
-    # Deletes an access policy that grants the specified AWS Single Sign-On
-    # identity access to the specified AWS IoT SiteWise Monitor resource.
-    # You can use this operation to revoke access to an AWS IoT SiteWise
-    # Monitor resource.
+    # Deletes an access policy that grants the specified identity access to
+    # the specified AWS IoT SiteWise Monitor resource. You can use this
+    # operation to revoke access to an AWS IoT SiteWise Monitor resource.
     #
     # @option params [required, String] :access_policy_id
     #   The ID of the access policy to be deleted.
@@ -1270,12 +1329,6 @@ module Aws::IoTSiteWise
 
     # Deletes a gateway from AWS IoT SiteWise. When you delete a gateway,
     # some of the gateway's files remain in your gateway's file system.
-    # For more information, see [Data retention][1] in the *AWS IoT SiteWise
-    # User Guide*.
-    #
-    #
-    #
-    # [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/data-retention.html
     #
     # @option params [required, String] :gateway_id
     #   The ID of the gateway to delete.
@@ -1361,8 +1414,8 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
-    # Describes an access policy, which specifies an AWS SSO user or
-    # group's access to an AWS IoT SiteWise Monitor portal or project.
+    # Describes an access policy, which specifies an identity's access to
+    # an AWS IoT SiteWise Monitor portal or project.
     #
     # @option params [required, String] :access_policy_id
     #   The ID of the access policy.
@@ -1389,6 +1442,7 @@ module Aws::IoTSiteWise
     #   resp.access_policy_arn #=> String
     #   resp.access_policy_identity.user.id #=> String
     #   resp.access_policy_identity.group.id #=> String
+    #   resp.access_policy_identity.iam_user.arn #=> String
     #   resp.access_policy_resource.portal.id #=> String
     #   resp.access_policy_resource.project.id #=> String
     #   resp.access_policy_permission #=> String, one of "ADMINISTRATOR", "VIEWER"
@@ -1764,6 +1818,7 @@ module Aws::IoTSiteWise
     #   * {Types::DescribePortalResponse#portal_last_update_date #portal_last_update_date} => Time
     #   * {Types::DescribePortalResponse#portal_logo_image_location #portal_logo_image_location} => Types::ImageLocation
     #   * {Types::DescribePortalResponse#role_arn #role_arn} => String
+    #   * {Types::DescribePortalResponse#portal_auth_mode #portal_auth_mode} => String
     #
     # @example Request syntax with placeholder values
     #
@@ -1788,6 +1843,7 @@ module Aws::IoTSiteWise
     #   resp.portal_logo_image_location.id #=> String
     #   resp.portal_logo_image_location.url #=> String
     #   resp.role_arn #=> String
+    #   resp.portal_auth_mode #=> String, one of "IAM", "SSO"
     #
     #
     # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
@@ -2152,17 +2208,17 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
-    # Retrieves a paginated list of access policies for an AWS SSO identity
-    # (a user or group) or an AWS IoT SiteWise Monitor resource (a portal or
-    # project).
+    # Retrieves a paginated list of access policies for an identity (an AWS
+    # SSO user, an AWS SSO group, or an IAM user) or an AWS IoT SiteWise
+    # Monitor resource (a portal or project).
     #
     # @option params [String] :identity_type
-    #   The type of identity (user or group). This parameter is required if
-    #   you specify `identityId`.
+    #   The type of identity (AWS SSO user, AWS SSO group, or IAM user). This
+    #   parameter is required if you specify `identityId`.
     #
     # @option params [String] :identity_id
     #   The ID of the identity. This parameter is required if you specify
-    #   `identityType`.
+    #   `USER` or `GROUP` for `identityType`.
     #
     # @option params [String] :resource_type
     #   The type of resource (portal or project). This parameter is required
@@ -2172,6 +2228,15 @@ module Aws::IoTSiteWise
     #   The ID of the resource. This parameter is required if you specify
     #   `resourceType`.
     #
+    # @option params [String] :iam_arn
+    #   The ARN of the IAM user. For more information, see [IAM ARNs][1] in
+    #   the *IAM User Guide*. This parameter is required if you specify `IAM`
+    #   for `identityType`.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
+    #
     # @option params [String] :next_token
     #   The token to be used for the next set of paginated results.
     #
@@ -2190,10 +2255,11 @@ module Aws::IoTSiteWise
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_access_policies({
-    #     identity_type: "USER", # accepts USER, GROUP
+    #     identity_type: "USER", # accepts USER, GROUP, IAM
     #     identity_id: "IdentityId",
     #     resource_type: "PORTAL", # accepts PORTAL, PROJECT
     #     resource_id: "ID",
+    #     iam_arn: "ARN",
     #     next_token: "NextToken",
     #     max_results: 1,
     #   })
@@ -2204,6 +2270,7 @@ module Aws::IoTSiteWise
     #   resp.access_policy_summaries[0].id #=> String
     #   resp.access_policy_summaries[0].identity.user.id #=> String
     #   resp.access_policy_summaries[0].identity.group.id #=> String
+    #   resp.access_policy_summaries[0].identity.iam_user.arn #=> String
     #   resp.access_policy_summaries[0].resource.portal.id #=> String
     #   resp.access_policy_summaries[0].resource.project.id #=> String
     #   resp.access_policy_summaries[0].permission #=> String, one of "ADMINISTRATOR", "VIEWER"
@@ -2773,20 +2840,19 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
-    # Updates an existing access policy that specifies an AWS SSO user or
-    # group's access to an AWS IoT SiteWise Monitor portal or project
-    # resource.
+    # Updates an existing access policy that specifies an identity's access
+    # to an AWS IoT SiteWise Monitor portal or project resource.
     #
     # @option params [required, String] :access_policy_id
     #   The ID of the access policy.
     #
     # @option params [required, Types::Identity] :access_policy_identity
-    #   The identity for this access policy. Choose either a `user` or a
-    #   `group` but not both.
+    #   The identity for this access policy. Choose an AWS SSO user, an AWS
+    #   SSO group, or an IAM user.
     #
     # @option params [required, Types::Resource] :access_policy_resource
     #   The AWS IoT SiteWise Monitor resource for this access policy. Choose
-    #   either `portal` or `project` but not both.
+    #   either a portal or a project.
     #
     # @option params [required, String] :access_policy_permission
     #   The permission level for this access policy. Note that a project
@@ -2813,6 +2879,9 @@ module Aws::IoTSiteWise
     #       group: {
     #         id: "IdentityId", # required
     #       },
+    #       iam_user: {
+    #         arn: "ARN", # required
+    #       },
     #     },
     #     access_policy_resource: { # required
     #       portal: {
@@ -2890,12 +2959,12 @@ module Aws::IoTSiteWise
     # must include their IDs and definitions in the updated asset model
     # payload. For more information, see [DescribeAssetModel][2].
     #
-    #  If you remove a property from an asset model or update a property's
-    # formula expression, AWS IoT SiteWise deletes all previous data for
-    # that property. If you remove a hierarchy definition from an asset
-    # model, AWS IoT SiteWise disassociates every asset associated with that
-    # hierarchy. You can't change the type or data type of an existing
-    # property.
+    #  If you remove a property from an asset model, AWS IoT SiteWise
+    # deletes
+    # all previous data for that property. If you remove a hierarchy
+    # definition from an asset model, AWS IoT SiteWise disassociates every
+    # asset associated with that hierarchy. You can't change the type or
+    # data type of an existing property.
     #
     #
     #
@@ -3348,7 +3417,7 @@ module Aws::IoTSiteWise
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iotsitewise'
-      context[:gem_version] = '1.10.0'
+      context[:gem_version] = '1.11.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-iotsitewise/client_api.rb

@@ -55,6 +55,7 @@ module Aws::IoTSiteWise
     AssociatedAssetsSummaries = Shapes::ListShape.new(name: 'AssociatedAssetsSummaries')
     AssociatedAssetsSummary = Shapes::StructureShape.new(name: 'AssociatedAssetsSummary')
     Attribute = Shapes::StructureShape.new(name: 'Attribute')
+    AuthMode = Shapes::StringShape.new(name: 'AuthMode')
     BatchAssociateProjectAssetsErrors = Shapes::ListShape.new(name: 'BatchAssociateProjectAssetsErrors')
     BatchAssociateProjectAssetsRequest = Shapes::StructureShape.new(name: 'BatchAssociateProjectAssetsRequest')
     BatchAssociateProjectAssetsResponse = Shapes::StructureShape.new(name: 'BatchAssociateProjectAssetsResponse')
@@ -85,6 +86,8 @@ module Aws::IoTSiteWise
     CreateGatewayResponse = Shapes::StructureShape.new(name: 'CreateGatewayResponse')
     CreatePortalRequest = Shapes::StructureShape.new(name: 'CreatePortalRequest')
     CreatePortalResponse = Shapes::StructureShape.new(name: 'CreatePortalResponse')
+    CreatePresignedPortalUrlRequest = Shapes::StructureShape.new(name: 'CreatePresignedPortalUrlRequest')
+    CreatePresignedPortalUrlResponse = Shapes::StructureShape.new(name: 'CreatePresignedPortalUrlResponse')
     CreateProjectRequest = Shapes::StructureShape.new(name: 'CreateProjectRequest')
     CreateProjectResponse = Shapes::StructureShape.new(name: 'CreateProjectResponse')
     DashboardDefinition = Shapes::StringShape.new(name: 'DashboardDefinition')
@@ -148,6 +151,7 @@ module Aws::IoTSiteWise
     GetAssetPropertyValueResponse = Shapes::StructureShape.new(name: 'GetAssetPropertyValueResponse')
     Greengrass = Shapes::StructureShape.new(name: 'Greengrass')
     GroupIdentity = Shapes::StructureShape.new(name: 'GroupIdentity')
+    IAMUserIdentity = Shapes::StructureShape.new(name: 'IAMUserIdentity')
     ID = Shapes::StringShape.new(name: 'ID')
     IDs = Shapes::ListShape.new(name: 'IDs')
     Identity = Shapes::StructureShape.new(name: 'Identity')
@@ -233,6 +237,7 @@ module Aws::IoTSiteWise
     ResourceType = Shapes::StringShape.new(name: 'ResourceType')
     SSOApplicationId = Shapes::StringShape.new(name: 'SSOApplicationId')
     ServiceUnavailableException = Shapes::StructureShape.new(name: 'ServiceUnavailableException')
+    SessionDurationSeconds = Shapes::IntegerShape.new(name: 'SessionDurationSeconds')
     TagKey = Shapes::StringShape.new(name: 'TagKey')
     TagKeyList = Shapes::ListShape.new(name: 'TagKeyList')
     TagMap = Shapes::MapShape.new(name: 'TagMap')
@@ -521,6 +526,7 @@ module Aws::IoTSiteWise
     CreatePortalRequest.add_member(:portal_logo_image_file, Shapes::ShapeRef.new(shape: ImageFile, location_name: "portalLogoImageFile"))
     CreatePortalRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: ARN, required: true, location_name: "roleArn"))
     CreatePortalRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
+    CreatePortalRequest.add_member(:portal_auth_mode, Shapes::ShapeRef.new(shape: AuthMode, location_name: "portalAuthMode"))
     CreatePortalRequest.struct_class = Types::CreatePortalRequest
 
     CreatePortalResponse.add_member(:portal_id, Shapes::ShapeRef.new(shape: ID, required: true, location_name: "portalId"))
@@ -530,6 +536,13 @@ module Aws::IoTSiteWise
     CreatePortalResponse.add_member(:sso_application_id, Shapes::ShapeRef.new(shape: SSOApplicationId, required: true, location_name: "ssoApplicationId"))
     CreatePortalResponse.struct_class = Types::CreatePortalResponse
 
+    CreatePresignedPortalUrlRequest.add_member(:portal_id, Shapes::ShapeRef.new(shape: ID, required: true, location: "uri", location_name: "portalId"))
+    CreatePresignedPortalUrlRequest.add_member(:session_duration_seconds, Shapes::ShapeRef.new(shape: SessionDurationSeconds, location: "querystring", location_name: "sessionDurationSeconds"))
+    CreatePresignedPortalUrlRequest.struct_class = Types::CreatePresignedPortalUrlRequest
+
+    CreatePresignedPortalUrlResponse.add_member(:presigned_portal_url, Shapes::ShapeRef.new(shape: Url, required: true, location_name: "presignedPortalUrl"))
+    CreatePresignedPortalUrlResponse.struct_class = Types::CreatePresignedPortalUrlResponse
+
     CreateProjectRequest.add_member(:portal_id, Shapes::ShapeRef.new(shape: ID, required: true, location_name: "portalId"))
     CreateProjectRequest.add_member(:project_name, Shapes::ShapeRef.new(shape: Name, required: true, location_name: "projectName"))
     CreateProjectRequest.add_member(:project_description, Shapes::ShapeRef.new(shape: Description, location_name: "projectDescription"))
@@ -697,6 +710,7 @@ module Aws::IoTSiteWise
     DescribePortalResponse.add_member(:portal_last_update_date, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "portalLastUpdateDate"))
     DescribePortalResponse.add_member(:portal_logo_image_location, Shapes::ShapeRef.new(shape: ImageLocation, location_name: "portalLogoImageLocation"))
     DescribePortalResponse.add_member(:role_arn, Shapes::ShapeRef.new(shape: ARN, location_name: "roleArn"))
+    DescribePortalResponse.add_member(:portal_auth_mode, Shapes::ShapeRef.new(shape: AuthMode, location_name: "portalAuthMode"))
     DescribePortalResponse.struct_class = Types::DescribePortalResponse
 
     DescribeProjectRequest.add_member(:project_id, Shapes::ShapeRef.new(shape: ID, required: true, location: "uri", location_name: "projectId"))
@@ -791,10 +805,14 @@ module Aws::IoTSiteWise
     GroupIdentity.add_member(:id, Shapes::ShapeRef.new(shape: IdentityId, required: true, location_name: "id"))
     GroupIdentity.struct_class = Types::GroupIdentity
 
+    IAMUserIdentity.add_member(:arn, Shapes::ShapeRef.new(shape: ARN, required: true, location_name: "arn"))
+    IAMUserIdentity.struct_class = Types::IAMUserIdentity
+
     IDs.member = Shapes::ShapeRef.new(shape: ID)
 
     Identity.add_member(:user, Shapes::ShapeRef.new(shape: UserIdentity, location_name: "user"))
     Identity.add_member(:group, Shapes::ShapeRef.new(shape: GroupIdentity, location_name: "group"))
+    Identity.add_member(:iam_user, Shapes::ShapeRef.new(shape: IAMUserIdentity, location_name: "iamUser"))
     Identity.struct_class = Types::Identity
 
     Image.add_member(:id, Shapes::ShapeRef.new(shape: ID, location_name: "id"))
@@ -822,6 +840,7 @@ module Aws::IoTSiteWise
     ListAccessPoliciesRequest.add_member(:identity_id, Shapes::ShapeRef.new(shape: IdentityId, location: "querystring", location_name: "identityId"))
     ListAccessPoliciesRequest.add_member(:resource_type, Shapes::ShapeRef.new(shape: ResourceType, location: "querystring", location_name: "resourceType"))
     ListAccessPoliciesRequest.add_member(:resource_id, Shapes::ShapeRef.new(shape: ID, location: "querystring", location_name: "resourceId"))
+    ListAccessPoliciesRequest.add_member(:iam_arn, Shapes::ShapeRef.new(shape: ARN, location: "querystring", location_name: "iamArn"))
     ListAccessPoliciesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location: "querystring", location_name: "nextToken"))
     ListAccessPoliciesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location: "querystring", location_name: "maxResults"))
     ListAccessPoliciesRequest.struct_class = Types::ListAccessPoliciesRequest
@@ -1317,6 +1336,20 @@ module Aws::IoTSiteWise
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
       end)
 
+      api.add_operation(:create_presigned_portal_url, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CreatePresignedPortalUrl"
+        o.http_method = "GET"
+        o.http_request_uri = "/portals/{portalId}/presigned-url"
+        o.endpoint_pattern = {
+          "hostPrefix" => "monitor.",
+        }
+        o.input = Shapes::ShapeRef.new(shape: CreatePresignedPortalUrlRequest)
+        o.output = Shapes::ShapeRef.new(shape: CreatePresignedPortalUrlResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalFailureException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+      end)
+
       api.add_operation(:create_project, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateProject"
         o.http_method = "POST"

data/lib/aws-sdk-iotsitewise/types.rb

@@ -10,15 +10,15 @@
 module Aws::IoTSiteWise
   module Types
 
-    # Contains an access policy that defines an AWS SSO identity's access
-    # to an AWS IoT SiteWise Monitor resource.
+    # Contains an access policy that defines an identity's access to an AWS
+    # IoT SiteWise Monitor resource.
     #
     # @!attribute [rw] id
     #   The ID of the access policy.
     #   @return [String]
     #
     # @!attribute [rw] identity
-    #   The AWS SSO identity (a user or group).
+    #   The identity (an AWS SSO user, an AWS SSO group, or an IAM user).
     #   @return [Types::Identity]
     #
     # @!attribute [rw] resource
@@ -143,7 +143,7 @@ module Aws::IoTSiteWise
     #
     # @!attribute [rw] name
     #   The hierarchy name provided in the [CreateAssetModel][1] or
-    #   [UpdateAssetModel][2] API.
+    #   [UpdateAssetModel][2] API operation.
     #
     #
     #
@@ -177,7 +177,7 @@ module Aws::IoTSiteWise
     #
     # @!attribute [rw] name
     #   The name of the asset model hierarchy that you specify by using the
-    #   [CreateAssetModel][1] or [UpdateAssetModel][2] API.
+    #   [CreateAssetModel][1] or [UpdateAssetModel][2] API operation.
     #
     #
     #
@@ -212,7 +212,7 @@ module Aws::IoTSiteWise
     #
     # @!attribute [rw] name
     #   The name of the asset model hierarchy definition (as specified in
-    #   [CreateAssetModel][1] or [UpdateAssetModel][2]).
+    #   the [CreateAssetModel][1] or [UpdateAssetModel][2] API operation).
     #
     #
     #
@@ -971,6 +971,9 @@ module Aws::IoTSiteWise
     #           group: {
     #             id: "IdentityId", # required
     #           },
+    #           iam_user: {
+    #             arn: "ARN", # required
+    #           },
     #         },
     #         access_policy_resource: { # required
     #           portal: {
@@ -988,13 +991,13 @@ module Aws::IoTSiteWise
     #       }
     #
     # @!attribute [rw] access_policy_identity
-    #   The identity for this access policy. Choose either a `user` or a
-    #   `group` but not both.
+    #   The identity for this access policy. Choose an AWS SSO user, an AWS
+    #   SSO group, or an IAM user.
     #   @return [Types::Identity]
     #
     # @!attribute [rw] access_policy_resource
     #   The AWS IoT SiteWise Monitor resource for this access policy. Choose
-    #   either `portal` or `project` but not both.
+    #   either a portal or a project.
     #   @return [Types::Resource]
     #
     # @!attribute [rw] access_policy_permission
@@ -1450,6 +1453,7 @@ module Aws::IoTSiteWise
     #         tags: {
     #           "TagKey" => "TagValue",
     #         },
+    #         portal_auth_mode: "IAM", # accepts IAM, SSO
     #       }
     #
     # @!attribute [rw] portal_name
@@ -1500,6 +1504,32 @@ module Aws::IoTSiteWise
     #   [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html
     #   @return [Hash<String,String>]
     #
+    # @!attribute [rw] portal_auth_mode
+    #   The service to use to authenticate users to the portal. Choose from
+    #   the following options:
+    #
+    #   * `SSO` – The portal uses AWS Single Sign-On to authenticate users
+    #     and manage user permissions. Before you can create a portal that
+    #     uses AWS SSO, you must enable AWS SSO. For more information, see
+    #     [Enabling AWS SSO][1] in the *AWS IoT SiteWise User Guide*. This
+    #     option is only available in AWS Regions other than the China
+    #     Regions.
+    #
+    #   * `IAM` – The portal uses AWS Identity and Access Management (IAM)
+    #     to authenticate users and manage user permissions. IAM users must
+    #     have the `iotsitewise:CreatePresignedPortalUrl` permission to sign
+    #     in to the portal. This option is only available in the China
+    #     Regions.
+    #
+    #   You can't change this value after you create a portal.
+    #
+    #   Default: `SSO`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso
+    #   @return [String]
+    #
     class CreatePortalRequest < Struct.new(
       :portal_name,
       :portal_description,
@@ -1507,7 +1537,8 @@ module Aws::IoTSiteWise
       :client_token,
       :portal_logo_image_file,
       :role_arn,
-      :tags)
+      :tags,
+      :portal_auth_mode)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1527,7 +1558,15 @@ module Aws::IoTSiteWise
     #   @return [String]
     #
     # @!attribute [rw] portal_start_url
-    #   The public URL for the AWS IoT SiteWise Monitor portal.
+    #   The URL for the AWS IoT SiteWise Monitor portal. You can use this
+    #   URL to access portals that use AWS SSO for authentication. For
+    #   portals that use IAM for authentication, you must use the
+    #   [CreatePresignedPortalUrl][1] operation to create a URL that you can
+    #   use to access the portal.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWS IoT SiteWise API ReferenceAPI_CreatePresignedPortalUrl.html
     #   @return [String]
     #
     # @!attribute [rw] portal_status
@@ -1536,7 +1575,7 @@ module Aws::IoTSiteWise
     #   @return [Types::PortalStatus]
     #
     # @!attribute [rw] sso_application_id
-    #   The associated AWS SSO application Id.
+    #   The associated AWS SSO application ID, if the portal uses AWS SSO.
     #   @return [String]
     #
     class CreatePortalResponse < Struct.new(
@@ -1549,6 +1588,45 @@ module Aws::IoTSiteWise
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CreatePresignedPortalUrlRequest
+    #   data as a hash:
+    #
+    #       {
+    #         portal_id: "ID", # required
+    #         session_duration_seconds: 1,
+    #       }
+    #
+    # @!attribute [rw] portal_id
+    #   The ID of the portal to access.
+    #   @return [String]
+    #
+    # @!attribute [rw] session_duration_seconds
+    #   The duration (in seconds) for which the session at the URL is valid.
+    #
+    #   Default: 900 seconds (15 minutes)
+    #   @return [Integer]
+    #
+    class CreatePresignedPortalUrlRequest < Struct.new(
+      :portal_id,
+      :session_duration_seconds)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] presigned_portal_url
+    #   The pre-signed URL to the portal. The URL contains the portal ID and
+    #   a session token that lets you access the portal. The URL has the
+    #   following format.
+    #
+    #   `https://<portal-id>.app.iotsitewise.aws/auth?token=<encrypted-token>`
+    #   @return [String]
+    #
+    class CreatePresignedPortalUrlResponse < Struct.new(
+      :presigned_portal_url)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CreateProjectRequest
     #   data as a hash:
     #
@@ -1912,8 +1990,8 @@ module Aws::IoTSiteWise
     #   @return [String]
     #
     # @!attribute [rw] access_policy_identity
-    #   The AWS SSO identity (user or group) to which this access policy
-    #   applies.
+    #   The identity (AWS SSO user, AWS SSO group, or IAM user) to which
+    #   this access policy applies.
     #   @return [Types::Identity]
     #
     # @!attribute [rw] access_policy_resource
@@ -2411,12 +2489,20 @@ module Aws::IoTSiteWise
     #
     # @!attribute [rw] portal_client_id
     #   The AWS SSO application generated client ID (used with AWS SSO
-    #   APIs).
+    #   APIs). AWS IoT SiteWise includes `portalClientId` for only portals
+    #   that use AWS SSO to authenticate users.
     #   @return [String]
     #
     # @!attribute [rw] portal_start_url
-    #   The public root URL for the AWS IoT AWS IoT SiteWise Monitor
-    #   application portal.
+    #   The URL for the AWS IoT SiteWise Monitor portal. You can use this
+    #   URL to access portals that use AWS SSO for authentication. For
+    #   portals that use IAM for authentication, you must use the
+    #   [CreatePresignedPortalUrl][1] operation to create a URL that you can
+    #   use to access the portal.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWS IoT SiteWise API ReferenceAPI_CreatePresignedPortalUrl.html
     #   @return [String]
     #
     # @!attribute [rw] portal_contact_email
@@ -2452,6 +2538,10 @@ module Aws::IoTSiteWise
     #   [2]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-service-role.html
     #   @return [String]
     #
+    # @!attribute [rw] portal_auth_mode
+    #   The service to use to authenticate users to the portal.
+    #   @return [String]
+    #
     class DescribePortalResponse < Struct.new(
       :portal_id,
       :portal_arn,
@@ -2464,7 +2554,8 @@ module Aws::IoTSiteWise
       :portal_creation_date,
       :portal_last_update_date,
       :portal_logo_image_location,
-      :role_arn)
+      :role_arn,
+      :portal_auth_mode)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3020,7 +3111,41 @@ module Aws::IoTSiteWise
       include Aws::Structure
     end
 
-    # Contains an AWS SSO identity ID for a user or group.
+    # Contains information about an AWS Identity and Access Management (IAM)
+    # user.
+    #
+    # @note When making an API call, you may pass IAMUserIdentity
+    #   data as a hash:
+    #
+    #       {
+    #         arn: "ARN", # required
+    #       }
+    #
+    # @!attribute [rw] arn
+    #   The ARN of the IAM user. IAM users must have the
+    #   `iotsitewise:CreatePresignedPortalUrl` permission to sign in to the
+    #   portal. For more information, see [IAM ARNs][1] in the *IAM User
+    #   Guide*.
+    #
+    #   <note markdown="1"> If you delete the IAM user, access policies that contain this
+    #   identity include an empty `arn`. You can delete the access policy
+    #   for the IAM user that no longer exists.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
+    #   @return [String]
+    #
+    class IAMUserIdentity < Struct.new(
+      :arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains an identity that can access an AWS IoT SiteWise Monitor
+    # resource.
     #
     # <note markdown="1"> Currently, you can't use AWS APIs to retrieve AWS SSO identity IDs.
     # You can find the AWS SSO identity IDs in the URL of user and group
@@ -3042,19 +3167,27 @@ module Aws::IoTSiteWise
     #         group: {
     #           id: "IdentityId", # required
     #         },
+    #         iam_user: {
+    #           arn: "ARN", # required
+    #         },
     #       }
     #
     # @!attribute [rw] user
-    #   A user identity.
+    #   An AWS SSO user identity.
     #   @return [Types::UserIdentity]
     #
     # @!attribute [rw] group
-    #   A group identity.
+    #   An AWS SSO group identity.
     #   @return [Types::GroupIdentity]
     #
+    # @!attribute [rw] iam_user
+    #   An IAM user identity.
+    #   @return [Types::IAMUserIdentity]
+    #
     class Identity < Struct.new(
       :user,
-      :group)
+      :group,
+      :iam_user)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3188,22 +3321,23 @@ module Aws::IoTSiteWise
     #   data as a hash:
     #
     #       {
-    #         identity_type: "USER", # accepts USER, GROUP
+    #         identity_type: "USER", # accepts USER, GROUP, IAM
     #         identity_id: "IdentityId",
     #         resource_type: "PORTAL", # accepts PORTAL, PROJECT
     #         resource_id: "ID",
+    #         iam_arn: "ARN",
     #         next_token: "NextToken",
     #         max_results: 1,
     #       }
     #
     # @!attribute [rw] identity_type
-    #   The type of identity (user or group). This parameter is required if
-    #   you specify `identityId`.
+    #   The type of identity (AWS SSO user, AWS SSO group, or IAM user).
+    #   This parameter is required if you specify `identityId`.
     #   @return [String]
     #
     # @!attribute [rw] identity_id
     #   The ID of the identity. This parameter is required if you specify
-    #   `identityType`.
+    #   `USER` or `GROUP` for `identityType`.
     #   @return [String]
     #
     # @!attribute [rw] resource_type
@@ -3216,6 +3350,16 @@ module Aws::IoTSiteWise
     #   `resourceType`.
     #   @return [String]
     #
+    # @!attribute [rw] iam_arn
+    #   The ARN of the IAM user. For more information, see [IAM ARNs][1] in
+    #   the *IAM User Guide*. This parameter is required if you specify
+    #   `IAM` for `identityType`.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
+    #   @return [String]
+    #
     # @!attribute [rw] next_token
     #   The token to be used for the next set of paginated results.
     #   @return [String]
@@ -3231,6 +3375,7 @@ module Aws::IoTSiteWise
       :identity_id,
       :resource_type,
       :resource_id,
+      :iam_arn,
       :next_token,
       :max_results)
       SENSITIVE = []
@@ -3889,8 +4034,15 @@ module Aws::IoTSiteWise
     #   @return [String]
     #
     # @!attribute [rw] start_url
-    #   The public root URL for the AWS IoT AWS IoT SiteWise Monitor
-    #   application portal.
+    #   The URL for the AWS IoT SiteWise Monitor portal. You can use this
+    #   URL to access portals that use AWS SSO for authentication. For
+    #   portals that use IAM for authentication, you must use the
+    #   [CreatePresignedPortalUrl][1] operation to create a URL that you can
+    #   use to access the portal.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWS IoT SiteWise API ReferenceAPI_CreatePresignedPortalUrl.html
     #   @return [String]
     #
     # @!attribute [rw] creation_date
@@ -4146,7 +4298,8 @@ module Aws::IoTSiteWise
     end
 
     # Contains a list of value updates for an asset property in the list of
-    # asset entries consumed by the [BatchPutAssetPropertyValue][1] API.
+    # asset entries consumed by the [BatchPutAssetPropertyValue][1] API
+    # operation.
     #
     #
     #
@@ -4543,6 +4696,9 @@ module Aws::IoTSiteWise
     #           group: {
     #             id: "IdentityId", # required
     #           },
+    #           iam_user: {
+    #             arn: "ARN", # required
+    #           },
     #         },
     #         access_policy_resource: { # required
     #           portal: {
@@ -4561,13 +4717,13 @@ module Aws::IoTSiteWise
     #   @return [String]
     #
     # @!attribute [rw] access_policy_identity
-    #   The identity for this access policy. Choose either a `user` or a
-    #   `group` but not both.
+    #   The identity for this access policy. Choose an AWS SSO user, an AWS
+    #   SSO group, or an IAM user.
     #   @return [Types::Identity]
     #
     # @!attribute [rw] access_policy_resource
     #   The AWS IoT SiteWise Monitor resource for this access policy. Choose
-    #   either `portal` or `project` but not both.
+    #   either a portal or a project.
     #   @return [Types::Resource]
     #
     # @!attribute [rw] access_policy_permission

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iotsitewise
 version: !ruby/object:Gem::Version
-  version: 1.10.0
+  version: 1.11.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-15 00:00:00.000000000 Z
+date: 2020-09-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core