aws-sdk-iotsitewise 1.10.0 → 1.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d305379c89444298a4b122ef07db07dcce29001e40b3e410c352165cc7c41396
-  data.tar.gz: 9c31118ed6b51bf11500429306db72150213e725156b4874cf1a9905dba2ae7d
+  metadata.gz: ac4b695574efbb800c7b7fb99d8b5df540b14e4667763e13584da1a88124ad44
+  data.tar.gz: 65be80a4c8c44ad80e4d2051ecd015ffbd9eedf7fd2d0f9c5c122bb10e92f795
 SHA512:
-  metadata.gz: bdac6f7fdc947ddb549cef8f438962551283404bd4a6a6cf02232455a5272c4773c1c7eb3474a49c1306181511bcc6e990836503099e3619325c4bbdfb915a88
-  data.tar.gz: 3fe64c09c3b19457a95ca448a064a3e57eeb2a78519cf72968af4c17b009c7102fda0cd669677b4fa822120d797f889d7d74283109addcde40a4f8732a50f32d
+  metadata.gz: 1636c172907f9c13a3707bbe27ba578190c31b4c5e8fe1b93973ad5fe3b093f8229fc119c97cb17f78d1773681871bd8994efbcf86cef49af33162abaaa822d3
+  data.tar.gz: 4c6397f8d3188110528769dbcfed58d2e1d6047761c62dd8d96c76e09f4cfcd38706389d851f49981b49bc5dbfd7ce1991b0f12486a8259545865ba22b72da40

data/lib/aws-sdk-iotsitewise.rb

@@ -49,6 +49,6 @@ require_relative 'aws-sdk-iotsitewise/customizations'
 # @!group service
 module Aws::IoTSiteWise
 
-  GEM_VERSION = '1.10.0'
+  GEM_VERSION = '1.15.0'
 
 end

data/lib/aws-sdk-iotsitewise/client.rb

@@ -552,17 +552,17 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
-    # Creates an access policy that grants the specified AWS Single Sign-On
-    # user or group access to the specified AWS IoT SiteWise Monitor portal
-    # or project resource.
+    # Creates an access policy that grants the specified identity (AWS SSO
+    # user, AWS SSO group, or IAM user) access to the specified AWS IoT
+    # SiteWise Monitor portal or project resource.
     #
     # @option params [required, Types::Identity] :access_policy_identity
-    #   The identity for this access policy. Choose either a `user` or a
-    #   `group` but not both.
+    #   The identity for this access policy. Choose an AWS SSO user, an AWS
+    #   SSO group, or an IAM user.
     #
     # @option params [required, Types::Resource] :access_policy_resource
     #   The AWS IoT SiteWise Monitor resource for this access policy. Choose
-    #   either `portal` or `project` but not both.
+    #   either a portal or a project.
     #
     # @option params [required, String] :access_policy_permission
     #   The permission level for this access policy. Note that a project
@@ -600,6 +600,9 @@ module Aws::IoTSiteWise
     #       group: {
     #         id: "IdentityId", # required
     #       },
+    #       iam_user: {
+    #         arn: "ARN", # required
+    #       },
     #     },
     #     access_policy_resource: { # required
     #       portal: {
@@ -954,23 +957,19 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
-    # Creates a portal, which can contain projects and dashboards. Before
-    # you can create a portal, you must enable AWS Single Sign-On. AWS IoT
-    # SiteWise Monitor uses AWS SSO to manage user permissions. For more
-    # information, see [Enabling AWS SSO][1] in the *AWS IoT SiteWise User
-    # Guide*.
+    # Creates a portal, which can contain projects and dashboards. AWS IoT
+    # SiteWise Monitor uses AWS SSO or IAM to authenticate portal users and
+    # manage user permissions.
     #
-    # <note markdown="1"> Before you can sign in to a new portal, you must add at least one AWS
-    # SSO user or group to that portal. For more information, see [Adding or
-    # removing portal administrators][2] in the *AWS IoT SiteWise User
-    # Guide*.
+    # <note markdown="1"> Before you can sign in to a new portal, you must add at least one
+    # identity to that portal. For more information, see [Adding or removing
+    # portal administrators][1] in the *AWS IoT SiteWise User Guide*.
     #
     #  </note>
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso
-    # [2]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/administer-portals.html#portal-change-admins
+    # [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/administer-portals.html#portal-change-admins
     #
     # @option params [required, String] :portal_name
     #   A friendly name for the portal.
@@ -1013,6 +1012,30 @@ module Aws::IoTSiteWise
     #
     #   [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html
     #
+    # @option params [String] :portal_auth_mode
+    #   The service to use to authenticate users to the portal. Choose from
+    #   the following options:
+    #
+    #   * `SSO` – The portal uses AWS Single Sign-On to authenticate users and
+    #     manage user permissions. Before you can create a portal that uses
+    #     AWS SSO, you must enable AWS SSO. For more information, see
+    #     [Enabling AWS SSO][1] in the *AWS IoT SiteWise User Guide*. This
+    #     option is only available in AWS Regions other than the China
+    #     Regions.
+    #
+    #   * `IAM` – The portal uses AWS Identity and Access Management (IAM) to
+    #     authenticate users and manage user permissions. IAM users must have
+    #     the `iotsitewise:CreatePresignedPortalUrl` permission to sign in to
+    #     the portal. This option is only available in the China Regions.
+    #
+    #   You can't change this value after you create a portal.
+    #
+    #   Default: `SSO`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso
+    #
     # @return [Types::CreatePortalResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreatePortalResponse#portal_id #portal_id} => String
@@ -1036,6 +1059,7 @@ module Aws::IoTSiteWise
     #     tags: {
     #       "TagKey" => "TagValue",
     #     },
+    #     portal_auth_mode: "IAM", # accepts IAM, SSO
     #   })
     #
     # @example Response structure
@@ -1055,6 +1079,42 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
+    # Creates a pre-signed URL to a portal. Use this operation to create
+    # URLs to portals that use AWS Identity and Access Management (IAM) to
+    # authenticate users. An IAM user with access to a portal can call this
+    # API to get a URL to that portal. The URL contains an authentication
+    # token that lets the IAM user access the portal.
+    #
+    # @option params [required, String] :portal_id
+    #   The ID of the portal to access.
+    #
+    # @option params [Integer] :session_duration_seconds
+    #   The duration (in seconds) for which the session at the URL is valid.
+    #
+    #   Default: 43,200 seconds (12 hours)
+    #
+    # @return [Types::CreatePresignedPortalUrlResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreatePresignedPortalUrlResponse#presigned_portal_url #presigned_portal_url} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_presigned_portal_url({
+    #     portal_id: "ID", # required
+    #     session_duration_seconds: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.presigned_portal_url #=> String
+    #
+    # @overload create_presigned_portal_url(params = {})
+    # @param [Hash] params ({})
+    def create_presigned_portal_url(params = {}, options = {})
+      req = build_request(:create_presigned_portal_url, params)
+      req.send_request(options)
+    end
+
     # Creates a project in the specified portal.
     #
     # @option params [required, String] :portal_id
@@ -1112,10 +1172,9 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
-    # Deletes an access policy that grants the specified AWS Single Sign-On
-    # identity access to the specified AWS IoT SiteWise Monitor resource.
-    # You can use this operation to revoke access to an AWS IoT SiteWise
-    # Monitor resource.
+    # Deletes an access policy that grants the specified identity access to
+    # the specified AWS IoT SiteWise Monitor resource. You can use this
+    # operation to revoke access to an AWS IoT SiteWise Monitor resource.
     #
     # @option params [required, String] :access_policy_id
     #   The ID of the access policy to be deleted.
@@ -1270,12 +1329,6 @@ module Aws::IoTSiteWise
 
     # Deletes a gateway from AWS IoT SiteWise. When you delete a gateway,
     # some of the gateway's files remain in your gateway's file system.
-    # For more information, see [Data retention][1] in the *AWS IoT SiteWise
-    # User Guide*.
-    #
-    #
-    #
-    # [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/data-retention.html
     #
     # @option params [required, String] :gateway_id
     #   The ID of the gateway to delete.
@@ -1361,8 +1414,8 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
-    # Describes an access policy, which specifies an AWS SSO user or
-    # group's access to an AWS IoT SiteWise Monitor portal or project.
+    # Describes an access policy, which specifies an identity's access to
+    # an AWS IoT SiteWise Monitor portal or project.
     #
     # @option params [required, String] :access_policy_id
     #   The ID of the access policy.
@@ -1389,6 +1442,7 @@ module Aws::IoTSiteWise
     #   resp.access_policy_arn #=> String
     #   resp.access_policy_identity.user.id #=> String
     #   resp.access_policy_identity.group.id #=> String
+    #   resp.access_policy_identity.iam_user.arn #=> String
     #   resp.access_policy_resource.portal.id #=> String
     #   resp.access_policy_resource.project.id #=> String
     #   resp.access_policy_permission #=> String, one of "ADMINISTRATOR", "VIEWER"
@@ -1638,6 +1692,36 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
+    # Retrieves information about the default encryption configuration for
+    # the AWS account in the default or specified region. For more
+    # information, see [Key management][1] in the *AWS IoT SiteWise User
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/key-management.html
+    #
+    # @return [Types::DescribeDefaultEncryptionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeDefaultEncryptionConfigurationResponse#encryption_type #encryption_type} => String
+    #   * {Types::DescribeDefaultEncryptionConfigurationResponse#kms_key_arn #kms_key_arn} => String
+    #   * {Types::DescribeDefaultEncryptionConfigurationResponse#configuration_status #configuration_status} => Types::ConfigurationStatus
+    #
+    # @example Response structure
+    #
+    #   resp.encryption_type #=> String, one of "SITEWISE_DEFAULT_ENCRYPTION", "KMS_BASED_ENCRYPTION"
+    #   resp.kms_key_arn #=> String
+    #   resp.configuration_status.state #=> String, one of "ACTIVE", "UPDATE_IN_PROGRESS", "UPDATE_FAILED"
+    #   resp.configuration_status.error.code #=> String, one of "VALIDATION_ERROR", "INTERNAL_FAILURE"
+    #   resp.configuration_status.error.message #=> String
+    #
+    # @overload describe_default_encryption_configuration(params = {})
+    # @param [Hash] params ({})
+    def describe_default_encryption_configuration(params = {}, options = {})
+      req = build_request(:describe_default_encryption_configuration, params)
+      req.send_request(options)
+    end
+
     # Retrieves information about a gateway.
     #
     # @option params [required, String] :gateway_id
@@ -1764,6 +1848,7 @@ module Aws::IoTSiteWise
     #   * {Types::DescribePortalResponse#portal_last_update_date #portal_last_update_date} => Time
     #   * {Types::DescribePortalResponse#portal_logo_image_location #portal_logo_image_location} => Types::ImageLocation
     #   * {Types::DescribePortalResponse#role_arn #role_arn} => String
+    #   * {Types::DescribePortalResponse#portal_auth_mode #portal_auth_mode} => String
     #
     # @example Request syntax with placeholder values
     #
@@ -1788,6 +1873,7 @@ module Aws::IoTSiteWise
     #   resp.portal_logo_image_location.id #=> String
     #   resp.portal_logo_image_location.url #=> String
     #   resp.role_arn #=> String
+    #   resp.portal_auth_mode #=> String, one of "IAM", "SSO"
     #
     #
     # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
@@ -2152,17 +2238,17 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
-    # Retrieves a paginated list of access policies for an AWS SSO identity
-    # (a user or group) or an AWS IoT SiteWise Monitor resource (a portal or
-    # project).
+    # Retrieves a paginated list of access policies for an identity (an AWS
+    # SSO user, an AWS SSO group, or an IAM user) or an AWS IoT SiteWise
+    # Monitor resource (a portal or project).
     #
     # @option params [String] :identity_type
-    #   The type of identity (user or group). This parameter is required if
-    #   you specify `identityId`.
+    #   The type of identity (AWS SSO user, AWS SSO group, or IAM user). This
+    #   parameter is required if you specify `identityId`.
     #
     # @option params [String] :identity_id
     #   The ID of the identity. This parameter is required if you specify
-    #   `identityType`.
+    #   `USER` or `GROUP` for `identityType`.
     #
     # @option params [String] :resource_type
     #   The type of resource (portal or project). This parameter is required
@@ -2172,6 +2258,15 @@ module Aws::IoTSiteWise
     #   The ID of the resource. This parameter is required if you specify
     #   `resourceType`.
     #
+    # @option params [String] :iam_arn
+    #   The ARN of the IAM user. For more information, see [IAM ARNs][1] in
+    #   the *IAM User Guide*. This parameter is required if you specify `IAM`
+    #   for `identityType`.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
+    #
     # @option params [String] :next_token
     #   The token to be used for the next set of paginated results.
     #
@@ -2190,10 +2285,11 @@ module Aws::IoTSiteWise
     # @example Request syntax with placeholder values
     #
     #   resp = client.list_access_policies({
-    #     identity_type: "USER", # accepts USER, GROUP
+    #     identity_type: "USER", # accepts USER, GROUP, IAM
     #     identity_id: "IdentityId",
     #     resource_type: "PORTAL", # accepts PORTAL, PROJECT
     #     resource_id: "ID",
+    #     iam_arn: "ARN",
     #     next_token: "NextToken",
     #     max_results: 1,
     #   })
@@ -2204,6 +2300,7 @@ module Aws::IoTSiteWise
     #   resp.access_policy_summaries[0].id #=> String
     #   resp.access_policy_summaries[0].identity.user.id #=> String
     #   resp.access_policy_summaries[0].identity.group.id #=> String
+    #   resp.access_policy_summaries[0].identity.iam_user.arn #=> String
     #   resp.access_policy_summaries[0].resource.portal.id #=> String
     #   resp.access_policy_summaries[0].resource.project.id #=> String
     #   resp.access_policy_summaries[0].permission #=> String, one of "ADMINISTRATOR", "VIEWER"
@@ -2686,6 +2783,50 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
+    # Sets the default encryption configuration for the AWS account. For
+    # more information, see [Key management][1] in the *AWS IoT SiteWise
+    # User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/key-management.html
+    #
+    # @option params [required, String] :encryption_type
+    #   The type of encryption used for the encryption configuration.
+    #
+    # @option params [String] :kms_key_id
+    #   The Key ID of the customer managed customer master key (CMK) used for
+    #   AWS KMS encryption. This is required if you use
+    #   `KMS_BASED_ENCRYPTION`.
+    #
+    # @return [Types::PutDefaultEncryptionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::PutDefaultEncryptionConfigurationResponse#encryption_type #encryption_type} => String
+    #   * {Types::PutDefaultEncryptionConfigurationResponse#kms_key_arn #kms_key_arn} => String
+    #   * {Types::PutDefaultEncryptionConfigurationResponse#configuration_status #configuration_status} => Types::ConfigurationStatus
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_default_encryption_configuration({
+    #     encryption_type: "SITEWISE_DEFAULT_ENCRYPTION", # required, accepts SITEWISE_DEFAULT_ENCRYPTION, KMS_BASED_ENCRYPTION
+    #     kms_key_id: "KmsKeyId",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.encryption_type #=> String, one of "SITEWISE_DEFAULT_ENCRYPTION", "KMS_BASED_ENCRYPTION"
+    #   resp.kms_key_arn #=> String
+    #   resp.configuration_status.state #=> String, one of "ACTIVE", "UPDATE_IN_PROGRESS", "UPDATE_FAILED"
+    #   resp.configuration_status.error.code #=> String, one of "VALIDATION_ERROR", "INTERNAL_FAILURE"
+    #   resp.configuration_status.error.message #=> String
+    #
+    # @overload put_default_encryption_configuration(params = {})
+    # @param [Hash] params ({})
+    def put_default_encryption_configuration(params = {}, options = {})
+      req = build_request(:put_default_encryption_configuration, params)
+      req.send_request(options)
+    end
+
     # Sets logging options for AWS IoT SiteWise.
     #
     # @option params [required, Types::LoggingOptions] :logging_options
@@ -2773,20 +2914,19 @@ module Aws::IoTSiteWise
       req.send_request(options)
     end
 
-    # Updates an existing access policy that specifies an AWS SSO user or
-    # group's access to an AWS IoT SiteWise Monitor portal or project
-    # resource.
+    # Updates an existing access policy that specifies an identity's access
+    # to an AWS IoT SiteWise Monitor portal or project resource.
     #
     # @option params [required, String] :access_policy_id
     #   The ID of the access policy.
     #
     # @option params [required, Types::Identity] :access_policy_identity
-    #   The identity for this access policy. Choose either a `user` or a
-    #   `group` but not both.
+    #   The identity for this access policy. Choose an AWS SSO user, an AWS
+    #   SSO group, or an IAM user.
     #
     # @option params [required, Types::Resource] :access_policy_resource
     #   The AWS IoT SiteWise Monitor resource for this access policy. Choose
-    #   either `portal` or `project` but not both.
+    #   either a portal or a project.
     #
     # @option params [required, String] :access_policy_permission
     #   The permission level for this access policy. Note that a project
@@ -2813,6 +2953,9 @@ module Aws::IoTSiteWise
     #       group: {
     #         id: "IdentityId", # required
     #       },
+    #       iam_user: {
+    #         arn: "ARN", # required
+    #       },
     #     },
     #     access_policy_resource: { # required
     #       portal: {
@@ -2890,12 +3033,12 @@ module Aws::IoTSiteWise
     # must include their IDs and definitions in the updated asset model
     # payload. For more information, see [DescribeAssetModel][2].
     #
-    #  If you remove a property from an asset model or update a property's
-    # formula expression, AWS IoT SiteWise deletes all previous data for
-    # that property. If you remove a hierarchy definition from an asset
-    # model, AWS IoT SiteWise disassociates every asset associated with that
-    # hierarchy. You can't change the type or data type of an existing
-    # property.
+    #  If you remove a property from an asset model, AWS IoT SiteWise
+    # deletes
+    # all previous data for that property. If you remove a hierarchy
+    # definition from an asset model, AWS IoT SiteWise disassociates every
+    # asset associated with that hierarchy. You can't change the type or
+    # data type of an existing property.
     #
     #
     #
@@ -3348,7 +3491,7 @@ module Aws::IoTSiteWise
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iotsitewise'
-      context[:gem_version] = '1.10.0'
+      context[:gem_version] = '1.15.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-iotsitewise/client_api.rb

@@ -55,6 +55,7 @@ module Aws::IoTSiteWise
     AssociatedAssetsSummaries = Shapes::ListShape.new(name: 'AssociatedAssetsSummaries')
     AssociatedAssetsSummary = Shapes::StructureShape.new(name: 'AssociatedAssetsSummary')
     Attribute = Shapes::StructureShape.new(name: 'Attribute')
+    AuthMode = Shapes::StringShape.new(name: 'AuthMode')
     BatchAssociateProjectAssetsErrors = Shapes::ListShape.new(name: 'BatchAssociateProjectAssetsErrors')
     BatchAssociateProjectAssetsRequest = Shapes::StructureShape.new(name: 'BatchAssociateProjectAssetsRequest')
     BatchAssociateProjectAssetsResponse = Shapes::StructureShape.new(name: 'BatchAssociateProjectAssetsResponse')
@@ -72,6 +73,9 @@ module Aws::IoTSiteWise
     CapabilityNamespace = Shapes::StringShape.new(name: 'CapabilityNamespace')
     CapabilitySyncStatus = Shapes::StringShape.new(name: 'CapabilitySyncStatus')
     ClientToken = Shapes::StringShape.new(name: 'ClientToken')
+    ConfigurationErrorDetails = Shapes::StructureShape.new(name: 'ConfigurationErrorDetails')
+    ConfigurationState = Shapes::StringShape.new(name: 'ConfigurationState')
+    ConfigurationStatus = Shapes::StructureShape.new(name: 'ConfigurationStatus')
     ConflictingOperationException = Shapes::StructureShape.new(name: 'ConflictingOperationException')
     CreateAccessPolicyRequest = Shapes::StructureShape.new(name: 'CreateAccessPolicyRequest')
     CreateAccessPolicyResponse = Shapes::StructureShape.new(name: 'CreateAccessPolicyResponse')
@@ -85,6 +89,8 @@ module Aws::IoTSiteWise
     CreateGatewayResponse = Shapes::StructureShape.new(name: 'CreateGatewayResponse')
     CreatePortalRequest = Shapes::StructureShape.new(name: 'CreatePortalRequest')
     CreatePortalResponse = Shapes::StructureShape.new(name: 'CreatePortalResponse')
+    CreatePresignedPortalUrlRequest = Shapes::StructureShape.new(name: 'CreatePresignedPortalUrlRequest')
+    CreatePresignedPortalUrlResponse = Shapes::StructureShape.new(name: 'CreatePresignedPortalUrlResponse')
     CreateProjectRequest = Shapes::StructureShape.new(name: 'CreateProjectRequest')
     CreateProjectResponse = Shapes::StructureShape.new(name: 'CreateProjectResponse')
     DashboardDefinition = Shapes::StringShape.new(name: 'DashboardDefinition')
@@ -114,6 +120,8 @@ module Aws::IoTSiteWise
     DescribeAssetResponse = Shapes::StructureShape.new(name: 'DescribeAssetResponse')
     DescribeDashboardRequest = Shapes::StructureShape.new(name: 'DescribeDashboardRequest')
     DescribeDashboardResponse = Shapes::StructureShape.new(name: 'DescribeDashboardResponse')
+    DescribeDefaultEncryptionConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeDefaultEncryptionConfigurationRequest')
+    DescribeDefaultEncryptionConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeDefaultEncryptionConfigurationResponse')
     DescribeGatewayCapabilityConfigurationRequest = Shapes::StructureShape.new(name: 'DescribeGatewayCapabilityConfigurationRequest')
     DescribeGatewayCapabilityConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeGatewayCapabilityConfigurationResponse')
     DescribeGatewayRequest = Shapes::StructureShape.new(name: 'DescribeGatewayRequest')
@@ -127,6 +135,7 @@ module Aws::IoTSiteWise
     Description = Shapes::StringShape.new(name: 'Description')
     DisassociateAssetsRequest = Shapes::StructureShape.new(name: 'DisassociateAssetsRequest')
     Email = Shapes::StringShape.new(name: 'Email')
+    EncryptionType = Shapes::StringShape.new(name: 'EncryptionType')
     EntryId = Shapes::StringShape.new(name: 'EntryId')
     ErrorCode = Shapes::StringShape.new(name: 'ErrorCode')
     ErrorDetails = Shapes::StructureShape.new(name: 'ErrorDetails')
@@ -148,6 +157,7 @@ module Aws::IoTSiteWise
     GetAssetPropertyValueResponse = Shapes::StructureShape.new(name: 'GetAssetPropertyValueResponse')
     Greengrass = Shapes::StructureShape.new(name: 'Greengrass')
     GroupIdentity = Shapes::StructureShape.new(name: 'GroupIdentity')
+    IAMUserIdentity = Shapes::StructureShape.new(name: 'IAMUserIdentity')
     ID = Shapes::StringShape.new(name: 'ID')
     IDs = Shapes::ListShape.new(name: 'IDs')
     Identity = Shapes::StructureShape.new(name: 'Identity')
@@ -161,6 +171,7 @@ module Aws::IoTSiteWise
     InternalFailureException = Shapes::StructureShape.new(name: 'InternalFailureException')
     Interval = Shapes::StringShape.new(name: 'Interval')
     InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
+    KmsKeyId = Shapes::StringShape.new(name: 'KmsKeyId')
     LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
     ListAccessPoliciesRequest = Shapes::StructureShape.new(name: 'ListAccessPoliciesRequest')
     ListAccessPoliciesResponse = Shapes::StructureShape.new(name: 'ListAccessPoliciesResponse')
@@ -220,6 +231,8 @@ module Aws::IoTSiteWise
     PropertyValueStringValue = Shapes::StringShape.new(name: 'PropertyValueStringValue')
     PutAssetPropertyValueEntries = Shapes::ListShape.new(name: 'PutAssetPropertyValueEntries')
     PutAssetPropertyValueEntry = Shapes::StructureShape.new(name: 'PutAssetPropertyValueEntry')
+    PutDefaultEncryptionConfigurationRequest = Shapes::StructureShape.new(name: 'PutDefaultEncryptionConfigurationRequest')
+    PutDefaultEncryptionConfigurationResponse = Shapes::StructureShape.new(name: 'PutDefaultEncryptionConfigurationResponse')
     PutLoggingOptionsRequest = Shapes::StructureShape.new(name: 'PutLoggingOptionsRequest')
     PutLoggingOptionsResponse = Shapes::StructureShape.new(name: 'PutLoggingOptionsResponse')
     Qualities = Shapes::ListShape.new(name: 'Qualities')
@@ -233,6 +246,7 @@ module Aws::IoTSiteWise
     ResourceType = Shapes::StringShape.new(name: 'ResourceType')
     SSOApplicationId = Shapes::StringShape.new(name: 'SSOApplicationId')
     ServiceUnavailableException = Shapes::StructureShape.new(name: 'ServiceUnavailableException')
+    SessionDurationSeconds = Shapes::IntegerShape.new(name: 'SessionDurationSeconds')
     TagKey = Shapes::StringShape.new(name: 'TagKey')
     TagKeyList = Shapes::ListShape.new(name: 'TagKeyList')
     TagMap = Shapes::MapShape.new(name: 'TagMap')
@@ -453,6 +467,14 @@ module Aws::IoTSiteWise
     BatchPutAssetPropertyValueResponse.add_member(:error_entries, Shapes::ShapeRef.new(shape: BatchPutAssetPropertyErrorEntries, required: true, location_name: "errorEntries"))
     BatchPutAssetPropertyValueResponse.struct_class = Types::BatchPutAssetPropertyValueResponse
 
+    ConfigurationErrorDetails.add_member(:code, Shapes::ShapeRef.new(shape: ErrorCode, required: true, location_name: "code"))
+    ConfigurationErrorDetails.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, required: true, location_name: "message"))
+    ConfigurationErrorDetails.struct_class = Types::ConfigurationErrorDetails
+
+    ConfigurationStatus.add_member(:state, Shapes::ShapeRef.new(shape: ConfigurationState, required: true, location_name: "state"))
+    ConfigurationStatus.add_member(:error, Shapes::ShapeRef.new(shape: ConfigurationErrorDetails, location_name: "error"))
+    ConfigurationStatus.struct_class = Types::ConfigurationStatus
+
     ConflictingOperationException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, required: true, location_name: "message"))
     ConflictingOperationException.add_member(:resource_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "resourceId"))
     ConflictingOperationException.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "resourceArn"))
@@ -521,6 +543,7 @@ module Aws::IoTSiteWise
     CreatePortalRequest.add_member(:portal_logo_image_file, Shapes::ShapeRef.new(shape: ImageFile, location_name: "portalLogoImageFile"))
     CreatePortalRequest.add_member(:role_arn, Shapes::ShapeRef.new(shape: ARN, required: true, location_name: "roleArn"))
     CreatePortalRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
+    CreatePortalRequest.add_member(:portal_auth_mode, Shapes::ShapeRef.new(shape: AuthMode, location_name: "portalAuthMode"))
     CreatePortalRequest.struct_class = Types::CreatePortalRequest
 
     CreatePortalResponse.add_member(:portal_id, Shapes::ShapeRef.new(shape: ID, required: true, location_name: "portalId"))
@@ -530,6 +553,13 @@ module Aws::IoTSiteWise
     CreatePortalResponse.add_member(:sso_application_id, Shapes::ShapeRef.new(shape: SSOApplicationId, required: true, location_name: "ssoApplicationId"))
     CreatePortalResponse.struct_class = Types::CreatePortalResponse
 
+    CreatePresignedPortalUrlRequest.add_member(:portal_id, Shapes::ShapeRef.new(shape: ID, required: true, location: "uri", location_name: "portalId"))
+    CreatePresignedPortalUrlRequest.add_member(:session_duration_seconds, Shapes::ShapeRef.new(shape: SessionDurationSeconds, location: "querystring", location_name: "sessionDurationSeconds"))
+    CreatePresignedPortalUrlRequest.struct_class = Types::CreatePresignedPortalUrlRequest
+
+    CreatePresignedPortalUrlResponse.add_member(:presigned_portal_url, Shapes::ShapeRef.new(shape: Url, required: true, location_name: "presignedPortalUrl"))
+    CreatePresignedPortalUrlResponse.struct_class = Types::CreatePresignedPortalUrlResponse
+
     CreateProjectRequest.add_member(:portal_id, Shapes::ShapeRef.new(shape: ID, required: true, location_name: "portalId"))
     CreateProjectRequest.add_member(:project_name, Shapes::ShapeRef.new(shape: Name, required: true, location_name: "projectName"))
     CreateProjectRequest.add_member(:project_description, Shapes::ShapeRef.new(shape: Description, location_name: "projectDescription"))
@@ -655,6 +685,13 @@ module Aws::IoTSiteWise
     DescribeDashboardResponse.add_member(:dashboard_last_update_date, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "dashboardLastUpdateDate"))
     DescribeDashboardResponse.struct_class = Types::DescribeDashboardResponse
 
+    DescribeDefaultEncryptionConfigurationRequest.struct_class = Types::DescribeDefaultEncryptionConfigurationRequest
+
+    DescribeDefaultEncryptionConfigurationResponse.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionType, required: true, location_name: "encryptionType"))
+    DescribeDefaultEncryptionConfigurationResponse.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: ARN, location_name: "kmsKeyArn"))
+    DescribeDefaultEncryptionConfigurationResponse.add_member(:configuration_status, Shapes::ShapeRef.new(shape: ConfigurationStatus, required: true, location_name: "configurationStatus"))
+    DescribeDefaultEncryptionConfigurationResponse.struct_class = Types::DescribeDefaultEncryptionConfigurationResponse
+
     DescribeGatewayCapabilityConfigurationRequest.add_member(:gateway_id, Shapes::ShapeRef.new(shape: ID, required: true, location: "uri", location_name: "gatewayId"))
     DescribeGatewayCapabilityConfigurationRequest.add_member(:capability_namespace, Shapes::ShapeRef.new(shape: CapabilityNamespace, required: true, location: "uri", location_name: "capabilityNamespace"))
     DescribeGatewayCapabilityConfigurationRequest.struct_class = Types::DescribeGatewayCapabilityConfigurationRequest
@@ -697,6 +734,7 @@ module Aws::IoTSiteWise
     DescribePortalResponse.add_member(:portal_last_update_date, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "portalLastUpdateDate"))
     DescribePortalResponse.add_member(:portal_logo_image_location, Shapes::ShapeRef.new(shape: ImageLocation, location_name: "portalLogoImageLocation"))
     DescribePortalResponse.add_member(:role_arn, Shapes::ShapeRef.new(shape: ARN, location_name: "roleArn"))
+    DescribePortalResponse.add_member(:portal_auth_mode, Shapes::ShapeRef.new(shape: AuthMode, location_name: "portalAuthMode"))
     DescribePortalResponse.struct_class = Types::DescribePortalResponse
 
     DescribeProjectRequest.add_member(:project_id, Shapes::ShapeRef.new(shape: ID, required: true, location: "uri", location_name: "projectId"))
@@ -791,10 +829,14 @@ module Aws::IoTSiteWise
     GroupIdentity.add_member(:id, Shapes::ShapeRef.new(shape: IdentityId, required: true, location_name: "id"))
     GroupIdentity.struct_class = Types::GroupIdentity
 
+    IAMUserIdentity.add_member(:arn, Shapes::ShapeRef.new(shape: ARN, required: true, location_name: "arn"))
+    IAMUserIdentity.struct_class = Types::IAMUserIdentity
+
     IDs.member = Shapes::ShapeRef.new(shape: ID)
 
     Identity.add_member(:user, Shapes::ShapeRef.new(shape: UserIdentity, location_name: "user"))
     Identity.add_member(:group, Shapes::ShapeRef.new(shape: GroupIdentity, location_name: "group"))
+    Identity.add_member(:iam_user, Shapes::ShapeRef.new(shape: IAMUserIdentity, location_name: "iamUser"))
     Identity.struct_class = Types::Identity
 
     Image.add_member(:id, Shapes::ShapeRef.new(shape: ID, location_name: "id"))
@@ -822,6 +864,7 @@ module Aws::IoTSiteWise
     ListAccessPoliciesRequest.add_member(:identity_id, Shapes::ShapeRef.new(shape: IdentityId, location: "querystring", location_name: "identityId"))
     ListAccessPoliciesRequest.add_member(:resource_type, Shapes::ShapeRef.new(shape: ResourceType, location: "querystring", location_name: "resourceType"))
     ListAccessPoliciesRequest.add_member(:resource_id, Shapes::ShapeRef.new(shape: ID, location: "querystring", location_name: "resourceId"))
+    ListAccessPoliciesRequest.add_member(:iam_arn, Shapes::ShapeRef.new(shape: ARN, location: "querystring", location_name: "iamArn"))
     ListAccessPoliciesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location: "querystring", location_name: "nextToken"))
     ListAccessPoliciesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location: "querystring", location_name: "maxResults"))
     ListAccessPoliciesRequest.struct_class = Types::ListAccessPoliciesRequest
@@ -984,6 +1027,15 @@ module Aws::IoTSiteWise
     PutAssetPropertyValueEntry.add_member(:property_values, Shapes::ShapeRef.new(shape: AssetPropertyValues, required: true, location_name: "propertyValues"))
     PutAssetPropertyValueEntry.struct_class = Types::PutAssetPropertyValueEntry
 
+    PutDefaultEncryptionConfigurationRequest.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionType, required: true, location_name: "encryptionType"))
+    PutDefaultEncryptionConfigurationRequest.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: KmsKeyId, location_name: "kmsKeyId"))
+    PutDefaultEncryptionConfigurationRequest.struct_class = Types::PutDefaultEncryptionConfigurationRequest
+
+    PutDefaultEncryptionConfigurationResponse.add_member(:encryption_type, Shapes::ShapeRef.new(shape: EncryptionType, required: true, location_name: "encryptionType"))
+    PutDefaultEncryptionConfigurationResponse.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: ARN, location_name: "kmsKeyArn"))
+    PutDefaultEncryptionConfigurationResponse.add_member(:configuration_status, Shapes::ShapeRef.new(shape: ConfigurationStatus, required: true, location_name: "configurationStatus"))
+    PutDefaultEncryptionConfigurationResponse.struct_class = Types::PutDefaultEncryptionConfigurationResponse
+
     PutLoggingOptionsRequest.add_member(:logging_options, Shapes::ShapeRef.new(shape: LoggingOptions, required: true, location_name: "loggingOptions"))
     PutLoggingOptionsRequest.struct_class = Types::PutLoggingOptionsRequest
 
@@ -1317,6 +1369,20 @@ module Aws::IoTSiteWise
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
       end)
 
+      api.add_operation(:create_presigned_portal_url, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CreatePresignedPortalUrl"
+        o.http_method = "GET"
+        o.http_request_uri = "/portals/{portalId}/presigned-url"
+        o.endpoint_pattern = {
+          "hostPrefix" => "monitor.",
+        }
+        o.input = Shapes::ShapeRef.new(shape: CreatePresignedPortalUrlRequest)
+        o.output = Shapes::ShapeRef.new(shape: CreatePresignedPortalUrlResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalFailureException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+      end)
+
       api.add_operation(:create_project, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateProject"
         o.http_method = "POST"
@@ -1516,6 +1582,17 @@ module Aws::IoTSiteWise
         o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
       end)
 
+      api.add_operation(:describe_default_encryption_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DescribeDefaultEncryptionConfiguration"
+        o.http_method = "GET"
+        o.http_request_uri = "/configuration/account/encryption"
+        o.input = Shapes::ShapeRef.new(shape: DescribeDefaultEncryptionConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: DescribeDefaultEncryptionConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalFailureException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+      end)
+
       api.add_operation(:describe_gateway, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DescribeGateway"
         o.http_method = "GET"
@@ -1861,6 +1938,19 @@ module Aws::IoTSiteWise
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
 
+      api.add_operation(:put_default_encryption_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutDefaultEncryptionConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/configuration/account/encryption"
+        o.input = Shapes::ShapeRef.new(shape: PutDefaultEncryptionConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: PutDefaultEncryptionConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalFailureException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictingOperationException)
+      end)
+
       api.add_operation(:put_logging_options, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutLoggingOptions"
         o.http_method = "PUT"

data/lib/aws-sdk-iotsitewise/types.rb

@@ -10,15 +10,15 @@
 module Aws::IoTSiteWise
   module Types
 
-    # Contains an access policy that defines an AWS SSO identity's access
-    # to an AWS IoT SiteWise Monitor resource.
+    # Contains an access policy that defines an identity's access to an AWS
+    # IoT SiteWise Monitor resource.
     #
     # @!attribute [rw] id
     #   The ID of the access policy.
     #   @return [String]
     #
     # @!attribute [rw] identity
-    #   The AWS SSO identity (a user or group).
+    #   The identity (an AWS SSO user, an AWS SSO group, or an IAM user).
     #   @return [Types::Identity]
     #
     # @!attribute [rw] resource
@@ -143,7 +143,7 @@ module Aws::IoTSiteWise
     #
     # @!attribute [rw] name
     #   The hierarchy name provided in the [CreateAssetModel][1] or
-    #   [UpdateAssetModel][2] API.
+    #   [UpdateAssetModel][2] API operation.
     #
     #
     #
@@ -177,7 +177,7 @@ module Aws::IoTSiteWise
     #
     # @!attribute [rw] name
     #   The name of the asset model hierarchy that you specify by using the
-    #   [CreateAssetModel][1] or [UpdateAssetModel][2] API.
+    #   [CreateAssetModel][1] or [UpdateAssetModel][2] API operation.
     #
     #
     #
@@ -212,7 +212,7 @@ module Aws::IoTSiteWise
     #
     # @!attribute [rw] name
     #   The name of the asset model hierarchy definition (as specified in
-    #   [CreateAssetModel][1] or [UpdateAssetModel][2]).
+    #   the [CreateAssetModel][1] or [UpdateAssetModel][2] API operation).
     #
     #
     #
@@ -937,6 +937,32 @@ module Aws::IoTSiteWise
       include Aws::Structure
     end
 
+    # @!attribute [rw] code
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    class ConfigurationErrorDetails < Struct.new(
+      :code,
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] state
+    #   @return [String]
+    #
+    # @!attribute [rw] error
+    #   @return [Types::ConfigurationErrorDetails]
+    #
+    class ConfigurationStatus < Struct.new(
+      :state,
+      :error)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Your request has conflicting operations. This can occur if you're
     # trying to perform more than one operation on the same resource at the
     # same time.
@@ -971,6 +997,9 @@ module Aws::IoTSiteWise
     #           group: {
     #             id: "IdentityId", # required
     #           },
+    #           iam_user: {
+    #             arn: "ARN", # required
+    #           },
     #         },
     #         access_policy_resource: { # required
     #           portal: {
@@ -988,13 +1017,13 @@ module Aws::IoTSiteWise
     #       }
     #
     # @!attribute [rw] access_policy_identity
-    #   The identity for this access policy. Choose either a `user` or a
-    #   `group` but not both.
+    #   The identity for this access policy. Choose an AWS SSO user, an AWS
+    #   SSO group, or an IAM user.
     #   @return [Types::Identity]
     #
     # @!attribute [rw] access_policy_resource
     #   The AWS IoT SiteWise Monitor resource for this access policy. Choose
-    #   either `portal` or `project` but not both.
+    #   either a portal or a project.
     #   @return [Types::Resource]
     #
     # @!attribute [rw] access_policy_permission
@@ -1450,6 +1479,7 @@ module Aws::IoTSiteWise
     #         tags: {
     #           "TagKey" => "TagValue",
     #         },
+    #         portal_auth_mode: "IAM", # accepts IAM, SSO
     #       }
     #
     # @!attribute [rw] portal_name
@@ -1500,6 +1530,32 @@ module Aws::IoTSiteWise
     #   [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html
     #   @return [Hash<String,String>]
     #
+    # @!attribute [rw] portal_auth_mode
+    #   The service to use to authenticate users to the portal. Choose from
+    #   the following options:
+    #
+    #   * `SSO` – The portal uses AWS Single Sign-On to authenticate users
+    #     and manage user permissions. Before you can create a portal that
+    #     uses AWS SSO, you must enable AWS SSO. For more information, see
+    #     [Enabling AWS SSO][1] in the *AWS IoT SiteWise User Guide*. This
+    #     option is only available in AWS Regions other than the China
+    #     Regions.
+    #
+    #   * `IAM` – The portal uses AWS Identity and Access Management (IAM)
+    #     to authenticate users and manage user permissions. IAM users must
+    #     have the `iotsitewise:CreatePresignedPortalUrl` permission to sign
+    #     in to the portal. This option is only available in the China
+    #     Regions.
+    #
+    #   You can't change this value after you create a portal.
+    #
+    #   Default: `SSO`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso
+    #   @return [String]
+    #
     class CreatePortalRequest < Struct.new(
       :portal_name,
       :portal_description,
@@ -1507,7 +1563,8 @@ module Aws::IoTSiteWise
       :client_token,
       :portal_logo_image_file,
       :role_arn,
-      :tags)
+      :tags,
+      :portal_auth_mode)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1527,7 +1584,15 @@ module Aws::IoTSiteWise
     #   @return [String]
     #
     # @!attribute [rw] portal_start_url
-    #   The public URL for the AWS IoT SiteWise Monitor portal.
+    #   The URL for the AWS IoT SiteWise Monitor portal. You can use this
+    #   URL to access portals that use AWS SSO for authentication. For
+    #   portals that use IAM for authentication, you must use the
+    #   [CreatePresignedPortalUrl][1] operation to create a URL that you can
+    #   use to access the portal.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWS IoT SiteWise API ReferenceAPI_CreatePresignedPortalUrl.html
     #   @return [String]
     #
     # @!attribute [rw] portal_status
@@ -1536,7 +1601,7 @@ module Aws::IoTSiteWise
     #   @return [Types::PortalStatus]
     #
     # @!attribute [rw] sso_application_id
-    #   The associated AWS SSO application Id.
+    #   The associated AWS SSO application ID, if the portal uses AWS SSO.
     #   @return [String]
     #
     class CreatePortalResponse < Struct.new(
@@ -1549,6 +1614,45 @@ module Aws::IoTSiteWise
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CreatePresignedPortalUrlRequest
+    #   data as a hash:
+    #
+    #       {
+    #         portal_id: "ID", # required
+    #         session_duration_seconds: 1,
+    #       }
+    #
+    # @!attribute [rw] portal_id
+    #   The ID of the portal to access.
+    #   @return [String]
+    #
+    # @!attribute [rw] session_duration_seconds
+    #   The duration (in seconds) for which the session at the URL is valid.
+    #
+    #   Default: 43,200 seconds (12 hours)
+    #   @return [Integer]
+    #
+    class CreatePresignedPortalUrlRequest < Struct.new(
+      :portal_id,
+      :session_duration_seconds)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] presigned_portal_url
+    #   The pre-signed URL to the portal. The URL contains the portal ID and
+    #   an authentication token that lets you access the portal. The URL has
+    #   the following format.
+    #
+    #   `https://<portal-id>.app.iotsitewise.aws/iam?token=<encrypted-token>`
+    #   @return [String]
+    #
+    class CreatePresignedPortalUrlResponse < Struct.new(
+      :presigned_portal_url)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CreateProjectRequest
     #   data as a hash:
     #
@@ -1912,8 +2016,8 @@ module Aws::IoTSiteWise
     #   @return [String]
     #
     # @!attribute [rw] access_policy_identity
-    #   The AWS SSO identity (user or group) to which this access policy
-    #   applies.
+    #   The identity (AWS SSO user, AWS SSO group, or IAM user) to which
+    #   this access policy applies.
     #   @return [Types::Identity]
     #
     # @!attribute [rw] access_policy_resource
@@ -2220,6 +2324,33 @@ module Aws::IoTSiteWise
       include Aws::Structure
     end
 
+    # @api private
+    #
+    class DescribeDefaultEncryptionConfigurationRequest < Aws::EmptyStructure; end
+
+    # @!attribute [rw] encryption_type
+    #   The type of encryption used for the encryption configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_arn
+    #   The key ARN of the customer managed customer master key (CMK) used
+    #   for AWS KMS encryption if you use `KMS_BASED_ENCRYPTION`.
+    #   @return [String]
+    #
+    # @!attribute [rw] configuration_status
+    #   The status of the account configuration. This contains the
+    #   `ConfigurationState`. If there's an error, it also contains the
+    #   `ErrorDetails`.
+    #   @return [Types::ConfigurationStatus]
+    #
+    class DescribeDefaultEncryptionConfigurationResponse < Struct.new(
+      :encryption_type,
+      :kms_key_arn,
+      :configuration_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DescribeGatewayCapabilityConfigurationRequest
     #   data as a hash:
     #
@@ -2411,12 +2542,20 @@ module Aws::IoTSiteWise
     #
     # @!attribute [rw] portal_client_id
     #   The AWS SSO application generated client ID (used with AWS SSO
-    #   APIs).
+    #   APIs). AWS IoT SiteWise includes `portalClientId` for only portals
+    #   that use AWS SSO to authenticate users.
     #   @return [String]
     #
     # @!attribute [rw] portal_start_url
-    #   The public root URL for the AWS IoT AWS IoT SiteWise Monitor
-    #   application portal.
+    #   The URL for the AWS IoT SiteWise Monitor portal. You can use this
+    #   URL to access portals that use AWS SSO for authentication. For
+    #   portals that use IAM for authentication, you must use the
+    #   [CreatePresignedPortalUrl][1] operation to create a URL that you can
+    #   use to access the portal.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWS IoT SiteWise API ReferenceAPI_CreatePresignedPortalUrl.html
     #   @return [String]
     #
     # @!attribute [rw] portal_contact_email
@@ -2452,6 +2591,10 @@ module Aws::IoTSiteWise
     #   [2]: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-service-role.html
     #   @return [String]
     #
+    # @!attribute [rw] portal_auth_mode
+    #   The service to use to authenticate users to the portal.
+    #   @return [String]
+    #
     class DescribePortalResponse < Struct.new(
       :portal_id,
       :portal_arn,
@@ -2464,7 +2607,8 @@ module Aws::IoTSiteWise
       :portal_creation_date,
       :portal_last_update_date,
       :portal_logo_image_location,
-      :role_arn)
+      :role_arn,
+      :portal_auth_mode)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3020,7 +3164,41 @@ module Aws::IoTSiteWise
       include Aws::Structure
     end
 
-    # Contains an AWS SSO identity ID for a user or group.
+    # Contains information about an AWS Identity and Access Management (IAM)
+    # user.
+    #
+    # @note When making an API call, you may pass IAMUserIdentity
+    #   data as a hash:
+    #
+    #       {
+    #         arn: "ARN", # required
+    #       }
+    #
+    # @!attribute [rw] arn
+    #   The ARN of the IAM user. IAM users must have the
+    #   `iotsitewise:CreatePresignedPortalUrl` permission to sign in to the
+    #   portal. For more information, see [IAM ARNs][1] in the *IAM User
+    #   Guide*.
+    #
+    #   <note markdown="1"> If you delete the IAM user, access policies that contain this
+    #   identity include an empty `arn`. You can delete the access policy
+    #   for the IAM user that no longer exists.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
+    #   @return [String]
+    #
+    class IAMUserIdentity < Struct.new(
+      :arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains an identity that can access an AWS IoT SiteWise Monitor
+    # resource.
     #
     # <note markdown="1"> Currently, you can't use AWS APIs to retrieve AWS SSO identity IDs.
     # You can find the AWS SSO identity IDs in the URL of user and group
@@ -3042,19 +3220,27 @@ module Aws::IoTSiteWise
     #         group: {
     #           id: "IdentityId", # required
     #         },
+    #         iam_user: {
+    #           arn: "ARN", # required
+    #         },
     #       }
     #
     # @!attribute [rw] user
-    #   A user identity.
+    #   An AWS SSO user identity.
     #   @return [Types::UserIdentity]
     #
     # @!attribute [rw] group
-    #   A group identity.
+    #   An AWS SSO group identity.
     #   @return [Types::GroupIdentity]
     #
+    # @!attribute [rw] iam_user
+    #   An IAM user identity.
+    #   @return [Types::IAMUserIdentity]
+    #
     class Identity < Struct.new(
       :user,
-      :group)
+      :group,
+      :iam_user)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3188,22 +3374,23 @@ module Aws::IoTSiteWise
     #   data as a hash:
     #
     #       {
-    #         identity_type: "USER", # accepts USER, GROUP
+    #         identity_type: "USER", # accepts USER, GROUP, IAM
     #         identity_id: "IdentityId",
     #         resource_type: "PORTAL", # accepts PORTAL, PROJECT
     #         resource_id: "ID",
+    #         iam_arn: "ARN",
     #         next_token: "NextToken",
     #         max_results: 1,
     #       }
     #
     # @!attribute [rw] identity_type
-    #   The type of identity (user or group). This parameter is required if
-    #   you specify `identityId`.
+    #   The type of identity (AWS SSO user, AWS SSO group, or IAM user).
+    #   This parameter is required if you specify `identityId`.
     #   @return [String]
     #
     # @!attribute [rw] identity_id
     #   The ID of the identity. This parameter is required if you specify
-    #   `identityType`.
+    #   `USER` or `GROUP` for `identityType`.
     #   @return [String]
     #
     # @!attribute [rw] resource_type
@@ -3216,6 +3403,16 @@ module Aws::IoTSiteWise
     #   `resourceType`.
     #   @return [String]
     #
+    # @!attribute [rw] iam_arn
+    #   The ARN of the IAM user. For more information, see [IAM ARNs][1] in
+    #   the *IAM User Guide*. This parameter is required if you specify
+    #   `IAM` for `identityType`.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html
+    #   @return [String]
+    #
     # @!attribute [rw] next_token
     #   The token to be used for the next set of paginated results.
     #   @return [String]
@@ -3231,6 +3428,7 @@ module Aws::IoTSiteWise
       :identity_id,
       :resource_type,
       :resource_id,
+      :iam_arn,
       :next_token,
       :max_results)
       SENSITIVE = []
@@ -3889,8 +4087,15 @@ module Aws::IoTSiteWise
     #   @return [String]
     #
     # @!attribute [rw] start_url
-    #   The public root URL for the AWS IoT AWS IoT SiteWise Monitor
-    #   application portal.
+    #   The URL for the AWS IoT SiteWise Monitor portal. You can use this
+    #   URL to access portals that use AWS SSO for authentication. For
+    #   portals that use IAM for authentication, you must use the
+    #   [CreatePresignedPortalUrl][1] operation to create a URL that you can
+    #   use to access the portal.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AWS IoT SiteWise API ReferenceAPI_CreatePresignedPortalUrl.html
     #   @return [String]
     #
     # @!attribute [rw] creation_date
@@ -4146,7 +4351,8 @@ module Aws::IoTSiteWise
     end
 
     # Contains a list of value updates for an asset property in the list of
-    # asset entries consumed by the [BatchPutAssetPropertyValue][1] API.
+    # asset entries consumed by the [BatchPutAssetPropertyValue][1] API
+    # operation.
     #
     #
     #
@@ -4217,6 +4423,54 @@ module Aws::IoTSiteWise
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutDefaultEncryptionConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         encryption_type: "SITEWISE_DEFAULT_ENCRYPTION", # required, accepts SITEWISE_DEFAULT_ENCRYPTION, KMS_BASED_ENCRYPTION
+    #         kms_key_id: "KmsKeyId",
+    #       }
+    #
+    # @!attribute [rw] encryption_type
+    #   The type of encryption used for the encryption configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_id
+    #   The Key ID of the customer managed customer master key (CMK) used
+    #   for AWS KMS encryption. This is required if you use
+    #   `KMS_BASED_ENCRYPTION`.
+    #   @return [String]
+    #
+    class PutDefaultEncryptionConfigurationRequest < Struct.new(
+      :encryption_type,
+      :kms_key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] encryption_type
+    #   The type of encryption used for the encryption configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_arn
+    #   The Key ARN of the AWS KMS CMK used for AWS KMS encryption if you
+    #   use `KMS_BASED_ENCRYPTION`.
+    #   @return [String]
+    #
+    # @!attribute [rw] configuration_status
+    #   The status of the account configuration. This contains the
+    #   `ConfigurationState`. If there is an error, it also contains the
+    #   `ErrorDetails`.
+    #   @return [Types::ConfigurationStatus]
+    #
+    class PutDefaultEncryptionConfigurationResponse < Struct.new(
+      :encryption_type,
+      :kms_key_arn,
+      :configuration_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass PutLoggingOptionsRequest
     #   data as a hash:
     #
@@ -4543,6 +4797,9 @@ module Aws::IoTSiteWise
     #           group: {
     #             id: "IdentityId", # required
     #           },
+    #           iam_user: {
+    #             arn: "ARN", # required
+    #           },
     #         },
     #         access_policy_resource: { # required
     #           portal: {
@@ -4561,13 +4818,13 @@ module Aws::IoTSiteWise
     #   @return [String]
     #
     # @!attribute [rw] access_policy_identity
-    #   The identity for this access policy. Choose either a `user` or a
-    #   `group` but not both.
+    #   The identity for this access policy. Choose an AWS SSO user, an AWS
+    #   SSO group, or an IAM user.
     #   @return [Types::Identity]
     #
     # @!attribute [rw] access_policy_resource
     #   The AWS IoT SiteWise Monitor resource for this access policy. Choose
-    #   either `portal` or `project` but not both.
+    #   either a portal or a project.
     #   @return [Types::Resource]
     #
     # @!attribute [rw] access_policy_permission

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-iotsitewise
 version: !ruby/object:Gem::Version
-  version: 1.10.0
+  version: 1.15.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-09-15 00:00:00.000000000 Z
+date: 2020-11-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.109.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.99.0
+        version: 3.109.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement