aws-sdk-quicksight 1.165.0 → 1.167.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 222268dddda50ef3485ac21316c5b48a387b24931176504e4d57606a4f6a48fd
-  data.tar.gz: 0fccacea0454c80538e9def5dac795db9ab7fb914a6e258aa1c28b7c6082783d
+  metadata.gz: 4c5a9854d8280c0af341fe28923ecf0217b6ebea509e0f48cf6b9a517aa899b3
+  data.tar.gz: 6615f8515b41b7233fec248094ffa4ba01e4c6f46dedfc642ad57843eecb50ae
 SHA512:
-  metadata.gz: efa1b534bbd8d384de01e9f9b9408fbefa686eb1836b3a90398adf65885a7badf31956dbb607f16c2f73fddb27cb57dc50a1449402792f64123b2bcf2ddfbaad
-  data.tar.gz: 19b4213449bb6b7b483ca06ed88abdfb05785d17169d6f83f637f3e86178a3467a603c8cc542d99f395fde026e6e38b8b0d346f2d6c9f82377aa6cc5fe5469a7
+  metadata.gz: 2a810021e52d2d9bc21a277017cb56dfde1d7fdbf98ace9bfc8d4c47994cb4013824be2b9199a8b30875ba7dcc03c12a88e6c43d1410568966457b62088d366b
+  data.tar.gz: 459dcdbcd58fc0749241f5e50a174efc6b1cb9cd7dc87ded5e90e646e075a63d2113bb42b79e688c050cbdfd9fa34a357dd4d24d8d34ca2e1b8785be1c34fef7

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.167.0 (2025-12-29)
+------------------
+
+* Feature - This release adds support for quick users to be able to perform role upgrades on their own. Additionally it allows admins to make this feature admin or auto approval along with new self upgrade capability that can be restricted by Admins.
+
+1.166.0 (2025-12-11)
+------------------
+
+* Feature - This release adds new GetIdentityContext API, Dashboard customization options for tables and pivot tables, Visual styling options- borders and decals, map GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support registered users. Parameters limit increased to 400
+
 1.165.0 (2025-11-21)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.165.0
+1.167.0

data/lib/aws-sdk-quicksight/client.rb

@@ -2236,6 +2236,7 @@ module Aws::QuickSight
     #       chat_agent: "DENY", # accepts DENY
     #       create_chat_agents: "DENY", # accepts DENY
     #       research: "DENY", # accepts DENY
+    #       self_upgrade_user_role: "DENY", # accepts DENY
     #     },
     #     tags: [
     #       {
@@ -3653,6 +3654,11 @@ module Aws::QuickSight
     #       },
     #       copy_source_arn: "CopySourceArn",
     #       secret_arn: "SecretArn",
+    #       key_pair_credentials: {
+    #         key_pair_username: "DbUsername", # required
+    #         private_key: "PrivateKey", # required
+    #         private_key_passphrase: "PrivateKeyPassphrase",
+    #       },
     #       web_proxy_credentials: {
     #         web_proxy_username: "DbUsername", # required
     #         web_proxy_password: "Password", # required
@@ -7785,6 +7791,7 @@ module Aws::QuickSight
     #   resp.custom_permissions.capabilities.chat_agent #=> String, one of "DENY"
     #   resp.custom_permissions.capabilities.create_chat_agents #=> String, one of "DENY"
     #   resp.custom_permissions.capabilities.research #=> String, one of "DENY"
+    #   resp.custom_permissions.capabilities.self_upgrade_user_role #=> String, one of "DENY"
     #   resp.request_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/quicksight-2018-04-01/DescribeCustomPermissions AWS API Documentation
@@ -8010,6 +8017,23 @@ module Aws::QuickSight
     # Poll job descriptions after a job starts to know the status of the
     # job. For information on available status codes, see `JobStatus`.
     #
+    # **Registered user support**
+    #
+    # This API can be called as before to get status of a job started by the
+    # same Quick Sight user.
+    #
+    # **Possible error scenarios**
+    #
+    # Request will fail with an Access Denied error in the following
+    # scenarios:
+    #
+    # * The credentials have expired.
+    #
+    # * Job has been started by a different user.
+    #
+    # * Impersonated Quick Sight user doesn't have access to the specified
+    #   dashboard in the job.
+    #
     # @option params [required, String] :aws_account_id
     #   The ID of the Amazon Web Services account that the dashboard snapshot
     #   job is executed in.
@@ -8105,6 +8129,47 @@ module Aws::QuickSight
     # that says `Dashboard Snapshot Job with id <SnapshotjobId> has not
     # reached a terminal state.`.
     #
+    # **Registered user support**
+    #
+    # This API can be called as before to get the result of a job started by
+    # the same Quick Sight user. The result for the user will be returned in
+    # `RegisteredUsers` response attribute. The attribute will contain a
+    # list with at most one object in it.
+    #
+    # **Possible error scenarios**
+    #
+    # The request fails with an Access Denied error in the following
+    # scenarios:
+    #
+    # * The credentials have expired.
+    #
+    # * The job was started by a different user.
+    #
+    # * The registered user doesn't have access to the specified dashboard.
+    #
+    # The request succeeds but the job fails in the following scenarios:
+    #
+    # * `DASHBOARD_ACCESS_DENIED` - The registered user lost access to the
+    #   dashboard.
+    #
+    # * `CAPABILITY_RESTRICTED` - The registered user is restricted from
+    #   exporting data in **all** selected formats.
+    #
+    # The request succeeds but the response contains an error code in the
+    # following scenarios:
+    #
+    # * `CAPABILITY_RESTRICTED` - The registered user is restricted from
+    #   exporting data in **some** selected formats.
+    #
+    # * `RLS_CHANGED` - Row-level security settings have changed. Re-run the
+    #   job with current settings.
+    #
+    # * `CLS_CHANGED` - Column-level security settings have changed. Re-run
+    #   the job with current settings.
+    #
+    # * `DATASET_DELETED` - The dataset has been deleted. Verify the dataset
+    #   exists before re-running the job.
+    #
     # @option params [required, String] :aws_account_id
     #   The ID of the Amazon Web Services account that the dashboard snapshot
     #   job is executed in.
@@ -8158,6 +8223,23 @@ module Aws::QuickSight
     #   resp.result.anonymous_users[0].file_groups[0].s3_results[0].error_info #=> Array
     #   resp.result.anonymous_users[0].file_groups[0].s3_results[0].error_info[0].error_message #=> String
     #   resp.result.anonymous_users[0].file_groups[0].s3_results[0].error_info[0].error_type #=> String
+    #   resp.result.registered_users #=> Array
+    #   resp.result.registered_users[0].file_groups #=> Array
+    #   resp.result.registered_users[0].file_groups[0].files #=> Array
+    #   resp.result.registered_users[0].file_groups[0].files[0].sheet_selections #=> Array
+    #   resp.result.registered_users[0].file_groups[0].files[0].sheet_selections[0].sheet_id #=> String
+    #   resp.result.registered_users[0].file_groups[0].files[0].sheet_selections[0].selection_scope #=> String, one of "ALL_VISUALS", "SELECTED_VISUALS"
+    #   resp.result.registered_users[0].file_groups[0].files[0].sheet_selections[0].visual_ids #=> Array
+    #   resp.result.registered_users[0].file_groups[0].files[0].sheet_selections[0].visual_ids[0] #=> String
+    #   resp.result.registered_users[0].file_groups[0].files[0].format_type #=> String, one of "CSV", "PDF", "EXCEL"
+    #   resp.result.registered_users[0].file_groups[0].s3_results #=> Array
+    #   resp.result.registered_users[0].file_groups[0].s3_results[0].s3_destination_configuration.bucket_configuration.bucket_name #=> String
+    #   resp.result.registered_users[0].file_groups[0].s3_results[0].s3_destination_configuration.bucket_configuration.bucket_prefix #=> String
+    #   resp.result.registered_users[0].file_groups[0].s3_results[0].s3_destination_configuration.bucket_configuration.bucket_region #=> String
+    #   resp.result.registered_users[0].file_groups[0].s3_results[0].s3_uri #=> String
+    #   resp.result.registered_users[0].file_groups[0].s3_results[0].error_info #=> Array
+    #   resp.result.registered_users[0].file_groups[0].s3_results[0].error_info[0].error_message #=> String
+    #   resp.result.registered_users[0].file_groups[0].s3_results[0].error_info[0].error_type #=> String
     #   resp.error_info.error_message #=> String
     #   resp.error_info.error_type #=> String
     #   resp.request_id #=> String
@@ -9667,6 +9749,44 @@ module Aws::QuickSight
       req.send_request(options)
     end
 
+    # Describes the self-upgrade configuration for a Quick Suite account.
+    #
+    # @option params [required, String] :aws_account_id
+    #   The ID of the Amazon Web Services account that contains the Quick
+    #   Suite self-upgrade configuration.
+    #
+    # @option params [required, String] :namespace
+    #   The Quick Suite namespace that you want to describe the Quick Suite
+    #   self-upgrade configuration for.
+    #
+    # @return [Types::DescribeSelfUpgradeConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeSelfUpgradeConfigurationResponse#self_upgrade_configuration #self_upgrade_configuration} => Types::SelfUpgradeConfiguration
+    #   * {Types::DescribeSelfUpgradeConfigurationResponse#request_id #request_id} => String
+    #   * {Types::DescribeSelfUpgradeConfigurationResponse#status #status} => Integer
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_self_upgrade_configuration({
+    #     aws_account_id: "AwsAccountId", # required
+    #     namespace: "Namespace", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.self_upgrade_configuration.self_upgrade_status #=> String, one of "AUTO_APPROVAL", "ADMIN_APPROVAL"
+    #   resp.request_id #=> String
+    #   resp.status #=> Integer
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/quicksight-2018-04-01/DescribeSelfUpgradeConfiguration AWS API Documentation
+    #
+    # @overload describe_self_upgrade_configuration(params = {})
+    # @param [Hash] params ({})
+    def describe_self_upgrade_configuration(params = {}, options = {})
+      req = build_request(:describe_self_upgrade_configuration, params)
+      req.send_request(options)
+    end
+
     # Describes a template's metadata.
     #
     # @option params [required, String] :aws_account_id
@@ -11324,6 +11444,110 @@ module Aws::QuickSight
       req.send_request(options)
     end
 
+    # Retrieves the identity context for a Quick Sight user in a specified
+    # namespace, allowing you to obtain identity tokens that can be used
+    # with identity-enhanced IAM role sessions to call identity-aware APIs.
+    #
+    # Currently, you can call the following APIs with identity-enhanced
+    # Credentials
+    #
+    # * [StartDashboardSnapshotJob][1]
+    #
+    # * [DescribeDashboardSnapshotJob][2]
+    #
+    # * [DescribeDashboardSnapshotJobResult][3]
+    #
+    # **Supported Authentication Methods**
+    #
+    # This API supports Quick Sight native users, IAM federated users, and
+    # Active Directory users. For Quick Sight users authenticated by Amazon
+    # Web Services Identity Center, see [Identity Center documentation on
+    # identity-enhanced IAM role sessions][4].
+    #
+    # **Getting Identity-Enhanced Credentials**
+    #
+    # To obtain identity-enhanced credentials, follow these steps:
+    #
+    # * Call the GetIdentityContext API to retrieve an identity token for
+    #   the specified user.
+    #
+    # * Use the identity token with the [STS AssumeRole API][5] to obtain
+    #   identity-enhanced IAM role session credentials.
+    #
+    # **Usage with STS AssumeRole**
+    #
+    # The identity token returned by this API should be used with the STS
+    # AssumeRole API to obtain credentials for an identity-enhanced IAM role
+    # session. When calling AssumeRole, include the identity token in the
+    # `ProvidedContexts` parameter with `ProviderArn` set to
+    # `arn:aws:iam::aws:contextProvider/QuickSight` and `ContextAssertion`
+    # set to the identity token received from this API.
+    #
+    # The assumed role must allow the `sts:SetContext` action in addition to
+    # `sts:AssumeRole` in its trust relationship policy. The trust policy
+    # should include both actions for the principal that will be assuming
+    # the role.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/quicksight/latest/APIReference/API_StartDashboardSnapshotJob.html
+    # [2]: https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DescribeDashboardSnapshotJob.html
+    # [3]: https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DescribeDashboardSnapshotJobResult.html
+    # [4]: https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-identity-enhanced-iam-role-sessions.html
+    # [5]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
+    #
+    # @option params [required, String] :aws_account_id
+    #   The ID for the Amazon Web Services account that the user whose
+    #   identity context you want to retrieve is in. Currently, you use the ID
+    #   for the Amazon Web Services account that contains your Quick Sight
+    #   account.
+    #
+    # @option params [required, Types::UserIdentifier] :user_identifier
+    #   The identifier for the user whose identity context you want to
+    #   retrieve.
+    #
+    # @option params [String] :namespace
+    #   The namespace of the user that you want to get identity context for.
+    #   This parameter is required when the UserIdentifier is specified using
+    #   Email or UserName.
+    #
+    # @option params [Time,DateTime,Date,Integer,String] :session_expires_at
+    #   The timestamp at which the session will expire.
+    #
+    # @return [Types::GetIdentityContextResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetIdentityContextResponse#status #status} => Integer
+    #   * {Types::GetIdentityContextResponse#request_id #request_id} => String
+    #   * {Types::GetIdentityContextResponse#context #context} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_identity_context({
+    #     aws_account_id: "AwsAccountId", # required
+    #     user_identifier: { # required
+    #       user_name: "SensitiveString",
+    #       email: "SensitiveString",
+    #       user_arn: "Arn",
+    #     },
+    #     namespace: "Namespace",
+    #     session_expires_at: Time.now,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.status #=> Integer
+    #   resp.request_id #=> String
+    #   resp.context #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/quicksight-2018-04-01/GetIdentityContext AWS API Documentation
+    #
+    # @overload get_identity_context(params = {})
+    # @param [Hash] params ({})
+    def get_identity_context(params = {}, options = {})
+      req = build_request(:get_identity_context, params)
+      req.send_request(options)
+    end
+
     # Generates a session URL and authorization code that you can use to
     # embed the Amazon Amazon Quick Sight console in your web server code.
     # Use `GetSessionEmbedUrl` where you want to provide an authoring portal
@@ -11762,6 +11986,7 @@ module Aws::QuickSight
     #   resp.custom_permissions_list[0].capabilities.chat_agent #=> String, one of "DENY"
     #   resp.custom_permissions_list[0].capabilities.create_chat_agents #=> String, one of "DENY"
     #   resp.custom_permissions_list[0].capabilities.research #=> String, one of "DENY"
+    #   resp.custom_permissions_list[0].capabilities.self_upgrade_user_role #=> String, one of "DENY"
     #   resp.next_token #=> String
     #   resp.request_id #=> String
     #
@@ -12934,6 +13159,63 @@ module Aws::QuickSight
       req.send_request(options)
     end
 
+    # Lists all self-upgrade requests for a Quick Suite account.
+    #
+    # @option params [required, String] :aws_account_id
+    #   The ID of the Amazon Web Services account that contains the
+    #   self-upgrade requests.
+    #
+    # @option params [required, String] :namespace
+    #   The Quick Suite namespace for the self-upgrade requests.
+    #
+    # @option params [String] :next_token
+    #   The token for the next set of results, or null if there are no more
+    #   results.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of results to return.
+    #
+    # @return [Types::ListSelfUpgradesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListSelfUpgradesResponse#self_upgrade_request_details #self_upgrade_request_details} => Array&lt;Types::SelfUpgradeRequestDetail&gt;
+    #   * {Types::ListSelfUpgradesResponse#next_token #next_token} => String
+    #   * {Types::ListSelfUpgradesResponse#request_id #request_id} => String
+    #   * {Types::ListSelfUpgradesResponse#status #status} => Integer
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_self_upgrades({
+    #     aws_account_id: "AwsAccountId", # required
+    #     namespace: "Namespace", # required
+    #     next_token: "String",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.self_upgrade_request_details #=> Array
+    #   resp.self_upgrade_request_details[0].upgrade_request_id #=> String
+    #   resp.self_upgrade_request_details[0].user_name #=> String
+    #   resp.self_upgrade_request_details[0].original_role #=> String, one of "ADMIN", "AUTHOR", "READER", "RESTRICTED_AUTHOR", "RESTRICTED_READER", "ADMIN_PRO", "AUTHOR_PRO", "READER_PRO"
+    #   resp.self_upgrade_request_details[0].requested_role #=> String, one of "ADMIN", "AUTHOR", "READER", "RESTRICTED_AUTHOR", "RESTRICTED_READER", "ADMIN_PRO", "AUTHOR_PRO", "READER_PRO"
+    #   resp.self_upgrade_request_details[0].request_note #=> String
+    #   resp.self_upgrade_request_details[0].creation_time #=> Integer
+    #   resp.self_upgrade_request_details[0].request_status #=> String, one of "PENDING", "APPROVED", "DENIED", "UPDATE_FAILED", "VERIFY_FAILED"
+    #   resp.self_upgrade_request_details[0].last_update_attempt_time #=> Integer
+    #   resp.self_upgrade_request_details[0].last_update_failure_reason #=> String
+    #   resp.next_token #=> String
+    #   resp.request_id #=> String
+    #   resp.status #=> Integer
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/quicksight-2018-04-01/ListSelfUpgrades AWS API Documentation
+    #
+    # @overload list_self_upgrades(params = {})
+    # @param [Hash] params ({})
+    def list_self_upgrades(params = {}, options = {})
+      req = build_request(:list_self_upgrades, params)
+      req.send_request(options)
+    end
+
     # Lists the tags assigned to a resource.
     #
     # @option params [required, String] :resource_arn
@@ -15842,9 +16124,95 @@ module Aws::QuickSight
     #
     # * The size of the generated snapshots.
     #
+    # **Registered user support**
+    #
+    # You can generate snapshots for registered Quick Sight users by using
+    # the Snapshot Job APIs with [identity-enhanced IAM role session
+    # credentials][2]. This approach allows you to create snapshots on
+    # behalf of specific Quick Sight users while respecting their row-level
+    # security (RLS), column-level security (CLS), dynamic default
+    # parameters and dashboard parameter/filter settings.
+    #
+    # To generate snapshots for registered Quick Sight users, you need to:
+    #
+    # * Obtain identity-enhanced IAM role session credentials from Amazon
+    #   Web Services Security Token Service (STS).
+    #
+    # * Use these credentials to call the Snapshot Job APIs.
+    #
+    # Identity-enhanced credentials are credentials that contain information
+    # about the end user (e.g., registered Quick Sight user).
+    #
+    # If your Quick Sight users are backed by [Amazon Web Services Identity
+    # Center][3], then you need to set up a [trusted token issuer][4]. Then,
+    # getting identity-enhanced IAM credentials for a Quick Sight user will
+    # look like the following:
+    #
+    # * Authenticate user with your OIDC compliant Identity Provider. You
+    #   should get auth tokens back.
+    #
+    # * Use the OIDC API, [CreateTokenWithIAM][5], to exchange auth tokens
+    #   to IAM tokens. One of the resulted tokens will be identity token.
+    #
+    # * Call STS AssumeRole API as you normally would, but provide an extra
+    #   `ProvidedContexts` parameter in the API request. The list of
+    #   contexts must have a single trusted context assertion. The
+    #   `ProviderArn` should be
+    #   `arn:aws:iam::aws:contextProvider/IdentityCenter` while
+    #   `ContextAssertion` will be the identity token you received in
+    #   response from CreateTokenWithIAM
+    #
+    # For more details, see [IdC documentation on Identity-enhanced IAM role
+    # sessions][2].
+    #
+    # To obtain Identity-enhanced credentials for Quick Sight native users,
+    # IAM federated users, or Active Directory users, follow the steps
+    # below:
+    #
+    # * Call Quick Sight [GetIdentityContext API][6] to get identity token.
+    #
+    # * Call STS AssumeRole API as you normally would, but provide extra
+    #   `ProvidedContexts` parameter in the API request. The list of
+    #   contexts must have a single trusted context assertion. The
+    #   `ProviderArn` should be
+    #   `arn:aws:iam::aws:contextProvider/QuickSight` while
+    #   `ContextAssertion` will be the identity token you received in
+    #   response from GetIdentityContext
+    #
+    # After obtaining the identity-enhanced IAM role session credentials,
+    # you can use them to start a job, describe the job and describe job
+    # result. You can use the same credentials as long as they haven't
+    # expired. All API requests made with these credentials are considered
+    # to be made by the impersonated Quick Sight user.
+    #
+    # When using identity-enhanced session credentials, set the
+    # UserConfiguration request attribute to null. Otherwise, the request
+    # will be invalid.
+    #
+    # **Possible error scenarios**
+    #
+    # The request fails with an Access Denied error in the following
+    # scenarios:
+    #
+    # * The credentials have expired.
+    #
+    # * The impersonated Quick Sight user doesn't have access to the
+    #   specified dashboard.
+    #
+    # * The impersonated Quick Sight user is restricted from exporting data
+    #   in the selected formats. For more information about export
+    #   restrictions, see [Customizing access to Amazon Quick Sight
+    #   capabilities][7].
+    #
     #
     #
     # [1]: http://aws.amazon.com/contact-us/
+    # [2]: https://docs.aws.amazon.com/singlesignon/latest/userguide/trustedidentitypropagation-identity-enhanced-iam-role-sessions.html
+    # [3]: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
+    # [4]: https://docs.aws.amazon.com/singlesignon/latest/userguide/setuptrustedtokenissuer.html
+    # [5]: https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_CreateTokenWithIAM.html
+    # [6]: https://docs.aws.amazon.com/quicksight/latest/APIReference/API_GetIdentityContext.html
+    # [7]: https://docs.aws.amazon.com/quicksuite/latest/userguide/create-custom-permisions-profile.html
     #
     # @option params [required, String] :aws_account_id
     #   The ID of the Amazon Web Services account that the dashboard snapshot
@@ -15860,10 +16228,15 @@ module Aws::QuickSight
     #   runs. You can reuse this ID for another job 24 hours after the current
     #   job is completed.
     #
-    # @option params [required, Types::SnapshotUserConfiguration] :user_configuration
-    #   A structure that contains information about the anonymous users that
-    #   the generated snapshot is for. This API will not return information
-    #   about registered Amazon Quick Sight.
+    # @option params [Types::SnapshotUserConfiguration] :user_configuration
+    #   A structure that contains information about the users that the
+    #   dashboard snapshot is generated for. The users can be either anonymous
+    #   users or registered users. Anonymous users cannot be used together
+    #   with registered users.
+    #
+    #   When using identity-enhanced session credentials, set the
+    #   UserConfiguration request attribute to null. Otherwise, the request
+    #   will be invalid.
     #
     # @option params [required, Types::SnapshotConfiguration] :snapshot_configuration
     #   A structure that describes the configuration of the dashboard
@@ -15882,7 +16255,7 @@ module Aws::QuickSight
     #     aws_account_id: "AwsAccountId", # required
     #     dashboard_id: "ShortRestrictiveResourceId", # required
     #     snapshot_job_id: "ShortRestrictiveResourceId", # required
-    #     user_configuration: { # required
+    #     user_configuration: {
     #       anonymous_users: [
     #         {
     #           row_level_permission_tags: [
@@ -16947,6 +17320,7 @@ module Aws::QuickSight
     #       chat_agent: "DENY", # accepts DENY
     #       create_chat_agents: "DENY", # accepts DENY
     #       research: "DENY", # accepts DENY
+    #       self_upgrade_user_role: "DENY", # accepts DENY
     #     },
     #   })
     #
@@ -18552,6 +18926,11 @@ module Aws::QuickSight
     #       },
     #       copy_source_arn: "CopySourceArn",
     #       secret_arn: "SecretArn",
+    #       key_pair_credentials: {
+    #         key_pair_username: "DbUsername", # required
+    #         private_key: "PrivateKey", # required
+    #         private_key_passphrase: "PrivateKeyPassphrase",
+    #       },
     #       web_proxy_credentials: {
     #         web_proxy_username: "DbUsername", # required
     #         web_proxy_password: "Password", # required
@@ -19421,6 +19800,102 @@ module Aws::QuickSight
       req.send_request(options)
     end
 
+    # Updates a self-upgrade request for a Quick Suite user by approving,
+    # denying, or verifying the request.
+    #
+    # @option params [required, String] :aws_account_id
+    #   The ID of the Amazon Web Services account that contains the
+    #   self-upgrade request.
+    #
+    # @option params [required, String] :namespace
+    #   The Quick Suite namespace for the self-upgrade request.
+    #
+    # @option params [required, String] :upgrade_request_id
+    #   The ID of the self-upgrade request to update.
+    #
+    # @option params [required, String] :action
+    #   The action to perform on the self-upgrade request. Valid values are
+    #   `APPROVE`, `DENY`, or `VERIFY`.
+    #
+    # @return [Types::UpdateSelfUpgradeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateSelfUpgradeResponse#self_upgrade_request_detail #self_upgrade_request_detail} => Types::SelfUpgradeRequestDetail
+    #   * {Types::UpdateSelfUpgradeResponse#request_id #request_id} => String
+    #   * {Types::UpdateSelfUpgradeResponse#status #status} => Integer
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_self_upgrade({
+    #     aws_account_id: "AwsAccountId", # required
+    #     namespace: "Namespace", # required
+    #     upgrade_request_id: "String", # required
+    #     action: "APPROVE", # required, accepts APPROVE, DENY, VERIFY
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.self_upgrade_request_detail.upgrade_request_id #=> String
+    #   resp.self_upgrade_request_detail.user_name #=> String
+    #   resp.self_upgrade_request_detail.original_role #=> String, one of "ADMIN", "AUTHOR", "READER", "RESTRICTED_AUTHOR", "RESTRICTED_READER", "ADMIN_PRO", "AUTHOR_PRO", "READER_PRO"
+    #   resp.self_upgrade_request_detail.requested_role #=> String, one of "ADMIN", "AUTHOR", "READER", "RESTRICTED_AUTHOR", "RESTRICTED_READER", "ADMIN_PRO", "AUTHOR_PRO", "READER_PRO"
+    #   resp.self_upgrade_request_detail.request_note #=> String
+    #   resp.self_upgrade_request_detail.creation_time #=> Integer
+    #   resp.self_upgrade_request_detail.request_status #=> String, one of "PENDING", "APPROVED", "DENIED", "UPDATE_FAILED", "VERIFY_FAILED"
+    #   resp.self_upgrade_request_detail.last_update_attempt_time #=> Integer
+    #   resp.self_upgrade_request_detail.last_update_failure_reason #=> String
+    #   resp.request_id #=> String
+    #   resp.status #=> Integer
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/quicksight-2018-04-01/UpdateSelfUpgrade AWS API Documentation
+    #
+    # @overload update_self_upgrade(params = {})
+    # @param [Hash] params ({})
+    def update_self_upgrade(params = {}, options = {})
+      req = build_request(:update_self_upgrade, params)
+      req.send_request(options)
+    end
+
+    # Updates the self-upgrade configuration for a Quick Suite account.
+    #
+    # @option params [required, String] :aws_account_id
+    #   The ID of the Amazon Web Services account that contains the Quick
+    #   Suite self-upgrade configuration that you want to update.
+    #
+    # @option params [required, String] :namespace
+    #   The Quick Suite namespace that you want to update the Quick Suite
+    #   self-upgrade configuration for.
+    #
+    # @option params [required, String] :self_upgrade_status
+    #   The self-upgrade status that you want to set for the Quick Suite
+    #   account.
+    #
+    # @return [Types::UpdateSelfUpgradeConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateSelfUpgradeConfigurationResponse#request_id #request_id} => String
+    #   * {Types::UpdateSelfUpgradeConfigurationResponse#status #status} => Integer
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_self_upgrade_configuration({
+    #     aws_account_id: "AwsAccountId", # required
+    #     namespace: "Namespace", # required
+    #     self_upgrade_status: "AUTO_APPROVAL", # required, accepts AUTO_APPROVAL, ADMIN_APPROVAL
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.request_id #=> String
+    #   resp.status #=> Integer
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/quicksight-2018-04-01/UpdateSelfUpgradeConfiguration AWS API Documentation
+    #
+    # @overload update_self_upgrade_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_self_upgrade_configuration(params = {}, options = {})
+      req = build_request(:update_self_upgrade_configuration, params)
+      req.send_request(options)
+    end
+
     # Updates a template from an existing Amazon Quick Sight analysis or
     # another template.
     #
@@ -20656,7 +21131,7 @@ module Aws::QuickSight
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-quicksight'
-      context[:gem_version] = '1.165.0'
+      context[:gem_version] = '1.167.0'
       Seahorse::Client::Request.new(handlers, context)
     end