aws-sdk-ssoadmin 1.61.0 → 1.62.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 28dcff0f290c5c437243563734a13f152583824731f2c17572aa9af7dc4baed5
-  data.tar.gz: b039ff9528ed41c0aff99b50bceb72ae08183aa2552ab04a949e5f7d8462441a
+  metadata.gz: e921f681b3f19d7679b67b9bd6dc585dcbd3611f9ddb3fe870b5879860043857
+  data.tar.gz: dc9afefce123da61cfc10d387d6410f5b1fbc08ae2eced773782551bd248b318
 SHA512:
-  metadata.gz: 75b85ad8587b058ae4e0df53bf421d778f721df97f57b597d1f6302d9f6cd8cb2c06a2cd95cc8fe36100e263949443d53f36eefc28b356fa9acec2ca29449c94
-  data.tar.gz: 1bb7ddd95df8f91c9629ca3bd14656140f5be5d93b17a3696f8d26f3a5a8361350943e24ba47e615340b0e0ebbf6734fba29e8bed36929a1fff7b06321a84842
+  metadata.gz: f0bb4876947fe5abec25c04de172d7394fbf9b5048e2214501678a145e80e89d21dc35fefd5ba405920eb9d327a5698dea6e39d8bc4183ba2bb40a1c4e8f84ba
+  data.tar.gz: 6c6c00189f254bf317642c5d9f51293a48cbeac6be96b5cd10753d3d7a39c758d19e9f60e1c183d3ef2f5876472d640d93bf650a65c07ed731230ca9611b5248

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.62.0 (2025-09-23)
+------------------
+
+* Feature - Add support for encryption at rest with Customer Managed KMS Key in AWS IAM Identity Center
+
 1.61.0 (2025-08-26)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.61.0
+1.62.0

data/lib/aws-sdk-ssoadmin/client.rb

@@ -1734,6 +1734,8 @@ module Aws::SSOAdmin
     #   * {Types::DescribeInstanceResponse#name #name} => String
     #   * {Types::DescribeInstanceResponse#created_date #created_date} => Time
     #   * {Types::DescribeInstanceResponse#status #status} => String
+    #   * {Types::DescribeInstanceResponse#status_reason #status_reason} => String
+    #   * {Types::DescribeInstanceResponse#encryption_configuration_details #encryption_configuration_details} => Types::EncryptionConfigurationDetails
     #
     # @example Request syntax with placeholder values
     #
@@ -1748,7 +1750,12 @@ module Aws::SSOAdmin
     #   resp.owner_account_id #=> String
     #   resp.name #=> String
     #   resp.created_date #=> Time
-    #   resp.status #=> String, one of "CREATE_IN_PROGRESS", "DELETE_IN_PROGRESS", "ACTIVE"
+    #   resp.status #=> String, one of "CREATE_IN_PROGRESS", "CREATE_FAILED", "DELETE_IN_PROGRESS", "ACTIVE"
+    #   resp.status_reason #=> String
+    #   resp.encryption_configuration_details.key_type #=> String, one of "AWS_OWNED_KMS_KEY", "CUSTOMER_MANAGED_KEY"
+    #   resp.encryption_configuration_details.kms_key_arn #=> String
+    #   resp.encryption_configuration_details.encryption_status #=> String, one of "UPDATING", "ENABLED", "UPDATE_FAILED"
+    #   resp.encryption_configuration_details.encryption_status_reason #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstance AWS API Documentation
     #
@@ -3043,7 +3050,8 @@ module Aws::SSOAdmin
     #   resp.instances[0].owner_account_id #=> String
     #   resp.instances[0].name #=> String
     #   resp.instances[0].created_date #=> Time
-    #   resp.instances[0].status #=> String, one of "CREATE_IN_PROGRESS", "DELETE_IN_PROGRESS", "ACTIVE"
+    #   resp.instances[0].status #=> String, one of "CREATE_IN_PROGRESS", "CREATE_FAILED", "DELETE_IN_PROGRESS", "ACTIVE"
+    #   resp.instances[0].status_reason #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ListInstances AWS API Documentation
@@ -3874,7 +3882,7 @@ module Aws::SSOAdmin
     # Update the details for the instance of IAM Identity Center that is
     # owned by the Amazon Web Services account.
     #
-    # @option params [required, String] :name
+    # @option params [String] :name
     #   Updates the instance name.
     #
     # @option params [required, String] :instance_arn
@@ -3884,13 +3892,23 @@ module Aws::SSOAdmin
     #   Namespaces](/general/latest/gr/aws-arns-and-namespaces.html) in the
     #   *Amazon Web Services General Reference*.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   Specifies the encryption configuration for your IAM Identity Center
+    #   instance. You can use this to configure customer managed KMS keys
+    #   (CMK) or Amazon Web Services owned KMS keys for encrypting your
+    #   instance data.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.update_instance({
-    #     name: "NameType", # required
+    #     name: "NameType",
     #     instance_arn: "InstanceArn", # required
+    #     encryption_configuration: {
+    #       key_type: "AWS_OWNED_KMS_KEY", # required, accepts AWS_OWNED_KMS_KEY, CUSTOMER_MANAGED_KEY
+    #       kms_key_arn: "KmsKeyArn",
+    #     },
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstance AWS API Documentation
@@ -4058,7 +4076,7 @@ module Aws::SSOAdmin
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-ssoadmin'
-      context[:gem_version] = '1.61.0'
+      context[:gem_version] = '1.62.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ssoadmin/client_api.rb

@@ -22,6 +22,7 @@ module Aws::SSOAdmin
     AccessControlAttributeValueSourceList = Shapes::ListShape.new(name: 'AccessControlAttributeValueSourceList')
     AccessDeniedException = Shapes::StructureShape.new(name: 'AccessDeniedException')
     AccessDeniedExceptionMessage = Shapes::StringShape.new(name: 'AccessDeniedExceptionMessage')
+    AccessDeniedExceptionReason = Shapes::StringShape.new(name: 'AccessDeniedExceptionReason')
     AccountAssignment = Shapes::StructureShape.new(name: 'AccountAssignment')
     AccountAssignmentForPrincipal = Shapes::StructureShape.new(name: 'AccountAssignmentForPrincipal')
     AccountAssignmentList = Shapes::ListShape.new(name: 'AccountAssignmentList')
@@ -129,6 +130,8 @@ module Aws::SSOAdmin
     DetachManagedPolicyFromPermissionSetResponse = Shapes::StructureShape.new(name: 'DetachManagedPolicyFromPermissionSetResponse')
     DisplayData = Shapes::StructureShape.new(name: 'DisplayData')
     Duration = Shapes::StringShape.new(name: 'Duration')
+    EncryptionConfiguration = Shapes::StructureShape.new(name: 'EncryptionConfiguration')
+    EncryptionConfigurationDetails = Shapes::StructureShape.new(name: 'EncryptionConfigurationDetails')
     FederationProtocol = Shapes::StringShape.new(name: 'FederationProtocol')
     GetApplicationAccessScopeRequest = Shapes::StructureShape.new(name: 'GetApplicationAccessScopeRequest')
     GetApplicationAccessScopeResponse = Shapes::StructureShape.new(name: 'GetApplicationAccessScopeResponse')
@@ -163,6 +166,9 @@ module Aws::SSOAdmin
     JMESPath = Shapes::StringShape.new(name: 'JMESPath')
     JwksRetrievalOption = Shapes::StringShape.new(name: 'JwksRetrievalOption')
     JwtBearerGrant = Shapes::StructureShape.new(name: 'JwtBearerGrant')
+    KmsKeyArn = Shapes::StringShape.new(name: 'KmsKeyArn')
+    KmsKeyStatus = Shapes::StringShape.new(name: 'KmsKeyStatus')
+    KmsKeyType = Shapes::StringShape.new(name: 'KmsKeyType')
     ListAccountAssignmentCreationStatusRequest = Shapes::StructureShape.new(name: 'ListAccountAssignmentCreationStatusRequest')
     ListAccountAssignmentCreationStatusResponse = Shapes::StructureShape.new(name: 'ListAccountAssignmentCreationStatusResponse')
     ListAccountAssignmentDeletionStatusRequest = Shapes::StructureShape.new(name: 'ListAccountAssignmentDeletionStatusRequest')
@@ -249,6 +255,7 @@ module Aws::SSOAdmin
     RefreshTokenGrant = Shapes::StructureShape.new(name: 'RefreshTokenGrant')
     RelayState = Shapes::StringShape.new(name: 'RelayState')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
+    ResourceNotFoundExceptionReason = Shapes::StringShape.new(name: 'ResourceNotFoundExceptionReason')
     ResourceNotFoundMessage = Shapes::StringShape.new(name: 'ResourceNotFoundMessage')
     ResourceServerConfig = Shapes::StructureShape.new(name: 'ResourceServerConfig')
     ResourceServerScope = Shapes::StringShape.new(name: 'ResourceServerScope')
@@ -276,6 +283,7 @@ module Aws::SSOAdmin
     TargetType = Shapes::StringShape.new(name: 'TargetType')
     ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
     ThrottlingExceptionMessage = Shapes::StringShape.new(name: 'ThrottlingExceptionMessage')
+    ThrottlingExceptionReason = Shapes::StringShape.new(name: 'ThrottlingExceptionReason')
     Token = Shapes::StringShape.new(name: 'Token')
     TokenExchangeGrant = Shapes::StructureShape.new(name: 'TokenExchangeGrant')
     TokenIssuerAudience = Shapes::StringShape.new(name: 'TokenIssuerAudience')
@@ -306,6 +314,7 @@ module Aws::SSOAdmin
     UserBackgroundSessionApplicationStatus = Shapes::StringShape.new(name: 'UserBackgroundSessionApplicationStatus')
     ValidationException = Shapes::StructureShape.new(name: 'ValidationException')
     ValidationExceptionMessage = Shapes::StringShape.new(name: 'ValidationExceptionMessage')
+    ValidationExceptionReason = Shapes::StringShape.new(name: 'ValidationExceptionReason')
 
     AccessControlAttribute.add_member(:key, Shapes::ShapeRef.new(shape: AccessControlAttributeKey, required: true, location_name: "Key"))
     AccessControlAttribute.add_member(:value, Shapes::ShapeRef.new(shape: AccessControlAttributeValue, required: true, location_name: "Value"))
@@ -319,6 +328,7 @@ module Aws::SSOAdmin
     AccessControlAttributeValueSourceList.member = Shapes::ShapeRef.new(shape: AccessControlAttributeValueSource)
 
     AccessDeniedException.add_member(:message, Shapes::ShapeRef.new(shape: AccessDeniedExceptionMessage, location_name: "Message"))
+    AccessDeniedException.add_member(:reason, Shapes::ShapeRef.new(shape: AccessDeniedExceptionReason, location_name: "Reason"))
     AccessDeniedException.struct_class = Types::AccessDeniedException
 
     AccountAssignment.add_member(:account_id, Shapes::ShapeRef.new(shape: AccountId, location_name: "AccountId"))
@@ -641,6 +651,8 @@ module Aws::SSOAdmin
     DescribeInstanceResponse.add_member(:name, Shapes::ShapeRef.new(shape: NameType, location_name: "Name"))
     DescribeInstanceResponse.add_member(:created_date, Shapes::ShapeRef.new(shape: Date, location_name: "CreatedDate"))
     DescribeInstanceResponse.add_member(:status, Shapes::ShapeRef.new(shape: InstanceStatus, location_name: "Status"))
+    DescribeInstanceResponse.add_member(:status_reason, Shapes::ShapeRef.new(shape: Reason, location_name: "StatusReason"))
+    DescribeInstanceResponse.add_member(:encryption_configuration_details, Shapes::ShapeRef.new(shape: EncryptionConfigurationDetails, location_name: "EncryptionConfigurationDetails"))
     DescribeInstanceResponse.struct_class = Types::DescribeInstanceResponse
 
     DescribePermissionSetProvisioningStatusRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
@@ -685,6 +697,16 @@ module Aws::SSOAdmin
     DisplayData.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
     DisplayData.struct_class = Types::DisplayData
 
+    EncryptionConfiguration.add_member(:key_type, Shapes::ShapeRef.new(shape: KmsKeyType, required: true, location_name: "KeyType"))
+    EncryptionConfiguration.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: KmsKeyArn, location_name: "KmsKeyArn"))
+    EncryptionConfiguration.struct_class = Types::EncryptionConfiguration
+
+    EncryptionConfigurationDetails.add_member(:key_type, Shapes::ShapeRef.new(shape: KmsKeyType, location_name: "KeyType"))
+    EncryptionConfigurationDetails.add_member(:kms_key_arn, Shapes::ShapeRef.new(shape: KmsKeyArn, location_name: "KmsKeyArn"))
+    EncryptionConfigurationDetails.add_member(:encryption_status, Shapes::ShapeRef.new(shape: KmsKeyStatus, location_name: "EncryptionStatus"))
+    EncryptionConfigurationDetails.add_member(:encryption_status_reason, Shapes::ShapeRef.new(shape: Reason, location_name: "EncryptionStatusReason"))
+    EncryptionConfigurationDetails.struct_class = Types::EncryptionConfigurationDetails
+
     GetApplicationAccessScopeRequest.add_member(:application_arn, Shapes::ShapeRef.new(shape: ApplicationArn, required: true, location_name: "ApplicationArn"))
     GetApplicationAccessScopeRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, required: true, location_name: "Scope"))
     GetApplicationAccessScopeRequest.struct_class = Types::GetApplicationAccessScopeRequest
@@ -765,6 +787,7 @@ module Aws::SSOAdmin
     InstanceMetadata.add_member(:name, Shapes::ShapeRef.new(shape: NameType, location_name: "Name"))
     InstanceMetadata.add_member(:created_date, Shapes::ShapeRef.new(shape: Date, location_name: "CreatedDate"))
     InstanceMetadata.add_member(:status, Shapes::ShapeRef.new(shape: InstanceStatus, location_name: "Status"))
+    InstanceMetadata.add_member(:status_reason, Shapes::ShapeRef.new(shape: Reason, location_name: "StatusReason"))
     InstanceMetadata.struct_class = Types::InstanceMetadata
 
     InternalServerException.add_member(:message, Shapes::ShapeRef.new(shape: InternalFailureMessage, location_name: "Message"))
@@ -1079,6 +1102,7 @@ module Aws::SSOAdmin
     RefreshTokenGrant.struct_class = Types::RefreshTokenGrant
 
     ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: ResourceNotFoundMessage, location_name: "Message"))
+    ResourceNotFoundException.add_member(:reason, Shapes::ShapeRef.new(shape: ResourceNotFoundExceptionReason, location_name: "Reason"))
     ResourceNotFoundException.struct_class = Types::ResourceNotFoundException
 
     ResourceServerConfig.add_member(:scopes, Shapes::ShapeRef.new(shape: ResourceServerScopes, location_name: "Scopes"))
@@ -1122,6 +1146,7 @@ module Aws::SSOAdmin
     TagResourceResponse.struct_class = Types::TagResourceResponse
 
     ThrottlingException.add_member(:message, Shapes::ShapeRef.new(shape: ThrottlingExceptionMessage, location_name: "Message"))
+    ThrottlingException.add_member(:reason, Shapes::ShapeRef.new(shape: ThrottlingExceptionReason, location_name: "Reason"))
     ThrottlingException.struct_class = Types::ThrottlingException
 
     TokenExchangeGrant.struct_class = Types::TokenExchangeGrant
@@ -1172,8 +1197,9 @@ module Aws::SSOAdmin
 
     UpdateInstanceAccessControlAttributeConfigurationResponse.struct_class = Types::UpdateInstanceAccessControlAttributeConfigurationResponse
 
-    UpdateInstanceRequest.add_member(:name, Shapes::ShapeRef.new(shape: NameType, required: true, location_name: "Name"))
+    UpdateInstanceRequest.add_member(:name, Shapes::ShapeRef.new(shape: NameType, location_name: "Name"))
     UpdateInstanceRequest.add_member(:instance_arn, Shapes::ShapeRef.new(shape: InstanceArn, required: true, location_name: "InstanceArn"))
+    UpdateInstanceRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
     UpdateInstanceRequest.struct_class = Types::UpdateInstanceRequest
 
     UpdateInstanceResponse.struct_class = Types::UpdateInstanceResponse
@@ -1195,6 +1221,7 @@ module Aws::SSOAdmin
     UpdateTrustedTokenIssuerResponse.struct_class = Types::UpdateTrustedTokenIssuerResponse
 
     ValidationException.add_member(:message, Shapes::ShapeRef.new(shape: ValidationExceptionMessage, location_name: "Message"))
+    ValidationException.add_member(:reason, Shapes::ShapeRef.new(shape: ValidationExceptionReason, location_name: "Reason"))
     ValidationException.struct_class = Types::ValidationException
 
 
@@ -2303,6 +2330,7 @@ module Aws::SSOAdmin
         o.output = Shapes::ShapeRef.new(shape: UpdateInstanceResponse)
         o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
         o.errors << Shapes::ShapeRef.new(shape: ValidationException)
         o.errors << Shapes::ShapeRef.new(shape: ConflictException)

data/lib/aws-sdk-ssoadmin/errors.rb

@@ -54,6 +54,11 @@ module Aws::SSOAdmin
       def message
         @message || @data[:message]
       end
+
+      # @return [String]
+      def reason
+        @data[:reason]
+      end
     end
 
     class ConflictException < ServiceError
@@ -99,6 +104,11 @@ module Aws::SSOAdmin
       def message
         @message || @data[:message]
       end
+
+      # @return [String]
+      def reason
+        @data[:reason]
+      end
     end
 
     class ServiceQuotaExceededException < ServiceError
@@ -129,6 +139,11 @@ module Aws::SSOAdmin
       def message
         @message || @data[:message]
       end
+
+      # @return [String]
+      def reason
+        @data[:reason]
+      end
     end
 
     class ValidationException < ServiceError
@@ -144,6 +159,11 @@ module Aws::SSOAdmin
       def message
         @message || @data[:message]
       end
+
+      # @return [String]
+      def reason
+        @data[:reason]
+      end
     end
 
   end

data/lib/aws-sdk-ssoadmin/types.rb

@@ -64,10 +64,15 @@ module Aws::SSOAdmin
     # @!attribute [rw] message
     #   @return [String]
     #
+    # @!attribute [rw] reason
+    #   The reason for the access denied exception.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/AccessDeniedException AWS API Documentation
     #
     class AccessDeniedException < Struct.new(
-      :message)
+      :message,
+      :reason)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1608,6 +1613,22 @@ module Aws::SSOAdmin
     #   The status of the instance.
     #   @return [String]
     #
+    # @!attribute [rw] status_reason
+    #   Provides additional context about the current status of the IAM
+    #   Identity Center instance. This field is particularly useful when an
+    #   instance is in a non-ACTIVE state, such as CREATE\_FAILED. When an
+    #   instance fails to create or update, this field contains information
+    #   about the cause, which may include issues with KMS key
+    #   configuration, permission problems with the specified KMS key, or
+    #   service-related errors.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_configuration_details
+    #   Contains the encryption configuration for your IAM Identity Center
+    #   instance, including the encryption status, KMS key type, and KMS key
+    #   ARN.
+    #   @return [Types::EncryptionConfigurationDetails]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/DescribeInstanceResponse AWS API Documentation
     #
     class DescribeInstanceResponse < Struct.new(
@@ -1616,7 +1637,9 @@ module Aws::SSOAdmin
       :owner_account_id,
       :name,
       :created_date,
-      :status)
+      :status,
+      :status_reason,
+      :encryption_configuration_details)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1817,6 +1840,64 @@ module Aws::SSOAdmin
       include Aws::Structure
     end
 
+    # A structure that specifies the KMS key type and KMS key ARN used to
+    # encrypt data in your IAM Identity Center instance.
+    #
+    # @!attribute [rw] key_type
+    #   The type of KMS key used for encryption.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_arn
+    #   The ARN of the KMS key used to encrypt data. Required when KeyType
+    #   is CUSTOMER\_MANAGED\_KEY. Cannot be specified when KeyType is
+    #   AWS\_OWNED\_KMS\_KEY.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/EncryptionConfiguration AWS API Documentation
+    #
+    class EncryptionConfiguration < Struct.new(
+      :key_type,
+      :kms_key_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The encryption configuration of your IAM Identity Center instance,
+    # including the key type, KMS key ARN, and current encryption status.
+    #
+    # @!attribute [rw] key_type
+    #   The type of KMS key used for encryption.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_arn
+    #   The ARN of the KMS key currently used to encrypt data in your IAM
+    #   Identity Center instance.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_status
+    #   The current status of encryption configuration.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_status_reason
+    #   Provides additional context about the current encryption status.
+    #   This field is particularly useful when the encryption status is
+    #   UPDATE\_FAILED. When encryption configuration update fails, this
+    #   field contains information about the cause, which may include KMS
+    #   key access issues, key not found errors, invalid key configuration,
+    #   key in an invalid state, or a disabled key.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/EncryptionConfigurationDetails AWS API Documentation
+    #
+    class EncryptionConfigurationDetails < Struct.new(
+      :key_type,
+      :kms_key_arn,
+      :encryption_status,
+      :encryption_status_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] application_arn
     #   Specifies the ARN of the application with the access scope that you
     #   want to retrieve.
@@ -2168,6 +2249,15 @@ module Aws::SSOAdmin
     #   The current status of this Identity Center instance.
     #   @return [String]
     #
+    # @!attribute [rw] status_reason
+    #   Provides additional context about the current status of the IAM
+    #   Identity Center instance. This field is particularly useful when an
+    #   instance is in a non-ACTIVE state, such as CREATE\_FAILED. When an
+    #   instance creation fails, this field contains information about the
+    #   cause, which may include issues with KMS key configuration or
+    #   insufficient permissions.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/InstanceMetadata AWS API Documentation
     #
     class InstanceMetadata < Struct.new(
@@ -2176,7 +2266,8 @@ module Aws::SSOAdmin
       :owner_account_id,
       :name,
       :created_date,
-      :status)
+      :status,
+      :status_reason)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3852,10 +3943,15 @@ module Aws::SSOAdmin
     # @!attribute [rw] message
     #   @return [String]
     #
+    # @!attribute [rw] reason
+    #   The reason for the resource not found exception.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ResourceNotFoundException AWS API Documentation
     #
     class ResourceNotFoundException < Struct.new(
-      :message)
+      :message,
+      :reason)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4017,10 +4113,15 @@ module Aws::SSOAdmin
     # @!attribute [rw] message
     #   @return [String]
     #
+    # @!attribute [rw] reason
+    #   The reason for the throttling exception.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ThrottlingException AWS API Documentation
     #
     class ThrottlingException < Struct.new(
-      :message)
+      :message,
+      :reason)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4237,11 +4338,19 @@ module Aws::SSOAdmin
     #   *Amazon Web Services General Reference*.
     #   @return [String]
     #
+    # @!attribute [rw] encryption_configuration
+    #   Specifies the encryption configuration for your IAM Identity Center
+    #   instance. You can use this to configure customer managed KMS keys
+    #   (CMK) or Amazon Web Services owned KMS keys for encrypting your
+    #   instance data.
+    #   @return [Types::EncryptionConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/UpdateInstanceRequest AWS API Documentation
     #
     class UpdateInstanceRequest < Struct.new(
       :name,
-      :instance_arn)
+      :instance_arn,
+      :encryption_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4328,10 +4437,15 @@ module Aws::SSOAdmin
     # @!attribute [rw] message
     #   @return [String]
     #
+    # @!attribute [rw] reason
+    #   The reason for the validation exception.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/sso-admin-2020-07-20/ValidationException AWS API Documentation
     #
     class ValidationException < Struct.new(
-      :message)
+      :message,
+      :reason)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-ssoadmin.rb

@@ -55,7 +55,7 @@ module Aws::SSOAdmin
   autoload :EndpointProvider, 'aws-sdk-ssoadmin/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-ssoadmin/endpoints'
 
-  GEM_VERSION = '1.61.0'
+  GEM_VERSION = '1.62.0'
 
 end
 

data/sig/client.rbs

@@ -428,7 +428,9 @@ module Aws
         def owner_account_id: () -> ::String
         def name: () -> ::String
         def created_date: () -> ::Time
-        def status: () -> ("CREATE_IN_PROGRESS" | "DELETE_IN_PROGRESS" | "ACTIVE")
+        def status: () -> ("CREATE_IN_PROGRESS" | "CREATE_FAILED" | "DELETE_IN_PROGRESS" | "ACTIVE")
+        def status_reason: () -> ::String
+        def encryption_configuration_details: () -> Types::EncryptionConfigurationDetails
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSOAdmin/Client.html#describe_instance-instance_method
       def describe_instance: (
@@ -1027,8 +1029,12 @@ module Aws
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/SSOAdmin/Client.html#update_instance-instance_method
       def update_instance: (
-                             name: ::String,
-                             instance_arn: ::String
+                             ?name: ::String,
+                             instance_arn: ::String,
+                             ?encryption_configuration: {
+                               key_type: ("AWS_OWNED_KMS_KEY" | "CUSTOMER_MANAGED_KEY"),
+                               kms_key_arn: ::String?
+                             }
                            ) -> _UpdateInstanceResponseSuccess
                          | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateInstanceResponseSuccess
 

data/sig/errors.rbs

@@ -13,6 +13,7 @@ module Aws
 
       class AccessDeniedException < ::Aws::Errors::ServiceError
         def message: () -> ::String
+        def reason: () -> ::String
       end
       class ConflictException < ::Aws::Errors::ServiceError
         def message: () -> ::String
@@ -22,15 +23,18 @@ module Aws
       end
       class ResourceNotFoundException < ::Aws::Errors::ServiceError
         def message: () -> ::String
+        def reason: () -> ::String
       end
       class ServiceQuotaExceededException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
       class ThrottlingException < ::Aws::Errors::ServiceError
         def message: () -> ::String
+        def reason: () -> ::String
       end
       class ValidationException < ::Aws::Errors::ServiceError
         def message: () -> ::String
+        def reason: () -> ::String
       end
     end
   end

data/sig/types.rbs

@@ -21,6 +21,7 @@ module Aws::SSOAdmin
 
     class AccessDeniedException
       attr_accessor message: ::String
+      attr_accessor reason: ("KMS_AccessDeniedException")
       SENSITIVE: []
     end
 
@@ -445,7 +446,9 @@ module Aws::SSOAdmin
       attr_accessor owner_account_id: ::String
       attr_accessor name: ::String
       attr_accessor created_date: ::Time
-      attr_accessor status: ("CREATE_IN_PROGRESS" | "DELETE_IN_PROGRESS" | "ACTIVE")
+      attr_accessor status: ("CREATE_IN_PROGRESS" | "CREATE_FAILED" | "DELETE_IN_PROGRESS" | "ACTIVE")
+      attr_accessor status_reason: ::String
+      attr_accessor encryption_configuration_details: Types::EncryptionConfigurationDetails
       SENSITIVE: []
     end
 
@@ -511,6 +514,20 @@ module Aws::SSOAdmin
       SENSITIVE: []
     end
 
+    class EncryptionConfiguration
+      attr_accessor key_type: ("AWS_OWNED_KMS_KEY" | "CUSTOMER_MANAGED_KEY")
+      attr_accessor kms_key_arn: ::String
+      SENSITIVE: []
+    end
+
+    class EncryptionConfigurationDetails
+      attr_accessor key_type: ("AWS_OWNED_KMS_KEY" | "CUSTOMER_MANAGED_KEY")
+      attr_accessor kms_key_arn: ::String
+      attr_accessor encryption_status: ("UPDATING" | "ENABLED" | "UPDATE_FAILED")
+      attr_accessor encryption_status_reason: ::String
+      SENSITIVE: []
+    end
+
     class GetApplicationAccessScopeRequest
       attr_accessor application_arn: ::String
       attr_accessor scope: ::String
@@ -629,7 +646,8 @@ module Aws::SSOAdmin
       attr_accessor owner_account_id: ::String
       attr_accessor name: ::String
       attr_accessor created_date: ::Time
-      attr_accessor status: ("CREATE_IN_PROGRESS" | "DELETE_IN_PROGRESS" | "ACTIVE")
+      attr_accessor status: ("CREATE_IN_PROGRESS" | "CREATE_FAILED" | "DELETE_IN_PROGRESS" | "ACTIVE")
+      attr_accessor status_reason: ::String
       SENSITIVE: []
     end
 
@@ -1069,6 +1087,7 @@ module Aws::SSOAdmin
 
     class ResourceNotFoundException
       attr_accessor message: ::String
+      attr_accessor reason: ("KMS_NotFoundException")
       SENSITIVE: []
     end
 
@@ -1118,6 +1137,7 @@ module Aws::SSOAdmin
 
     class ThrottlingException
       attr_accessor message: ::String
+      attr_accessor reason: ("KMS_ThrottlingException")
       SENSITIVE: []
     end
 
@@ -1192,6 +1212,7 @@ module Aws::SSOAdmin
     class UpdateInstanceRequest
       attr_accessor name: ::String
       attr_accessor instance_arn: ::String
+      attr_accessor encryption_configuration: Types::EncryptionConfiguration
       SENSITIVE: []
     end
 
@@ -1222,6 +1243,7 @@ module Aws::SSOAdmin
 
     class ValidationException
       attr_accessor message: ::String
+      attr_accessor reason: ("KMS_InvalidKeyUsageException" | "KMS_InvalidStateException" | "KMS_DisabledException")
       SENSITIVE: []
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-ssoadmin
 version: !ruby/object:Gem::Version
-  version: 1.61.0
+  version: 1.62.0
 platform: ruby
 authors:
 - Amazon Web Services