aws-sdk-verifiedpermissions 1.58.0 → 1.60.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7414d4b37b5836682dbe6b4d8c267075716789eca8b4ca558a5e5624fbede811
-  data.tar.gz: 0d625605203d49f0ace5943fe8dc9591673a8833e7b13a774891973dd28e1890
+  metadata.gz: 7c8767d8889bd680826e0ad0d3ecaebe31d03925b05ac3c56af10df551f4c40a
+  data.tar.gz: 73a644f8486a8eb83e49906877728893da0f49d7f3ef220ed0ed93576b011c8d
 SHA512:
-  metadata.gz: 971d1f6816822b250aa353b2ed701a871a21e8a5c99f86b1c788c00924bdfd0ec17c21fcd5d9061d641aa49c525eb12007579fcbdd5404c913057ad754439a04
-  data.tar.gz: c53dc617dfc8c69c8cd2298bc04eb83434d45ecabc9933cd5f3d02fab4df2cf3d13c97d1e9705b96f40dc9af6c630810624f5512de0161442987e2e2d9196ab3
+  metadata.gz: f90aee36d7c4afd5c01aba2e601bea8c361de9c35456626104c47cad5225c1a521b51ab5c300cdb363c67e216a008e9f35971c5d8c7c1a6b871fb51a53d4c633
+  data.tar.gz: 314751fae11b179274a585a7444890b50294c70760981fbe83270ec0ef3b6351f812e4c1fbac106ee664f77c8d0ded99dc5b52ad95e6d923a9d6b9015160331e

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.60.0 (2026-01-20)
+------------------
+
+* Feature - Amazon Verified Permissions now supports encryption of resources by a customer managed KMS key. Customers can now create new encrypted policy stores by passing in their customer managed key during policy store creation.
+
+1.59.0 (2026-01-16)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.58.0 (2026-01-08)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.58.0
+1.60.0

data/lib/aws-sdk-verifiedpermissions/client.rb

@@ -1716,6 +1716,14 @@ module Aws::VerifiedPermissions
     #
     #   The default state is `DISABLED`.
     #
+    # @option params [Types::EncryptionSettings] :encryption_settings
+    #   Specifies the encryption settings used to encrypt the policy store and
+    #   their child resources. Allows for the ability to use a customer owned
+    #   KMS key for encryption of data.
+    #
+    #   This is an optional field to be used when providing a customer-managed
+    #   KMS key for encryption.
+    #
     # @option params [Hash<String,String>] :tags
     #   The list of key-value pairs to associate with the policy store.
     #
@@ -1746,6 +1754,33 @@ module Aws::VerifiedPermissions
     #     policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a", 
     #   }
     #
+    # @example Example: To create an encrypted policy store
+    #
+    #   # The following example creates a new policy store with encryption settings based on a provided KMS key.
+    #
+    #   resp = client.create_policy_store({
+    #     client_token: "a1b2c3d4-e5f6-a1b2-c3d4-TOKEN1111111", 
+    #     encryption_settings: {
+    #       kms_encryption_settings: {
+    #         key: "arn:aws:kms:us-east-1:123456789012:key/abcdefgh-ijkl-mnop-qrst-uvwxyz123456", 
+    #         encryption_context: {
+    #           "policy_store_owner" => "Tim", 
+    #         }, 
+    #       }, 
+    #     }, 
+    #     validation_settings: {
+    #       mode: "STRICT", 
+    #     }, 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a", 
+    #     created_date: Time.parse("2024-08-12T18:20:50.99Z"), 
+    #     last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"), 
+    #     policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a", 
+    #   }
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.create_policy_store({
@@ -1755,6 +1790,16 @@ module Aws::VerifiedPermissions
     #     },
     #     description: "PolicyStoreDescription",
     #     deletion_protection: "ENABLED", # accepts ENABLED, DISABLED
+    #     encryption_settings: {
+    #       kms_encryption_settings: {
+    #         key: "KmsKey", # required
+    #         encryption_context: {
+    #           "EncryptionContextKey" => "EncryptionContextValue",
+    #         },
+    #       },
+    #       default: {
+    #       },
+    #     },
     #     tags: {
     #       "TagKey" => "TagValue",
     #     },
@@ -2268,6 +2313,7 @@ module Aws::VerifiedPermissions
     #   * {Types::GetPolicyStoreOutput#last_updated_date #last_updated_date} => Time
     #   * {Types::GetPolicyStoreOutput#description #description} => String
     #   * {Types::GetPolicyStoreOutput#deletion_protection #deletion_protection} => String
+    #   * {Types::GetPolicyStoreOutput#encryption_state #encryption_state} => Types::EncryptionState
     #   * {Types::GetPolicyStoreOutput#cedar_version #cedar_version} => String
     #   * {Types::GetPolicyStoreOutput#tags #tags} => Hash&lt;String,String&gt;
     #
@@ -2284,6 +2330,37 @@ module Aws::VerifiedPermissions
     #   {
     #     arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a", 
     #     created_date: Time.parse("2024-08-12T18:20:50.99Z"), 
+    #     encryption_state: {
+    #       default: {
+    #       }, 
+    #     }, 
+    #     last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"), 
+    #     policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a", 
+    #     validation_settings: {
+    #       mode: "STRICT", 
+    #     }, 
+    #   }
+    #
+    # @example Example: GetPolicyStore that is encrypted
+    #
+    #   # The following example retrieves details about the specified encrypted policy store.
+    #
+    #   resp = client.get_policy_store({
+    #     policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a", 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     arn: "arn:aws:verifiedpermissions::123456789012:policy-store/C7v5xMplfFH3i3e4Jrzb1a", 
+    #     created_date: Time.parse("2024-08-12T18:20:50.99Z"), 
+    #     encryption_state: {
+    #       kms_encryption_state: {
+    #         key: "arn:aws:kms:us-east-1:123456789012:key/abcdefgh-ijkl-mnop-qrst-uvwxyz123456", 
+    #         encryption_context: {
+    #           "policy_store_owner" => "Tim", 
+    #         }, 
+    #       }, 
+    #     }, 
     #     last_updated_date: Time.parse("2024-08-12T18:20:50.99Z"), 
     #     policy_store_id: "C7v5xMplfFH3i3e4Jrzb1a", 
     #     validation_settings: {
@@ -2307,6 +2384,9 @@ module Aws::VerifiedPermissions
     #   resp.last_updated_date #=> Time
     #   resp.description #=> String
     #   resp.deletion_protection #=> String, one of "ENABLED", "DISABLED"
+    #   resp.encryption_state.kms_encryption_state.key #=> String
+    #   resp.encryption_state.kms_encryption_state.encryption_context #=> Hash
+    #   resp.encryption_state.kms_encryption_state.encryption_context["EncryptionContextKey"] #=> String
     #   resp.cedar_version #=> String, one of "CEDAR_2", "CEDAR_4"
     #   resp.tags #=> Hash
     #   resp.tags["TagKey"] #=> String
@@ -3807,7 +3887,7 @@ module Aws::VerifiedPermissions
     #
     #   [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListPolicies.html
     #
-    # @option params [required, Types::UpdatePolicyDefinition] :definition
+    # @option params [Types::UpdatePolicyDefinition] :definition
     #   Specifies the updated policy content that you want to replace on the
     #   specified policy. The content must be valid Cedar policy language
     #   text.
@@ -3873,7 +3953,7 @@ module Aws::VerifiedPermissions
     #   resp = client.update_policy({
     #     policy_store_id: "PolicyStoreId", # required
     #     policy_id: "PolicyId", # required
-    #     definition: { # required
+    #     definition: {
     #       static: {
     #         description: "StaticPolicyDescription",
     #         statement: "PolicyStatement", # required
@@ -4114,7 +4194,7 @@ module Aws::VerifiedPermissions
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-verifiedpermissions'
-      context[:gem_version] = '1.58.0'
+      context[:gem_version] = '1.60.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-verifiedpermissions/client_api.rb

@@ -90,6 +90,11 @@ module Aws::VerifiedPermissions
     DeterminingPolicyList = Shapes::ListShape.new(name: 'DeterminingPolicyList')
     DiscoveryUrl = Shapes::StringShape.new(name: 'DiscoveryUrl')
     Duration = Shapes::StringShape.new(name: 'Duration')
+    EncryptionContext = Shapes::MapShape.new(name: 'EncryptionContext')
+    EncryptionContextKey = Shapes::StringShape.new(name: 'EncryptionContextKey')
+    EncryptionContextValue = Shapes::StringShape.new(name: 'EncryptionContextValue')
+    EncryptionSettings = Shapes::UnionShape.new(name: 'EncryptionSettings')
+    EncryptionState = Shapes::UnionShape.new(name: 'EncryptionState')
     EntitiesDefinition = Shapes::UnionShape.new(name: 'EntitiesDefinition')
     EntityAttributes = Shapes::MapShape.new(name: 'EntityAttributes')
     EntityCedarTags = Shapes::MapShape.new(name: 'EntityCedarTags')
@@ -129,6 +134,9 @@ module Aws::VerifiedPermissions
     IsAuthorizedWithTokenInput = Shapes::StructureShape.new(name: 'IsAuthorizedWithTokenInput')
     IsAuthorizedWithTokenOutput = Shapes::StructureShape.new(name: 'IsAuthorizedWithTokenOutput')
     Issuer = Shapes::StringShape.new(name: 'Issuer')
+    KmsEncryptionSettings = Shapes::StructureShape.new(name: 'KmsEncryptionSettings')
+    KmsEncryptionState = Shapes::StructureShape.new(name: 'KmsEncryptionState')
+    KmsKey = Shapes::StringShape.new(name: 'KmsKey')
     ListIdentitySourcesInput = Shapes::StructureShape.new(name: 'ListIdentitySourcesInput')
     ListIdentitySourcesMaxResults = Shapes::IntegerShape.new(name: 'ListIdentitySourcesMaxResults')
     ListIdentitySourcesOutput = Shapes::StructureShape.new(name: 'ListIdentitySourcesOutput')
@@ -212,6 +220,7 @@ module Aws::VerifiedPermissions
     TimestampFormat = Shapes::TimestampShape.new(name: 'TimestampFormat', timestampFormat: "iso8601")
     Token = Shapes::StringShape.new(name: 'Token')
     TooManyTagsException = Shapes::StructureShape.new(name: 'TooManyTagsException')
+    Unit = Shapes::StructureShape.new(name: 'Unit')
     UntagResourceInput = Shapes::StructureShape.new(name: 'UntagResourceInput')
     UntagResourceOutput = Shapes::StructureShape.new(name: 'UntagResourceOutput')
     UpdateCognitoGroupConfiguration = Shapes::StructureShape.new(name: 'UpdateCognitoGroupConfiguration')
@@ -483,6 +492,7 @@ module Aws::VerifiedPermissions
     CreatePolicyStoreInput.add_member(:validation_settings, Shapes::ShapeRef.new(shape: ValidationSettings, required: true, location_name: "validationSettings"))
     CreatePolicyStoreInput.add_member(:description, Shapes::ShapeRef.new(shape: PolicyStoreDescription, location_name: "description"))
     CreatePolicyStoreInput.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "deletionProtection"))
+    CreatePolicyStoreInput.add_member(:encryption_settings, Shapes::ShapeRef.new(shape: EncryptionSettings, location_name: "encryptionSettings"))
     CreatePolicyStoreInput.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
     CreatePolicyStoreInput.struct_class = Types::CreatePolicyStoreInput
 
@@ -532,6 +542,25 @@ module Aws::VerifiedPermissions
 
     DeterminingPolicyList.member = Shapes::ShapeRef.new(shape: DeterminingPolicyItem)
 
+    EncryptionContext.key = Shapes::ShapeRef.new(shape: EncryptionContextKey)
+    EncryptionContext.value = Shapes::ShapeRef.new(shape: EncryptionContextValue)
+
+    EncryptionSettings.add_member(:kms_encryption_settings, Shapes::ShapeRef.new(shape: KmsEncryptionSettings, location_name: "kmsEncryptionSettings"))
+    EncryptionSettings.add_member(:default, Shapes::ShapeRef.new(shape: Unit, location_name: "default"))
+    EncryptionSettings.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    EncryptionSettings.add_member_subclass(:kms_encryption_settings, Types::EncryptionSettings::KmsEncryptionSettings)
+    EncryptionSettings.add_member_subclass(:default, Types::EncryptionSettings::Default)
+    EncryptionSettings.add_member_subclass(:unknown, Types::EncryptionSettings::Unknown)
+    EncryptionSettings.struct_class = Types::EncryptionSettings
+
+    EncryptionState.add_member(:kms_encryption_state, Shapes::ShapeRef.new(shape: KmsEncryptionState, location_name: "kmsEncryptionState"))
+    EncryptionState.add_member(:default, Shapes::ShapeRef.new(shape: Unit, location_name: "default"))
+    EncryptionState.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    EncryptionState.add_member_subclass(:kms_encryption_state, Types::EncryptionState::KmsEncryptionState)
+    EncryptionState.add_member_subclass(:default, Types::EncryptionState::Default)
+    EncryptionState.add_member_subclass(:unknown, Types::EncryptionState::Unknown)
+    EncryptionState.struct_class = Types::EncryptionState
+
     EntitiesDefinition.add_member(:entity_list, Shapes::ShapeRef.new(shape: EntityList, location_name: "entityList"))
     EntitiesDefinition.add_member(:cedar_json, Shapes::ShapeRef.new(shape: CedarJson, location_name: "cedarJson"))
     EntitiesDefinition.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
@@ -611,6 +640,7 @@ module Aws::VerifiedPermissions
     GetPolicyStoreOutput.add_member(:last_updated_date, Shapes::ShapeRef.new(shape: TimestampFormat, required: true, location_name: "lastUpdatedDate"))
     GetPolicyStoreOutput.add_member(:description, Shapes::ShapeRef.new(shape: PolicyStoreDescription, location_name: "description"))
     GetPolicyStoreOutput.add_member(:deletion_protection, Shapes::ShapeRef.new(shape: DeletionProtection, location_name: "deletionProtection"))
+    GetPolicyStoreOutput.add_member(:encryption_state, Shapes::ShapeRef.new(shape: EncryptionState, location_name: "encryptionState"))
     GetPolicyStoreOutput.add_member(:cedar_version, Shapes::ShapeRef.new(shape: CedarVersion, location_name: "cedarVersion"))
     GetPolicyStoreOutput.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
     GetPolicyStoreOutput.struct_class = Types::GetPolicyStoreOutput
@@ -699,6 +729,14 @@ module Aws::VerifiedPermissions
     IsAuthorizedWithTokenOutput.add_member(:principal, Shapes::ShapeRef.new(shape: EntityIdentifier, location_name: "principal"))
     IsAuthorizedWithTokenOutput.struct_class = Types::IsAuthorizedWithTokenOutput
 
+    KmsEncryptionSettings.add_member(:key, Shapes::ShapeRef.new(shape: KmsKey, required: true, location_name: "key"))
+    KmsEncryptionSettings.add_member(:encryption_context, Shapes::ShapeRef.new(shape: EncryptionContext, location_name: "encryptionContext"))
+    KmsEncryptionSettings.struct_class = Types::KmsEncryptionSettings
+
+    KmsEncryptionState.add_member(:key, Shapes::ShapeRef.new(shape: KmsKey, required: true, location_name: "key"))
+    KmsEncryptionState.add_member(:encryption_context, Shapes::ShapeRef.new(shape: EncryptionContext, required: true, location_name: "encryptionContext"))
+    KmsEncryptionState.struct_class = Types::KmsEncryptionState
+
     ListIdentitySourcesInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
     ListIdentitySourcesInput.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "nextToken"))
     ListIdentitySourcesInput.add_member(:max_results, Shapes::ShapeRef.new(shape: ListIdentitySourcesMaxResults, location_name: "maxResults"))
@@ -971,6 +1009,8 @@ module Aws::VerifiedPermissions
     TooManyTagsException.add_member(:resource_name, Shapes::ShapeRef.new(shape: AmazonResourceName, location_name: "resourceName"))
     TooManyTagsException.struct_class = Types::TooManyTagsException
 
+    Unit.struct_class = Types::Unit
+
     UntagResourceInput.add_member(:resource_arn, Shapes::ShapeRef.new(shape: AmazonResourceName, required: true, location_name: "resourceArn"))
     UntagResourceInput.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeyList, required: true, location_name: "tagKeys"))
     UntagResourceInput.struct_class = Types::UntagResourceInput
@@ -1039,7 +1079,7 @@ module Aws::VerifiedPermissions
 
     UpdatePolicyInput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))
     UpdatePolicyInput.add_member(:policy_id, Shapes::ShapeRef.new(shape: PolicyId, required: true, location_name: "policyId"))
-    UpdatePolicyInput.add_member(:definition, Shapes::ShapeRef.new(shape: UpdatePolicyDefinition, required: true, location_name: "definition"))
+    UpdatePolicyInput.add_member(:definition, Shapes::ShapeRef.new(shape: UpdatePolicyDefinition, location_name: "definition"))
     UpdatePolicyInput.struct_class = Types::UpdatePolicyInput
 
     UpdatePolicyOutput.add_member(:policy_store_id, Shapes::ShapeRef.new(shape: PolicyStoreId, required: true, location_name: "policyStoreId"))

data/lib/aws-sdk-verifiedpermissions/types.rb

@@ -1485,6 +1485,15 @@ module Aws::VerifiedPermissions
     #   The default state is `DISABLED`.
     #   @return [String]
     #
+    # @!attribute [rw] encryption_settings
+    #   Specifies the encryption settings used to encrypt the policy store
+    #   and their child resources. Allows for the ability to use a customer
+    #   owned KMS key for encryption of data.
+    #
+    #   This is an optional field to be used when providing a
+    #   customer-managed KMS key for encryption.
+    #   @return [Types::EncryptionSettings]
+    #
     # @!attribute [rw] tags
     #   The list of key-value pairs to associate with the policy store.
     #   @return [Hash<String,String>]
@@ -1496,6 +1505,7 @@ module Aws::VerifiedPermissions
       :validation_settings,
       :description,
       :deletion_protection,
+      :encryption_settings,
       :tags)
       SENSITIVE = [:description]
       include Aws::Structure
@@ -1719,6 +1729,80 @@ module Aws::VerifiedPermissions
       include Aws::Structure
     end
 
+    # A structure that contains the encryption configuration for the policy
+    # store and child resources.
+    #
+    # This data type is used as a request parameter in the
+    # [CreatePolicyStore][1] operation.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreatePolicyStore.html
+    #
+    # @note EncryptionSettings is a union - when making an API calls you must set exactly one of the members.
+    #
+    # @!attribute [rw] kms_encryption_settings
+    #   The KMS encryption settings for this policy store to encrypt data
+    #   with. It will contain the customer-managed KMS key, and a
+    #   user-defined encryption context.
+    #   @return [Types::KmsEncryptionSettings]
+    #
+    # @!attribute [rw] default
+    #   Use AWS owned encryption keys for encrypting policy store data.
+    #   @return [Types::Unit]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/EncryptionSettings AWS API Documentation
+    #
+    class EncryptionSettings < Struct.new(
+      :kms_encryption_settings,
+      :default,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class KmsEncryptionSettings < EncryptionSettings; end
+      class Default < EncryptionSettings; end
+      class Unknown < EncryptionSettings; end
+    end
+
+    # A structure that contains the encryption configuration for the policy
+    # store and child resources.
+    #
+    # This data type is used as a response parameter field for the
+    # [GetPolicyStore][1] operation.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetPolicyStore.html
+    #
+    # @note EncryptionState is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of EncryptionState corresponding to the set member.
+    #
+    # @!attribute [rw] kms_encryption_state
+    #   The KMS encryption settings currently configured for this policy
+    #   store to encrypt data with. It contains the customer-managed KMS
+    #   key, and a user-defined encryption context.
+    #   @return [Types::KmsEncryptionState]
+    #
+    # @!attribute [rw] default
+    #   Policy store data is encrypted using AWS owned encryption keys.
+    #   @return [Types::Unit]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/EncryptionState AWS API Documentation
+    #
+    class EncryptionState < Struct.new(
+      :kms_encryption_state,
+      :default,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class KmsEncryptionState < EncryptionState; end
+      class Default < EncryptionState; end
+      class Unknown < EncryptionState; end
+    end
+
     # Contains the list of entities to be considered during an authorization
     # request. This includes all principals, resources, and actions required
     # to successfully evaluate the request.
@@ -2119,6 +2203,11 @@ module Aws::VerifiedPermissions
     #   The default state is `DISABLED`.
     #   @return [String]
     #
+    # @!attribute [rw] encryption_state
+    #   A structure that contains the encryption configuration for the
+    #   policy store.
+    #   @return [Types::EncryptionState]
+    #
     # @!attribute [rw] cedar_version
     #   The version of the Cedar language used with policies, policy
     #   templates, and schemas in this policy store. For more information,
@@ -2143,6 +2232,7 @@ module Aws::VerifiedPermissions
       :last_updated_date,
       :description,
       :deletion_protection,
+      :encryption_state,
       :cedar_version,
       :tags)
       SENSITIVE = [:description]
@@ -2653,6 +2743,81 @@ module Aws::VerifiedPermissions
       include Aws::Structure
     end
 
+    # A structure that contains the KMS encryption configuration for the
+    # policy store. The encryption settings determine what customer-managed
+    # KMS key will be used to encrypt all resources within the policy store,
+    # and any user-defined context key-value pairs to append during
+    # encryption processes.
+    #
+    # This data type is used as a field that is part of the
+    # [EncryptionSettings][1] type.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_EncryptionSettings.html
+    #
+    # @!attribute [rw] key
+    #   The customer-managed KMS key [Amazon Resource Name (ARN)][1], alias
+    #   or ID to be used for encryption processes.
+    #
+    #   Users can provide the full KMS key ARN, a KMS key alias, or a KMS
+    #   key ID, but it will be mapped to the full KMS key ARN after policy
+    #   store creation, and referenced when encrypting child resources.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_context
+    #   User-defined, additional context to be added to encryption
+    #   processes.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/KmsEncryptionSettings AWS API Documentation
+    #
+    class KmsEncryptionSettings < Struct.new(
+      :key,
+      :encryption_context)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A structure that contains the KMS encryption configuration for the
+    # policy store. The encryption state shows what customer-managed KMS key
+    # is being used to encrypt all resources within the policy store, and
+    # any user-defined context key-value pairs added during encryption
+    # processes.
+    #
+    # This data type is used as a field that is part of the
+    # [EncryptionState][1] type.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_EncryptionState.html
+    #
+    # @!attribute [rw] key
+    #   The customer-managed KMS key [Amazon Resource Name (ARN)][1] being
+    #   used for encryption processes.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_context
+    #   User-defined, additional context added to encryption processes.
+    #   @return [Hash<String,String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/KmsEncryptionState AWS API Documentation
+    #
+    class KmsEncryptionState < Struct.new(
+      :key,
+      :encryption_context)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] policy_store_id
     #   Specifies the ID of the policy store that contains the identity
     #   sources that you want to list.
@@ -4220,6 +4385,12 @@ module Aws::VerifiedPermissions
       include Aws::Structure
     end
 
+    # @api private
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/Unit AWS API Documentation
+    #
+    class Unit < Aws::EmptyStructure; end
+
     # @!attribute [rw] resource_arn
     #   The ARN of the resource from which you are removing tags.
     #   @return [String]

data/lib/aws-sdk-verifiedpermissions.rb

@@ -55,7 +55,7 @@ module Aws::VerifiedPermissions
   autoload :EndpointProvider, 'aws-sdk-verifiedpermissions/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-verifiedpermissions/endpoints'
 
-  GEM_VERSION = '1.58.0'
+  GEM_VERSION = '1.60.0'
 
 end
 

data/sig/client.rbs

@@ -317,6 +317,14 @@ module Aws
                                  },
                                  ?description: ::String,
                                  ?deletion_protection: ("ENABLED" | "DISABLED"),
+                                 ?encryption_settings: {
+                                   kms_encryption_settings: {
+                                     key: ::String,
+                                     encryption_context: Hash[::String, ::String]?
+                                   }?,
+                                   default: {
+                                   }?
+                                 },
                                  ?tags: Hash[::String, ::String]
                                ) -> _CreatePolicyStoreResponseSuccess
                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreatePolicyStoreResponseSuccess
@@ -422,6 +430,7 @@ module Aws
         def last_updated_date: () -> ::Time
         def description: () -> ::String
         def deletion_protection: () -> ("ENABLED" | "DISABLED")
+        def encryption_state: () -> Types::EncryptionState
         def cedar_version: () -> ("CEDAR_2" | "CEDAR_4")
         def tags: () -> ::Hash[::String, ::String]
       end
@@ -765,7 +774,7 @@ module Aws
       def update_policy: (
                            policy_store_id: ::String,
                            policy_id: ::String,
-                           definition: {
+                           ?definition: {
                              static: {
                                description: ::String?,
                                statement: ::String

data/sig/types.rbs

@@ -329,6 +329,7 @@ module Aws::VerifiedPermissions
       attr_accessor validation_settings: Types::ValidationSettings
       attr_accessor description: ::String
       attr_accessor deletion_protection: ("ENABLED" | "DISABLED")
+      attr_accessor encryption_settings: Types::EncryptionSettings
       attr_accessor tags: ::Hash[::String, ::String]
       SENSITIVE: [:description]
     end
@@ -397,6 +398,34 @@ module Aws::VerifiedPermissions
       SENSITIVE: []
     end
 
+    class EncryptionSettings
+      attr_accessor kms_encryption_settings: Types::KmsEncryptionSettings
+      attr_accessor default: Types::Unit
+      attr_accessor unknown: untyped
+      SENSITIVE: []
+
+      class KmsEncryptionSettings < EncryptionSettings
+      end
+      class Default < EncryptionSettings
+      end
+      class Unknown < EncryptionSettings
+      end
+    end
+
+    class EncryptionState
+      attr_accessor kms_encryption_state: Types::KmsEncryptionState
+      attr_accessor default: Types::Unit
+      attr_accessor unknown: untyped
+      SENSITIVE: []
+
+      class KmsEncryptionState < EncryptionState
+      end
+      class Default < EncryptionState
+      end
+      class Unknown < EncryptionState
+      end
+    end
+
     class EntitiesDefinition
       attr_accessor entity_list: ::Array[Types::EntityItem]
       attr_accessor cedar_json: ::String
@@ -495,6 +524,7 @@ module Aws::VerifiedPermissions
       attr_accessor last_updated_date: ::Time
       attr_accessor description: ::String
       attr_accessor deletion_protection: ("ENABLED" | "DISABLED")
+      attr_accessor encryption_state: Types::EncryptionState
       attr_accessor cedar_version: ("CEDAR_2" | "CEDAR_4")
       attr_accessor tags: ::Hash[::String, ::String]
       SENSITIVE: [:description]
@@ -608,6 +638,18 @@ module Aws::VerifiedPermissions
       SENSITIVE: []
     end
 
+    class KmsEncryptionSettings
+      attr_accessor key: ::String
+      attr_accessor encryption_context: ::Hash[::String, ::String]
+      SENSITIVE: []
+    end
+
+    class KmsEncryptionState
+      attr_accessor key: ::String
+      attr_accessor encryption_context: ::Hash[::String, ::String]
+      SENSITIVE: []
+    end
+
     class ListIdentitySourcesInput
       attr_accessor policy_store_id: ::String
       attr_accessor next_token: ::String
@@ -980,6 +1022,9 @@ module Aws::VerifiedPermissions
       SENSITIVE: []
     end
 
+    class Unit < Aws::EmptyStructure
+    end
+
     class UntagResourceInput
       attr_accessor resource_arn: ::String
       attr_accessor tag_keys: ::Array[::String]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-verifiedpermissions
 version: !ruby/object:Gem::Version
-  version: 1.58.0
+  version: 1.60.0
 platform: ruby
 authors:
 - Amazon Web Services
@@ -18,7 +18,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.241.3
+        version: 3.241.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -28,7 +28,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.241.3
+        version: 3.241.4
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement