From 2d03a0b326cce564d13abd7da1cc97b9c669a880 Mon Sep 17 00:00:00 2001 From: Pulumi Bot <30351955+pulumi-bot@users.noreply.github.com> Date: Wed, 8 Jan 2025 08:51:46 -0800 Subject: [PATCH] Automated SDK generation @ aws-cloudformation-user-guide 19dc52cd3f2007d6d268b65b739ffb5ebf8c1e76 (#1967) Automated SDK generation @ aws-cloudformation-user-guide 19dc52cd3f2007d6d268b65b739ffb5ebf8c1e76 New resources: * customerprofiles.EventTrigger New functions: * customerprofiles.getEventTrigger --- .docs.version | 2 +- ...-backup-logicallyairgappedbackupvault.json | 2 +- .../aws-bedrock-knowledgebase.json | 2 +- .../aws-cleanrooms-collaboration.json | 65 +- .../aws-cleanrooms-membership.json | 35 + .../aws-customerprofiles-eventtrigger.json | 299 +++++ .../aws-efs-filesystem.json | 8 +- .../aws-iot1click-device.json | 20 - .../aws-iot1click-placement.json | 26 - .../aws-iot1click-project.json | 40 - aws-cloudformation-schema/aws-lex-bot.json | 40 +- aws-cloudformation-schema/aws-pipes-pipe.json | 38 +- .../aws-refactorspaces-application.json | 4 +- .../aws-refactorspaces-service.json | 2 +- .../aws-resiliencehub-app.json | 12 +- .../aws-resiliencehub-resiliencypolicy.json | 3 +- .../aws-rolesanywhere-crl.json | 3 +- .../aws-rolesanywhere-profile.json | 5 +- .../aws-rolesanywhere-trustanchor.json | 3 +- .../aws-s3-accesspoint.json | 3 + .../aws-ses-configurationset.json | 5 + .../aws-voiceid-domain.json | 4 +- meta/.botocore.version | 2 +- .../pulumi-gen-aws-native/supported-types.txt | 1 + .../pulumi-resource-aws-native/metadata.json | 526 ++++++-- .../pulumi-resource-aws-native/schema.json | 765 ++++++++++-- reports/missedAutonaming.json | 14 +- .../Backup/LogicallyAirGappedBackupVault.cs | 16 +- sdk/dotnet/CleanRooms/Collaboration.cs | 13 + sdk/dotnet/CleanRooms/Enums.cs | 28 + .../CollaborationMemberSpecificationArgs.cs | 6 + .../CollaborationMlMemberAbilitiesArgs.cs | 32 + .../CollaborationMlPaymentConfigArgs.cs | 32 + ...borationModelInferencePaymentConfigArgs.cs | 30 + ...aborationModelTrainingPaymentConfigArgs.cs | 30 + .../CollaborationPaymentConfigurationArgs.cs | 6 + .../Inputs/MembershipMlPaymentConfigArgs.cs | 26 + ...mbershipModelInferencePaymentConfigArgs.cs | 23 + ...embershipModelTrainingPaymentConfigArgs.cs | 23 + .../MembershipPaymentConfigurationArgs.cs | 3 + .../CollaborationMemberSpecification.cs | 7 + .../Outputs/CollaborationMlMemberAbilities.cs | 27 + .../Outputs/CollaborationMlPaymentConfig.cs | 35 + ...ollaborationModelInferencePaymentConfig.cs | 31 + ...CollaborationModelTrainingPaymentConfig.cs | 31 + .../CollaborationPaymentConfiguration.cs | 10 +- .../Outputs/MembershipMlPaymentConfig.cs | 29 + .../MembershipModelInferencePaymentConfig.cs | 24 + .../MembershipModelTrainingPaymentConfig.cs | 24 + .../Outputs/MembershipPaymentConfiguration.cs | 7 +- sdk/dotnet/Cognito/GetUserPool.cs | 20 +- sdk/dotnet/Cognito/GetUserPoolClient.cs | 44 +- sdk/dotnet/Cognito/GetUserPoolDomain.cs | 6 +- .../GetUserPoolRiskConfigurationAttachment.cs | 4 +- .../GetUserPoolUiCustomizationAttachment.cs | 6 +- .../Cognito/Inputs/UserPoolAddOnsArgs.cs | 4 +- .../UserPoolAdminCreateUserConfigArgs.cs | 6 +- ...PoolAdvancedSecurityAdditionalFlowsArgs.cs | 2 +- .../Inputs/UserPoolDeviceConfigurationArgs.cs | 2 +- .../Inputs/UserPoolPasswordPolicyArgs.cs | 2 +- .../Cognito/Inputs/UserPoolPoliciesArgs.cs | 2 +- ...ttachmentAccountTakeoverActionsTypeArgs.cs | 6 +- ...ccountTakeoverRiskConfigurationTypeArgs.cs | 4 +- ...UserPoolUserAttributeUpdateSettingsArgs.cs | 2 +- sdk/dotnet/Cognito/Outputs/UserPoolAddOns.cs | 4 +- .../Outputs/UserPoolAdminCreateUserConfig.cs | 6 +- ...UserPoolAdvancedSecurityAdditionalFlows.cs | 2 +- .../Outputs/UserPoolDeviceConfiguration.cs | 2 +- .../Cognito/Outputs/UserPoolPasswordPolicy.cs | 2 +- .../Cognito/Outputs/UserPoolPolicies.cs | 2 +- ...ionAttachmentAccountTakeoverActionsType.cs | 6 +- ...entAccountTakeoverRiskConfigurationType.cs | 4 +- .../UserPoolUserAttributeUpdateSettings.cs | 2 +- sdk/dotnet/Cognito/UserPool.cs | 40 +- sdk/dotnet/Cognito/UserPoolClient.cs | 92 +- sdk/dotnet/Cognito/UserPoolDomain.cs | 24 +- .../UserPoolRiskConfigurationAttachment.cs | 8 +- .../UserPoolUiCustomizationAttachment.cs | 8 +- sdk/dotnet/Cognito/UserPoolUser.cs | 20 +- sdk/dotnet/CustomerProfiles/Enums.cs | 109 ++ sdk/dotnet/CustomerProfiles/EventTrigger.cs | 143 +++ .../CustomerProfiles/GetEventTrigger.cs | 109 ++ .../Inputs/EventTriggerConditionArgs.cs | 34 + .../Inputs/EventTriggerDimensionArgs.cs | 31 + .../Inputs/EventTriggerLimitsArgs.cs | 34 + .../Inputs/EventTriggerObjectAttributeArgs.cs | 53 + .../Inputs/EventTriggerPeriodArgs.cs | 47 + .../Outputs/EventTriggerCondition.cs | 32 + .../Outputs/EventTriggerDimension.cs | 27 + .../Outputs/EventTriggerLimits.cs | 32 + .../Outputs/EventTriggerObjectAttribute.cs | 52 + .../Outputs/EventTriggerPeriod.cs | 52 + sdk/dotnet/Efs/Enums.cs | 2 +- .../Efs/Inputs/FileSystemProtectionArgs.cs | 2 +- .../FileSystemReplicationDestinationArgs.cs | 4 +- .../Efs/Outputs/FileSystemProtection.cs | 2 +- .../FileSystemReplicationDestination.cs | 4 +- sdk/dotnet/Lex/Bot.cs | 6 + sdk/dotnet/Lex/Inputs/BotReplicationArgs.cs | 35 + sdk/dotnet/Lex/Outputs/BotReplication.cs | 30 + sdk/dotnet/ResilienceHub/App.cs | 12 + sdk/dotnet/ResilienceHub/GetApp.cs | 7 + sdk/dotnet/RolesAnywhere/GetProfile.cs | 7 - sdk/dotnet/RolesAnywhere/Profile.cs | 4 + .../ConfigurationSetTrackingOptionsArgs.cs | 6 + .../ConfigurationSetTrackingOptions.cs | 10 +- sdk/dotnet/Sso/GetPermissionSet.cs | 2 +- sdk/dotnet/Sso/PermissionSet.cs | 4 +- sdk/dotnet/VoiceId/GetDomain.cs | 21 + .../backup/logicallyAirGappedBackupVault.go | 20 +- sdk/go/aws/cleanrooms/collaboration.go | 12 + sdk/go/aws/cleanrooms/pulumiEnums.go | 216 ++++ sdk/go/aws/cleanrooms/pulumiTypes.go | 1088 +++++++++++++++++ sdk/go/aws/cognito/getUserPool.go | 40 +- sdk/go/aws/cognito/getUserPoolClient.go | 88 +- sdk/go/aws/cognito/getUserPoolDomain.go | 12 +- .../getUserPoolRiskConfigurationAttachment.go | 8 +- .../getUserPoolUiCustomizationAttachment.go | 8 +- sdk/go/aws/cognito/pulumiTypes.go | 120 +- sdk/go/aws/cognito/userPool.go | 80 +- sdk/go/aws/cognito/userPoolClient.go | 184 +-- sdk/go/aws/cognito/userPoolDomain.go | 48 +- .../userPoolRiskConfigurationAttachment.go | 16 +- .../userPoolUiCustomizationAttachment.go | 16 +- sdk/go/aws/cognito/userPoolUser.go | 40 +- sdk/go/aws/customerprofiles/eventTrigger.go | 192 +++ .../aws/customerprofiles/getEventTrigger.go | 112 ++ sdk/go/aws/customerprofiles/init.go | 2 + sdk/go/aws/customerprofiles/pulumiEnums.go | 542 ++++++++ sdk/go/aws/customerprofiles/pulumiTypes.go | 635 ++++++++++ sdk/go/aws/efs/pulumiEnums.go | 2 +- sdk/go/aws/efs/pulumiTypes.go | 20 +- sdk/go/aws/lex/bot.go | 13 +- sdk/go/aws/lex/pulumiTypes.go | 144 +++ sdk/go/aws/resiliencehub/app.go | 11 + sdk/go/aws/resiliencehub/getApp.go | 7 + sdk/go/aws/rolesanywhere/getProfile.go | 7 - sdk/go/aws/rolesanywhere/profile.go | 4 + sdk/go/aws/ses/pulumiTypes.go | 19 + sdk/go/aws/sso/getPermissionSet.go | 4 +- sdk/go/aws/sso/permissionSet.go | 8 +- sdk/go/aws/voiceid/getDomain.go | 23 + sdk/go/aws/voiceid/pulumiTypes.go | 35 + .../backup/logicallyAirGappedBackupVault.ts | 16 +- sdk/nodejs/cleanrooms/collaboration.ts | 12 +- sdk/nodejs/cognito/getUserPool.ts | 20 +- sdk/nodejs/cognito/getUserPoolClient.ts | 44 +- sdk/nodejs/cognito/getUserPoolDomain.ts | 6 +- .../getUserPoolRiskConfigurationAttachment.ts | 4 +- .../getUserPoolUiCustomizationAttachment.ts | 6 +- sdk/nodejs/cognito/userPool.ts | 40 +- sdk/nodejs/cognito/userPoolClient.ts | 92 +- sdk/nodejs/cognito/userPoolDomain.ts | 24 +- .../userPoolRiskConfigurationAttachment.ts | 8 +- .../userPoolUiCustomizationAttachment.ts | 8 +- sdk/nodejs/cognito/userPoolUser.ts | 20 +- sdk/nodejs/customerprofiles/eventTrigger.ts | 118 ++ .../customerprofiles/getEventTrigger.ts | 56 + sdk/nodejs/customerprofiles/index.ts | 12 + sdk/nodejs/lex/bot.ts | 4 + sdk/nodejs/resiliencehub/app.ts | 10 + sdk/nodejs/resiliencehub/getApp.ts | 4 + sdk/nodejs/rolesanywhere/getProfile.ts | 4 - sdk/nodejs/rolesanywhere/profile.ts | 2 + sdk/nodejs/sso/getPermissionSet.ts | 2 +- sdk/nodejs/sso/permissionSet.ts | 4 +- sdk/nodejs/tsconfig.json | 2 + sdk/nodejs/types/enums/cleanrooms/index.ts | 7 + .../types/enums/customerprofiles/index.ts | 46 + sdk/nodejs/types/enums/efs/index.ts | 2 +- sdk/nodejs/types/input.ts | 179 ++- sdk/nodejs/types/output.ts | 179 ++- sdk/nodejs/voiceid/getDomain.ts | 12 + sdk/python/pulumi_aws_native/__init__.py | 1 + .../logically_air_gapped_backup_vault.py | 48 +- .../pulumi_aws_native/cleanrooms/_enums.py | 6 + .../pulumi_aws_native/cleanrooms/_inputs.py | 320 ++++- .../cleanrooms/collaboration.py | 31 +- .../pulumi_aws_native/cleanrooms/outputs.py | 318 ++++- .../pulumi_aws_native/cognito/_inputs.py | 90 +- .../cognito/get_user_pool.py | 20 +- .../cognito/get_user_pool_client.py | 44 +- .../cognito/get_user_pool_domain.py | 6 +- ...user_pool_risk_configuration_attachment.py | 4 +- ...t_user_pool_ui_customization_attachment.py | 6 +- .../pulumi_aws_native/cognito/outputs.py | 60 +- .../pulumi_aws_native/cognito/user_pool.py | 80 +- .../cognito/user_pool_client.py | 184 +-- .../cognito/user_pool_domain.py | 44 +- ...user_pool_risk_configuration_attachment.py | 16 +- .../user_pool_ui_customization_attachment.py | 16 +- .../cognito/user_pool_user.py | 40 +- .../customerprofiles/__init__.py | 2 + .../customerprofiles/_enums.py | 43 + .../customerprofiles/_inputs.py | 308 +++++ .../customerprofiles/event_trigger.py | 293 +++++ .../customerprofiles/get_event_trigger.py | 158 +++ .../customerprofiles/outputs.py | 278 +++++ sdk/python/pulumi_aws_native/efs/_enums.py | 2 +- sdk/python/pulumi_aws_native/efs/_inputs.py | 18 +- sdk/python/pulumi_aws_native/efs/outputs.py | 12 +- sdk/python/pulumi_aws_native/lex/_inputs.py | 37 + sdk/python/pulumi_aws_native/lex/bot.py | 21 + sdk/python/pulumi_aws_native/lex/outputs.py | 40 + .../pulumi_aws_native/resiliencehub/app.py | 29 + .../resiliencehub/get_app.py | 16 +- .../rolesanywhere/get_profile.py | 16 +- .../rolesanywhere/profile.py | 2 + sdk/python/pulumi_aws_native/ses/_inputs.py | 22 +- sdk/python/pulumi_aws_native/ses/outputs.py | 16 +- .../sso/get_permission_set.py | 2 +- .../pulumi_aws_native/sso/permission_set.py | 8 +- .../pulumi_aws_native/voiceid/get_domain.py | 45 +- 213 files changed, 9647 insertions(+), 1441 deletions(-) create mode 100644 aws-cloudformation-schema/aws-customerprofiles-eventtrigger.json delete mode 100644 aws-cloudformation-schema/aws-iot1click-device.json delete mode 100644 aws-cloudformation-schema/aws-iot1click-placement.json delete mode 100644 aws-cloudformation-schema/aws-iot1click-project.json create mode 100644 sdk/dotnet/CleanRooms/Inputs/CollaborationMlMemberAbilitiesArgs.cs create mode 100644 sdk/dotnet/CleanRooms/Inputs/CollaborationMlPaymentConfigArgs.cs create mode 100644 sdk/dotnet/CleanRooms/Inputs/CollaborationModelInferencePaymentConfigArgs.cs create mode 100644 sdk/dotnet/CleanRooms/Inputs/CollaborationModelTrainingPaymentConfigArgs.cs create mode 100644 sdk/dotnet/CleanRooms/Inputs/MembershipMlPaymentConfigArgs.cs create mode 100644 sdk/dotnet/CleanRooms/Inputs/MembershipModelInferencePaymentConfigArgs.cs create mode 100644 sdk/dotnet/CleanRooms/Inputs/MembershipModelTrainingPaymentConfigArgs.cs create mode 100644 sdk/dotnet/CleanRooms/Outputs/CollaborationMlMemberAbilities.cs create mode 100644 sdk/dotnet/CleanRooms/Outputs/CollaborationMlPaymentConfig.cs create mode 100644 sdk/dotnet/CleanRooms/Outputs/CollaborationModelInferencePaymentConfig.cs create mode 100644 sdk/dotnet/CleanRooms/Outputs/CollaborationModelTrainingPaymentConfig.cs create mode 100644 sdk/dotnet/CleanRooms/Outputs/MembershipMlPaymentConfig.cs create mode 100644 sdk/dotnet/CleanRooms/Outputs/MembershipModelInferencePaymentConfig.cs create mode 100644 sdk/dotnet/CleanRooms/Outputs/MembershipModelTrainingPaymentConfig.cs create mode 100644 sdk/dotnet/CustomerProfiles/EventTrigger.cs create mode 100644 sdk/dotnet/CustomerProfiles/GetEventTrigger.cs create mode 100644 sdk/dotnet/CustomerProfiles/Inputs/EventTriggerConditionArgs.cs create mode 100644 sdk/dotnet/CustomerProfiles/Inputs/EventTriggerDimensionArgs.cs create mode 100644 sdk/dotnet/CustomerProfiles/Inputs/EventTriggerLimitsArgs.cs create mode 100644 sdk/dotnet/CustomerProfiles/Inputs/EventTriggerObjectAttributeArgs.cs create mode 100644 sdk/dotnet/CustomerProfiles/Inputs/EventTriggerPeriodArgs.cs create mode 100644 sdk/dotnet/CustomerProfiles/Outputs/EventTriggerCondition.cs create mode 100644 sdk/dotnet/CustomerProfiles/Outputs/EventTriggerDimension.cs create mode 100644 sdk/dotnet/CustomerProfiles/Outputs/EventTriggerLimits.cs create mode 100644 sdk/dotnet/CustomerProfiles/Outputs/EventTriggerObjectAttribute.cs create mode 100644 sdk/dotnet/CustomerProfiles/Outputs/EventTriggerPeriod.cs create mode 100644 sdk/dotnet/Lex/Inputs/BotReplicationArgs.cs create mode 100644 sdk/dotnet/Lex/Outputs/BotReplication.cs create mode 100644 sdk/go/aws/customerprofiles/eventTrigger.go create mode 100644 sdk/go/aws/customerprofiles/getEventTrigger.go create mode 100644 sdk/nodejs/customerprofiles/eventTrigger.ts create mode 100644 sdk/nodejs/customerprofiles/getEventTrigger.ts create mode 100644 sdk/python/pulumi_aws_native/customerprofiles/event_trigger.py create mode 100644 sdk/python/pulumi_aws_native/customerprofiles/get_event_trigger.py diff --git a/.docs.version b/.docs.version index 7560de0697..05d52f2270 100644 --- a/.docs.version +++ b/.docs.version @@ -1 +1 @@ -e858b3443d67da52cfa525433fc8d05db1c470e3 +98a1c501d3da786892aa51753b7691255c7dd0c5 diff --git a/aws-cloudformation-schema/aws-backup-logicallyairgappedbackupvault.json b/aws-cloudformation-schema/aws-backup-logicallyairgappedbackupvault.json index f90c044a9b..5d7aa2a016 100644 --- a/aws-cloudformation-schema/aws-backup-logicallyairgappedbackupvault.json +++ b/aws-cloudformation-schema/aws-backup-logicallyairgappedbackupvault.json @@ -75,7 +75,7 @@ }, "required" : [ "BackupVaultName", "MinRetentionDays", "MaxRetentionDays" ], "createOnlyProperties" : [ "/properties/BackupVaultName", "/properties/MinRetentionDays", "/properties/MaxRetentionDays" ], - "readOnlyProperties" : [ "/properties/BackupVaultArn", "/properties/EncryptionKeyArn" ], + "readOnlyProperties" : [ "/properties/BackupVaultArn", "/properties/EncryptionKeyArn", "/properties/VaultState", "/properties/VaultType" ], "primaryIdentifier" : [ "/properties/BackupVaultName" ], "handlers" : { "create" : { diff --git a/aws-cloudformation-schema/aws-bedrock-knowledgebase.json b/aws-cloudformation-schema/aws-bedrock-knowledgebase.json index 94420ff243..c657b6717b 100644 --- a/aws-cloudformation-schema/aws-bedrock-knowledgebase.json +++ b/aws-cloudformation-schema/aws-bedrock-knowledgebase.json @@ -41,7 +41,7 @@ "CollectionArn" : { "type" : "string", "maxLength" : 2048, - "pattern" : "^arn:aws:aoss:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:collection/[a-z0-9-]{3,32}$", + "pattern" : "^arn:aws(|-cn|-us-gov|-iso):aoss:[a-z]{2}(-gov)?-[a-z]+-\\d{1}:\\d{12}:collection/[a-z0-9-]{3,32}$", "description" : "The ARN of the OpenSearch Service vector store." }, "VectorIndexName" : { diff --git a/aws-cloudformation-schema/aws-cleanrooms-collaboration.json b/aws-cloudformation-schema/aws-cleanrooms-collaboration.json index d86ee8430d..590ee1359c 100644 --- a/aws-cloudformation-schema/aws-cleanrooms-collaboration.json +++ b/aws-cloudformation-schema/aws-cleanrooms-collaboration.json @@ -42,6 +42,28 @@ }, "uniqueItems" : true }, + "MLMemberAbilities" : { + "type" : "object", + "properties" : { + "CustomMLMemberAbilities" : { + "$ref" : "#/definitions/CustomMLMemberAbilities" + } + }, + "required" : [ "CustomMLMemberAbilities" ], + "additionalProperties" : false + }, + "CustomMLMemberAbility" : { + "type" : "string", + "enum" : [ "CAN_RECEIVE_MODEL_OUTPUT", "CAN_RECEIVE_INFERENCE_OUTPUT" ] + }, + "CustomMLMemberAbilities" : { + "type" : "array", + "insertionOrder" : false, + "items" : { + "$ref" : "#/definitions/CustomMLMemberAbility" + }, + "uniqueItems" : true + }, "MemberSpecification" : { "type" : "object", "properties" : { @@ -54,6 +76,9 @@ "MemberAbilities" : { "$ref" : "#/definitions/MemberAbilities" }, + "MLMemberAbilities" : { + "$ref" : "#/definitions/MLMemberAbilities" + }, "DisplayName" : { "$ref" : "#/definitions/Name" }, @@ -97,6 +122,9 @@ "properties" : { "QueryCompute" : { "$ref" : "#/definitions/QueryComputePaymentConfig" + }, + "MachineLearning" : { + "$ref" : "#/definitions/MLPaymentConfig" } }, "required" : [ "QueryCompute" ] @@ -110,6 +138,38 @@ } }, "required" : [ "IsResponsible" ] + }, + "MLPaymentConfig" : { + "type" : "object", + "additionalProperties" : false, + "properties" : { + "ModelTraining" : { + "$ref" : "#/definitions/ModelTrainingPaymentConfig" + }, + "ModelInference" : { + "$ref" : "#/definitions/ModelInferencePaymentConfig" + } + } + }, + "ModelTrainingPaymentConfig" : { + "type" : "object", + "additionalProperties" : false, + "properties" : { + "IsResponsible" : { + "type" : "boolean" + } + }, + "required" : [ "IsResponsible" ] + }, + "ModelInferencePaymentConfig" : { + "type" : "object", + "additionalProperties" : false, + "properties" : { + "IsResponsible" : { + "type" : "boolean" + } + }, + "required" : [ "IsResponsible" ] } }, "properties" : { @@ -138,6 +198,9 @@ "CreatorMemberAbilities" : { "$ref" : "#/definitions/MemberAbilities" }, + "CreatorMLMemberAbilities" : { + "$ref" : "#/definitions/MLMemberAbilities" + }, "DataEncryptionMetadata" : { "$ref" : "#/definitions/DataEncryptionMetadata" }, @@ -174,7 +237,7 @@ }, "required" : [ "CreatorDisplayName", "CreatorMemberAbilities", "Members", "Name", "Description", "QueryLogStatus" ], "readOnlyProperties" : [ "/properties/Arn", "/properties/CollaborationIdentifier" ], - "createOnlyProperties" : [ "/properties/CreatorDisplayName", "/properties/CreatorMemberAbilities", "/properties/DataEncryptionMetadata", "/properties/QueryLogStatus", "/properties/Members", "/properties/CreatorPaymentConfiguration", "/properties/AnalyticsEngine" ], + "createOnlyProperties" : [ "/properties/CreatorDisplayName", "/properties/CreatorMemberAbilities", "/properties/CreatorMLMemberAbilities", "/properties/DataEncryptionMetadata", "/properties/QueryLogStatus", "/properties/Members", "/properties/CreatorPaymentConfiguration", "/properties/AnalyticsEngine" ], "primaryIdentifier" : [ "/properties/CollaborationIdentifier" ], "tagging" : { "taggable" : true, diff --git a/aws-cloudformation-schema/aws-cleanrooms-membership.json b/aws-cloudformation-schema/aws-cleanrooms-membership.json index b6486acd67..79c2f8f29f 100644 --- a/aws-cloudformation-schema/aws-cleanrooms-membership.json +++ b/aws-cloudformation-schema/aws-cleanrooms-membership.json @@ -83,6 +83,9 @@ "properties" : { "QueryCompute" : { "$ref" : "#/definitions/MembershipQueryComputePaymentConfig" + }, + "MachineLearning" : { + "$ref" : "#/definitions/MembershipMLPaymentConfig" } }, "required" : [ "QueryCompute" ] @@ -96,6 +99,38 @@ } }, "required" : [ "IsResponsible" ] + }, + "MembershipMLPaymentConfig" : { + "type" : "object", + "additionalProperties" : false, + "properties" : { + "ModelTraining" : { + "$ref" : "#/definitions/MembershipModelTrainingPaymentConfig" + }, + "ModelInference" : { + "$ref" : "#/definitions/MembershipModelInferencePaymentConfig" + } + } + }, + "MembershipModelTrainingPaymentConfig" : { + "type" : "object", + "additionalProperties" : false, + "properties" : { + "IsResponsible" : { + "type" : "boolean" + } + }, + "required" : [ "IsResponsible" ] + }, + "MembershipModelInferencePaymentConfig" : { + "type" : "object", + "additionalProperties" : false, + "properties" : { + "IsResponsible" : { + "type" : "boolean" + } + }, + "required" : [ "IsResponsible" ] } }, "properties" : { diff --git a/aws-cloudformation-schema/aws-customerprofiles-eventtrigger.json b/aws-cloudformation-schema/aws-customerprofiles-eventtrigger.json new file mode 100644 index 0000000000..f40b0faac4 --- /dev/null +++ b/aws-cloudformation-schema/aws-customerprofiles-eventtrigger.json @@ -0,0 +1,299 @@ +{ + "typeName" : "AWS::CustomerProfiles::EventTrigger", + "description" : "An event trigger resource of Amazon Connect Customer Profiles", + "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-customer-profiles", + "definitions" : { + "DomainName" : { + "description" : "The unique name of the domain.", + "type" : "string", + "pattern" : "^[a-zA-Z0-9_-]+$", + "minLength" : 1, + "maxLength" : 64 + }, + "EventTriggerName" : { + "description" : "The unique name of the event trigger.", + "type" : "string", + "pattern" : "^[a-zA-Z0-9_-]+$", + "minLength" : 1, + "maxLength" : 64 + }, + "ObjectTypeName" : { + "description" : "The unique name of the object type.", + "type" : "string", + "pattern" : "^[a-zA-Z_][a-zA-Z_0-9-]*$", + "minLength" : 1, + "maxLength" : 255 + }, + "Description" : { + "description" : "The description of the event trigger.", + "type" : "string", + "minLength" : 1, + "maxLength" : 1000 + }, + "EventTriggerConditions" : { + "description" : "A list of conditions that determine when an event should trigger the destination.", + "type" : "array", + "items" : { + "$ref" : "#/definitions/EventTriggerCondition" + }, + "insertionOrder" : false, + "minItems" : 1, + "maxItems" : 5 + }, + "EventTriggerCondition" : { + "description" : "Specifies the circumstances under which the event should trigger the destination.", + "type" : "object", + "properties" : { + "EventTriggerDimensions" : { + "$ref" : "#/definitions/EventTriggerDimensions" + }, + "LogicalOperator" : { + "$ref" : "#/definitions/EventTriggerLogicalOperator" + } + }, + "required" : [ "EventTriggerDimensions", "LogicalOperator" ], + "additionalProperties" : false + }, + "EventTriggerDimensions" : { + "description" : "A list of dimensions to be evaluated for the event.", + "type" : "array", + "items" : { + "$ref" : "#/definitions/EventTriggerDimension" + }, + "insertionOrder" : false, + "minItems" : 1, + "maxItems" : 10 + }, + "EventTriggerDimension" : { + "description" : "A specific event dimension to be assessed.", + "type" : "object", + "properties" : { + "ObjectAttributes" : { + "$ref" : "#/definitions/ObjectAttributes" + } + }, + "required" : [ "ObjectAttributes" ], + "additionalProperties" : false + }, + "EventTriggerLogicalOperator" : { + "description" : "The operator used to combine multiple dimensions.", + "type" : "string", + "enum" : [ "ANY", "ALL", "NONE" ] + }, + "ObjectAttributes" : { + "description" : "A list of object attributes to be evaluated.", + "type" : "array", + "items" : { + "$ref" : "#/definitions/ObjectAttribute" + }, + "insertionOrder" : false, + "minItems" : 1, + "maxItems" : 10 + }, + "ObjectAttribute" : { + "description" : "The criteria that a specific object attribute must meet to trigger the destination.", + "type" : "object", + "properties" : { + "Source" : { + "description" : "An attribute contained within a source object.", + "type" : "string", + "minLength" : 1, + "maxLength" : 1000 + }, + "FieldName" : { + "description" : "A field defined within an object type.", + "type" : "string", + "pattern" : "^[a-zA-Z0-9_.-]+$", + "minLength" : 1, + "maxLength" : 64 + }, + "ComparisonOperator" : { + "description" : "The operator used to compare an attribute against a list of values.", + "type" : "string", + "enum" : [ "INCLUSIVE", "EXCLUSIVE", "CONTAINS", "BEGINS_WITH", "ENDS_WITH", "GREATER_THAN", "LESS_THAN", "GREATER_THAN_OR_EQUAL", "LESS_THAN_OR_EQUAL", "EQUAL", "BEFORE", "AFTER", "ON", "BETWEEN", "NOT_BETWEEN" ] + }, + "Values" : { + "description" : "A list of attribute values used for comparison.", + "type" : "array", + "items" : { + "type" : "string", + "minLength" : 1, + "maxLength" : 255 + }, + "insertionOrder" : false, + "minItems" : 1, + "maxItems" : 10 + } + }, + "required" : [ "ComparisonOperator", "Values" ], + "additionalProperties" : false + }, + "EventTriggerLimits" : { + "description" : "Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods.", + "type" : "object", + "properties" : { + "EventExpiration" : { + "$ref" : "#/definitions/EventExpiration" + }, + "Periods" : { + "$ref" : "#/definitions/Periods" + } + }, + "additionalProperties" : false + }, + "EventExpiration" : { + "description" : "Specifies that an event will only trigger the destination if it is processed within a certain latency period.", + "type" : "integer", + "format" : "int64" + }, + "Periods" : { + "description" : "A list of time periods during which the limits apply.", + "type" : "array", + "items" : { + "$ref" : "#/definitions/Period" + }, + "insertionOrder" : false, + "minItems" : 1, + "maxItems" : 4 + }, + "Period" : { + "description" : "Defines a limit and the time period during which it is enforced.", + "type" : "object", + "properties" : { + "Unit" : { + "description" : "The unit of time.", + "type" : "string", + "enum" : [ "HOURS", "DAYS", "WEEKS", "MONTHS" ] + }, + "Value" : { + "description" : "The amount of time of the specified unit.", + "type" : "integer", + "minimum" : 1, + "maximum" : 24 + }, + "MaxInvocationsPerProfile" : { + "description" : "The maximum allowed number of destination invocations per profile.", + "type" : "integer", + "minimum" : 1, + "maximum" : 1000 + }, + "Unlimited" : { + "description" : "If set to true, there is no limit on the number of destination invocations per profile. The default is false.", + "type" : "boolean" + } + }, + "required" : [ "Unit", "Value" ], + "additionalProperties" : false + }, + "SegmentFilter" : { + "description" : "The destination is triggered only for profiles that meet the criteria of a segment definition.", + "type" : "string", + "pattern" : "^[a-zA-Z0-9_-]+$", + "minLength" : 1, + "maxLength" : 64 + }, + "Tag" : { + "description" : "A key-value pair to associate with a resource.", + "type" : "object", + "properties" : { + "Key" : { + "type" : "string", + "description" : "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "minLength" : 1, + "maxLength" : 128 + }, + "Value" : { + "type" : "string", + "description" : "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.", + "minLength" : 0, + "maxLength" : 256 + } + }, + "required" : [ "Key", "Value" ], + "additionalProperties" : false + }, + "Tags" : { + "description" : "An array of key-value pairs to apply to this resource.", + "type" : "array", + "uniqueItems" : true, + "insertionOrder" : false, + "items" : { + "$ref" : "#/definitions/Tag" + }, + "minItems" : 0, + "maxItems" : 50 + } + }, + "properties" : { + "DomainName" : { + "$ref" : "#/definitions/DomainName" + }, + "EventTriggerName" : { + "$ref" : "#/definitions/EventTriggerName" + }, + "ObjectTypeName" : { + "$ref" : "#/definitions/ObjectTypeName" + }, + "Description" : { + "$ref" : "#/definitions/Description" + }, + "EventTriggerConditions" : { + "$ref" : "#/definitions/EventTriggerConditions" + }, + "EventTriggerLimits" : { + "$ref" : "#/definitions/EventTriggerLimits" + }, + "SegmentFilter" : { + "$ref" : "#/definitions/SegmentFilter" + }, + "CreatedAt" : { + "description" : "The timestamp of when the event trigger was created.", + "type" : "string" + }, + "LastUpdatedAt" : { + "description" : "The timestamp of when the event trigger was most recently updated.", + "type" : "string" + }, + "Tags" : { + "$ref" : "#/definitions/Tags" + } + }, + "additionalProperties" : false, + "required" : [ "DomainName", "EventTriggerName", "ObjectTypeName", "EventTriggerConditions" ], + "tagging" : { + "taggable" : true, + "tagOnCreate" : true, + "tagUpdatable" : true, + "cloudFormationSystemTags" : true, + "tagProperty" : "/properties/Tags", + "permissions" : [ "profile:TagResource", "profile:UntagResource", "profile:ListTagsForResource" ] + }, + "createOnlyProperties" : [ "/properties/DomainName", "/properties/EventTriggerName" ], + "readOnlyProperties" : [ "/properties/CreatedAt", "/properties/LastUpdatedAt" ], + "primaryIdentifier" : [ "/properties/DomainName", "/properties/EventTriggerName" ], + "handlers" : { + "create" : { + "permissions" : [ "profile:CreateEventTrigger", "profile:TagResource" ] + }, + "read" : { + "permissions" : [ "profile:GetEventTrigger" ] + }, + "update" : { + "permissions" : [ "profile:GetEventTrigger", "profile:UpdateEventTrigger", "profile:UntagResource", "profile:TagResource" ] + }, + "delete" : { + "permissions" : [ "profile:DeleteEventTrigger" ] + }, + "list" : { + "handlerSchema" : { + "properties" : { + "DomainName" : { + "$ref" : "resource-schema.json#/properties/DomainName" + } + }, + "required" : [ "DomainName" ] + }, + "permissions" : [ "profile:ListEventTriggers" ] + } + } +} \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-efs-filesystem.json b/aws-cloudformation-schema/aws-efs-filesystem.json index 01da928e1a..9f9e6ea51b 100644 --- a/aws-cloudformation-schema/aws-efs-filesystem.json +++ b/aws-cloudformation-schema/aws-efs-filesystem.json @@ -61,7 +61,7 @@ "ReplicationOverwriteProtection" : { "type" : "string", "enum" : [ "DISABLED", "ENABLED" ], - "description" : "The status of the file system's replication overwrite protection.\n + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. \n + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.\n + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication.\n \n If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable." + "description" : "The status of the file system's replication overwrite protection.\n + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. \n + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.\n + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication.\n \n If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable." } }, "description" : "Describes the protection on the file system." @@ -72,11 +72,11 @@ "properties" : { "Status" : { "type" : "string", - "description" : "" + "description" : "Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*." }, "StatusMessage" : { "type" : "string", - "description" : "" + "description" : "Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*." }, "FileSystemId" : { "pattern" : "^(arn:aws[-a-z]*:elasticfilesystem:[0-9a-z-:]+:file-system/fs-[0-9a-f]{8,40}|fs-[0-9a-f]{8,40})$", @@ -89,7 +89,7 @@ }, "RoleArn" : { "type" : "string", - "description" : "" + "description" : "The Amazon Resource Name (ARN) of the current source file system in the replication configuration." }, "AvailabilityZoneName" : { "type" : "string", diff --git a/aws-cloudformation-schema/aws-iot1click-device.json b/aws-cloudformation-schema/aws-iot1click-device.json deleted file mode 100644 index b9f59990f7..0000000000 --- a/aws-cloudformation-schema/aws-iot1click-device.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "typeName" : "AWS::IoT1Click::Device", - "description" : "Resource Type definition for AWS::IoT1Click::Device", - "additionalProperties" : false, - "properties" : { - "DeviceId" : { - "type" : "string" - }, - "Enabled" : { - "type" : "boolean" - }, - "Arn" : { - "type" : "string" - } - }, - "required" : [ "Enabled", "DeviceId" ], - "readOnlyProperties" : [ "/properties/Arn", "/properties/DeviceId" ], - "createOnlyProperties" : [ "/properties/DeviceId" ], - "primaryIdentifier" : [ "/properties/DeviceId" ] -} \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-iot1click-placement.json b/aws-cloudformation-schema/aws-iot1click-placement.json deleted file mode 100644 index 95b2a7e326..0000000000 --- a/aws-cloudformation-schema/aws-iot1click-placement.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "typeName" : "AWS::IoT1Click::Placement", - "description" : "Resource Type definition for AWS::IoT1Click::Placement", - "additionalProperties" : false, - "properties" : { - "Id" : { - "type" : "string" - }, - "PlacementName" : { - "type" : "string" - }, - "ProjectName" : { - "type" : "string" - }, - "AssociatedDevices" : { - "type" : "object" - }, - "Attributes" : { - "type" : "object" - } - }, - "required" : [ "ProjectName" ], - "createOnlyProperties" : [ "/properties/PlacementName", "/properties/AssociatedDevices", "/properties/ProjectName" ], - "primaryIdentifier" : [ "/properties/Id" ], - "readOnlyProperties" : [ "/properties/Id" ] -} \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-iot1click-project.json b/aws-cloudformation-schema/aws-iot1click-project.json deleted file mode 100644 index 85a7005392..0000000000 --- a/aws-cloudformation-schema/aws-iot1click-project.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "typeName" : "AWS::IoT1Click::Project", - "description" : "Resource Type definition for AWS::IoT1Click::Project", - "additionalProperties" : false, - "properties" : { - "Id" : { - "type" : "string" - }, - "ProjectName" : { - "type" : "string" - }, - "Arn" : { - "type" : "string" - }, - "Description" : { - "type" : "string" - }, - "PlacementTemplate" : { - "$ref" : "#/definitions/PlacementTemplate" - } - }, - "definitions" : { - "PlacementTemplate" : { - "type" : "object", - "additionalProperties" : false, - "properties" : { - "DeviceTemplates" : { - "type" : "object" - }, - "DefaultAttributes" : { - "type" : "object" - } - } - } - }, - "required" : [ "PlacementTemplate" ], - "readOnlyProperties" : [ "/properties/Arn", "/properties/Id" ], - "createOnlyProperties" : [ "/properties/ProjectName" ], - "primaryIdentifier" : [ "/properties/Id" ] -} \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-lex-bot.json b/aws-cloudformation-schema/aws-lex-bot.json index 0d760af9e7..12f67e930c 100644 --- a/aws-cloudformation-schema/aws-lex-bot.json +++ b/aws-cloudformation-schema/aws-lex-bot.json @@ -3,6 +3,31 @@ "description" : "Amazon Lex conversational bot performing automated tasks such as ordering a pizza, booking a hotel, and so on.", "sourceUrl" : "https://docs.aws.amazon.com/lexv2/latest/dg/build-create.html", "definitions" : { + "ReplicaRegion" : { + "description" : "The secondary region that will be used in the replication of the source bot.", + "type" : "string", + "minLength" : 2, + "maxLength" : 25 + }, + "Replication" : { + "description" : "Parameter used to create a replication of the source bot in the secondary region.", + "type" : "object", + "properties" : { + "ReplicaRegions" : { + "description" : "List of secondary regions for bot replication.", + "type" : "array", + "uniqueItems" : true, + "maxItems" : 1, + "minItems" : 1, + "insertionOrder" : false, + "items" : { + "$ref" : "#/definitions/ReplicaRegion" + } + } + }, + "required" : [ "ReplicaRegions" ], + "additionalProperties" : false + }, "BotAliasLocaleSettingsList" : { "description" : "A list of bot alias locale settings to add to the bot alias.", "type" : "array", @@ -2020,6 +2045,9 @@ }, "TestBotAliasSettings" : { "$ref" : "#/definitions/TestBotAliasSettings" + }, + "Replication" : { + "$ref" : "#/definitions/Replication" } }, "taggable" : true, @@ -2027,22 +2055,22 @@ "required" : [ "Name", "RoleArn", "DataPrivacy", "IdleSessionTTLInSeconds" ], "primaryIdentifier" : [ "/properties/Id" ], "readOnlyProperties" : [ "/properties/Id", "/properties/Arn" ], - "writeOnlyProperties" : [ "/properties/BotLocales", "/properties/BotFileS3Location", "/properties/AutoBuildBotLocales", "/properties/BotTags", "/properties/TestBotAliasTags" ], + "writeOnlyProperties" : [ "/properties/BotLocales", "/properties/BotFileS3Location", "/properties/AutoBuildBotLocales", "/properties/BotTags", "/properties/TestBotAliasTags", "/properties/Replication" ], "handlers" : { "create" : { - "permissions" : [ "iam:PassRole", "lex:DescribeBot", "lex:CreateUploadUrl", "lex:StartImport", "lex:DescribeImport", "lex:ListTagsForResource", "lex:TagResource", "lex:CreateBot", "lex:CreateBotLocale", "lex:CreateIntent", "lex:CreateSlot", "lex:CreateSlotType", "lex:UpdateBot", "lex:UpdateBotLocale", "lex:UpdateIntent", "lex:UpdateSlot", "lex:UpdateSlotType", "lex:DeleteBotLocale", "lex:DeleteIntent", "lex:DeleteSlot", "lex:DeleteSlotType", "lex:DescribeBotLocale", "lex:BuildBotLocale", "lex:ListBots", "lex:ListBotLocales", "lex:CreateCustomVocabulary", "lex:UpdateCustomVocabulary", "lex:DeleteCustomVocabulary", "s3:GetObject", "lex:UpdateBotAlias" ] + "permissions" : [ "iam:PassRole", "lex:DescribeBot", "lex:CreateUploadUrl", "lex:StartImport", "lex:DescribeImport", "lex:ListTagsForResource", "lex:TagResource", "lex:CreateBot", "lex:CreateBotLocale", "lex:CreateIntent", "lex:CreateSlot", "lex:CreateSlotType", "lex:UpdateBot", "lex:UpdateBotLocale", "lex:UpdateIntent", "lex:UpdateSlot", "lex:UpdateSlotType", "lex:DeleteBotLocale", "lex:DeleteIntent", "lex:DeleteSlot", "lex:DeleteSlotType", "lex:DescribeBotLocale", "lex:BuildBotLocale", "lex:ListBots", "lex:ListBotLocales", "lex:CreateCustomVocabulary", "lex:UpdateCustomVocabulary", "lex:DeleteCustomVocabulary", "s3:GetObject", "lex:UpdateBotAlias", "iam:CreateServiceLinkedRole", "iam:GetRole", "lex:CreateBotReplica", "lex:DescribeBotReplica", "lex:DeleteBotReplica" ] }, "read" : { - "permissions" : [ "lex:DescribeBot", "lex:ListTagsForResource" ] + "permissions" : [ "lex:DescribeBot", "lex:ListTagsForResource", "lex:DescribeBotReplica" ] }, "update" : { - "permissions" : [ "iam:PassRole", "lex:DescribeBot", "lex:CreateUploadUrl", "lex:StartImport", "lex:DescribeImport", "lex:ListTagsForResource", "lex:TagResource", "lex:UntagResource", "lex:CreateBot", "lex:CreateBotLocale", "lex:CreateIntent", "lex:CreateSlot", "lex:CreateSlotType", "lex:UpdateBot", "lex:UpdateBotLocale", "lex:UpdateIntent", "lex:UpdateSlot", "lex:UpdateSlotType", "lex:DeleteBotLocale", "lex:DeleteIntent", "lex:DeleteSlot", "lex:DeleteSlotType", "lex:DescribeBotLocale", "lex:BuildBotLocale", "lex:ListBots", "lex:ListBotLocales", "lex:CreateCustomVocabulary", "lex:UpdateCustomVocabulary", "lex:DeleteCustomVocabulary", "s3:GetObject", "lex:UpdateBotAlias" ] + "permissions" : [ "iam:PassRole", "lex:DescribeBot", "lex:CreateUploadUrl", "lex:StartImport", "lex:DescribeImport", "lex:ListTagsForResource", "lex:TagResource", "lex:UntagResource", "lex:CreateBot", "lex:CreateBotLocale", "lex:CreateIntent", "lex:CreateSlot", "lex:CreateSlotType", "lex:UpdateBot", "lex:UpdateBotLocale", "lex:UpdateIntent", "lex:UpdateSlot", "lex:UpdateSlotType", "lex:DeleteBotLocale", "lex:DeleteIntent", "lex:DeleteSlot", "lex:DeleteSlotType", "lex:DescribeBotLocale", "lex:BuildBotLocale", "lex:ListBots", "lex:ListBotLocales", "lex:CreateCustomVocabulary", "lex:UpdateCustomVocabulary", "lex:DeleteCustomVocabulary", "s3:GetObject", "lex:UpdateBotAlias", "lex:CreateBotReplica", "lex:DescribeBotReplica", "lex:DeleteBotReplica" ] }, "delete" : { - "permissions" : [ "lex:DeleteBot", "lex:DescribeBot", "lex:DeleteBotLocale", "lex:DeleteIntent", "lex:DeleteSlotType", "lex:DeleteSlot", "lex:DeleteBotVersion", "lex:DeleteBotChannel", "lex:DeleteBotAlias", "lex:DeleteCustomVocabulary" ] + "permissions" : [ "lex:DeleteBot", "lex:DescribeBot", "lex:DeleteBotLocale", "lex:DeleteIntent", "lex:DeleteSlotType", "lex:DeleteSlot", "lex:DeleteBotVersion", "lex:DeleteBotChannel", "lex:DeleteBotAlias", "lex:DeleteCustomVocabulary", "lex:DeleteBotReplica" ] }, "list" : { - "permissions" : [ "lex:ListBots" ] + "permissions" : [ "lex:ListBots", "lex:ListBotReplicas" ] } } } \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-pipes-pipe.json b/aws-cloudformation-schema/aws-pipes-pipe.json index 5fd46a25c6..55d8f2803d 100644 --- a/aws-cloudformation-schema/aws-pipes-pipe.json +++ b/aws-cloudformation-schema/aws-pipes-pipe.json @@ -174,7 +174,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^(^arn:aws([a-z]|\\-)*:logs:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):log-group:.+)$" + "pattern" : "^(^arn:aws([a-z]|\\-)*:logs:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):log-group:.+)$" } }, "additionalProperties" : false @@ -186,7 +186,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$" + "pattern" : "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$" } }, "additionalProperties" : false @@ -351,7 +351,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$" + "pattern" : "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$" }, "InferenceAcceleratorOverrides" : { "type" : "array", @@ -366,7 +366,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$" + "pattern" : "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$" } }, "additionalProperties" : false @@ -407,7 +407,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^(^arn:aws([a-z]|\\-)*:firehose:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):deliverystream/.+)$" + "pattern" : "^(^arn:aws([a-z]|\\-)*:firehose:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):deliverystream/.+)$" } }, "additionalProperties" : false @@ -449,7 +449,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "description" : "Optional SecretManager ARN which stores the database credentials" } }, @@ -466,7 +466,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "description" : "Optional SecretManager ARN which stores the database credentials" } }, @@ -480,7 +480,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "description" : "Optional SecretManager ARN which stores the database credentials" } }, @@ -862,7 +862,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "description" : "Optional SecretManager ARN which stores the database credentials" }, "Vpc" : { @@ -949,7 +949,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$" + "pattern" : "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$" }, "TaskCount" : { "type" : "integer", @@ -1046,7 +1046,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$" + "pattern" : "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$" }, "maxItems" : 10, "minItems" : 0 @@ -1158,7 +1158,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$", + "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)|(\\$(\\.[\\w/_-]+(\\[(\\d+|\\*)\\])*)*)$", "description" : "Optional SecretManager ARN which stores the database credentials" }, "Database" : { @@ -1395,7 +1395,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "description" : "Optional SecretManager ARN which stores the database credentials" } }, @@ -1409,7 +1409,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "description" : "Optional SecretManager ARN which stores the database credentials" } }, @@ -1423,7 +1423,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "description" : "Optional SecretManager ARN which stores the database credentials" } }, @@ -1437,7 +1437,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", + "pattern" : "^(^arn:aws([a-z]|\\-)*:secretsmanager:([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}):(\\d{12}):secret:.+)$", "description" : "Optional SecretManager ARN which stores the database credentials" } }, @@ -1561,7 +1561,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 0, - "pattern" : "^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$" + "pattern" : "^$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$" }, "EnrichmentParameters" : { "$ref" : "#/definitions/PipeEnrichmentParameters" @@ -1594,7 +1594,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^smk://(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]):[0-9]{1,5}|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$" + "pattern" : "^smk://(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9]):[0-9]{1,5}|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$" }, "SourceParameters" : { "$ref" : "#/definitions/PipeSourceParameters" @@ -1612,7 +1612,7 @@ "type" : "string", "maxLength" : 1600, "minLength" : 1, - "pattern" : "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$" + "pattern" : "^arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-]+):([a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.+)$" }, "TargetParameters" : { "$ref" : "#/definitions/PipeTargetParameters" diff --git a/aws-cloudformation-schema/aws-refactorspaces-application.json b/aws-cloudformation-schema/aws-refactorspaces-application.json index 8d1fbbdd28..09bd73ca47 100644 --- a/aws-cloudformation-schema/aws-refactorspaces-application.json +++ b/aws-cloudformation-schema/aws-refactorspaces-application.json @@ -138,13 +138,13 @@ "additionalProperties" : false, "handlers" : { "create" : { - "permissions" : [ "refactor-spaces:GetApplication", "refactor-spaces:CreateApplication", "refactor-spaces:TagResource", "ec2:CreateTags", "ec2:CreateVpcEndpointServiceConfiguration", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeAccountAttributes", "ec2:DescribeInternetGateways", "ec2:ModifyVpcEndpointServicePermissions", "apigateway:DELETE", "apigateway:GET", "apigateway:PATCH", "apigateway:POST", "apigateway:PUT", "apigateway:UpdateRestApiPolicy", "apigateway:Update*", "apigateway:Delete*", "apigateway:Get*", "apigateway:Put*", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:AddTags", "iam:CreateServiceLinkedRole" ] + "permissions" : [ "refactor-spaces:GetApplication", "refactor-spaces:CreateApplication", "refactor-spaces:TagResource", "ec2:CreateTags", "ec2:CreateVpcEndpointServiceConfiguration", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeAccountAttributes", "ec2:DescribeInternetGateways", "ec2:ModifyVpcEndpointServicePermissions", "apigateway:DELETE", "apigateway:GET", "apigateway:PATCH", "apigateway:POST", "apigateway:PUT", "apigateway:UpdateRestApiPolicy", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:AddTags", "iam:CreateServiceLinkedRole" ] }, "read" : { "permissions" : [ "refactor-spaces:GetApplication", "refactor-spaces:ListTagsForResource" ] }, "delete" : { - "permissions" : [ "refactor-spaces:GetApplication", "refactor-spaces:DeleteApplication", "refactor-spaces:UntagResource", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DeleteRoute", "ec2:DeleteSecurityGroup", "ec2:DeleteTransitGateway", "ec2:DeleteTransitGatewayVpcAttachment", "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DeleteTags", "ec2:RevokeSecurityGroupIngress", "elasticloadbalancing:DeleteLoadBalancer", "apigateway:Update*", "apigateway:Delete*", "apigateway:Get*", "apigateway:Put*" ] + "permissions" : [ "refactor-spaces:GetApplication", "refactor-spaces:DeleteApplication", "refactor-spaces:UntagResource", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DeleteRoute", "ec2:DeleteSecurityGroup", "ec2:DeleteTransitGateway", "ec2:DeleteTransitGatewayVpcAttachment", "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DeleteTags", "ec2:RevokeSecurityGroupIngress", "elasticloadbalancing:DeleteLoadBalancer", "apigateway:DELETE", "apigateway:GET", "apigateway:PUT", "apigateway:UpdateRestApiPolicy" ] }, "list" : { "handlerSchema" : { diff --git a/aws-cloudformation-schema/aws-refactorspaces-service.json b/aws-cloudformation-schema/aws-refactorspaces-service.json index 44cdd5394a..5e035d3546 100644 --- a/aws-cloudformation-schema/aws-refactorspaces-service.json +++ b/aws-cloudformation-schema/aws-refactorspaces-service.json @@ -133,7 +133,7 @@ "permissions" : [ "refactor-spaces:CreateService", "refactor-spaces:GetService", "refactor-spaces:TagResource", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeRouteTables", "ec2:CreateTags", "ec2:CreateTransitGatewayVpcAttachment", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:CreateSecurityGroup", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateRoute", "lambda:GetFunctionConfiguration" ] }, "read" : { - "permissions" : [ "refactor-spacess:GetService", "refactor-spaces:ListTagsForResource" ] + "permissions" : [ "refactor-spaces:GetService", "refactor-spaces:ListTagsForResource" ] }, "delete" : { "permissions" : [ "refactor-spaces:DeleteService", "refactor-spaces:GetService", "refactor-spaces:UntagResource", "ram:DisassociateResourceShare", "ec2:DescribeNetworkInterfaces", "ec2:DescribeRouteTables", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeSecurityGroups", "ec2:DeleteSecurityGroup", "ec2:DeleteRoute", "ec2:RevokeSecurityGroupIngress", "ec2:DeleteTransitGatewayVpcAttachment", "ec2:DeleteTags" ] diff --git a/aws-cloudformation-schema/aws-resiliencehub-app.json b/aws-cloudformation-schema/aws-resiliencehub-app.json index af16a38640..606450e8cd 100644 --- a/aws-cloudformation-schema/aws-resiliencehub-app.json +++ b/aws-cloudformation-schema/aws-resiliencehub-app.json @@ -145,6 +145,11 @@ "description" : "Amazon Resource Name (ARN) of the Resiliency Policy.", "pattern" : "^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$" }, + "RegulatoryPolicyArn" : { + "type" : "string", + "description" : "Amazon Resource Name (ARN) of the Regulatory Policy.", + "pattern" : "^arn:(aws|aws-cn|aws-iso|aws-iso-[a-z]{1}|aws-us-gov):[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:([a-z]{2}-((iso[a-z]{0,1}-)|(gov-)){0,1}[a-z]+-[0-9]):[0-9]{12}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.-]{0,1023}$" + }, "Tags" : { "$ref" : "#/definitions/TagMap" }, @@ -192,7 +197,8 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "resiliencehub:TagResource", "resiliencehub:ListTagsForResource", "resiliencehub:UntagResource" ] }, "additionalProperties" : false, "required" : [ "Name", "AppTemplateBody", "ResourceMappings" ], @@ -201,13 +207,13 @@ "primaryIdentifier" : [ "/properties/AppArn" ], "handlers" : { "create" : { - "permissions" : [ "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "s3:GetBucketLocation", "s3:GetObject", "s3:ListAllMyBuckets", "autoscaling:DescribeAutoScalingGroups", "apigateway:GET", "ec2:Describe*", "ecs:DescribeServices", "eks:DescribeCluster", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeLoadBalancers", "lambda:GetFunction*", "rds:Describe*", "dynamodb:Describe*", "sqs:GetQueueAttributes", "sns:GetTopicAttributes", "route53:List*", "iam:PassRole", "resiliencehub:*" ] + "permissions" : [ "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "s3:GetBucketLocation", "s3:GetObject", "s3:ListAllMyBuckets", "autoscaling:DescribeAutoScalingGroups", "apigateway:GET", "ec2:Describe*", "ecs:DescribeServices", "eks:DescribeCluster", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeLoadBalancers", "lambda:GetFunction*", "rds:Describe*", "dynamodb:Describe*", "sqs:GetQueueAttributes", "sns:GetTopicAttributes", "route53:List*", "iam:PassRole", "resiliencehub:CreateApp", "resiliencehub:DescribeApp", "resiliencehub:DescribeAppVersionTemplate", "resiliencehub:PutDraftAppVersionTemplate", "resiliencehub:AddDraftAppVersionResourceMappings", "resiliencehub:ListAppVersionResourceMappings", "resiliencehub:ListAppVersions", "resiliencehub:PublishAppVersion", "resiliencehub:ListTagsForResource", "resiliencehub:TagResource", "resiliencehub:UntagResource" ] }, "read" : { "permissions" : [ "resiliencehub:DescribeApp", "resiliencehub:DescribeAppVersionTemplate", "resiliencehub:ListAppVersionResourceMappings", "resiliencehub:ListTagsForResource", "resiliencehub:ListAppVersions" ] }, "update" : { - "permissions" : [ "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "s3:GetBucketLocation", "s3:GetObject", "s3:ListAllMyBuckets", "autoscaling:DescribeAutoScalingGroups", "apigateway:GET", "ec2:Describe*", "ecs:DescribeServices", "eks:DescribeCluster", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeLoadBalancers", "lambda:GetFunction*", "rds:Describe*", "dynamodb:Describe*", "sqs:GetQueueAttributes", "sns:GetTopicAttributes", "route53:List*", "iam:PassRole", "resiliencehub:*" ] + "permissions" : [ "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "s3:GetBucketLocation", "s3:GetObject", "s3:ListAllMyBuckets", "autoscaling:DescribeAutoScalingGroups", "apigateway:GET", "ec2:Describe*", "ecs:DescribeServices", "eks:DescribeCluster", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeLoadBalancers", "lambda:GetFunction*", "rds:Describe*", "dynamodb:Describe*", "sqs:GetQueueAttributes", "sns:GetTopicAttributes", "route53:List*", "iam:PassRole", "resiliencehub:UpdateApp", "resiliencehub:DescribeApp", "resiliencehub:DescribeAppVersionTemplate", "resiliencehub:PutDraftAppVersionTemplate", "resiliencehub:AddDraftAppVersionResourceMappings", "resiliencehub:RemoveDraftAppVersionResourceMappings", "resiliencehub:ListAppVersionResourceMappings", "resiliencehub:ListAppVersions", "resiliencehub:PublishAppVersion", "resiliencehub:ListTagsForResource", "resiliencehub:TagResource", "resiliencehub:UntagResource" ] }, "delete" : { "permissions" : [ "resiliencehub:DeleteApp", "resiliencehub:UntagResource", "resiliencehub:ListApps" ] diff --git a/aws-cloudformation-schema/aws-resiliencehub-resiliencypolicy.json b/aws-cloudformation-schema/aws-resiliencehub-resiliencypolicy.json index e18ddcb1d8..e4004b321d 100644 --- a/aws-cloudformation-schema/aws-resiliencehub-resiliencypolicy.json +++ b/aws-cloudformation-schema/aws-resiliencehub-resiliencypolicy.json @@ -90,7 +90,8 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "resiliencehub:TagResource", "resiliencehub:ListTagsForResource", "resiliencehub:UntagResource" ] }, "additionalProperties" : false, "required" : [ "PolicyName", "Tier", "Policy" ], diff --git a/aws-cloudformation-schema/aws-rolesanywhere-crl.json b/aws-cloudformation-schema/aws-rolesanywhere-crl.json index f3b5f3887b..d897c23fb8 100644 --- a/aws-cloudformation-schema/aws-rolesanywhere-crl.json +++ b/aws-cloudformation-schema/aws-rolesanywhere-crl.json @@ -52,7 +52,8 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "rolesanywhere:UntagResource", "rolesanywhere:TagResource", "rolesanywhere:ListTagsForResource" ] }, "required" : [ "Name", "CrlData" ], "readOnlyProperties" : [ "/properties/CrlId" ], diff --git a/aws-cloudformation-schema/aws-rolesanywhere-profile.json b/aws-cloudformation-schema/aws-rolesanywhere-profile.json index 458735d2a9..c407a27811 100644 --- a/aws-cloudformation-schema/aws-rolesanywhere-profile.json +++ b/aws-cloudformation-schema/aws-rolesanywhere-profile.json @@ -112,9 +112,12 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "rolesanywhere:UntagResource", "rolesanywhere:TagResource", "rolesanywhere:ListTagsForResource" ] }, + "createOnlyProperties" : [ "/properties/RequireInstanceProperties" ], "readOnlyProperties" : [ "/properties/ProfileId", "/properties/ProfileArn" ], + "writeOnlyProperties" : [ "/properties/RequireInstanceProperties" ], "primaryIdentifier" : [ "/properties/ProfileId" ], "required" : [ "Name", "RoleArns" ], "handlers" : { diff --git a/aws-cloudformation-schema/aws-rolesanywhere-trustanchor.json b/aws-cloudformation-schema/aws-rolesanywhere-trustanchor.json index 3c30cbc306..eff46b8b39 100644 --- a/aws-cloudformation-schema/aws-rolesanywhere-trustanchor.json +++ b/aws-cloudformation-schema/aws-rolesanywhere-trustanchor.json @@ -128,7 +128,8 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "rolesanywhere:UntagResource", "rolesanywhere:TagResource", "rolesanywhere:ListTagsForResource" ] }, "required" : [ "Name", "Source" ], "readOnlyProperties" : [ "/properties/TrustAnchorId", "/properties/TrustAnchorArn" ], diff --git a/aws-cloudformation-schema/aws-s3-accesspoint.json b/aws-cloudformation-schema/aws-s3-accesspoint.json index 44649f885e..c47eb5ee4f 100644 --- a/aws-cloudformation-schema/aws-s3-accesspoint.json +++ b/aws-cloudformation-schema/aws-s3-accesspoint.json @@ -112,5 +112,8 @@ "permissions" : [ "s3:ListAccessPoints" ] } }, + "tagging" : { + "taggable" : false + }, "additionalProperties" : false } \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-ses-configurationset.json b/aws-cloudformation-schema/aws-ses-configurationset.json index 00a7e29a73..65191ffa7e 100644 --- a/aws-cloudformation-schema/aws-ses-configurationset.json +++ b/aws-cloudformation-schema/aws-ses-configurationset.json @@ -11,6 +11,11 @@ "CustomRedirectDomain" : { "type" : "string", "description" : "The domain to use for tracking open and click events." + }, + "HttpsPolicy" : { + "type" : "string", + "description" : "The https policy to use for tracking open and click events.", + "pattern" : "REQUIRE|REQUIRE_OPEN_ONLY|OPTIONAL" } } }, diff --git a/aws-cloudformation-schema/aws-voiceid-domain.json b/aws-cloudformation-schema/aws-voiceid-domain.json index 9846b10c3b..3069b548e6 100644 --- a/aws-cloudformation-schema/aws-voiceid-domain.json +++ b/aws-cloudformation-schema/aws-voiceid-domain.json @@ -68,14 +68,14 @@ }, "required" : [ "Name", "ServerSideEncryptionConfiguration" ], "readOnlyProperties" : [ "/properties/DomainId" ], - "writeOnlyProperties" : [ "/properties/Description", "/properties/Name", "/properties/ServerSideEncryptionConfiguration" ], "primaryIdentifier" : [ "/properties/DomainId" ], "tagging" : { "taggable" : true, "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "#/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "voiceid:TagResource", "voiceid:UntagResource" ] }, "handlers" : { "create" : { diff --git a/meta/.botocore.version b/meta/.botocore.version index ed8998be3d..3892cd36aa 100644 --- a/meta/.botocore.version +++ b/meta/.botocore.version @@ -1 +1 @@ -1.35.93 +1.35.94 diff --git a/provider/cmd/pulumi-gen-aws-native/supported-types.txt b/provider/cmd/pulumi-gen-aws-native/supported-types.txt index 727f1ee4c3..4d94dadc00 100644 --- a/provider/cmd/pulumi-gen-aws-native/supported-types.txt +++ b/provider/cmd/pulumi-gen-aws-native/supported-types.txt @@ -257,6 +257,7 @@ AWS::ControlTower::LandingZone AWS::CustomerProfiles::CalculatedAttributeDefinition AWS::CustomerProfiles::Domain AWS::CustomerProfiles::EventStream +AWS::CustomerProfiles::EventTrigger AWS::CustomerProfiles::Integration AWS::CustomerProfiles::ObjectType AWS::CustomerProfiles::SegmentDefinition diff --git a/provider/cmd/pulumi-resource-aws-native/metadata.json b/provider/cmd/pulumi-resource-aws-native/metadata.json index 9a5eeb8a41..26394414bc 100644 --- a/provider/cmd/pulumi-resource-aws-native/metadata.json +++ b/provider/cmd/pulumi-resource-aws-native/metadata.json @@ -11612,14 +11612,6 @@ "notifications": { "$ref": "#/types/aws-native:backup:LogicallyAirGappedBackupVaultNotificationObjectType", "description": "Returns event notifications for the specified backup vault." - }, - "vaultState": { - "type": "string", - "description": "The current state of the vault." - }, - "vaultType": { - "type": "string", - "description": "The type of vault described." } }, "outputs": { @@ -11682,7 +11674,9 @@ ], "readOnly": [ "backupVaultArn", - "encryptionKeyArn" + "encryptionKeyArn", + "vaultState", + "vaultType" ], "tagsProperty": "backupVaultTags", "tagsStyle": "stringMap", @@ -15279,6 +15273,10 @@ }, "description": "The abilities granted to the collaboration creator.\n\n*Allowed values* `CAN_QUERY` | `CAN_RECEIVE_RESULTS`" }, + "creatorMlMemberAbilities": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationMlMemberAbilities", + "description": "The ML member abilities for a collaboration member." + }, "creatorPaymentConfiguration": { "$ref": "#/types/aws-native:cleanrooms:CollaborationPaymentConfiguration", "description": "An object representing the collaboration member's payment responsibilities set by the collaboration creator." @@ -15341,6 +15339,11 @@ "description": "The abilities granted to the collaboration creator.\n\n*Allowed values* `CAN_QUERY` | `CAN_RECEIVE_RESULTS`", "replaceOnChanges": true }, + "creatorMlMemberAbilities": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationMlMemberAbilities", + "description": "The ML member abilities for a collaboration member.", + "replaceOnChanges": true + }, "creatorPaymentConfiguration": { "$ref": "#/types/aws-native:cleanrooms:CollaborationPaymentConfiguration", "description": "An object representing the collaboration member's payment responsibilities set by the collaboration creator.", @@ -15396,6 +15399,7 @@ "analyticsEngine", "creatorDisplayName", "creatorMemberAbilities", + "creatorMlMemberAbilities", "creatorPaymentConfiguration", "dataEncryptionMetadata", "members", @@ -15405,6 +15409,9 @@ "arn", "collaborationIdentifier" ], + "irreversibleNames": { + "creatorMlMemberAbilities": "CreatorMLMemberAbilities" + }, "tagsProperty": "tags", "tagsStyle": "keyValueArray", "primaryIdentifier": [ @@ -21243,21 +21250,21 @@ }, "adminCreateUserConfig": { "$ref": "#/types/aws-native:cognito:UserPoolAdminCreateUserConfig", - "description": "The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." + "description": "The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.\n\nThis data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` ." }, "aliasAttributes": { "type": "array", "items": { "type": "string" }, - "description": "Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) ." + "description": "Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) ." }, "autoVerifiedAttributes": { "type": "array", "items": { "type": "string" }, - "description": "The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) ." + "description": "The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) ." }, "deletionProtection": { "type": "string", @@ -21298,11 +21305,11 @@ }, "mfaConfiguration": { "type": "string", - "description": "The multi-factor authentication (MFA) configuration. Valid values include:\n\n- `OFF` MFA won't be used for any users.\n- `ON` MFA is required for all users to sign in.\n- `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated." + "description": "Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` .\n\nWhen `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor." }, "policies": { "$ref": "#/types/aws-native:cognito:UserPoolPolicies", - "description": "A list of user pool policies. Contains the policy that sets password-complexity requirements.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." + "description": "A list of user pool policies. Contains the policy that sets password-complexity requirements.\n\nThis data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` ." }, "schema": { "type": "array", @@ -21317,7 +21324,7 @@ }, "smsConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolSmsConfiguration", - "description": "The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) ." + "description": "The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) ." }, "smsVerificationMessage": { "type": "string", @@ -21329,11 +21336,11 @@ }, "userPoolAddOns": { "$ref": "#/types/aws-native:cognito:UserPoolAddOns", - "description": "User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` .\n\nFor more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) ." + "description": "Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` .\n\nFor more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) ." }, "userPoolName": { "type": "string", - "description": "A friendlhy name for your user pool." + "description": "A friendly name for your user pool." }, "userPoolTags": { "type": "object", @@ -21377,14 +21384,14 @@ }, "adminCreateUserConfig": { "$ref": "#/types/aws-native:cognito:UserPoolAdminCreateUserConfig", - "description": "The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." + "description": "The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.\n\nThis data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` ." }, "aliasAttributes": { "type": "array", "items": { "type": "string" }, - "description": "Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) ." + "description": "Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) ." }, "arn": { "type": "string", @@ -21395,7 +21402,7 @@ "items": { "type": "string" }, - "description": "The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) ." + "description": "The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) ." }, "deletionProtection": { "type": "string", @@ -21436,11 +21443,11 @@ }, "mfaConfiguration": { "type": "string", - "description": "The multi-factor authentication (MFA) configuration. Valid values include:\n\n- `OFF` MFA won't be used for any users.\n- `ON` MFA is required for all users to sign in.\n- `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated." + "description": "Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` .\n\nWhen `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor." }, "policies": { "$ref": "#/types/aws-native:cognito:UserPoolPolicies", - "description": "A list of user pool policies. Contains the policy that sets password-complexity requirements.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." + "description": "A list of user pool policies. Contains the policy that sets password-complexity requirements.\n\nThis data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` ." }, "providerName": { "type": "string", @@ -21463,7 +21470,7 @@ }, "smsConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolSmsConfiguration", - "description": "The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) ." + "description": "The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) ." }, "smsVerificationMessage": { "type": "string", @@ -21475,7 +21482,7 @@ }, "userPoolAddOns": { "$ref": "#/types/aws-native:cognito:UserPoolAddOns", - "description": "User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` .\n\nFor more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) ." + "description": "Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` .\n\nFor more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) ." }, "userPoolId": { "type": "string", @@ -21483,7 +21490,7 @@ }, "userPoolName": { "type": "string", - "description": "A friendlhy name for your user pool." + "description": "A friendly name for your user pool." }, "userPoolTags": { "type": "object", @@ -21559,18 +21566,18 @@ "items": { "type": "string" }, - "description": "The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret." + "description": "The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret." }, "allowedOAuthFlowsUserPoolClient": { "type": "boolean", - "description": "Set to `true` to use OAuth 2.0 features in your user pool app client.\n\n`AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client.\n\n- `CallBackURLs` : Callback URLs.\n- `LogoutURLs` : Sign-out redirect URLs.\n- `AllowedOAuthScopes` : OAuth 2.0 scopes.\n- `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants.\n\nTo use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` ." + "description": "Set to `true` to use OAuth 2.0 authorization server features in your app client.\n\nThis parameter must have a value of `true` before you can configure the following features in your app client.\n\n- `CallBackURLs` : Callback URLs.\n- `LogoutURLs` : Sign-out redirect URLs.\n- `AllowedOAuthScopes` : OAuth 2.0 scopes.\n- `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants.\n\nTo use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted." }, "allowedOAuthScopes": { "type": "array", "items": { "type": "string" }, - "description": "The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported." + "description": "The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs." }, "analyticsConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolClientAnalyticsConfiguration", @@ -21585,7 +21592,7 @@ "items": { "type": "string" }, - "description": "A list of allowed redirect (callback) URLs for the IdPs.\n\nA redirect URI must:\n\n- Be an absolute URI.\n- Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported." + "description": "A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes.\n\nA redirect URI must meet the following requirements:\n\n- Be an absolute URI.\n- Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported." }, "clientName": { "type": "string", @@ -21597,22 +21604,22 @@ }, "enablePropagateAdditionalUserContextData": { "type": "boolean", - "description": "Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret." + "description": "When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret." }, "enableTokenRevocation": { "type": "boolean", - "description": "Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client." + "description": "Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client.\n\nRevoke tokens with `API_RevokeToken` .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client." }, "explicitAuthFlows": { "type": "array", "items": { "type": "string" }, - "description": "The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n\u003e If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nValid values include:\n\n- `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` .\n\nTo activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` ." + "description": "The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n\u003e If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nThe values for authentication flow options include the following.\n\n- `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` .\n\nTo activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` ." }, "generateSecret": { "type": "boolean", - "description": "When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) ." + "description": "When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) ." }, "idTokenValidity": { "type": "integer", @@ -21623,7 +21630,7 @@ "items": { "type": "string" }, - "description": "A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) ." + "description": "A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects \"Sign out\" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) ." }, "preventUserExistenceErrors": { "type": "string", @@ -21634,7 +21641,7 @@ "items": { "type": "string" }, - "description": "The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." + "description": "The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list.\n\nAn example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." }, "refreshTokenValidity": { "type": "integer", @@ -21645,7 +21652,7 @@ "items": { "type": "string" }, - "description": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .\n\nThis setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) ." + "description": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .\n\nThis parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) ." }, "tokenValidityUnits": { "$ref": "#/types/aws-native:cognito:UserPoolClientTokenValidityUnits", @@ -21660,7 +21667,7 @@ "items": { "type": "string" }, - "description": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value.\n\nWhen you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes.\n\nIf your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying IdP Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." + "description": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list.\n\nAn example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value.\n\nWhen you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes.\n\nIf your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying IdP Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." } }, "outputs": { @@ -21673,18 +21680,18 @@ "items": { "type": "string" }, - "description": "The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret." + "description": "The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret." }, "allowedOAuthFlowsUserPoolClient": { "type": "boolean", - "description": "Set to `true` to use OAuth 2.0 features in your user pool app client.\n\n`AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client.\n\n- `CallBackURLs` : Callback URLs.\n- `LogoutURLs` : Sign-out redirect URLs.\n- `AllowedOAuthScopes` : OAuth 2.0 scopes.\n- `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants.\n\nTo use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` ." + "description": "Set to `true` to use OAuth 2.0 authorization server features in your app client.\n\nThis parameter must have a value of `true` before you can configure the following features in your app client.\n\n- `CallBackURLs` : Callback URLs.\n- `LogoutURLs` : Sign-out redirect URLs.\n- `AllowedOAuthScopes` : OAuth 2.0 scopes.\n- `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants.\n\nTo use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted." }, "allowedOAuthScopes": { "type": "array", "items": { "type": "string" }, - "description": "The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported." + "description": "The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs." }, "analyticsConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolClientAnalyticsConfiguration", @@ -21699,7 +21706,7 @@ "items": { "type": "string" }, - "description": "A list of allowed redirect (callback) URLs for the IdPs.\n\nA redirect URI must:\n\n- Be an absolute URI.\n- Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported." + "description": "A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes.\n\nA redirect URI must meet the following requirements:\n\n- Be an absolute URI.\n- Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported." }, "clientId": { "type": "string", @@ -21718,22 +21725,22 @@ }, "enablePropagateAdditionalUserContextData": { "type": "boolean", - "description": "Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret." + "description": "When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret." }, "enableTokenRevocation": { "type": "boolean", - "description": "Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client." + "description": "Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client.\n\nRevoke tokens with `API_RevokeToken` .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client." }, "explicitAuthFlows": { "type": "array", "items": { "type": "string" }, - "description": "The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n\u003e If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nValid values include:\n\n- `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` .\n\nTo activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` ." + "description": "The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n\u003e If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nThe values for authentication flow options include the following.\n\n- `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` .\n\nTo activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` ." }, "generateSecret": { "type": "boolean", - "description": "When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) .", + "description": "When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) .", "replaceOnChanges": true }, "idTokenValidity": { @@ -21745,7 +21752,7 @@ "items": { "type": "string" }, - "description": "A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) ." + "description": "A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects \"Sign out\" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) ." }, "name": { "type": "string" @@ -21759,7 +21766,7 @@ "items": { "type": "string" }, - "description": "The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." + "description": "The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list.\n\nAn example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." }, "refreshTokenValidity": { "type": "integer", @@ -21770,7 +21777,7 @@ "items": { "type": "string" }, - "description": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .\n\nThis setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) ." + "description": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .\n\nThis parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) ." }, "tokenValidityUnits": { "$ref": "#/types/aws-native:cognito:UserPoolClientTokenValidityUnits", @@ -21786,7 +21793,7 @@ "items": { "type": "string" }, - "description": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value.\n\nWhen you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes.\n\nIf your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying IdP Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." + "description": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list.\n\nAn example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value.\n\nWhen you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes.\n\nIf your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying IdP Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." } }, "autoNamingSpec": { @@ -21824,11 +21831,11 @@ "inputs": { "customDomainConfig": { "$ref": "#/types/aws-native:cognito:UserPoolDomainCustomDomainConfigType", - "description": "The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request." + "description": "The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` .\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain.\n\nUpdate the RP ID in a `API_SetUserPoolMfaConfig` request." }, "domain": { "type": "string", - "description": "The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` .\n\nThis string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names." + "description": "The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` ." }, "managedLoginVersion": { "type": "integer", @@ -21836,7 +21843,7 @@ }, "userPoolId": { "type": "string", - "description": "The ID of the user pool that is associated with the custom domain whose certificate you're updating." + "description": "The ID of the user pool that is associated with the domain you're updating." } }, "outputs": { @@ -21850,11 +21857,11 @@ }, "customDomainConfig": { "$ref": "#/types/aws-native:cognito:UserPoolDomainCustomDomainConfigType", - "description": "The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request." + "description": "The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` .\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain.\n\nUpdate the RP ID in a `API_SetUserPoolMfaConfig` request." }, "domain": { "type": "string", - "description": "The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` .\n\nThis string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names.", + "description": "The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` .", "replaceOnChanges": true }, "managedLoginVersion": { @@ -21863,7 +21870,7 @@ }, "userPoolId": { "type": "string", - "description": "The ID of the user pool that is associated with the custom domain whose certificate you're updating.", + "description": "The ID of the user pool that is associated with the domain you're updating.", "replaceOnChanges": true } }, @@ -22112,7 +22119,7 @@ "inputs": { "accountTakeoverRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType", - "description": "The settings for automated responses and notification templates for adaptive authentication with advanced security features." + "description": "The settings for automated responses and notification templates for adaptive authentication with threat protection." }, "clientId": { "type": "string", @@ -22120,7 +22127,7 @@ }, "compromisedCredentialsRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType", - "description": "Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode." + "description": "Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode." }, "riskExceptionConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationType", @@ -22134,7 +22141,7 @@ "outputs": { "accountTakeoverRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType", - "description": "The settings for automated responses and notification templates for adaptive authentication with advanced security features." + "description": "The settings for automated responses and notification templates for adaptive authentication with threat protection." }, "clientId": { "type": "string", @@ -22143,7 +22150,7 @@ }, "compromisedCredentialsRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType", - "description": "Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode." + "description": "Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode." }, "riskExceptionConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationType", @@ -22177,11 +22184,11 @@ }, "css": { "type": "string", - "description": "The CSS values in the UI customization." + "description": "A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` ." }, "userPoolId": { "type": "string", - "description": "The ID of the user pool." + "description": "The ID of the user pool where you want to apply branding to the classic hosted UI." } }, "outputs": { @@ -22192,11 +22199,11 @@ }, "css": { "type": "string", - "description": "The CSS values in the UI customization." + "description": "A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` ." }, "userPoolId": { "type": "string", - "description": "The ID of the user pool.", + "description": "The ID of the user pool where you want to apply branding to the classic hosted UI.", "replaceOnChanges": true } }, @@ -22246,7 +22253,7 @@ "items": { "$ref": "#/types/aws-native:cognito:UserPoolUserAttributeType" }, - "description": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nYou must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` .\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .\n\n- *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter." + "description": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nYou must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` .\n\nIn your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply:\n\n- **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter.\n- **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter.\n\nYou can also set attributes verified with `API_AdminUpdateUserAttributes` ." }, "userPoolId": { "type": "string", @@ -22261,7 +22268,7 @@ "items": { "$ref": "#/types/aws-native:cognito:UserPoolUserAttributeType" }, - "description": "Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.\n\nYour Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.\n\nFor more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) ." + "description": "Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.\n\nYour Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs.\n\nFor more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) ." } }, "outputs": { @@ -22296,7 +22303,7 @@ "items": { "$ref": "#/types/aws-native:cognito:UserPoolUserAttributeType" }, - "description": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nYou must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` .\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .\n\n- *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", + "description": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nYou must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` .\n\nIn your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply:\n\n- **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter.\n- **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter.\n\nYou can also set attributes verified with `API_AdminUpdateUserAttributes` .", "replaceOnChanges": true }, "userPoolId": { @@ -22314,7 +22321,7 @@ "items": { "$ref": "#/types/aws-native:cognito:UserPoolUserAttributeType" }, - "description": "Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.\n\nYour Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.\n\nFor more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) .", + "description": "Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.\n\nYour Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs.\n\nFor more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) .", "replaceOnChanges": true } }, @@ -26266,6 +26273,105 @@ "eventStreamName" ] }, + "aws-native:customerprofiles:EventTrigger": { + "cf": "AWS::CustomerProfiles::EventTrigger", + "inputs": { + "description": { + "type": "string" + }, + "domainName": { + "type": "string" + }, + "eventTriggerConditions": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerCondition" + } + }, + "eventTriggerLimits": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerLimits" + }, + "eventTriggerName": { + "type": "string" + }, + "objectTypeName": { + "type": "string" + }, + "segmentFilter": { + "type": "string" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + } + } + }, + "outputs": { + "createdAt": { + "type": "string", + "description": "The timestamp of when the event trigger was created." + }, + "description": { + "type": "string" + }, + "domainName": { + "type": "string", + "replaceOnChanges": true + }, + "eventTriggerConditions": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerCondition" + } + }, + "eventTriggerLimits": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerLimits" + }, + "eventTriggerName": { + "type": "string", + "replaceOnChanges": true + }, + "lastUpdatedAt": { + "type": "string", + "description": "The timestamp of when the event trigger was most recently updated." + }, + "objectTypeName": { + "type": "string" + }, + "segmentFilter": { + "type": "string" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + } + } + }, + "autoNamingSpec": { + "sdkName": "eventTriggerName" + }, + "required": [ + "domainName", + "eventTriggerConditions", + "objectTypeName" + ], + "createOnly": [ + "domainName", + "eventTriggerName" + ], + "readOnly": [ + "createdAt", + "lastUpdatedAt" + ], + "tagsProperty": "tags", + "tagsStyle": "keyValueArray", + "primaryIdentifier": [ + "domainName", + "eventTriggerName" + ] + }, "aws-native:customerprofiles:Integration": { "cf": "AWS::CustomerProfiles::Integration", "inputs": { @@ -66795,6 +66901,9 @@ "type": "string", "description": "The name of the bot locale." }, + "replication": { + "$ref": "#/types/aws-native:lex:BotReplication" + }, "roleArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the IAM role used to build and run the bot." @@ -66858,6 +66967,9 @@ "type": "string", "description": "The name of the bot locale." }, + "replication": { + "$ref": "#/types/aws-native:lex:BotReplication" + }, "roleArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the IAM role used to build and run the bot." @@ -66891,6 +67003,7 @@ "botFileS3Location", "botLocales", "botTags", + "replication", "testBotAliasTags" ], "irreversibleNames": { @@ -92225,6 +92338,10 @@ "$ref": "#/types/aws-native:resiliencehub:AppPermissionModel", "description": "Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment." }, + "regulatoryPolicyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Regulatory Policy." + }, "resiliencyPolicyArn": { "type": "string", "description": "Amazon Resource Name (ARN) of the Resiliency Policy." @@ -92281,6 +92398,10 @@ "$ref": "#/types/aws-native:resiliencehub:AppPermissionModel", "description": "Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment." }, + "regulatoryPolicyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Regulatory Policy." + }, "resiliencyPolicyArn": { "type": "string", "description": "Amazon Resource Name (ARN) of the Resiliency Policy." @@ -93362,7 +93483,8 @@ }, "requireInstanceProperties": { "type": "boolean", - "description": "Specifies whether instance properties are required in CreateSession requests with this profile." + "description": "Specifies whether instance properties are required in CreateSession requests with this profile.", + "replaceOnChanges": true }, "roleArns": { "type": "array", @@ -93389,10 +93511,16 @@ "required": [ "roleArns" ], + "createOnly": [ + "requireInstanceProperties" + ], "readOnly": [ "profileArn", "profileId" ], + "writeOnly": [ + "requireInstanceProperties" + ], "tagsProperty": "tags", "tagsStyle": "keyValueArray", "primaryIdentifier": [ @@ -106010,7 +106138,7 @@ "items": { "type": "string" }, - "description": "A structure that stores the details of the AWS managed policy." + "description": "A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy." }, "name": { "type": "string", @@ -106062,7 +106190,7 @@ "items": { "type": "string" }, - "description": "A structure that stores the details of the AWS managed policy." + "description": "A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy." }, "name": { "type": "string", @@ -108723,11 +108851,6 @@ "readOnly": [ "domainId" ], - "writeOnly": [ - "description", - "name", - "serverSideEncryptionConfiguration" - ], "tagsProperty": "tags", "tagsStyle": "keyValueArray", "primaryIdentifier": [ @@ -128231,6 +128354,9 @@ "aws-native:cleanrooms:CollaborationAnalyticsEngine": { "type": "string" }, + "aws-native:cleanrooms:CollaborationCustomMlMemberAbility": { + "type": "string" + }, "aws-native:cleanrooms:CollaborationDataEncryptionMetadata": { "type": "object", "properties": { @@ -128273,15 +128399,72 @@ }, "description": "The abilities granted to the collaboration member.\n\n*Allowed Values* : `CAN_QUERY` | `CAN_RECEIVE_RESULTS`" }, + "mlMemberAbilities": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationMlMemberAbilities", + "description": "The ML abilities granted to the collaboration member." + }, "paymentConfiguration": { "$ref": "#/types/aws-native:cleanrooms:CollaborationPaymentConfiguration", "description": "The collaboration member's payment responsibilities set by the collaboration creator.\n\nIf the collaboration creator hasn't specified anyone as the member paying for query compute costs, then the member who can query is the default payer." } + }, + "irreversibleNames": { + "mlMemberAbilities": "MLMemberAbilities" + } + }, + "aws-native:cleanrooms:CollaborationMlMemberAbilities": { + "type": "object", + "properties": { + "customMlMemberAbilities": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationCustomMlMemberAbility" + }, + "description": "The custom ML member abilities for a collaboration member." + } + }, + "irreversibleNames": { + "customMlMemberAbilities": "CustomMLMemberAbilities" + } + }, + "aws-native:cleanrooms:CollaborationMlPaymentConfig": { + "type": "object", + "properties": { + "modelInference": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationModelInferencePaymentConfig", + "description": "The payment responsibilities accepted by the member for model inference." + }, + "modelTraining": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationModelTrainingPaymentConfig", + "description": "The payment responsibilities accepted by the member for model training." + } + } + }, + "aws-native:cleanrooms:CollaborationModelInferencePaymentConfig": { + "type": "object", + "properties": { + "isResponsible": { + "type": "boolean", + "description": "Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ).\n\nExactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration.\n\nIf the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query." + } + } + }, + "aws-native:cleanrooms:CollaborationModelTrainingPaymentConfig": { + "type": "object", + "properties": { + "isResponsible": { + "type": "boolean", + "description": "Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ).\n\nExactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration.\n\nIf the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query." + } } }, "aws-native:cleanrooms:CollaborationPaymentConfiguration": { "type": "object", "properties": { + "machineLearning": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationMlPaymentConfig", + "description": "An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator." + }, "queryCompute": { "$ref": "#/types/aws-native:cleanrooms:CollaborationQueryComputePaymentConfig", "description": "The collaboration member's payment responsibilities set by the collaboration creator for query compute costs." @@ -128909,9 +129092,39 @@ } } }, + "aws-native:cleanrooms:MembershipMlPaymentConfig": { + "type": "object", + "properties": { + "modelInference": { + "$ref": "#/types/aws-native:cleanrooms:MembershipModelInferencePaymentConfig" + }, + "modelTraining": { + "$ref": "#/types/aws-native:cleanrooms:MembershipModelTrainingPaymentConfig" + } + } + }, + "aws-native:cleanrooms:MembershipModelInferencePaymentConfig": { + "type": "object", + "properties": { + "isResponsible": { + "type": "boolean" + } + } + }, + "aws-native:cleanrooms:MembershipModelTrainingPaymentConfig": { + "type": "object", + "properties": { + "isResponsible": { + "type": "boolean" + } + } + }, "aws-native:cleanrooms:MembershipPaymentConfiguration": { "type": "object", "properties": { + "machineLearning": { + "$ref": "#/types/aws-native:cleanrooms:MembershipMlPaymentConfig" + }, "queryCompute": { "$ref": "#/types/aws-native:cleanrooms:MembershipQueryComputePaymentConfig", "description": "The payment responsibilities accepted by the collaboration member for query compute costs." @@ -132897,11 +133110,11 @@ "properties": { "advancedSecurityAdditionalFlows": { "$ref": "#/types/aws-native:cognito:UserPoolAdvancedSecurityAdditionalFlows", - "description": "Advanced security configuration options for additional authentication types in your user pool, including custom authentication." + "description": "Threat protection configuration options for additional authentication types in your user pool, including custom authentication." }, "advancedSecurityMode": { "type": "string", - "description": "The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication." + "description": "The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication." } } }, @@ -132910,7 +133123,7 @@ "properties": { "allowAdminCreateUserOnly": { "type": "boolean", - "description": "The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation." + "description": "The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation." }, "inviteMessageTemplate": { "$ref": "#/types/aws-native:cognito:UserPoolInviteMessageTemplate", @@ -132918,7 +133131,7 @@ }, "unusedAccountValidityDays": { "type": "integer", - "description": "This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` .\n\nThe password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter.\n\nThe default value for this parameter is 7." + "description": "This parameter is no longer in use.\n\nConfigure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` .\n\nThe password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter.\n\nThe default value for this parameter is 7." } } }, @@ -132927,7 +133140,7 @@ "properties": { "customAuthMode": { "type": "string", - "description": "The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) ." + "description": "The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) ." } } }, @@ -133008,7 +133221,7 @@ }, "deviceOnlyRememberedOnUserPrompt": { "type": "boolean", - "description": "When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request.\n\nWhen `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request." + "description": "When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request.\n\nWhen `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request." } } }, @@ -133153,7 +133366,7 @@ }, "passwordHistorySize": { "type": "integer", - "description": "The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` .\n\nPassword history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher." + "description": "The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` .\n\nPassword history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher." }, "requireLowercase": { "type": "boolean", @@ -133186,7 +133399,7 @@ }, "signInPolicy": { "$ref": "#/types/aws-native:cognito:UserPoolSignInPolicy", - "description": "The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." + "description": "The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n\nThis data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` ." } } }, @@ -133247,15 +133460,15 @@ "properties": { "highAction": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverActionType", - "description": "The action that you assign to a high-risk assessment by advanced security features." + "description": "The action that you assign to a high-risk assessment by threat protection." }, "lowAction": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverActionType", - "description": "The action that you assign to a low-risk assessment by advanced security features." + "description": "The action that you assign to a low-risk assessment by threat protection." }, "mediumAction": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverActionType", - "description": "The action that you assign to a medium-risk assessment by advanced security features." + "description": "The action that you assign to a medium-risk assessment by threat protection." } } }, @@ -133264,11 +133477,11 @@ "properties": { "actions": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType", - "description": "A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features." + "description": "A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection." }, "notifyConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentNotifyConfigurationType", - "description": "The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type." + "description": "The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type." } } }, @@ -133465,7 +133678,7 @@ "items": { "type": "string" }, - "description": "Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.\n\nYou can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true.\n\nWhen `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute." + "description": "Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.\n\nYou can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true.\n\nWhen `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute." } } }, @@ -136458,6 +136671,112 @@ } } }, + "aws-native:customerprofiles:EventTriggerCondition": { + "type": "object", + "properties": { + "eventTriggerDimensions": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerDimension" + } + }, + "logicalOperator": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerLogicalOperator" + } + } + }, + "aws-native:customerprofiles:EventTriggerDimension": { + "type": "object", + "properties": { + "objectAttributes": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerObjectAttribute" + } + } + } + }, + "aws-native:customerprofiles:EventTriggerLimits": { + "type": "object", + "properties": { + "eventExpiration": { + "type": "integer" + }, + "periods": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerPeriod" + } + } + } + }, + "aws-native:customerprofiles:EventTriggerLogicalOperator": { + "type": "string" + }, + "aws-native:customerprofiles:EventTriggerObjectAttribute": { + "type": "object", + "properties": { + "comparisonOperator": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerObjectAttributeComparisonOperator", + "description": "The operator used to compare an attribute against a list of values." + }, + "fieldName": { + "type": "string", + "description": "A field defined within an object type." + }, + "source": { + "type": "string", + "description": "An attribute contained within a source object." + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of attribute values used for comparison." + } + } + }, + "aws-native:customerprofiles:EventTriggerObjectAttributeComparisonOperator": { + "type": "string" + }, + "aws-native:customerprofiles:EventTriggerPeriod": { + "type": "object", + "properties": { + "maxInvocationsPerProfile": { + "type": "integer", + "description": "The maximum allowed number of destination invocations per profile." + }, + "unit": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerPeriodUnit", + "description": "The unit of time." + }, + "unlimited": { + "type": "boolean", + "description": "If set to true, there is no limit on the number of destination invocations per profile. The default is false." + }, + "value": { + "type": "integer", + "description": "The amount of time of the specified unit." + } + } + }, + "aws-native:customerprofiles:EventTriggerPeriodUnit": { + "type": "string" + }, + "aws-native:customerprofiles:EventTriggerTag": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -." + }, + "value": { + "type": "string", + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -." + } + } + }, "aws-native:customerprofiles:IntegrationConnectorOperator": { "type": "object", "properties": { @@ -148494,7 +148813,7 @@ "properties": { "replicationOverwriteProtection": { "$ref": "#/types/aws-native:efs:FileSystemProtectionReplicationOverwriteProtection", - "description": "The status of the file system's replication overwrite protection.\n + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. \n + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.\n + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication.\n \n If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable." + "description": "The status of the file system's replication overwrite protection.\n + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. \n + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.\n + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication.\n \n If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable." } } }, @@ -148538,11 +148857,11 @@ }, "status": { "type": "string", - "description": "Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* ." + "description": "Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*." }, "statusMessage": { "type": "string", - "description": "Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* ." + "description": "Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*." } } }, @@ -170217,6 +170536,18 @@ } } }, + "aws-native:lex:BotReplication": { + "type": "object", + "properties": { + "replicaRegions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of secondary regions for bot replication." + } + } + }, "aws-native:lex:BotResponseSpecification": { "type": "object", "properties": { @@ -231072,6 +231403,10 @@ "customRedirectDomain": { "type": "string", "description": "The domain to use for tracking open and click events." + }, + "httpsPolicy": { + "type": "string", + "description": "The https policy to use for tracking open and click events." } } }, @@ -241424,6 +241759,13 @@ "eventStreamName" ] }, + "aws-native:customerprofiles:getEventTrigger": { + "cf": "AWS::CustomerProfiles::EventTrigger", + "ids": [ + "domainName", + "eventTriggerName" + ] + }, "aws-native:customerprofiles:getIntegration": { "cf": "AWS::CustomerProfiles::Integration", "ids": [ diff --git a/provider/cmd/pulumi-resource-aws-native/schema.json b/provider/cmd/pulumi-resource-aws-native/schema.json index 2ff5ce9c6e..b634a6dc3b 100644 --- a/provider/cmd/pulumi-resource-aws-native/schema.json +++ b/provider/cmd/pulumi-resource-aws-native/schema.json @@ -24302,6 +24302,19 @@ } ] }, + "aws-native:cleanrooms:CollaborationCustomMlMemberAbility": { + "type": "string", + "enum": [ + { + "name": "CanReceiveModelOutput", + "value": "CAN_RECEIVE_MODEL_OUTPUT" + }, + { + "name": "CanReceiveInferenceOutput", + "value": "CAN_RECEIVE_INFERENCE_OUTPUT" + } + ] + }, "aws-native:cleanrooms:CollaborationDataEncryptionMetadata": { "properties": { "allowCleartext": { @@ -24359,6 +24372,10 @@ }, "description": "The abilities granted to the collaboration member.\n\n*Allowed Values* : `CAN_QUERY` | `CAN_RECEIVE_RESULTS`" }, + "mlMemberAbilities": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationMlMemberAbilities", + "description": "The ML abilities granted to the collaboration member." + }, "paymentConfiguration": { "$ref": "#/types/aws-native:cleanrooms:CollaborationPaymentConfiguration", "description": "The collaboration member's payment responsibilities set by the collaboration creator.\n\nIf the collaboration creator hasn't specified anyone as the member paying for query compute costs, then the member who can query is the default payer." @@ -24371,8 +24388,64 @@ "memberAbilities" ] }, + "aws-native:cleanrooms:CollaborationMlMemberAbilities": { + "properties": { + "customMlMemberAbilities": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationCustomMlMemberAbility" + }, + "description": "The custom ML member abilities for a collaboration member." + } + }, + "type": "object", + "required": [ + "customMlMemberAbilities" + ] + }, + "aws-native:cleanrooms:CollaborationMlPaymentConfig": { + "properties": { + "modelInference": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationModelInferencePaymentConfig", + "description": "The payment responsibilities accepted by the member for model inference." + }, + "modelTraining": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationModelTrainingPaymentConfig", + "description": "The payment responsibilities accepted by the member for model training." + } + }, + "type": "object" + }, + "aws-native:cleanrooms:CollaborationModelInferencePaymentConfig": { + "properties": { + "isResponsible": { + "type": "boolean", + "description": "Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ).\n\nExactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration.\n\nIf the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query." + } + }, + "type": "object", + "required": [ + "isResponsible" + ] + }, + "aws-native:cleanrooms:CollaborationModelTrainingPaymentConfig": { + "properties": { + "isResponsible": { + "type": "boolean", + "description": "Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ).\n\nExactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration.\n\nIf the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query." + } + }, + "type": "object", + "required": [ + "isResponsible" + ] + }, "aws-native:cleanrooms:CollaborationPaymentConfiguration": { "properties": { + "machineLearning": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationMlPaymentConfig", + "description": "An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator." + }, "queryCompute": { "$ref": "#/types/aws-native:cleanrooms:CollaborationQueryComputePaymentConfig", "description": "The collaboration member's payment responsibilities set by the collaboration creator for query compute costs." @@ -25352,8 +25425,44 @@ "value" ] }, + "aws-native:cleanrooms:MembershipMlPaymentConfig": { + "properties": { + "modelInference": { + "$ref": "#/types/aws-native:cleanrooms:MembershipModelInferencePaymentConfig" + }, + "modelTraining": { + "$ref": "#/types/aws-native:cleanrooms:MembershipModelTrainingPaymentConfig" + } + }, + "type": "object" + }, + "aws-native:cleanrooms:MembershipModelInferencePaymentConfig": { + "properties": { + "isResponsible": { + "type": "boolean" + } + }, + "type": "object", + "required": [ + "isResponsible" + ] + }, + "aws-native:cleanrooms:MembershipModelTrainingPaymentConfig": { + "properties": { + "isResponsible": { + "type": "boolean" + } + }, + "type": "object", + "required": [ + "isResponsible" + ] + }, "aws-native:cleanrooms:MembershipPaymentConfiguration": { "properties": { + "machineLearning": { + "$ref": "#/types/aws-native:cleanrooms:MembershipMlPaymentConfig" + }, "queryCompute": { "$ref": "#/types/aws-native:cleanrooms:MembershipQueryComputePaymentConfig", "description": "The payment responsibilities accepted by the collaboration member for query compute costs." @@ -31099,11 +31208,11 @@ "properties": { "advancedSecurityAdditionalFlows": { "$ref": "#/types/aws-native:cognito:UserPoolAdvancedSecurityAdditionalFlows", - "description": "Advanced security configuration options for additional authentication types in your user pool, including custom authentication." + "description": "Threat protection configuration options for additional authentication types in your user pool, including custom authentication." }, "advancedSecurityMode": { "type": "string", - "description": "The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication." + "description": "The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication." } }, "type": "object" @@ -31112,7 +31221,7 @@ "properties": { "allowAdminCreateUserOnly": { "type": "boolean", - "description": "The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation." + "description": "The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation." }, "inviteMessageTemplate": { "$ref": "#/types/aws-native:cognito:UserPoolInviteMessageTemplate", @@ -31120,7 +31229,7 @@ }, "unusedAccountValidityDays": { "type": "integer", - "description": "This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` .\n\nThe password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter.\n\nThe default value for this parameter is 7." + "description": "This parameter is no longer in use.\n\nConfigure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` .\n\nThe password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter.\n\nThe default value for this parameter is 7." } }, "type": "object" @@ -31129,7 +31238,7 @@ "properties": { "customAuthMode": { "type": "string", - "description": "The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) ." + "description": "The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) ." } }, "type": "object" @@ -31210,7 +31319,7 @@ }, "deviceOnlyRememberedOnUserPrompt": { "type": "boolean", - "description": "When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request.\n\nWhen `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request." + "description": "When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request.\n\nWhen `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request." } }, "type": "object" @@ -31348,7 +31457,7 @@ }, "passwordHistorySize": { "type": "integer", - "description": "The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` .\n\nPassword history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher." + "description": "The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` .\n\nPassword history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher." }, "requireLowercase": { "type": "boolean", @@ -31381,7 +31490,7 @@ }, "signInPolicy": { "$ref": "#/types/aws-native:cognito:UserPoolSignInPolicy", - "description": "The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." + "description": "The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n\nThis data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` ." } }, "type": "object" @@ -31450,15 +31559,15 @@ "properties": { "highAction": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverActionType", - "description": "The action that you assign to a high-risk assessment by advanced security features." + "description": "The action that you assign to a high-risk assessment by threat protection." }, "lowAction": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverActionType", - "description": "The action that you assign to a low-risk assessment by advanced security features." + "description": "The action that you assign to a low-risk assessment by threat protection." }, "mediumAction": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverActionType", - "description": "The action that you assign to a medium-risk assessment by advanced security features." + "description": "The action that you assign to a medium-risk assessment by threat protection." } }, "type": "object" @@ -31467,11 +31576,11 @@ "properties": { "actions": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType", - "description": "A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features." + "description": "A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection." }, "notifyConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentNotifyConfigurationType", - "description": "The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type." + "description": "The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type." } }, "type": "object", @@ -31694,7 +31803,7 @@ "items": { "type": "string" }, - "description": "Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.\n\nYou can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true.\n\nWhen `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute." + "description": "Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value.\n\nYou can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true.\n\nWhen `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute." } }, "type": "object", @@ -36519,6 +36628,234 @@ "value" ] }, + "aws-native:customerprofiles:EventTriggerCondition": { + "description": "Specifies the circumstances under which the event should trigger the destination.", + "properties": { + "eventTriggerDimensions": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerDimension" + } + }, + "logicalOperator": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerLogicalOperator" + } + }, + "type": "object", + "required": [ + "eventTriggerDimensions", + "logicalOperator" + ] + }, + "aws-native:customerprofiles:EventTriggerDimension": { + "description": "A specific event dimension to be assessed.", + "properties": { + "objectAttributes": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerObjectAttribute" + } + } + }, + "type": "object", + "required": [ + "objectAttributes" + ] + }, + "aws-native:customerprofiles:EventTriggerLimits": { + "description": "Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods.", + "properties": { + "eventExpiration": { + "type": "integer" + }, + "periods": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerPeriod" + } + } + }, + "type": "object" + }, + "aws-native:customerprofiles:EventTriggerLogicalOperator": { + "description": "The operator used to combine multiple dimensions.", + "type": "string", + "enum": [ + { + "name": "Any", + "value": "ANY" + }, + { + "name": "All", + "value": "ALL" + }, + { + "name": "None", + "value": "NONE" + } + ] + }, + "aws-native:customerprofiles:EventTriggerObjectAttribute": { + "description": "The criteria that a specific object attribute must meet to trigger the destination.", + "properties": { + "comparisonOperator": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerObjectAttributeComparisonOperator", + "description": "The operator used to compare an attribute against a list of values." + }, + "fieldName": { + "type": "string", + "description": "A field defined within an object type." + }, + "source": { + "type": "string", + "description": "An attribute contained within a source object." + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of attribute values used for comparison." + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "values" + ] + }, + "aws-native:customerprofiles:EventTriggerObjectAttributeComparisonOperator": { + "description": "The operator used to compare an attribute against a list of values.", + "type": "string", + "enum": [ + { + "name": "Inclusive", + "value": "INCLUSIVE" + }, + { + "name": "Exclusive", + "value": "EXCLUSIVE" + }, + { + "name": "Contains", + "value": "CONTAINS" + }, + { + "name": "BeginsWith", + "value": "BEGINS_WITH" + }, + { + "name": "EndsWith", + "value": "ENDS_WITH" + }, + { + "name": "GreaterThan", + "value": "GREATER_THAN" + }, + { + "name": "LessThan", + "value": "LESS_THAN" + }, + { + "name": "GreaterThanOrEqual", + "value": "GREATER_THAN_OR_EQUAL" + }, + { + "name": "LessThanOrEqual", + "value": "LESS_THAN_OR_EQUAL" + }, + { + "name": "Equal", + "value": "EQUAL" + }, + { + "name": "Before", + "value": "BEFORE" + }, + { + "name": "After", + "value": "AFTER" + }, + { + "name": "On", + "value": "ON" + }, + { + "name": "Between", + "value": "BETWEEN" + }, + { + "name": "NotBetween", + "value": "NOT_BETWEEN" + } + ] + }, + "aws-native:customerprofiles:EventTriggerPeriod": { + "description": "Defines a limit and the time period during which it is enforced.", + "properties": { + "maxInvocationsPerProfile": { + "type": "integer", + "description": "The maximum allowed number of destination invocations per profile." + }, + "unit": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerPeriodUnit", + "description": "The unit of time." + }, + "unlimited": { + "type": "boolean", + "description": "If set to true, there is no limit on the number of destination invocations per profile. The default is false." + }, + "value": { + "type": "integer", + "description": "The amount of time of the specified unit." + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws-native:customerprofiles:EventTriggerPeriodUnit": { + "description": "The unit of time.", + "type": "string", + "enum": [ + { + "name": "Hours", + "value": "HOURS" + }, + { + "name": "Days", + "value": "DAYS" + }, + { + "name": "Weeks", + "value": "WEEKS" + }, + { + "name": "Months", + "value": "MONTHS" + } + ] + }, + "aws-native:customerprofiles:EventTriggerTag": { + "description": "A key-value pair to associate with a resource.", + "properties": { + "key": { + "type": "string", + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -." + }, + "value": { + "type": "string", + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -." + } + }, + "type": "object", + "required": [ + "key", + "value" + ] + }, "aws-native:customerprofiles:IntegrationConnectorOperator": { "properties": { "marketo": { @@ -53996,13 +54333,13 @@ "properties": { "replicationOverwriteProtection": { "$ref": "#/types/aws-native:efs:FileSystemProtectionReplicationOverwriteProtection", - "description": "The status of the file system's replication overwrite protection.\n + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. \n + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.\n + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication.\n \n If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable." + "description": "The status of the file system's replication overwrite protection.\n + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. \n + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.\n + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication.\n \n If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable." } }, "type": "object" }, "aws-native:efs:FileSystemProtectionReplicationOverwriteProtection": { - "description": "The status of the file system's replication overwrite protection.\n + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. \n + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.\n + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication.\n \n If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable.", + "description": "The status of the file system's replication overwrite protection.\n + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. \n + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.\n + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication.\n \n If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable.", "type": "string", "enum": [ { @@ -54053,11 +54390,11 @@ }, "status": { "type": "string", - "description": "Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* ." + "description": "Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*." }, "statusMessage": { "type": "string", - "description": "Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* ." + "description": "Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*." } }, "type": "object" @@ -84619,6 +84956,22 @@ "messageGroupsList" ] }, + "aws-native:lex:BotReplication": { + "description": "Parameter used to create a replication of the source bot in the secondary region.", + "properties": { + "replicaRegions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of secondary regions for bot replication." + } + }, + "type": "object", + "required": [ + "replicaRegions" + ] + }, "aws-native:lex:BotResponseSpecification": { "description": "A list of message groups that Amazon Lex uses to respond the user input.", "properties": { @@ -167817,6 +168170,10 @@ "customRedirectDomain": { "type": "string", "description": "The domain to use for tracking open and click events." + }, + "httpsPolicy": { + "type": "string", + "description": "The https policy to use for tracking open and click events." } }, "type": "object" @@ -192122,7 +192479,9 @@ "backupVaultName", "encryptionKeyArn", "maxRetentionDays", - "minRetentionDays" + "minRetentionDays", + "vaultState", + "vaultType" ], "inputProperties": { "accessPolicy": { @@ -192151,14 +192510,6 @@ "notifications": { "$ref": "#/types/aws-native:backup:LogicallyAirGappedBackupVaultNotificationObjectType", "description": "Returns event notifications for the specified backup vault." - }, - "vaultState": { - "type": "string", - "description": "The current state of the vault." - }, - "vaultType": { - "type": "string", - "description": "The type of vault described." } }, "requiredInputs": [ @@ -195414,6 +195765,11 @@ "description": "The abilities granted to the collaboration creator.\n\n*Allowed values* `CAN_QUERY` | `CAN_RECEIVE_RESULTS`", "replaceOnChanges": true }, + "creatorMlMemberAbilities": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationMlMemberAbilities", + "description": "The ML member abilities for a collaboration member.", + "replaceOnChanges": true + }, "creatorPaymentConfiguration": { "$ref": "#/types/aws-native:cleanrooms:CollaborationPaymentConfiguration", "description": "An object representing the collaboration member's payment responsibilities set by the collaboration creator.", @@ -195480,6 +195836,10 @@ }, "description": "The abilities granted to the collaboration creator.\n\n*Allowed values* `CAN_QUERY` | `CAN_RECEIVE_RESULTS`" }, + "creatorMlMemberAbilities": { + "$ref": "#/types/aws-native:cleanrooms:CollaborationMlMemberAbilities", + "description": "The ML member abilities for a collaboration member." + }, "creatorPaymentConfiguration": { "$ref": "#/types/aws-native:cleanrooms:CollaborationPaymentConfiguration", "description": "An object representing the collaboration member's payment responsibilities set by the collaboration creator." @@ -200802,14 +201162,14 @@ }, "adminCreateUserConfig": { "$ref": "#/types/aws-native:cognito:UserPoolAdminCreateUserConfig", - "description": "The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." + "description": "The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.\n\nThis data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` ." }, "aliasAttributes": { "type": "array", "items": { "type": "string" }, - "description": "Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) ." + "description": "Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) ." }, "arn": { "type": "string", @@ -200820,7 +201180,7 @@ "items": { "type": "string" }, - "description": "The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) ." + "description": "The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) ." }, "deletionProtection": { "type": "string", @@ -200861,11 +201221,11 @@ }, "mfaConfiguration": { "type": "string", - "description": "The multi-factor authentication (MFA) configuration. Valid values include:\n\n- `OFF` MFA won't be used for any users.\n- `ON` MFA is required for all users to sign in.\n- `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated." + "description": "Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` .\n\nWhen `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor." }, "policies": { "$ref": "#/types/aws-native:cognito:UserPoolPolicies", - "description": "A list of user pool policies. Contains the policy that sets password-complexity requirements.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." + "description": "A list of user pool policies. Contains the policy that sets password-complexity requirements.\n\nThis data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` ." }, "providerName": { "type": "string", @@ -200888,7 +201248,7 @@ }, "smsConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolSmsConfiguration", - "description": "The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) ." + "description": "The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) ." }, "smsVerificationMessage": { "type": "string", @@ -200900,7 +201260,7 @@ }, "userPoolAddOns": { "$ref": "#/types/aws-native:cognito:UserPoolAddOns", - "description": "User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` .\n\nFor more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) ." + "description": "Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` .\n\nFor more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) ." }, "userPoolId": { "type": "string", @@ -200908,7 +201268,7 @@ }, "userPoolName": { "type": "string", - "description": "A friendlhy name for your user pool." + "description": "A friendly name for your user pool." }, "userPoolTags": { "type": "object", @@ -200959,21 +201319,21 @@ }, "adminCreateUserConfig": { "$ref": "#/types/aws-native:cognito:UserPoolAdminCreateUserConfig", - "description": "The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." + "description": "The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.\n\nThis data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` ." }, "aliasAttributes": { "type": "array", "items": { "type": "string" }, - "description": "Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) ." + "description": "Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) ." }, "autoVerifiedAttributes": { "type": "array", "items": { "type": "string" }, - "description": "The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) ." + "description": "The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) ." }, "deletionProtection": { "type": "string", @@ -201014,11 +201374,11 @@ }, "mfaConfiguration": { "type": "string", - "description": "The multi-factor authentication (MFA) configuration. Valid values include:\n\n- `OFF` MFA won't be used for any users.\n- `ON` MFA is required for all users to sign in.\n- `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated." + "description": "Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` .\n\nWhen `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor." }, "policies": { "$ref": "#/types/aws-native:cognito:UserPoolPolicies", - "description": "A list of user pool policies. Contains the policy that sets password-complexity requirements.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." + "description": "A list of user pool policies. Contains the policy that sets password-complexity requirements.\n\nThis data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` ." }, "schema": { "type": "array", @@ -201033,7 +201393,7 @@ }, "smsConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolSmsConfiguration", - "description": "The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) ." + "description": "The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) ." }, "smsVerificationMessage": { "type": "string", @@ -201045,11 +201405,11 @@ }, "userPoolAddOns": { "$ref": "#/types/aws-native:cognito:UserPoolAddOns", - "description": "User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` .\n\nFor more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) ." + "description": "Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` .\n\nFor more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) ." }, "userPoolName": { "type": "string", - "description": "A friendlhy name for your user pool." + "description": "A friendly name for your user pool." }, "userPoolTags": { "type": "object", @@ -201099,18 +201459,18 @@ "items": { "type": "string" }, - "description": "The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret." + "description": "The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret." }, "allowedOAuthFlowsUserPoolClient": { "type": "boolean", - "description": "Set to `true` to use OAuth 2.0 features in your user pool app client.\n\n`AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client.\n\n- `CallBackURLs` : Callback URLs.\n- `LogoutURLs` : Sign-out redirect URLs.\n- `AllowedOAuthScopes` : OAuth 2.0 scopes.\n- `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants.\n\nTo use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` ." + "description": "Set to `true` to use OAuth 2.0 authorization server features in your app client.\n\nThis parameter must have a value of `true` before you can configure the following features in your app client.\n\n- `CallBackURLs` : Callback URLs.\n- `LogoutURLs` : Sign-out redirect URLs.\n- `AllowedOAuthScopes` : OAuth 2.0 scopes.\n- `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants.\n\nTo use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted." }, "allowedOAuthScopes": { "type": "array", "items": { "type": "string" }, - "description": "The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported." + "description": "The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs." }, "analyticsConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolClientAnalyticsConfiguration", @@ -201125,7 +201485,7 @@ "items": { "type": "string" }, - "description": "A list of allowed redirect (callback) URLs for the IdPs.\n\nA redirect URI must:\n\n- Be an absolute URI.\n- Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported." + "description": "A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes.\n\nA redirect URI must meet the following requirements:\n\n- Be an absolute URI.\n- Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported." }, "clientId": { "type": "string", @@ -201144,22 +201504,22 @@ }, "enablePropagateAdditionalUserContextData": { "type": "boolean", - "description": "Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret." + "description": "When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret." }, "enableTokenRevocation": { "type": "boolean", - "description": "Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client." + "description": "Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client.\n\nRevoke tokens with `API_RevokeToken` .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client." }, "explicitAuthFlows": { "type": "array", "items": { "type": "string" }, - "description": "The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n\u003e If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nValid values include:\n\n- `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` .\n\nTo activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` ." + "description": "The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n\u003e If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nThe values for authentication flow options include the following.\n\n- `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` .\n\nTo activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` ." }, "generateSecret": { "type": "boolean", - "description": "When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) .", + "description": "When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) .", "replaceOnChanges": true }, "idTokenValidity": { @@ -201171,7 +201531,7 @@ "items": { "type": "string" }, - "description": "A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) ." + "description": "A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects \"Sign out\" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) ." }, "name": { "type": "string" @@ -201185,7 +201545,7 @@ "items": { "type": "string" }, - "description": "The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." + "description": "The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list.\n\nAn example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." }, "refreshTokenValidity": { "type": "integer", @@ -201196,7 +201556,7 @@ "items": { "type": "string" }, - "description": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .\n\nThis setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) ." + "description": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .\n\nThis parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) ." }, "tokenValidityUnits": { "$ref": "#/types/aws-native:cognito:UserPoolClientTokenValidityUnits", @@ -201212,7 +201572,7 @@ "items": { "type": "string" }, - "description": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value.\n\nWhen you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes.\n\nIf your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying IdP Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." + "description": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list.\n\nAn example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value.\n\nWhen you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes.\n\nIf your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying IdP Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." } }, "type": "object", @@ -201232,18 +201592,18 @@ "items": { "type": "string" }, - "description": "The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret." + "description": "The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret." }, "allowedOAuthFlowsUserPoolClient": { "type": "boolean", - "description": "Set to `true` to use OAuth 2.0 features in your user pool app client.\n\n`AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client.\n\n- `CallBackURLs` : Callback URLs.\n- `LogoutURLs` : Sign-out redirect URLs.\n- `AllowedOAuthScopes` : OAuth 2.0 scopes.\n- `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants.\n\nTo use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` ." + "description": "Set to `true` to use OAuth 2.0 authorization server features in your app client.\n\nThis parameter must have a value of `true` before you can configure the following features in your app client.\n\n- `CallBackURLs` : Callback URLs.\n- `LogoutURLs` : Sign-out redirect URLs.\n- `AllowedOAuthScopes` : OAuth 2.0 scopes.\n- `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants.\n\nTo use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted." }, "allowedOAuthScopes": { "type": "array", "items": { "type": "string" }, - "description": "The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported." + "description": "The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs." }, "analyticsConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolClientAnalyticsConfiguration", @@ -201258,7 +201618,7 @@ "items": { "type": "string" }, - "description": "A list of allowed redirect (callback) URLs for the IdPs.\n\nA redirect URI must:\n\n- Be an absolute URI.\n- Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported." + "description": "A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes.\n\nA redirect URI must meet the following requirements:\n\n- Be an absolute URI.\n- Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported." }, "clientName": { "type": "string", @@ -201270,22 +201630,22 @@ }, "enablePropagateAdditionalUserContextData": { "type": "boolean", - "description": "Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret." + "description": "When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret." }, "enableTokenRevocation": { "type": "boolean", - "description": "Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client." + "description": "Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client.\n\nRevoke tokens with `API_RevokeToken` .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client." }, "explicitAuthFlows": { "type": "array", "items": { "type": "string" }, - "description": "The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n\u003e If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nValid values include:\n\n- `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` .\n\nTo activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` ." + "description": "The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n\u003e If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nThe values for authentication flow options include the following.\n\n- `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` .\n\nTo activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` ." }, "generateSecret": { "type": "boolean", - "description": "When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) ." + "description": "When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) ." }, "idTokenValidity": { "type": "integer", @@ -201296,7 +201656,7 @@ "items": { "type": "string" }, - "description": "A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) ." + "description": "A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects \"Sign out\" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) ." }, "preventUserExistenceErrors": { "type": "string", @@ -201307,7 +201667,7 @@ "items": { "type": "string" }, - "description": "The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." + "description": "The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list.\n\nAn example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." }, "refreshTokenValidity": { "type": "integer", @@ -201318,7 +201678,7 @@ "items": { "type": "string" }, - "description": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .\n\nThis setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) ." + "description": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .\n\nThis parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) ." }, "tokenValidityUnits": { "$ref": "#/types/aws-native:cognito:UserPoolClientTokenValidityUnits", @@ -201333,7 +201693,7 @@ "items": { "type": "string" }, - "description": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value.\n\nWhen you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes.\n\nIf your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying IdP Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." + "description": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list.\n\nAn example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value.\n\nWhen you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes.\n\nIf your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying IdP Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." } }, "requiredInputs": [ @@ -201353,11 +201713,11 @@ }, "customDomainConfig": { "$ref": "#/types/aws-native:cognito:UserPoolDomainCustomDomainConfigType", - "description": "The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request." + "description": "The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` .\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain.\n\nUpdate the RP ID in a `API_SetUserPoolMfaConfig` request." }, "domain": { "type": "string", - "description": "The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` .\n\nThis string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names.", + "description": "The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` .", "replaceOnChanges": true }, "managedLoginVersion": { @@ -201366,7 +201726,7 @@ }, "userPoolId": { "type": "string", - "description": "The ID of the user pool that is associated with the custom domain whose certificate you're updating.", + "description": "The ID of the user pool that is associated with the domain you're updating.", "replaceOnChanges": true } }, @@ -201380,11 +201740,11 @@ "inputProperties": { "customDomainConfig": { "$ref": "#/types/aws-native:cognito:UserPoolDomainCustomDomainConfigType", - "description": "The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request." + "description": "The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` .\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain.\n\nUpdate the RP ID in a `API_SetUserPoolMfaConfig` request." }, "domain": { "type": "string", - "description": "The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` .\n\nThis string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names." + "description": "The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` ." }, "managedLoginVersion": { "type": "integer", @@ -201392,7 +201752,7 @@ }, "userPoolId": { "type": "string", - "description": "The ID of the user pool that is associated with the custom domain whose certificate you're updating." + "description": "The ID of the user pool that is associated with the domain you're updating." } }, "requiredInputs": [ @@ -201606,7 +201966,7 @@ "properties": { "accountTakeoverRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType", - "description": "The settings for automated responses and notification templates for adaptive authentication with advanced security features." + "description": "The settings for automated responses and notification templates for adaptive authentication with threat protection." }, "clientId": { "type": "string", @@ -201615,7 +201975,7 @@ }, "compromisedCredentialsRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType", - "description": "Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode." + "description": "Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode." }, "riskExceptionConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationType", @@ -201635,7 +201995,7 @@ "inputProperties": { "accountTakeoverRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType", - "description": "The settings for automated responses and notification templates for adaptive authentication with advanced security features." + "description": "The settings for automated responses and notification templates for adaptive authentication with threat protection." }, "clientId": { "type": "string", @@ -201643,7 +202003,7 @@ }, "compromisedCredentialsRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType", - "description": "Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode." + "description": "Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode." }, "riskExceptionConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationType", @@ -201669,11 +202029,11 @@ }, "css": { "type": "string", - "description": "The CSS values in the UI customization." + "description": "A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` ." }, "userPoolId": { "type": "string", - "description": "The ID of the user pool.", + "description": "The ID of the user pool where you want to apply branding to the classic hosted UI.", "replaceOnChanges": true } }, @@ -201689,11 +202049,11 @@ }, "css": { "type": "string", - "description": "The CSS values in the UI customization." + "description": "A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` ." }, "userPoolId": { "type": "string", - "description": "The ID of the user pool." + "description": "The ID of the user pool where you want to apply branding to the classic hosted UI." } }, "requiredInputs": [ @@ -201735,7 +202095,7 @@ "items": { "$ref": "#/types/aws-native:cognito:UserPoolUserAttributeType" }, - "description": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nYou must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` .\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .\n\n- *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", + "description": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nYou must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` .\n\nIn your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply:\n\n- **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter.\n- **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter.\n\nYou can also set attributes verified with `API_AdminUpdateUserAttributes` .", "replaceOnChanges": true }, "userPoolId": { @@ -201753,7 +202113,7 @@ "items": { "$ref": "#/types/aws-native:cognito:UserPoolUserAttributeType" }, - "description": "Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.\n\nYour Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.\n\nFor more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) .", + "description": "Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.\n\nYour Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs.\n\nFor more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) .", "replaceOnChanges": true } }, @@ -201789,7 +202149,7 @@ "items": { "$ref": "#/types/aws-native:cognito:UserPoolUserAttributeType" }, - "description": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nYou must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` .\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .\n\n- *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter." + "description": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nYou must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` .\n\nIn your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply:\n\n- **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter.\n- **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter.\n\nYou can also set attributes verified with `API_AdminUpdateUserAttributes` ." }, "userPoolId": { "type": "string", @@ -201804,7 +202164,7 @@ "items": { "$ref": "#/types/aws-native:cognito:UserPoolUserAttributeType" }, - "description": "Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.\n\nYour Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network.\n\nFor more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) ." + "description": "Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain.\n\nYour Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs.\n\nFor more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) ." } }, "requiredInputs": [ @@ -205326,6 +205686,97 @@ "uri" ] }, + "aws-native:customerprofiles:EventTrigger": { + "description": "An event trigger resource of Amazon Connect Customer Profiles", + "properties": { + "createdAt": { + "type": "string", + "description": "The timestamp of when the event trigger was created." + }, + "description": { + "type": "string" + }, + "domainName": { + "type": "string", + "replaceOnChanges": true + }, + "eventTriggerConditions": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerCondition" + } + }, + "eventTriggerLimits": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerLimits" + }, + "eventTriggerName": { + "type": "string", + "replaceOnChanges": true + }, + "lastUpdatedAt": { + "type": "string", + "description": "The timestamp of when the event trigger was most recently updated." + }, + "objectTypeName": { + "type": "string" + }, + "segmentFilter": { + "type": "string" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + } + } + }, + "type": "object", + "required": [ + "createdAt", + "domainName", + "eventTriggerConditions", + "eventTriggerName", + "lastUpdatedAt", + "objectTypeName" + ], + "inputProperties": { + "description": { + "type": "string" + }, + "domainName": { + "type": "string" + }, + "eventTriggerConditions": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerCondition" + } + }, + "eventTriggerLimits": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerLimits" + }, + "eventTriggerName": { + "type": "string" + }, + "objectTypeName": { + "type": "string" + }, + "segmentFilter": { + "type": "string" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + } + } + }, + "requiredInputs": [ + "domainName", + "eventTriggerConditions", + "objectTypeName" + ] + }, "aws-native:customerprofiles:Integration": { "description": "The resource schema for creating an Amazon Connect Customer Profiles Integration.", "properties": { @@ -241241,6 +241692,9 @@ "type": "string", "description": "The name of the bot locale." }, + "replication": { + "$ref": "#/types/aws-native:lex:BotReplication" + }, "roleArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the IAM role used to build and run the bot." @@ -241305,6 +241759,9 @@ "type": "string", "description": "The name of the bot locale." }, + "replication": { + "$ref": "#/types/aws-native:lex:BotReplication" + }, "roleArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the IAM role used to build and run the bot." @@ -263857,6 +264314,10 @@ "$ref": "#/types/aws-native:resiliencehub:AppPermissionModel", "description": "Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment." }, + "regulatoryPolicyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Regulatory Policy." + }, "resiliencyPolicyArn": { "type": "string", "description": "Amazon Resource Name (ARN) of the Resiliency Policy." @@ -263912,6 +264373,10 @@ "$ref": "#/types/aws-native:resiliencehub:AppPermissionModel", "description": "Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment." }, + "regulatoryPolicyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Regulatory Policy." + }, "resiliencyPolicyArn": { "type": "string", "description": "Amazon Resource Name (ARN) of the Resiliency Policy." @@ -264794,7 +265259,8 @@ }, "requireInstanceProperties": { "type": "boolean", - "description": "Specifies whether instance properties are required in CreateSession requests with this profile." + "description": "Specifies whether instance properties are required in CreateSession requests with this profile.", + "replaceOnChanges": true }, "roleArns": { "type": "array", @@ -275930,7 +276396,7 @@ "items": { "type": "string" }, - "description": "A structure that stores the details of the AWS managed policy." + "description": "A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy." }, "name": { "type": "string", @@ -275992,7 +276458,7 @@ "items": { "type": "string" }, - "description": "A structure that stores the details of the AWS managed policy." + "description": "A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy." }, "name": { "type": "string", @@ -292344,14 +292810,14 @@ }, "adminCreateUserConfig": { "$ref": "#/types/aws-native:cognito:UserPoolAdminCreateUserConfig", - "description": "The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." + "description": "The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.\n\nThis data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` ." }, "aliasAttributes": { "type": "array", "items": { "type": "string" }, - "description": "Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) ." + "description": "Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) ." }, "arn": { "type": "string", @@ -292362,7 +292828,7 @@ "items": { "type": "string" }, - "description": "The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) ." + "description": "The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) ." }, "deletionProtection": { "type": "string", @@ -292396,11 +292862,11 @@ }, "mfaConfiguration": { "type": "string", - "description": "The multi-factor authentication (MFA) configuration. Valid values include:\n\n- `OFF` MFA won't be used for any users.\n- `ON` MFA is required for all users to sign in.\n- `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated." + "description": "Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` .\n\nWhen `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor." }, "policies": { "$ref": "#/types/aws-native:cognito:UserPoolPolicies", - "description": "A list of user pool policies. Contains the policy that sets password-complexity requirements.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." + "description": "A list of user pool policies. Contains the policy that sets password-complexity requirements.\n\nThis data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` ." }, "providerName": { "type": "string", @@ -292423,7 +292889,7 @@ }, "smsConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolSmsConfiguration", - "description": "The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) ." + "description": "The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) ." }, "smsVerificationMessage": { "type": "string", @@ -292435,7 +292901,7 @@ }, "userPoolAddOns": { "$ref": "#/types/aws-native:cognito:UserPoolAddOns", - "description": "User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` .\n\nFor more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) ." + "description": "Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` .\n\nFor more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) ." }, "userPoolId": { "type": "string", @@ -292443,7 +292909,7 @@ }, "userPoolName": { "type": "string", - "description": "A friendlhy name for your user pool." + "description": "A friendly name for your user pool." }, "userPoolTags": { "type": "object", @@ -292511,18 +292977,18 @@ "items": { "type": "string" }, - "description": "The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret." + "description": "The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow.\n\n- **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint.\n- **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user.\n- **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret." }, "allowedOAuthFlowsUserPoolClient": { "type": "boolean", - "description": "Set to `true` to use OAuth 2.0 features in your user pool app client.\n\n`AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client.\n\n- `CallBackURLs` : Callback URLs.\n- `LogoutURLs` : Sign-out redirect URLs.\n- `AllowedOAuthScopes` : OAuth 2.0 scopes.\n- `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants.\n\nTo use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` ." + "description": "Set to `true` to use OAuth 2.0 authorization server features in your app client.\n\nThis parameter must have a value of `true` before you can configure the following features in your app client.\n\n- `CallBackURLs` : Callback URLs.\n- `LogoutURLs` : Sign-out redirect URLs.\n- `AllowedOAuthScopes` : OAuth 2.0 scopes.\n- `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants.\n\nTo use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted." }, "allowedOAuthScopes": { "type": "array", "items": { "type": "string" }, - "description": "The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported." + "description": "The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs." }, "analyticsConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolClientAnalyticsConfiguration", @@ -292537,7 +293003,7 @@ "items": { "type": "string" }, - "description": "A list of allowed redirect (callback) URLs for the IdPs.\n\nA redirect URI must:\n\n- Be an absolute URI.\n- Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported." + "description": "A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes.\n\nA redirect URI must meet the following requirements:\n\n- Be an absolute URI.\n- Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter.\n- Not include a fragment component.\n\nSee [OAuth 2.0 - Redirection Endpoint](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6749#section-3.1.2) .\n\nAmazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.\n\nApp callback URLs such as myapp://example are also supported." }, "clientId": { "type": "string", @@ -292556,18 +293022,18 @@ }, "enablePropagateAdditionalUserContextData": { "type": "boolean", - "description": "Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret." + "description": "When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret." }, "enableTokenRevocation": { "type": "boolean", - "description": "Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client." + "description": "Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client.\n\nRevoke tokens with `API_RevokeToken` .\n\nIf you don't include this parameter, token revocation is automatically activated for the new user pool client." }, "explicitAuthFlows": { "type": "array", "items": { "type": "string" }, - "description": "The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n\u003e If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nValid values include:\n\n- `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` .\n\nTo activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` ." + "description": "The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.\n\n\u003e If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . \n\nThe values for authentication flow options include the following.\n\n- `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` .\n\nTo activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher.\n- `ALLOW_ADMIN_USER_PASSWORD_AUTH` : Enable admin based user password authentication flow `ADMIN_USER_PASSWORD_AUTH` . This setting replaces the `ADMIN_NO_SRP_AUTH` setting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.\n- `ALLOW_CUSTOM_AUTH` : Enable Lambda trigger based authentication.\n- `ALLOW_USER_PASSWORD_AUTH` : Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.\n- `ALLOW_USER_SRP_AUTH` : Enable SRP-based authentication.\n- `ALLOW_REFRESH_TOKEN_AUTH` : Enable authflow to refresh tokens.\n\nIn some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` ,\nlike `ALLOW_USER_SRP_AUTH` ." }, "idTokenValidity": { "type": "integer", @@ -292578,7 +293044,7 @@ "items": { "type": "string" }, - "description": "A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) ." + "description": "A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects \"Sign out\" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) ." }, "name": { "type": "string" @@ -292592,7 +293058,7 @@ "items": { "type": "string" }, - "description": "The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." + "description": "The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list.\n\nAn example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." }, "refreshTokenValidity": { "type": "integer", @@ -292603,7 +293069,7 @@ "items": { "type": "string" }, - "description": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .\n\nThis setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) ." + "description": "A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` .\n\nThis parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) ." }, "tokenValidityUnits": { "$ref": "#/types/aws-native:cognito:UserPoolClientTokenValidityUnits", @@ -292614,7 +293080,7 @@ "items": { "type": "string" }, - "description": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value.\n\nWhen you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes.\n\nIf your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying IdP Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." + "description": "The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list.\n\nAn example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value.\n\nWhen you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes.\n\nIf your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see [Specifying IdP Attribute Mappings for Your user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-specifying-attribute-mapping.html) ." } } } @@ -292640,7 +293106,7 @@ }, "customDomainConfig": { "$ref": "#/types/aws-native:cognito:UserPoolDomainCustomDomainConfigType", - "description": "The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request." + "description": "The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` .\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain.\n\nUpdate the RP ID in a `API_SetUserPoolMfaConfig` request." }, "id": { "type": "string", @@ -292788,11 +293254,11 @@ "properties": { "accountTakeoverRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType", - "description": "The settings for automated responses and notification templates for adaptive authentication with advanced security features." + "description": "The settings for automated responses and notification templates for adaptive authentication with threat protection." }, "compromisedCredentialsRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType", - "description": "Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode." + "description": "Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode." }, "riskExceptionConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationType", @@ -292811,7 +293277,7 @@ }, "userPoolId": { "type": "string", - "description": "The ID of the user pool." + "description": "The ID of the user pool where you want to apply branding to the classic hosted UI." } }, "required": [ @@ -292823,7 +293289,7 @@ "properties": { "css": { "type": "string", - "description": "The CSS values in the UI customization." + "description": "A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` ." } } } @@ -294789,6 +295255,59 @@ } } }, + "aws-native:customerprofiles:getEventTrigger": { + "description": "An event trigger resource of Amazon Connect Customer Profiles", + "inputs": { + "properties": { + "domainName": { + "type": "string" + }, + "eventTriggerName": { + "type": "string" + } + }, + "required": [ + "domainName", + "eventTriggerName" + ] + }, + "outputs": { + "properties": { + "createdAt": { + "type": "string", + "description": "The timestamp of when the event trigger was created." + }, + "description": { + "type": "string" + }, + "eventTriggerConditions": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerCondition" + } + }, + "eventTriggerLimits": { + "$ref": "#/types/aws-native:customerprofiles:EventTriggerLimits" + }, + "lastUpdatedAt": { + "type": "string", + "description": "The timestamp of when the event trigger was most recently updated." + }, + "objectTypeName": { + "type": "string" + }, + "segmentFilter": { + "type": "string" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + } + } + } + } + }, "aws-native:customerprofiles:getIntegration": { "description": "The resource schema for creating an Amazon Connect Customer Profiles Integration.", "inputs": { @@ -324738,6 +325257,10 @@ "$ref": "#/types/aws-native:resiliencehub:AppPermissionModel", "description": "Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment." }, + "regulatoryPolicyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Regulatory Policy." + }, "resiliencyPolicyArn": { "type": "string", "description": "Amazon Resource Name (ARN) of the Resiliency Policy." @@ -325290,10 +325813,6 @@ "type": "string", "description": "The unique primary identifier of the Profile" }, - "requireInstanceProperties": { - "type": "boolean", - "description": "Specifies whether instance properties are required in CreateSession requests with this profile." - }, "roleArns": { "type": "array", "items": { @@ -331310,7 +331829,7 @@ "items": { "type": "string" }, - "description": "A structure that stores the details of the AWS managed policy." + "description": "A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy." }, "permissionSetArn": { "type": "string", @@ -332523,10 +333042,22 @@ }, "outputs": { "properties": { + "description": { + "type": "string", + "description": "The description of the domain." + }, "domainId": { "type": "string", "description": "The identifier of the domain." }, + "name": { + "type": "string", + "description": "The name for the domain." + }, + "serverSideEncryptionConfiguration": { + "$ref": "#/types/aws-native:voiceid:DomainServerSideEncryptionConfiguration", + "description": "The server-side encryption configuration containing the KMS key identifier you want Voice ID to use to encrypt your data." + }, "tags": { "type": "array", "items": { diff --git a/reports/missedAutonaming.json b/reports/missedAutonaming.json index 3f6f030d60..52a6221576 100644 --- a/reports/missedAutonaming.json +++ b/reports/missedAutonaming.json @@ -2263,11 +2263,11 @@ "properties": { "customDomainConfig": { "$ref": "#/types/aws-native:cognito:UserPoolDomainCustomDomainConfigType", - "description": "The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM.\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request." + "description": "The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` .\n\nWhen you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain.\n\nUpdate the RP ID in a `API_SetUserPoolMfaConfig` request." }, "domain": { "type": "string", - "description": "The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` .\n\nThis string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names." + "description": "The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` ." }, "managedLoginVersion": { "type": "integer", @@ -2275,7 +2275,7 @@ }, "userPoolId": { "type": "string", - "description": "The ID of the user pool that is associated with the custom domain whose certificate you're updating." + "description": "The ID of the user pool that is associated with the domain you're updating." } } }, @@ -2284,7 +2284,7 @@ "properties": { "accountTakeoverRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType", - "description": "The settings for automated responses and notification templates for adaptive authentication with advanced security features." + "description": "The settings for automated responses and notification templates for adaptive authentication with threat protection." }, "clientId": { "type": "string", @@ -2292,7 +2292,7 @@ }, "compromisedCredentialsRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType", - "description": "Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode." + "description": "Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode." }, "riskExceptionConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationType", @@ -2313,11 +2313,11 @@ }, "css": { "type": "string", - "description": "The CSS values in the UI customization." + "description": "A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` ." }, "userPoolId": { "type": "string", - "description": "The ID of the user pool." + "description": "The ID of the user pool where you want to apply branding to the classic hosted UI." } } }, diff --git a/sdk/dotnet/Backup/LogicallyAirGappedBackupVault.cs b/sdk/dotnet/Backup/LogicallyAirGappedBackupVault.cs index eef3a5d6bb..bc4cac11f2 100644 --- a/sdk/dotnet/Backup/LogicallyAirGappedBackupVault.cs +++ b/sdk/dotnet/Backup/LogicallyAirGappedBackupVault.cs @@ -65,13 +65,13 @@ public partial class LogicallyAirGappedBackupVault : global::Pulumi.CustomResour /// The current state of the vault. /// [Output("vaultState")] - public Output VaultState { get; private set; } = null!; + public Output VaultState { get; private set; } = null!; /// /// The type of vault described. /// [Output("vaultType")] - public Output VaultType { get; private set; } = null!; + public Output VaultType { get; private set; } = null!; /// @@ -170,18 +170,6 @@ public InputMap BackupVaultTags [Input("notifications")] public Input? Notifications { get; set; } - /// - /// The current state of the vault. - /// - [Input("vaultState")] - public Input? VaultState { get; set; } - - /// - /// The type of vault described. - /// - [Input("vaultType")] - public Input? VaultType { get; set; } - public LogicallyAirGappedBackupVaultArgs() { } diff --git a/sdk/dotnet/CleanRooms/Collaboration.cs b/sdk/dotnet/CleanRooms/Collaboration.cs index 131a6dc9bd..96e5ecb29d 100644 --- a/sdk/dotnet/CleanRooms/Collaboration.cs +++ b/sdk/dotnet/CleanRooms/Collaboration.cs @@ -51,6 +51,12 @@ public partial class Collaboration : global::Pulumi.CustomResource [Output("creatorMemberAbilities")] public Output> CreatorMemberAbilities { get; private set; } = null!; + /// + /// The ML member abilities for a collaboration member. + /// + [Output("creatorMlMemberAbilities")] + public Output CreatorMlMemberAbilities { get; private set; } = null!; + /// /// An object representing the collaboration member's payment responsibilities set by the collaboration creator. /// @@ -121,6 +127,7 @@ private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? "analyticsEngine", "creatorDisplayName", "creatorMemberAbilities[*]", + "creatorMlMemberAbilities", "creatorPaymentConfiguration", "dataEncryptionMetadata", "members[*]", @@ -174,6 +181,12 @@ public InputList Creator set => _creatorMemberAbilities = value; } + /// + /// The ML member abilities for a collaboration member. + /// + [Input("creatorMlMemberAbilities")] + public Input? CreatorMlMemberAbilities { get; set; } + /// /// An object representing the collaboration member's payment responsibilities set by the collaboration creator. /// diff --git a/sdk/dotnet/CleanRooms/Enums.cs b/sdk/dotnet/CleanRooms/Enums.cs index 3c95e1376d..d806a60820 100644 --- a/sdk/dotnet/CleanRooms/Enums.cs +++ b/sdk/dotnet/CleanRooms/Enums.cs @@ -122,6 +122,34 @@ private CollaborationAnalyticsEngine(string value) public override string ToString() => _value; } + [EnumType] + public readonly struct CollaborationCustomMlMemberAbility : IEquatable + { + private readonly string _value; + + private CollaborationCustomMlMemberAbility(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static CollaborationCustomMlMemberAbility CanReceiveModelOutput { get; } = new CollaborationCustomMlMemberAbility("CAN_RECEIVE_MODEL_OUTPUT"); + public static CollaborationCustomMlMemberAbility CanReceiveInferenceOutput { get; } = new CollaborationCustomMlMemberAbility("CAN_RECEIVE_INFERENCE_OUTPUT"); + + public static bool operator ==(CollaborationCustomMlMemberAbility left, CollaborationCustomMlMemberAbility right) => left.Equals(right); + public static bool operator !=(CollaborationCustomMlMemberAbility left, CollaborationCustomMlMemberAbility right) => !left.Equals(right); + + public static explicit operator string(CollaborationCustomMlMemberAbility value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is CollaborationCustomMlMemberAbility other && Equals(other); + public bool Equals(CollaborationCustomMlMemberAbility other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + [EnumType] public readonly struct CollaborationMemberAbility : IEquatable { diff --git a/sdk/dotnet/CleanRooms/Inputs/CollaborationMemberSpecificationArgs.cs b/sdk/dotnet/CleanRooms/Inputs/CollaborationMemberSpecificationArgs.cs index b632d36681..39328a7cc8 100644 --- a/sdk/dotnet/CleanRooms/Inputs/CollaborationMemberSpecificationArgs.cs +++ b/sdk/dotnet/CleanRooms/Inputs/CollaborationMemberSpecificationArgs.cs @@ -38,6 +38,12 @@ public InputList MemberA set => _memberAbilities = value; } + /// + /// The ML abilities granted to the collaboration member. + /// + [Input("mlMemberAbilities")] + public Input? MlMemberAbilities { get; set; } + /// /// The collaboration member's payment responsibilities set by the collaboration creator. /// diff --git a/sdk/dotnet/CleanRooms/Inputs/CollaborationMlMemberAbilitiesArgs.cs b/sdk/dotnet/CleanRooms/Inputs/CollaborationMlMemberAbilitiesArgs.cs new file mode 100644 index 0000000000..59302fa3c6 --- /dev/null +++ b/sdk/dotnet/CleanRooms/Inputs/CollaborationMlMemberAbilitiesArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Inputs +{ + + public sealed class CollaborationMlMemberAbilitiesArgs : global::Pulumi.ResourceArgs + { + [Input("customMlMemberAbilities", required: true)] + private InputList? _customMlMemberAbilities; + + /// + /// The custom ML member abilities for a collaboration member. + /// + public InputList CustomMlMemberAbilities + { + get => _customMlMemberAbilities ?? (_customMlMemberAbilities = new InputList()); + set => _customMlMemberAbilities = value; + } + + public CollaborationMlMemberAbilitiesArgs() + { + } + public static new CollaborationMlMemberAbilitiesArgs Empty => new CollaborationMlMemberAbilitiesArgs(); + } +} diff --git a/sdk/dotnet/CleanRooms/Inputs/CollaborationMlPaymentConfigArgs.cs b/sdk/dotnet/CleanRooms/Inputs/CollaborationMlPaymentConfigArgs.cs new file mode 100644 index 0000000000..e487592039 --- /dev/null +++ b/sdk/dotnet/CleanRooms/Inputs/CollaborationMlPaymentConfigArgs.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Inputs +{ + + public sealed class CollaborationMlPaymentConfigArgs : global::Pulumi.ResourceArgs + { + /// + /// The payment responsibilities accepted by the member for model inference. + /// + [Input("modelInference")] + public Input? ModelInference { get; set; } + + /// + /// The payment responsibilities accepted by the member for model training. + /// + [Input("modelTraining")] + public Input? ModelTraining { get; set; } + + public CollaborationMlPaymentConfigArgs() + { + } + public static new CollaborationMlPaymentConfigArgs Empty => new CollaborationMlPaymentConfigArgs(); + } +} diff --git a/sdk/dotnet/CleanRooms/Inputs/CollaborationModelInferencePaymentConfigArgs.cs b/sdk/dotnet/CleanRooms/Inputs/CollaborationModelInferencePaymentConfigArgs.cs new file mode 100644 index 0000000000..3bf4433b23 --- /dev/null +++ b/sdk/dotnet/CleanRooms/Inputs/CollaborationModelInferencePaymentConfigArgs.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Inputs +{ + + public sealed class CollaborationModelInferencePaymentConfigArgs : global::Pulumi.ResourceArgs + { + /// + /// Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ). + /// + /// Exactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + /// + /// If the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + /// + [Input("isResponsible", required: true)] + public Input IsResponsible { get; set; } = null!; + + public CollaborationModelInferencePaymentConfigArgs() + { + } + public static new CollaborationModelInferencePaymentConfigArgs Empty => new CollaborationModelInferencePaymentConfigArgs(); + } +} diff --git a/sdk/dotnet/CleanRooms/Inputs/CollaborationModelTrainingPaymentConfigArgs.cs b/sdk/dotnet/CleanRooms/Inputs/CollaborationModelTrainingPaymentConfigArgs.cs new file mode 100644 index 0000000000..b72589673f --- /dev/null +++ b/sdk/dotnet/CleanRooms/Inputs/CollaborationModelTrainingPaymentConfigArgs.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Inputs +{ + + public sealed class CollaborationModelTrainingPaymentConfigArgs : global::Pulumi.ResourceArgs + { + /// + /// Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ). + /// + /// Exactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + /// + /// If the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + /// + [Input("isResponsible", required: true)] + public Input IsResponsible { get; set; } = null!; + + public CollaborationModelTrainingPaymentConfigArgs() + { + } + public static new CollaborationModelTrainingPaymentConfigArgs Empty => new CollaborationModelTrainingPaymentConfigArgs(); + } +} diff --git a/sdk/dotnet/CleanRooms/Inputs/CollaborationPaymentConfigurationArgs.cs b/sdk/dotnet/CleanRooms/Inputs/CollaborationPaymentConfigurationArgs.cs index 1cb033c3a2..86fcaaef94 100644 --- a/sdk/dotnet/CleanRooms/Inputs/CollaborationPaymentConfigurationArgs.cs +++ b/sdk/dotnet/CleanRooms/Inputs/CollaborationPaymentConfigurationArgs.cs @@ -12,6 +12,12 @@ namespace Pulumi.AwsNative.CleanRooms.Inputs public sealed class CollaborationPaymentConfigurationArgs : global::Pulumi.ResourceArgs { + /// + /// An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. + /// + [Input("machineLearning")] + public Input? MachineLearning { get; set; } + /// /// The collaboration member's payment responsibilities set by the collaboration creator for query compute costs. /// diff --git a/sdk/dotnet/CleanRooms/Inputs/MembershipMlPaymentConfigArgs.cs b/sdk/dotnet/CleanRooms/Inputs/MembershipMlPaymentConfigArgs.cs new file mode 100644 index 0000000000..d20ecbbc8d --- /dev/null +++ b/sdk/dotnet/CleanRooms/Inputs/MembershipMlPaymentConfigArgs.cs @@ -0,0 +1,26 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Inputs +{ + + public sealed class MembershipMlPaymentConfigArgs : global::Pulumi.ResourceArgs + { + [Input("modelInference")] + public Input? ModelInference { get; set; } + + [Input("modelTraining")] + public Input? ModelTraining { get; set; } + + public MembershipMlPaymentConfigArgs() + { + } + public static new MembershipMlPaymentConfigArgs Empty => new MembershipMlPaymentConfigArgs(); + } +} diff --git a/sdk/dotnet/CleanRooms/Inputs/MembershipModelInferencePaymentConfigArgs.cs b/sdk/dotnet/CleanRooms/Inputs/MembershipModelInferencePaymentConfigArgs.cs new file mode 100644 index 0000000000..43bc4ddc11 --- /dev/null +++ b/sdk/dotnet/CleanRooms/Inputs/MembershipModelInferencePaymentConfigArgs.cs @@ -0,0 +1,23 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Inputs +{ + + public sealed class MembershipModelInferencePaymentConfigArgs : global::Pulumi.ResourceArgs + { + [Input("isResponsible", required: true)] + public Input IsResponsible { get; set; } = null!; + + public MembershipModelInferencePaymentConfigArgs() + { + } + public static new MembershipModelInferencePaymentConfigArgs Empty => new MembershipModelInferencePaymentConfigArgs(); + } +} diff --git a/sdk/dotnet/CleanRooms/Inputs/MembershipModelTrainingPaymentConfigArgs.cs b/sdk/dotnet/CleanRooms/Inputs/MembershipModelTrainingPaymentConfigArgs.cs new file mode 100644 index 0000000000..5baab8c809 --- /dev/null +++ b/sdk/dotnet/CleanRooms/Inputs/MembershipModelTrainingPaymentConfigArgs.cs @@ -0,0 +1,23 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Inputs +{ + + public sealed class MembershipModelTrainingPaymentConfigArgs : global::Pulumi.ResourceArgs + { + [Input("isResponsible", required: true)] + public Input IsResponsible { get; set; } = null!; + + public MembershipModelTrainingPaymentConfigArgs() + { + } + public static new MembershipModelTrainingPaymentConfigArgs Empty => new MembershipModelTrainingPaymentConfigArgs(); + } +} diff --git a/sdk/dotnet/CleanRooms/Inputs/MembershipPaymentConfigurationArgs.cs b/sdk/dotnet/CleanRooms/Inputs/MembershipPaymentConfigurationArgs.cs index 9b721a0e55..4f71ac3793 100644 --- a/sdk/dotnet/CleanRooms/Inputs/MembershipPaymentConfigurationArgs.cs +++ b/sdk/dotnet/CleanRooms/Inputs/MembershipPaymentConfigurationArgs.cs @@ -12,6 +12,9 @@ namespace Pulumi.AwsNative.CleanRooms.Inputs public sealed class MembershipPaymentConfigurationArgs : global::Pulumi.ResourceArgs { + [Input("machineLearning")] + public Input? MachineLearning { get; set; } + /// /// The payment responsibilities accepted by the collaboration member for query compute costs. /// diff --git a/sdk/dotnet/CleanRooms/Outputs/CollaborationMemberSpecification.cs b/sdk/dotnet/CleanRooms/Outputs/CollaborationMemberSpecification.cs index d7cbff4876..676684e6dd 100644 --- a/sdk/dotnet/CleanRooms/Outputs/CollaborationMemberSpecification.cs +++ b/sdk/dotnet/CleanRooms/Outputs/CollaborationMemberSpecification.cs @@ -28,6 +28,10 @@ public sealed class CollaborationMemberSpecification /// public readonly ImmutableArray MemberAbilities; /// + /// The ML abilities granted to the collaboration member. + /// + public readonly Outputs.CollaborationMlMemberAbilities? MlMemberAbilities; + /// /// The collaboration member's payment responsibilities set by the collaboration creator. /// /// If the collaboration creator hasn't specified anyone as the member paying for query compute costs, then the member who can query is the default payer. @@ -42,11 +46,14 @@ private CollaborationMemberSpecification( ImmutableArray memberAbilities, + Outputs.CollaborationMlMemberAbilities? mlMemberAbilities, + Outputs.CollaborationPaymentConfiguration? paymentConfiguration) { AccountId = accountId; DisplayName = displayName; MemberAbilities = memberAbilities; + MlMemberAbilities = mlMemberAbilities; PaymentConfiguration = paymentConfiguration; } } diff --git a/sdk/dotnet/CleanRooms/Outputs/CollaborationMlMemberAbilities.cs b/sdk/dotnet/CleanRooms/Outputs/CollaborationMlMemberAbilities.cs new file mode 100644 index 0000000000..1f7474a294 --- /dev/null +++ b/sdk/dotnet/CleanRooms/Outputs/CollaborationMlMemberAbilities.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Outputs +{ + + [OutputType] + public sealed class CollaborationMlMemberAbilities + { + /// + /// The custom ML member abilities for a collaboration member. + /// + public readonly ImmutableArray CustomMlMemberAbilities; + + [OutputConstructor] + private CollaborationMlMemberAbilities(ImmutableArray customMlMemberAbilities) + { + CustomMlMemberAbilities = customMlMemberAbilities; + } + } +} diff --git a/sdk/dotnet/CleanRooms/Outputs/CollaborationMlPaymentConfig.cs b/sdk/dotnet/CleanRooms/Outputs/CollaborationMlPaymentConfig.cs new file mode 100644 index 0000000000..f88269b701 --- /dev/null +++ b/sdk/dotnet/CleanRooms/Outputs/CollaborationMlPaymentConfig.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Outputs +{ + + [OutputType] + public sealed class CollaborationMlPaymentConfig + { + /// + /// The payment responsibilities accepted by the member for model inference. + /// + public readonly Outputs.CollaborationModelInferencePaymentConfig? ModelInference; + /// + /// The payment responsibilities accepted by the member for model training. + /// + public readonly Outputs.CollaborationModelTrainingPaymentConfig? ModelTraining; + + [OutputConstructor] + private CollaborationMlPaymentConfig( + Outputs.CollaborationModelInferencePaymentConfig? modelInference, + + Outputs.CollaborationModelTrainingPaymentConfig? modelTraining) + { + ModelInference = modelInference; + ModelTraining = modelTraining; + } + } +} diff --git a/sdk/dotnet/CleanRooms/Outputs/CollaborationModelInferencePaymentConfig.cs b/sdk/dotnet/CleanRooms/Outputs/CollaborationModelInferencePaymentConfig.cs new file mode 100644 index 0000000000..225d1095e0 --- /dev/null +++ b/sdk/dotnet/CleanRooms/Outputs/CollaborationModelInferencePaymentConfig.cs @@ -0,0 +1,31 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Outputs +{ + + [OutputType] + public sealed class CollaborationModelInferencePaymentConfig + { + /// + /// Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ). + /// + /// Exactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + /// + /// If the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + /// + public readonly bool IsResponsible; + + [OutputConstructor] + private CollaborationModelInferencePaymentConfig(bool isResponsible) + { + IsResponsible = isResponsible; + } + } +} diff --git a/sdk/dotnet/CleanRooms/Outputs/CollaborationModelTrainingPaymentConfig.cs b/sdk/dotnet/CleanRooms/Outputs/CollaborationModelTrainingPaymentConfig.cs new file mode 100644 index 0000000000..5e1f842dd1 --- /dev/null +++ b/sdk/dotnet/CleanRooms/Outputs/CollaborationModelTrainingPaymentConfig.cs @@ -0,0 +1,31 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Outputs +{ + + [OutputType] + public sealed class CollaborationModelTrainingPaymentConfig + { + /// + /// Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ). + /// + /// Exactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + /// + /// If the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + /// + public readonly bool IsResponsible; + + [OutputConstructor] + private CollaborationModelTrainingPaymentConfig(bool isResponsible) + { + IsResponsible = isResponsible; + } + } +} diff --git a/sdk/dotnet/CleanRooms/Outputs/CollaborationPaymentConfiguration.cs b/sdk/dotnet/CleanRooms/Outputs/CollaborationPaymentConfiguration.cs index 0eb4002c94..b92ce2901e 100644 --- a/sdk/dotnet/CleanRooms/Outputs/CollaborationPaymentConfiguration.cs +++ b/sdk/dotnet/CleanRooms/Outputs/CollaborationPaymentConfiguration.cs @@ -13,14 +13,22 @@ namespace Pulumi.AwsNative.CleanRooms.Outputs [OutputType] public sealed class CollaborationPaymentConfiguration { + /// + /// An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. + /// + public readonly Outputs.CollaborationMlPaymentConfig? MachineLearning; /// /// The collaboration member's payment responsibilities set by the collaboration creator for query compute costs. /// public readonly Outputs.CollaborationQueryComputePaymentConfig QueryCompute; [OutputConstructor] - private CollaborationPaymentConfiguration(Outputs.CollaborationQueryComputePaymentConfig queryCompute) + private CollaborationPaymentConfiguration( + Outputs.CollaborationMlPaymentConfig? machineLearning, + + Outputs.CollaborationQueryComputePaymentConfig queryCompute) { + MachineLearning = machineLearning; QueryCompute = queryCompute; } } diff --git a/sdk/dotnet/CleanRooms/Outputs/MembershipMlPaymentConfig.cs b/sdk/dotnet/CleanRooms/Outputs/MembershipMlPaymentConfig.cs new file mode 100644 index 0000000000..e33a03d7ad --- /dev/null +++ b/sdk/dotnet/CleanRooms/Outputs/MembershipMlPaymentConfig.cs @@ -0,0 +1,29 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Outputs +{ + + [OutputType] + public sealed class MembershipMlPaymentConfig + { + public readonly Outputs.MembershipModelInferencePaymentConfig? ModelInference; + public readonly Outputs.MembershipModelTrainingPaymentConfig? ModelTraining; + + [OutputConstructor] + private MembershipMlPaymentConfig( + Outputs.MembershipModelInferencePaymentConfig? modelInference, + + Outputs.MembershipModelTrainingPaymentConfig? modelTraining) + { + ModelInference = modelInference; + ModelTraining = modelTraining; + } + } +} diff --git a/sdk/dotnet/CleanRooms/Outputs/MembershipModelInferencePaymentConfig.cs b/sdk/dotnet/CleanRooms/Outputs/MembershipModelInferencePaymentConfig.cs new file mode 100644 index 0000000000..d48f84f0aa --- /dev/null +++ b/sdk/dotnet/CleanRooms/Outputs/MembershipModelInferencePaymentConfig.cs @@ -0,0 +1,24 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Outputs +{ + + [OutputType] + public sealed class MembershipModelInferencePaymentConfig + { + public readonly bool IsResponsible; + + [OutputConstructor] + private MembershipModelInferencePaymentConfig(bool isResponsible) + { + IsResponsible = isResponsible; + } + } +} diff --git a/sdk/dotnet/CleanRooms/Outputs/MembershipModelTrainingPaymentConfig.cs b/sdk/dotnet/CleanRooms/Outputs/MembershipModelTrainingPaymentConfig.cs new file mode 100644 index 0000000000..7b8d6cb786 --- /dev/null +++ b/sdk/dotnet/CleanRooms/Outputs/MembershipModelTrainingPaymentConfig.cs @@ -0,0 +1,24 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CleanRooms.Outputs +{ + + [OutputType] + public sealed class MembershipModelTrainingPaymentConfig + { + public readonly bool IsResponsible; + + [OutputConstructor] + private MembershipModelTrainingPaymentConfig(bool isResponsible) + { + IsResponsible = isResponsible; + } + } +} diff --git a/sdk/dotnet/CleanRooms/Outputs/MembershipPaymentConfiguration.cs b/sdk/dotnet/CleanRooms/Outputs/MembershipPaymentConfiguration.cs index f71390894d..e9d227854e 100644 --- a/sdk/dotnet/CleanRooms/Outputs/MembershipPaymentConfiguration.cs +++ b/sdk/dotnet/CleanRooms/Outputs/MembershipPaymentConfiguration.cs @@ -13,14 +13,19 @@ namespace Pulumi.AwsNative.CleanRooms.Outputs [OutputType] public sealed class MembershipPaymentConfiguration { + public readonly Outputs.MembershipMlPaymentConfig? MachineLearning; /// /// The payment responsibilities accepted by the collaboration member for query compute costs. /// public readonly Outputs.MembershipQueryComputePaymentConfig QueryCompute; [OutputConstructor] - private MembershipPaymentConfiguration(Outputs.MembershipQueryComputePaymentConfig queryCompute) + private MembershipPaymentConfiguration( + Outputs.MembershipMlPaymentConfig? machineLearning, + + Outputs.MembershipQueryComputePaymentConfig queryCompute) { + MachineLearning = machineLearning; QueryCompute = queryCompute; } } diff --git a/sdk/dotnet/Cognito/GetUserPool.cs b/sdk/dotnet/Cognito/GetUserPool.cs index e19d541ea6..b1467a82aa 100644 --- a/sdk/dotnet/Cognito/GetUserPool.cs +++ b/sdk/dotnet/Cognito/GetUserPool.cs @@ -70,11 +70,11 @@ public sealed class GetUserPoolResult /// /// The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. /// - /// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + /// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . /// public readonly Outputs.UserPoolAdminCreateUserConfig? AdminCreateUserConfig; /// - /// Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + /// Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . /// public readonly ImmutableArray AliasAttributes; /// @@ -82,7 +82,7 @@ public sealed class GetUserPoolResult /// public readonly string? Arn; /// - /// The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + /// The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . /// public readonly ImmutableArray AutoVerifiedAttributes; /// @@ -118,17 +118,15 @@ public sealed class GetUserPoolResult /// public readonly Outputs.UserPoolLambdaConfig? LambdaConfig; /// - /// The multi-factor authentication (MFA) configuration. Valid values include: + /// Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . /// - /// - `OFF` MFA won't be used for any users. - /// - `ON` MFA is required for all users to sign in. - /// - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + /// When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. /// public readonly string? MfaConfiguration; /// /// A list of user pool policies. Contains the policy that sets password-complexity requirements. /// - /// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + /// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . /// public readonly Outputs.UserPoolPolicies? Policies; /// @@ -148,7 +146,7 @@ public sealed class GetUserPoolResult /// public readonly string? SmsAuthenticationMessage; /// - /// The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + /// The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . /// public readonly Outputs.UserPoolSmsConfiguration? SmsConfiguration; /// @@ -162,7 +160,7 @@ public sealed class GetUserPoolResult /// public readonly Outputs.UserPoolUserAttributeUpdateSettings? UserAttributeUpdateSettings; /// - /// User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + /// Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . /// /// For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . /// @@ -172,7 +170,7 @@ public sealed class GetUserPoolResult /// public readonly string? UserPoolId; /// - /// A friendlhy name for your user pool. + /// A friendly name for your user pool. /// public readonly string? UserPoolName; /// diff --git a/sdk/dotnet/Cognito/GetUserPoolClient.cs b/sdk/dotnet/Cognito/GetUserPoolClient.cs index ba47a12ce5..b899cea288 100644 --- a/sdk/dotnet/Cognito/GetUserPoolClient.cs +++ b/sdk/dotnet/Cognito/GetUserPoolClient.cs @@ -88,28 +88,28 @@ public sealed class GetUserPoolClientResult /// public readonly int? AccessTokenValidity; /// - /// The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + /// The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. /// /// - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - /// - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - /// - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. + /// - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + /// - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. /// public readonly ImmutableArray AllowedOAuthFlows; /// - /// Set to `true` to use OAuth 2.0 features in your user pool app client. + /// Set to `true` to use OAuth 2.0 authorization server features in your app client. /// - /// `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + /// This parameter must have a value of `true` before you can configure the following features in your app client. /// /// - `CallBackURLs` : Callback URLs. /// - `LogoutURLs` : Sign-out redirect URLs. /// - `AllowedOAuthScopes` : OAuth 2.0 scopes. /// - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. /// - /// To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . + /// To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. /// public readonly bool? AllowedOAuthFlowsUserPoolClient; /// - /// The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + /// The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. /// public readonly ImmutableArray AllowedOAuthScopes; /// @@ -123,9 +123,9 @@ public sealed class GetUserPoolClientResult /// public readonly int? AuthSessionValidity; /// - /// A list of allowed redirect (callback) URLs for the IdPs. + /// A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. /// - /// A redirect URI must: + /// A redirect URI must meet the following requirements: /// /// - Be an absolute URI. /// - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -152,21 +152,23 @@ public sealed class GetUserPoolClientResult /// public readonly string? DefaultRedirectUri; /// - /// Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + /// When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. /// public readonly bool? EnablePropagateAdditionalUserContextData; /// - /// Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + /// Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + /// + /// Revoke tokens with `API_RevokeToken` . /// /// If you don't include this parameter, token revocation is automatically activated for the new user pool client. /// public readonly bool? EnableTokenRevocation; /// - /// The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + /// The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. /// - /// > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + /// > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . /// - /// Valid values include: + /// The values for authentication flow options include the following. /// /// - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . /// @@ -193,7 +195,7 @@ public sealed class GetUserPoolClientResult /// public readonly int? IdTokenValidity; /// - /// A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + /// A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . /// public readonly ImmutableArray LogoutUrls; public readonly string? Name; @@ -209,9 +211,11 @@ public sealed class GetUserPoolClientResult /// public readonly string? PreventUserExistenceErrors; /// - /// The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + /// The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. /// - /// When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + /// An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + /// + /// When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. /// public readonly ImmutableArray ReadAttributes; /// @@ -229,7 +233,7 @@ public sealed class GetUserPoolClientResult /// /// A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . /// - /// This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + /// This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . /// public readonly ImmutableArray SupportedIdentityProviders; /// @@ -237,7 +241,9 @@ public sealed class GetUserPoolClientResult /// public readonly Outputs.UserPoolClientTokenValidityUnits? TokenValidityUnits; /// - /// The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + /// The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + /// + /// An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. /// /// When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. /// diff --git a/sdk/dotnet/Cognito/GetUserPoolDomain.cs b/sdk/dotnet/Cognito/GetUserPoolDomain.cs index 253868b9f9..896c840c50 100644 --- a/sdk/dotnet/Cognito/GetUserPoolDomain.cs +++ b/sdk/dotnet/Cognito/GetUserPoolDomain.cs @@ -68,9 +68,11 @@ public sealed class GetUserPoolDomainResult /// public readonly string? CloudFrontDistribution; /// - /// The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + /// The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . /// - /// When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. + /// When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. + /// + /// Update the RP ID in a `API_SetUserPoolMfaConfig` request. /// public readonly Outputs.UserPoolDomainCustomDomainConfigType? CustomDomainConfig; /// diff --git a/sdk/dotnet/Cognito/GetUserPoolRiskConfigurationAttachment.cs b/sdk/dotnet/Cognito/GetUserPoolRiskConfigurationAttachment.cs index cc32cb7c1e..96d11123c4 100644 --- a/sdk/dotnet/Cognito/GetUserPoolRiskConfigurationAttachment.cs +++ b/sdk/dotnet/Cognito/GetUserPoolRiskConfigurationAttachment.cs @@ -76,11 +76,11 @@ public GetUserPoolRiskConfigurationAttachmentInvokeArgs() public sealed class GetUserPoolRiskConfigurationAttachmentResult { /// - /// The settings for automated responses and notification templates for adaptive authentication with advanced security features. + /// The settings for automated responses and notification templates for adaptive authentication with threat protection. /// public readonly Outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType? AccountTakeoverRiskConfiguration; /// - /// Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + /// Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. /// public readonly Outputs.UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType? CompromisedCredentialsRiskConfiguration; /// diff --git a/sdk/dotnet/Cognito/GetUserPoolUiCustomizationAttachment.cs b/sdk/dotnet/Cognito/GetUserPoolUiCustomizationAttachment.cs index 6fbe5b0db9..6d3981403b 100644 --- a/sdk/dotnet/Cognito/GetUserPoolUiCustomizationAttachment.cs +++ b/sdk/dotnet/Cognito/GetUserPoolUiCustomizationAttachment.cs @@ -40,7 +40,7 @@ public sealed class GetUserPoolUiCustomizationAttachmentArgs : global::Pulumi.In public string ClientId { get; set; } = null!; /// - /// The ID of the user pool. + /// The ID of the user pool where you want to apply branding to the classic hosted UI. /// [Input("userPoolId", required: true)] public string UserPoolId { get; set; } = null!; @@ -60,7 +60,7 @@ public sealed class GetUserPoolUiCustomizationAttachmentInvokeArgs : global::Pul public Input ClientId { get; set; } = null!; /// - /// The ID of the user pool. + /// The ID of the user pool where you want to apply branding to the classic hosted UI. /// [Input("userPoolId", required: true)] public Input UserPoolId { get; set; } = null!; @@ -76,7 +76,7 @@ public GetUserPoolUiCustomizationAttachmentInvokeArgs() public sealed class GetUserPoolUiCustomizationAttachmentResult { /// - /// The CSS values in the UI customization. + /// A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . /// public readonly string? Css; diff --git a/sdk/dotnet/Cognito/Inputs/UserPoolAddOnsArgs.cs b/sdk/dotnet/Cognito/Inputs/UserPoolAddOnsArgs.cs index 9c7dc63fb8..a920a16144 100644 --- a/sdk/dotnet/Cognito/Inputs/UserPoolAddOnsArgs.cs +++ b/sdk/dotnet/Cognito/Inputs/UserPoolAddOnsArgs.cs @@ -13,13 +13,13 @@ namespace Pulumi.AwsNative.Cognito.Inputs public sealed class UserPoolAddOnsArgs : global::Pulumi.ResourceArgs { /// - /// Advanced security configuration options for additional authentication types in your user pool, including custom authentication. + /// Threat protection configuration options for additional authentication types in your user pool, including custom authentication. /// [Input("advancedSecurityAdditionalFlows")] public Input? AdvancedSecurityAdditionalFlows { get; set; } /// - /// The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. + /// The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. /// [Input("advancedSecurityMode")] public Input? AdvancedSecurityMode { get; set; } diff --git a/sdk/dotnet/Cognito/Inputs/UserPoolAdminCreateUserConfigArgs.cs b/sdk/dotnet/Cognito/Inputs/UserPoolAdminCreateUserConfigArgs.cs index 1af696f490..e038d0e06c 100644 --- a/sdk/dotnet/Cognito/Inputs/UserPoolAdminCreateUserConfigArgs.cs +++ b/sdk/dotnet/Cognito/Inputs/UserPoolAdminCreateUserConfigArgs.cs @@ -13,7 +13,7 @@ namespace Pulumi.AwsNative.Cognito.Inputs public sealed class UserPoolAdminCreateUserConfigArgs : global::Pulumi.ResourceArgs { /// - /// The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation. + /// The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation. /// [Input("allowAdminCreateUserOnly")] public Input? AllowAdminCreateUserOnly { get; set; } @@ -27,7 +27,9 @@ public sealed class UserPoolAdminCreateUserConfigArgs : global::Pulumi.ResourceA public Input? InviteMessageTemplate { get; set; } /// - /// This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . + /// This parameter is no longer in use. + /// + /// Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . /// /// The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter. /// diff --git a/sdk/dotnet/Cognito/Inputs/UserPoolAdvancedSecurityAdditionalFlowsArgs.cs b/sdk/dotnet/Cognito/Inputs/UserPoolAdvancedSecurityAdditionalFlowsArgs.cs index 1d81b2d464..3a7b262fe0 100644 --- a/sdk/dotnet/Cognito/Inputs/UserPoolAdvancedSecurityAdditionalFlowsArgs.cs +++ b/sdk/dotnet/Cognito/Inputs/UserPoolAdvancedSecurityAdditionalFlowsArgs.cs @@ -13,7 +13,7 @@ namespace Pulumi.AwsNative.Cognito.Inputs public sealed class UserPoolAdvancedSecurityAdditionalFlowsArgs : global::Pulumi.ResourceArgs { /// - /// The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . + /// The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . /// [Input("customAuthMode")] public Input? CustomAuthMode { get; set; } diff --git a/sdk/dotnet/Cognito/Inputs/UserPoolDeviceConfigurationArgs.cs b/sdk/dotnet/Cognito/Inputs/UserPoolDeviceConfigurationArgs.cs index 9c8995cb5d..4661968833 100644 --- a/sdk/dotnet/Cognito/Inputs/UserPoolDeviceConfigurationArgs.cs +++ b/sdk/dotnet/Cognito/Inputs/UserPoolDeviceConfigurationArgs.cs @@ -21,7 +21,7 @@ public sealed class UserPoolDeviceConfigurationArgs : global::Pulumi.ResourceArg public Input? ChallengeRequiredOnNewDevice { get; set; } /// - /// When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request. + /// When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request. /// /// When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request. /// diff --git a/sdk/dotnet/Cognito/Inputs/UserPoolPasswordPolicyArgs.cs b/sdk/dotnet/Cognito/Inputs/UserPoolPasswordPolicyArgs.cs index d7ff1ae277..35c99512ab 100644 --- a/sdk/dotnet/Cognito/Inputs/UserPoolPasswordPolicyArgs.cs +++ b/sdk/dotnet/Cognito/Inputs/UserPoolPasswordPolicyArgs.cs @@ -21,7 +21,7 @@ public sealed class UserPoolPasswordPolicyArgs : global::Pulumi.ResourceArgs /// /// The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` . /// - /// Password history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. + /// Password history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. /// [Input("passwordHistorySize")] public Input? PasswordHistorySize { get; set; } diff --git a/sdk/dotnet/Cognito/Inputs/UserPoolPoliciesArgs.cs b/sdk/dotnet/Cognito/Inputs/UserPoolPoliciesArgs.cs index 4a5485fe9d..f613e8671e 100644 --- a/sdk/dotnet/Cognito/Inputs/UserPoolPoliciesArgs.cs +++ b/sdk/dotnet/Cognito/Inputs/UserPoolPoliciesArgs.cs @@ -21,7 +21,7 @@ public sealed class UserPoolPoliciesArgs : global::Pulumi.ResourceArgs /// /// The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. /// - /// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + /// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . /// [Input("signInPolicy")] public Input? SignInPolicy { get; set; } diff --git a/sdk/dotnet/Cognito/Inputs/UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgs.cs b/sdk/dotnet/Cognito/Inputs/UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgs.cs index b50fc564a5..54d76a62ad 100644 --- a/sdk/dotnet/Cognito/Inputs/UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgs.cs +++ b/sdk/dotnet/Cognito/Inputs/UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgs.cs @@ -13,19 +13,19 @@ namespace Pulumi.AwsNative.Cognito.Inputs public sealed class UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgs : global::Pulumi.ResourceArgs { /// - /// The action that you assign to a high-risk assessment by advanced security features. + /// The action that you assign to a high-risk assessment by threat protection. /// [Input("highAction")] public Input? HighAction { get; set; } /// - /// The action that you assign to a low-risk assessment by advanced security features. + /// The action that you assign to a low-risk assessment by threat protection. /// [Input("lowAction")] public Input? LowAction { get; set; } /// - /// The action that you assign to a medium-risk assessment by advanced security features. + /// The action that you assign to a medium-risk assessment by threat protection. /// [Input("mediumAction")] public Input? MediumAction { get; set; } diff --git a/sdk/dotnet/Cognito/Inputs/UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgs.cs b/sdk/dotnet/Cognito/Inputs/UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgs.cs index 06dbc1ef60..365bf23ce5 100644 --- a/sdk/dotnet/Cognito/Inputs/UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgs.cs +++ b/sdk/dotnet/Cognito/Inputs/UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgs.cs @@ -13,13 +13,13 @@ namespace Pulumi.AwsNative.Cognito.Inputs public sealed class UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgs : global::Pulumi.ResourceArgs { /// - /// A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. + /// A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. /// [Input("actions", required: true)] public Input Actions { get; set; } = null!; /// - /// The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. + /// The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. /// [Input("notifyConfiguration")] public Input? NotifyConfiguration { get; set; } diff --git a/sdk/dotnet/Cognito/Inputs/UserPoolUserAttributeUpdateSettingsArgs.cs b/sdk/dotnet/Cognito/Inputs/UserPoolUserAttributeUpdateSettingsArgs.cs index bc843a81d5..1cea50a5e3 100644 --- a/sdk/dotnet/Cognito/Inputs/UserPoolUserAttributeUpdateSettingsArgs.cs +++ b/sdk/dotnet/Cognito/Inputs/UserPoolUserAttributeUpdateSettingsArgs.cs @@ -18,7 +18,7 @@ public sealed class UserPoolUserAttributeUpdateSettingsArgs : global::Pulumi.Res /// /// Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. /// - /// You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true. + /// You can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true. /// /// When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute. /// diff --git a/sdk/dotnet/Cognito/Outputs/UserPoolAddOns.cs b/sdk/dotnet/Cognito/Outputs/UserPoolAddOns.cs index e020e483d0..36557eb691 100644 --- a/sdk/dotnet/Cognito/Outputs/UserPoolAddOns.cs +++ b/sdk/dotnet/Cognito/Outputs/UserPoolAddOns.cs @@ -14,11 +14,11 @@ namespace Pulumi.AwsNative.Cognito.Outputs public sealed class UserPoolAddOns { /// - /// Advanced security configuration options for additional authentication types in your user pool, including custom authentication. + /// Threat protection configuration options for additional authentication types in your user pool, including custom authentication. /// public readonly Outputs.UserPoolAdvancedSecurityAdditionalFlows? AdvancedSecurityAdditionalFlows; /// - /// The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. + /// The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. /// public readonly string? AdvancedSecurityMode; diff --git a/sdk/dotnet/Cognito/Outputs/UserPoolAdminCreateUserConfig.cs b/sdk/dotnet/Cognito/Outputs/UserPoolAdminCreateUserConfig.cs index e67f82f44f..b36b2238fa 100644 --- a/sdk/dotnet/Cognito/Outputs/UserPoolAdminCreateUserConfig.cs +++ b/sdk/dotnet/Cognito/Outputs/UserPoolAdminCreateUserConfig.cs @@ -14,7 +14,7 @@ namespace Pulumi.AwsNative.Cognito.Outputs public sealed class UserPoolAdminCreateUserConfig { /// - /// The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation. + /// The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation. /// public readonly bool? AllowAdminCreateUserOnly; /// @@ -24,7 +24,9 @@ public sealed class UserPoolAdminCreateUserConfig /// public readonly Outputs.UserPoolInviteMessageTemplate? InviteMessageTemplate; /// - /// This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . + /// This parameter is no longer in use. + /// + /// Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . /// /// The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter. /// diff --git a/sdk/dotnet/Cognito/Outputs/UserPoolAdvancedSecurityAdditionalFlows.cs b/sdk/dotnet/Cognito/Outputs/UserPoolAdvancedSecurityAdditionalFlows.cs index bf801318c8..3f7099c46e 100644 --- a/sdk/dotnet/Cognito/Outputs/UserPoolAdvancedSecurityAdditionalFlows.cs +++ b/sdk/dotnet/Cognito/Outputs/UserPoolAdvancedSecurityAdditionalFlows.cs @@ -14,7 +14,7 @@ namespace Pulumi.AwsNative.Cognito.Outputs public sealed class UserPoolAdvancedSecurityAdditionalFlows { /// - /// The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . + /// The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . /// public readonly string? CustomAuthMode; diff --git a/sdk/dotnet/Cognito/Outputs/UserPoolDeviceConfiguration.cs b/sdk/dotnet/Cognito/Outputs/UserPoolDeviceConfiguration.cs index adeb3b8b75..18a083a8b3 100644 --- a/sdk/dotnet/Cognito/Outputs/UserPoolDeviceConfiguration.cs +++ b/sdk/dotnet/Cognito/Outputs/UserPoolDeviceConfiguration.cs @@ -20,7 +20,7 @@ public sealed class UserPoolDeviceConfiguration /// public readonly bool? ChallengeRequiredOnNewDevice; /// - /// When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request. + /// When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request. /// /// When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request. /// diff --git a/sdk/dotnet/Cognito/Outputs/UserPoolPasswordPolicy.cs b/sdk/dotnet/Cognito/Outputs/UserPoolPasswordPolicy.cs index 335d0c4068..f5ea0e2a9f 100644 --- a/sdk/dotnet/Cognito/Outputs/UserPoolPasswordPolicy.cs +++ b/sdk/dotnet/Cognito/Outputs/UserPoolPasswordPolicy.cs @@ -20,7 +20,7 @@ public sealed class UserPoolPasswordPolicy /// /// The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` . /// - /// Password history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. + /// Password history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. /// public readonly int? PasswordHistorySize; /// diff --git a/sdk/dotnet/Cognito/Outputs/UserPoolPolicies.cs b/sdk/dotnet/Cognito/Outputs/UserPoolPolicies.cs index 6ee6b87cc8..88b3fa9572 100644 --- a/sdk/dotnet/Cognito/Outputs/UserPoolPolicies.cs +++ b/sdk/dotnet/Cognito/Outputs/UserPoolPolicies.cs @@ -20,7 +20,7 @@ public sealed class UserPoolPolicies /// /// The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. /// - /// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + /// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . /// public readonly Outputs.UserPoolSignInPolicy? SignInPolicy; diff --git a/sdk/dotnet/Cognito/Outputs/UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType.cs b/sdk/dotnet/Cognito/Outputs/UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType.cs index 09ad19b44c..d12d978a68 100644 --- a/sdk/dotnet/Cognito/Outputs/UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType.cs +++ b/sdk/dotnet/Cognito/Outputs/UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType.cs @@ -14,15 +14,15 @@ namespace Pulumi.AwsNative.Cognito.Outputs public sealed class UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType { /// - /// The action that you assign to a high-risk assessment by advanced security features. + /// The action that you assign to a high-risk assessment by threat protection. /// public readonly Outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverActionType? HighAction; /// - /// The action that you assign to a low-risk assessment by advanced security features. + /// The action that you assign to a low-risk assessment by threat protection. /// public readonly Outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverActionType? LowAction; /// - /// The action that you assign to a medium-risk assessment by advanced security features. + /// The action that you assign to a medium-risk assessment by threat protection. /// public readonly Outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverActionType? MediumAction; diff --git a/sdk/dotnet/Cognito/Outputs/UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType.cs b/sdk/dotnet/Cognito/Outputs/UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType.cs index cf2c9e0906..fcb451a59d 100644 --- a/sdk/dotnet/Cognito/Outputs/UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType.cs +++ b/sdk/dotnet/Cognito/Outputs/UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType.cs @@ -14,11 +14,11 @@ namespace Pulumi.AwsNative.Cognito.Outputs public sealed class UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType { /// - /// A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. + /// A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. /// public readonly Outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType Actions; /// - /// The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. + /// The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. /// public readonly Outputs.UserPoolRiskConfigurationAttachmentNotifyConfigurationType? NotifyConfiguration; diff --git a/sdk/dotnet/Cognito/Outputs/UserPoolUserAttributeUpdateSettings.cs b/sdk/dotnet/Cognito/Outputs/UserPoolUserAttributeUpdateSettings.cs index 864db1b582..8d7816a499 100644 --- a/sdk/dotnet/Cognito/Outputs/UserPoolUserAttributeUpdateSettings.cs +++ b/sdk/dotnet/Cognito/Outputs/UserPoolUserAttributeUpdateSettings.cs @@ -16,7 +16,7 @@ public sealed class UserPoolUserAttributeUpdateSettings /// /// Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. /// - /// You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true. + /// You can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true. /// /// When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute. /// diff --git a/sdk/dotnet/Cognito/UserPool.cs b/sdk/dotnet/Cognito/UserPool.cs index 174fc14d05..50169548cd 100644 --- a/sdk/dotnet/Cognito/UserPool.cs +++ b/sdk/dotnet/Cognito/UserPool.cs @@ -24,13 +24,13 @@ public partial class UserPool : global::Pulumi.CustomResource /// /// The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. /// - /// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + /// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . /// [Output("adminCreateUserConfig")] public Output AdminCreateUserConfig { get; private set; } = null!; /// - /// Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + /// Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . /// [Output("aliasAttributes")] public Output> AliasAttributes { get; private set; } = null!; @@ -42,7 +42,7 @@ public partial class UserPool : global::Pulumi.CustomResource public Output Arn { get; private set; } = null!; /// - /// The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + /// The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . /// [Output("autoVerifiedAttributes")] public Output> AutoVerifiedAttributes { get; private set; } = null!; @@ -108,11 +108,9 @@ public partial class UserPool : global::Pulumi.CustomResource public Output LambdaConfig { get; private set; } = null!; /// - /// The multi-factor authentication (MFA) configuration. Valid values include: + /// Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . /// - /// - `OFF` MFA won't be used for any users. - /// - `ON` MFA is required for all users to sign in. - /// - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + /// When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. /// [Output("mfaConfiguration")] public Output MfaConfiguration { get; private set; } = null!; @@ -120,7 +118,7 @@ public partial class UserPool : global::Pulumi.CustomResource /// /// A list of user pool policies. Contains the policy that sets password-complexity requirements. /// - /// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + /// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . /// [Output("policies")] public Output Policies { get; private set; } = null!; @@ -150,7 +148,7 @@ public partial class UserPool : global::Pulumi.CustomResource public Output SmsAuthenticationMessage { get; private set; } = null!; /// - /// The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + /// The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . /// [Output("smsConfiguration")] public Output SmsConfiguration { get; private set; } = null!; @@ -170,7 +168,7 @@ public partial class UserPool : global::Pulumi.CustomResource public Output UserAttributeUpdateSettings { get; private set; } = null!; /// - /// User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + /// Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . /// /// For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . /// @@ -184,7 +182,7 @@ public partial class UserPool : global::Pulumi.CustomResource public Output UserPoolId { get; private set; } = null!; /// - /// A friendlhy name for your user pool. + /// A friendly name for your user pool. /// [Output("userPoolName")] public Output UserPoolName { get; private set; } = null!; @@ -297,7 +295,7 @@ public sealed class UserPoolArgs : global::Pulumi.ResourceArgs /// /// The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. /// - /// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + /// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . /// [Input("adminCreateUserConfig")] public Input? AdminCreateUserConfig { get; set; } @@ -306,7 +304,7 @@ public sealed class UserPoolArgs : global::Pulumi.ResourceArgs private InputList? _aliasAttributes; /// - /// Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + /// Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . /// public InputList AliasAttributes { @@ -318,7 +316,7 @@ public InputList AliasAttributes private InputList? _autoVerifiedAttributes; /// - /// The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + /// The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . /// public InputList AutoVerifiedAttributes { @@ -393,11 +391,9 @@ public InputList EnabledMfas public Input? LambdaConfig { get; set; } /// - /// The multi-factor authentication (MFA) configuration. Valid values include: + /// Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . /// - /// - `OFF` MFA won't be used for any users. - /// - `ON` MFA is required for all users to sign in. - /// - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + /// When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. /// [Input("mfaConfiguration")] public Input? MfaConfiguration { get; set; } @@ -405,7 +401,7 @@ public InputList EnabledMfas /// /// A list of user pool policies. Contains the policy that sets password-complexity requirements. /// - /// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + /// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . /// [Input("policies")] public Input? Policies { get; set; } @@ -429,7 +425,7 @@ public InputList Schema public Input? SmsAuthenticationMessage { get; set; } /// - /// The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + /// The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . /// [Input("smsConfiguration")] public Input? SmsConfiguration { get; set; } @@ -449,7 +445,7 @@ public InputList Schema public Input? UserAttributeUpdateSettings { get; set; } /// - /// User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + /// Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . /// /// For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . /// @@ -457,7 +453,7 @@ public InputList Schema public Input? UserPoolAddOns { get; set; } /// - /// A friendlhy name for your user pool. + /// A friendly name for your user pool. /// [Input("userPoolName")] public Input? UserPoolName { get; set; } diff --git a/sdk/dotnet/Cognito/UserPoolClient.cs b/sdk/dotnet/Cognito/UserPoolClient.cs index fe9f118b45..796354b1de 100644 --- a/sdk/dotnet/Cognito/UserPoolClient.cs +++ b/sdk/dotnet/Cognito/UserPoolClient.cs @@ -30,32 +30,32 @@ public partial class UserPoolClient : global::Pulumi.CustomResource public Output AccessTokenValidity { get; private set; } = null!; /// - /// The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + /// The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. /// /// - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - /// - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - /// - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. + /// - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + /// - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. /// [Output("allowedOAuthFlows")] public Output> AllowedOAuthFlows { get; private set; } = null!; /// - /// Set to `true` to use OAuth 2.0 features in your user pool app client. + /// Set to `true` to use OAuth 2.0 authorization server features in your app client. /// - /// `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + /// This parameter must have a value of `true` before you can configure the following features in your app client. /// /// - `CallBackURLs` : Callback URLs. /// - `LogoutURLs` : Sign-out redirect URLs. /// - `AllowedOAuthScopes` : OAuth 2.0 scopes. /// - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. /// - /// To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . + /// To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. /// [Output("allowedOAuthFlowsUserPoolClient")] public Output AllowedOAuthFlowsUserPoolClient { get; private set; } = null!; /// - /// The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + /// The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. /// [Output("allowedOAuthScopes")] public Output> AllowedOAuthScopes { get; private set; } = null!; @@ -75,9 +75,9 @@ public partial class UserPoolClient : global::Pulumi.CustomResource public Output AuthSessionValidity { get; private set; } = null!; /// - /// A list of allowed redirect (callback) URLs for the IdPs. + /// A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. /// - /// A redirect URI must: + /// A redirect URI must meet the following requirements: /// /// - Be an absolute URI. /// - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -114,13 +114,15 @@ public partial class UserPoolClient : global::Pulumi.CustomResource public Output DefaultRedirectUri { get; private set; } = null!; /// - /// Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + /// When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. /// [Output("enablePropagateAdditionalUserContextData")] public Output EnablePropagateAdditionalUserContextData { get; private set; } = null!; /// - /// Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + /// Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + /// + /// Revoke tokens with `API_RevokeToken` . /// /// If you don't include this parameter, token revocation is automatically activated for the new user pool client. /// @@ -128,11 +130,11 @@ public partial class UserPoolClient : global::Pulumi.CustomResource public Output EnableTokenRevocation { get; private set; } = null!; /// - /// The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + /// The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. /// - /// > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + /// > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . /// - /// Valid values include: + /// The values for authentication flow options include the following. /// /// - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . /// @@ -150,7 +152,7 @@ public partial class UserPoolClient : global::Pulumi.CustomResource public Output> ExplicitAuthFlows { get; private set; } = null!; /// - /// When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . + /// When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . /// [Output("generateSecret")] public Output GenerateSecret { get; private set; } = null!; @@ -169,7 +171,7 @@ public partial class UserPoolClient : global::Pulumi.CustomResource public Output IdTokenValidity { get; private set; } = null!; /// - /// A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + /// A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . /// [Output("logoutUrls")] public Output> LogoutUrls { get; private set; } = null!; @@ -191,9 +193,11 @@ public partial class UserPoolClient : global::Pulumi.CustomResource public Output PreventUserExistenceErrors { get; private set; } = null!; /// - /// The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + /// The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. /// - /// When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + /// An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + /// + /// When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. /// [Output("readAttributes")] public Output> ReadAttributes { get; private set; } = null!; @@ -215,7 +219,7 @@ public partial class UserPoolClient : global::Pulumi.CustomResource /// /// A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . /// - /// This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + /// This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . /// [Output("supportedIdentityProviders")] public Output> SupportedIdentityProviders { get; private set; } = null!; @@ -233,7 +237,9 @@ public partial class UserPoolClient : global::Pulumi.CustomResource public Output UserPoolId { get; private set; } = null!; /// - /// The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + /// The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + /// + /// An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. /// /// When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. /// @@ -310,11 +316,11 @@ public sealed class UserPoolClientArgs : global::Pulumi.ResourceArgs private InputList? _allowedOAuthFlows; /// - /// The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + /// The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. /// /// - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - /// - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - /// - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. + /// - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + /// - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. /// public InputList AllowedOAuthFlows { @@ -323,16 +329,16 @@ public InputList AllowedOAuthFlows } /// - /// Set to `true` to use OAuth 2.0 features in your user pool app client. + /// Set to `true` to use OAuth 2.0 authorization server features in your app client. /// - /// `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + /// This parameter must have a value of `true` before you can configure the following features in your app client. /// /// - `CallBackURLs` : Callback URLs. /// - `LogoutURLs` : Sign-out redirect URLs. /// - `AllowedOAuthScopes` : OAuth 2.0 scopes. /// - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. /// - /// To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . + /// To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. /// [Input("allowedOAuthFlowsUserPoolClient")] public Input? AllowedOAuthFlowsUserPoolClient { get; set; } @@ -341,7 +347,7 @@ public InputList AllowedOAuthFlows private InputList? _allowedOAuthScopes; /// - /// The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + /// The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. /// public InputList AllowedOAuthScopes { @@ -367,9 +373,9 @@ public InputList AllowedOAuthScopes private InputList? _callbackUrls; /// - /// A list of allowed redirect (callback) URLs for the IdPs. + /// A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. /// - /// A redirect URI must: + /// A redirect URI must meet the following requirements: /// /// - Be an absolute URI. /// - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -400,13 +406,15 @@ public InputList CallbackUrls public Input? DefaultRedirectUri { get; set; } /// - /// Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + /// When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. /// [Input("enablePropagateAdditionalUserContextData")] public Input? EnablePropagateAdditionalUserContextData { get; set; } /// - /// Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + /// Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + /// + /// Revoke tokens with `API_RevokeToken` . /// /// If you don't include this parameter, token revocation is automatically activated for the new user pool client. /// @@ -417,11 +425,11 @@ public InputList CallbackUrls private InputList? _explicitAuthFlows; /// - /// The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + /// The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. /// - /// > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + /// > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . /// - /// Valid values include: + /// The values for authentication flow options include the following. /// /// - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . /// @@ -442,7 +450,7 @@ public InputList ExplicitAuthFlows } /// - /// When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . + /// When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . /// [Input("generateSecret")] public Input? GenerateSecret { get; set; } @@ -464,7 +472,7 @@ public InputList ExplicitAuthFlows private InputList? _logoutUrls; /// - /// A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + /// A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . /// public InputList LogoutUrls { @@ -489,9 +497,11 @@ public InputList LogoutUrls private InputList? _readAttributes; /// - /// The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + /// The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. /// - /// When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + /// An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + /// + /// When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. /// public InputList ReadAttributes { @@ -519,7 +529,7 @@ public InputList ReadAttributes /// /// A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . /// - /// This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + /// This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . /// public InputList SupportedIdentityProviders { @@ -543,7 +553,9 @@ public InputList SupportedIdentityProviders private InputList? _writeAttributes; /// - /// The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + /// The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + /// + /// An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. /// /// When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. /// diff --git a/sdk/dotnet/Cognito/UserPoolDomain.cs b/sdk/dotnet/Cognito/UserPoolDomain.cs index 5614284a33..81dc0f8a26 100644 --- a/sdk/dotnet/Cognito/UserPoolDomain.cs +++ b/sdk/dotnet/Cognito/UserPoolDomain.cs @@ -28,17 +28,17 @@ public partial class UserPoolDomain : global::Pulumi.CustomResource public Output CloudFrontDistribution { get; private set; } = null!; /// - /// The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + /// The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . /// - /// When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. + /// When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. + /// + /// Update the RP ID in a `API_SetUserPoolMfaConfig` request. /// [Output("customDomainConfig")] public Output CustomDomainConfig { get; private set; } = null!; /// - /// The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` . - /// - /// This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names. + /// The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` . /// [Output("domain")] public Output Domain { get; private set; } = null!; @@ -50,7 +50,7 @@ public partial class UserPoolDomain : global::Pulumi.CustomResource public Output ManagedLoginVersion { get; private set; } = null!; /// - /// The ID of the user pool that is associated with the custom domain whose certificate you're updating. + /// The ID of the user pool that is associated with the domain you're updating. /// [Output("userPoolId")] public Output UserPoolId { get; private set; } = null!; @@ -106,17 +106,17 @@ public static UserPoolDomain Get(string name, Input id, CustomResourceOp public sealed class UserPoolDomainArgs : global::Pulumi.ResourceArgs { /// - /// The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + /// The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . /// - /// When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. + /// When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. + /// + /// Update the RP ID in a `API_SetUserPoolMfaConfig` request. /// [Input("customDomainConfig")] public Input? CustomDomainConfig { get; set; } /// - /// The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` . - /// - /// This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names. + /// The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` . /// [Input("domain", required: true)] public Input Domain { get; set; } = null!; @@ -128,7 +128,7 @@ public sealed class UserPoolDomainArgs : global::Pulumi.ResourceArgs public Input? ManagedLoginVersion { get; set; } /// - /// The ID of the user pool that is associated with the custom domain whose certificate you're updating. + /// The ID of the user pool that is associated with the domain you're updating. /// [Input("userPoolId", required: true)] public Input UserPoolId { get; set; } = null!; diff --git a/sdk/dotnet/Cognito/UserPoolRiskConfigurationAttachment.cs b/sdk/dotnet/Cognito/UserPoolRiskConfigurationAttachment.cs index fe2400bc44..0e5e5566d0 100644 --- a/sdk/dotnet/Cognito/UserPoolRiskConfigurationAttachment.cs +++ b/sdk/dotnet/Cognito/UserPoolRiskConfigurationAttachment.cs @@ -16,7 +16,7 @@ namespace Pulumi.AwsNative.Cognito public partial class UserPoolRiskConfigurationAttachment : global::Pulumi.CustomResource { /// - /// The settings for automated responses and notification templates for adaptive authentication with advanced security features. + /// The settings for automated responses and notification templates for adaptive authentication with threat protection. /// [Output("accountTakeoverRiskConfiguration")] public Output AccountTakeoverRiskConfiguration { get; private set; } = null!; @@ -28,7 +28,7 @@ public partial class UserPoolRiskConfigurationAttachment : global::Pulumi.Custom public Output ClientId { get; private set; } = null!; /// - /// Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + /// Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. /// [Output("compromisedCredentialsRiskConfiguration")] public Output CompromisedCredentialsRiskConfiguration { get; private set; } = null!; @@ -96,7 +96,7 @@ public static UserPoolRiskConfigurationAttachment Get(string name, Input public sealed class UserPoolRiskConfigurationAttachmentArgs : global::Pulumi.ResourceArgs { /// - /// The settings for automated responses and notification templates for adaptive authentication with advanced security features. + /// The settings for automated responses and notification templates for adaptive authentication with threat protection. /// [Input("accountTakeoverRiskConfiguration")] public Input? AccountTakeoverRiskConfiguration { get; set; } @@ -108,7 +108,7 @@ public sealed class UserPoolRiskConfigurationAttachmentArgs : global::Pulumi.Res public Input ClientId { get; set; } = null!; /// - /// Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + /// Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. /// [Input("compromisedCredentialsRiskConfiguration")] public Input? CompromisedCredentialsRiskConfiguration { get; set; } diff --git a/sdk/dotnet/Cognito/UserPoolUiCustomizationAttachment.cs b/sdk/dotnet/Cognito/UserPoolUiCustomizationAttachment.cs index b649463477..d5d48a6151 100644 --- a/sdk/dotnet/Cognito/UserPoolUiCustomizationAttachment.cs +++ b/sdk/dotnet/Cognito/UserPoolUiCustomizationAttachment.cs @@ -22,13 +22,13 @@ public partial class UserPoolUiCustomizationAttachment : global::Pulumi.CustomRe public Output ClientId { get; private set; } = null!; /// - /// The CSS values in the UI customization. + /// A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . /// [Output("css")] public Output Css { get; private set; } = null!; /// - /// The ID of the user pool. + /// The ID of the user pool where you want to apply branding to the classic hosted UI. /// [Output("userPoolId")] public Output UserPoolId { get; private set; } = null!; @@ -90,13 +90,13 @@ public sealed class UserPoolUiCustomizationAttachmentArgs : global::Pulumi.Resou public Input ClientId { get; set; } = null!; /// - /// The CSS values in the UI customization. + /// A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . /// [Input("css")] public Input? Css { get; set; } /// - /// The ID of the user pool. + /// The ID of the user pool where you want to apply branding to the classic hosted UI. /// [Input("userPoolId", required: true)] public Input UserPoolId { get; set; } = null!; diff --git a/sdk/dotnet/Cognito/UserPoolUser.cs b/sdk/dotnet/Cognito/UserPoolUser.cs index ab0b488575..60840ddd4a 100644 --- a/sdk/dotnet/Cognito/UserPoolUser.cs +++ b/sdk/dotnet/Cognito/UserPoolUser.cs @@ -62,10 +62,12 @@ public partial class UserPoolUser : global::Pulumi.CustomResource /// /// You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` . /// - /// In your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) . + /// In your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply: /// - /// - *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `"EMAIL"` is specified in the `DesiredDeliveryMediums` parameter. - /// - *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `"SMS"` is specified in the `DesiredDeliveryMediums` parameter. + /// - **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter. + /// - **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter. + /// + /// You can also set attributes verified with `API_AdminUpdateUserAttributes` . /// [Output("userAttributes")] public Output> UserAttributes { get; private set; } = null!; @@ -89,7 +91,7 @@ public partial class UserPoolUser : global::Pulumi.CustomResource /// /// Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. /// - /// Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. + /// Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. /// /// For more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) . /// @@ -214,10 +216,12 @@ public InputList DesiredDeliveryMediums /// /// You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` . /// - /// In your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) . + /// In your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply: + /// + /// - **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter. + /// - **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter. /// - /// - *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `"EMAIL"` is specified in the `DesiredDeliveryMediums` parameter. - /// - *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `"SMS"` is specified in the `DesiredDeliveryMediums` parameter. + /// You can also set attributes verified with `API_AdminUpdateUserAttributes` . /// public InputList UserAttributes { @@ -247,7 +251,7 @@ public InputList UserAttributes /// /// Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. /// - /// Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. + /// Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. /// /// For more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) . /// diff --git a/sdk/dotnet/CustomerProfiles/Enums.cs b/sdk/dotnet/CustomerProfiles/Enums.cs index 3cbff581a4..31bb126a2c 100644 --- a/sdk/dotnet/CustomerProfiles/Enums.cs +++ b/sdk/dotnet/CustomerProfiles/Enums.cs @@ -299,6 +299,115 @@ private EventStreamStatus(string value) public override string ToString() => _value; } + /// + /// The operator used to combine multiple dimensions. + /// + [EnumType] + public readonly struct EventTriggerLogicalOperator : IEquatable + { + private readonly string _value; + + private EventTriggerLogicalOperator(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static EventTriggerLogicalOperator Any { get; } = new EventTriggerLogicalOperator("ANY"); + public static EventTriggerLogicalOperator All { get; } = new EventTriggerLogicalOperator("ALL"); + public static EventTriggerLogicalOperator None { get; } = new EventTriggerLogicalOperator("NONE"); + + public static bool operator ==(EventTriggerLogicalOperator left, EventTriggerLogicalOperator right) => left.Equals(right); + public static bool operator !=(EventTriggerLogicalOperator left, EventTriggerLogicalOperator right) => !left.Equals(right); + + public static explicit operator string(EventTriggerLogicalOperator value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is EventTriggerLogicalOperator other && Equals(other); + public bool Equals(EventTriggerLogicalOperator other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The operator used to compare an attribute against a list of values. + /// + [EnumType] + public readonly struct EventTriggerObjectAttributeComparisonOperator : IEquatable + { + private readonly string _value; + + private EventTriggerObjectAttributeComparisonOperator(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static EventTriggerObjectAttributeComparisonOperator Inclusive { get; } = new EventTriggerObjectAttributeComparisonOperator("INCLUSIVE"); + public static EventTriggerObjectAttributeComparisonOperator Exclusive { get; } = new EventTriggerObjectAttributeComparisonOperator("EXCLUSIVE"); + public static EventTriggerObjectAttributeComparisonOperator Contains { get; } = new EventTriggerObjectAttributeComparisonOperator("CONTAINS"); + public static EventTriggerObjectAttributeComparisonOperator BeginsWith { get; } = new EventTriggerObjectAttributeComparisonOperator("BEGINS_WITH"); + public static EventTriggerObjectAttributeComparisonOperator EndsWith { get; } = new EventTriggerObjectAttributeComparisonOperator("ENDS_WITH"); + public static EventTriggerObjectAttributeComparisonOperator GreaterThan { get; } = new EventTriggerObjectAttributeComparisonOperator("GREATER_THAN"); + public static EventTriggerObjectAttributeComparisonOperator LessThan { get; } = new EventTriggerObjectAttributeComparisonOperator("LESS_THAN"); + public static EventTriggerObjectAttributeComparisonOperator GreaterThanOrEqual { get; } = new EventTriggerObjectAttributeComparisonOperator("GREATER_THAN_OR_EQUAL"); + public static EventTriggerObjectAttributeComparisonOperator LessThanOrEqual { get; } = new EventTriggerObjectAttributeComparisonOperator("LESS_THAN_OR_EQUAL"); + public static EventTriggerObjectAttributeComparisonOperator Equal { get; } = new EventTriggerObjectAttributeComparisonOperator("EQUAL"); + public static EventTriggerObjectAttributeComparisonOperator Before { get; } = new EventTriggerObjectAttributeComparisonOperator("BEFORE"); + public static EventTriggerObjectAttributeComparisonOperator After { get; } = new EventTriggerObjectAttributeComparisonOperator("AFTER"); + public static EventTriggerObjectAttributeComparisonOperator On { get; } = new EventTriggerObjectAttributeComparisonOperator("ON"); + public static EventTriggerObjectAttributeComparisonOperator Between { get; } = new EventTriggerObjectAttributeComparisonOperator("BETWEEN"); + public static EventTriggerObjectAttributeComparisonOperator NotBetween { get; } = new EventTriggerObjectAttributeComparisonOperator("NOT_BETWEEN"); + + public static bool operator ==(EventTriggerObjectAttributeComparisonOperator left, EventTriggerObjectAttributeComparisonOperator right) => left.Equals(right); + public static bool operator !=(EventTriggerObjectAttributeComparisonOperator left, EventTriggerObjectAttributeComparisonOperator right) => !left.Equals(right); + + public static explicit operator string(EventTriggerObjectAttributeComparisonOperator value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is EventTriggerObjectAttributeComparisonOperator other && Equals(other); + public bool Equals(EventTriggerObjectAttributeComparisonOperator other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + + /// + /// The unit of time. + /// + [EnumType] + public readonly struct EventTriggerPeriodUnit : IEquatable + { + private readonly string _value; + + private EventTriggerPeriodUnit(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static EventTriggerPeriodUnit Hours { get; } = new EventTriggerPeriodUnit("HOURS"); + public static EventTriggerPeriodUnit Days { get; } = new EventTriggerPeriodUnit("DAYS"); + public static EventTriggerPeriodUnit Weeks { get; } = new EventTriggerPeriodUnit("WEEKS"); + public static EventTriggerPeriodUnit Months { get; } = new EventTriggerPeriodUnit("MONTHS"); + + public static bool operator ==(EventTriggerPeriodUnit left, EventTriggerPeriodUnit right) => left.Equals(right); + public static bool operator !=(EventTriggerPeriodUnit left, EventTriggerPeriodUnit right) => !left.Equals(right); + + public static explicit operator string(EventTriggerPeriodUnit value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is EventTriggerPeriodUnit other && Equals(other); + public bool Equals(EventTriggerPeriodUnit other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + [EnumType] public readonly struct IntegrationConnectorType : IEquatable { diff --git a/sdk/dotnet/CustomerProfiles/EventTrigger.cs b/sdk/dotnet/CustomerProfiles/EventTrigger.cs new file mode 100644 index 0000000000..667c95f98c --- /dev/null +++ b/sdk/dotnet/CustomerProfiles/EventTrigger.cs @@ -0,0 +1,143 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CustomerProfiles +{ + /// + /// An event trigger resource of Amazon Connect Customer Profiles + /// + [AwsNativeResourceType("aws-native:customerprofiles:EventTrigger")] + public partial class EventTrigger : global::Pulumi.CustomResource + { + /// + /// The timestamp of when the event trigger was created. + /// + [Output("createdAt")] + public Output CreatedAt { get; private set; } = null!; + + [Output("description")] + public Output Description { get; private set; } = null!; + + [Output("domainName")] + public Output DomainName { get; private set; } = null!; + + [Output("eventTriggerConditions")] + public Output> EventTriggerConditions { get; private set; } = null!; + + [Output("eventTriggerLimits")] + public Output EventTriggerLimits { get; private set; } = null!; + + [Output("eventTriggerName")] + public Output EventTriggerName { get; private set; } = null!; + + /// + /// The timestamp of when the event trigger was most recently updated. + /// + [Output("lastUpdatedAt")] + public Output LastUpdatedAt { get; private set; } = null!; + + [Output("objectTypeName")] + public Output ObjectTypeName { get; private set; } = null!; + + [Output("segmentFilter")] + public Output SegmentFilter { get; private set; } = null!; + + [Output("tags")] + public Output> Tags { get; private set; } = null!; + + + /// + /// Create a EventTrigger resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public EventTrigger(string name, EventTriggerArgs args, CustomResourceOptions? options = null) + : base("aws-native:customerprofiles:EventTrigger", name, args ?? new EventTriggerArgs(), MakeResourceOptions(options, "")) + { + } + + private EventTrigger(string name, Input id, CustomResourceOptions? options = null) + : base("aws-native:customerprofiles:EventTrigger", name, null, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + ReplaceOnChanges = + { + "domainName", + "eventTriggerName", + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing EventTrigger resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// A bag of options that control this resource's behavior + public static EventTrigger Get(string name, Input id, CustomResourceOptions? options = null) + { + return new EventTrigger(name, id, options); + } + } + + public sealed class EventTriggerArgs : global::Pulumi.ResourceArgs + { + [Input("description")] + public Input? Description { get; set; } + + [Input("domainName", required: true)] + public Input DomainName { get; set; } = null!; + + [Input("eventTriggerConditions", required: true)] + private InputList? _eventTriggerConditions; + public InputList EventTriggerConditions + { + get => _eventTriggerConditions ?? (_eventTriggerConditions = new InputList()); + set => _eventTriggerConditions = value; + } + + [Input("eventTriggerLimits")] + public Input? EventTriggerLimits { get; set; } + + [Input("eventTriggerName")] + public Input? EventTriggerName { get; set; } + + [Input("objectTypeName", required: true)] + public Input ObjectTypeName { get; set; } = null!; + + [Input("segmentFilter")] + public Input? SegmentFilter { get; set; } + + [Input("tags")] + private InputList? _tags; + public InputList Tags + { + get => _tags ?? (_tags = new InputList()); + set => _tags = value; + } + + public EventTriggerArgs() + { + } + public static new EventTriggerArgs Empty => new EventTriggerArgs(); + } +} diff --git a/sdk/dotnet/CustomerProfiles/GetEventTrigger.cs b/sdk/dotnet/CustomerProfiles/GetEventTrigger.cs new file mode 100644 index 0000000000..7f05532b62 --- /dev/null +++ b/sdk/dotnet/CustomerProfiles/GetEventTrigger.cs @@ -0,0 +1,109 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CustomerProfiles +{ + public static class GetEventTrigger + { + /// + /// An event trigger resource of Amazon Connect Customer Profiles + /// + public static Task InvokeAsync(GetEventTriggerArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.InvokeAsync("aws-native:customerprofiles:getEventTrigger", args ?? new GetEventTriggerArgs(), options.WithDefaults()); + + /// + /// An event trigger resource of Amazon Connect Customer Profiles + /// + public static Output Invoke(GetEventTriggerInvokeArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.Invoke("aws-native:customerprofiles:getEventTrigger", args ?? new GetEventTriggerInvokeArgs(), options.WithDefaults()); + + /// + /// An event trigger resource of Amazon Connect Customer Profiles + /// + public static Output Invoke(GetEventTriggerInvokeArgs args, InvokeOutputOptions options) + => global::Pulumi.Deployment.Instance.Invoke("aws-native:customerprofiles:getEventTrigger", args ?? new GetEventTriggerInvokeArgs(), options.WithDefaults()); + } + + + public sealed class GetEventTriggerArgs : global::Pulumi.InvokeArgs + { + [Input("domainName", required: true)] + public string DomainName { get; set; } = null!; + + [Input("eventTriggerName", required: true)] + public string EventTriggerName { get; set; } = null!; + + public GetEventTriggerArgs() + { + } + public static new GetEventTriggerArgs Empty => new GetEventTriggerArgs(); + } + + public sealed class GetEventTriggerInvokeArgs : global::Pulumi.InvokeArgs + { + [Input("domainName", required: true)] + public Input DomainName { get; set; } = null!; + + [Input("eventTriggerName", required: true)] + public Input EventTriggerName { get; set; } = null!; + + public GetEventTriggerInvokeArgs() + { + } + public static new GetEventTriggerInvokeArgs Empty => new GetEventTriggerInvokeArgs(); + } + + + [OutputType] + public sealed class GetEventTriggerResult + { + /// + /// The timestamp of when the event trigger was created. + /// + public readonly string? CreatedAt; + public readonly string? Description; + public readonly ImmutableArray EventTriggerConditions; + public readonly Outputs.EventTriggerLimits? EventTriggerLimits; + /// + /// The timestamp of when the event trigger was most recently updated. + /// + public readonly string? LastUpdatedAt; + public readonly string? ObjectTypeName; + public readonly string? SegmentFilter; + public readonly ImmutableArray Tags; + + [OutputConstructor] + private GetEventTriggerResult( + string? createdAt, + + string? description, + + ImmutableArray eventTriggerConditions, + + Outputs.EventTriggerLimits? eventTriggerLimits, + + string? lastUpdatedAt, + + string? objectTypeName, + + string? segmentFilter, + + ImmutableArray tags) + { + CreatedAt = createdAt; + Description = description; + EventTriggerConditions = eventTriggerConditions; + EventTriggerLimits = eventTriggerLimits; + LastUpdatedAt = lastUpdatedAt; + ObjectTypeName = objectTypeName; + SegmentFilter = segmentFilter; + Tags = tags; + } + } +} diff --git a/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerConditionArgs.cs b/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerConditionArgs.cs new file mode 100644 index 0000000000..4ca539418e --- /dev/null +++ b/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerConditionArgs.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CustomerProfiles.Inputs +{ + + /// + /// Specifies the circumstances under which the event should trigger the destination. + /// + public sealed class EventTriggerConditionArgs : global::Pulumi.ResourceArgs + { + [Input("eventTriggerDimensions", required: true)] + private InputList? _eventTriggerDimensions; + public InputList EventTriggerDimensions + { + get => _eventTriggerDimensions ?? (_eventTriggerDimensions = new InputList()); + set => _eventTriggerDimensions = value; + } + + [Input("logicalOperator", required: true)] + public Input LogicalOperator { get; set; } = null!; + + public EventTriggerConditionArgs() + { + } + public static new EventTriggerConditionArgs Empty => new EventTriggerConditionArgs(); + } +} diff --git a/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerDimensionArgs.cs b/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerDimensionArgs.cs new file mode 100644 index 0000000000..087bc31d72 --- /dev/null +++ b/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerDimensionArgs.cs @@ -0,0 +1,31 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CustomerProfiles.Inputs +{ + + /// + /// A specific event dimension to be assessed. + /// + public sealed class EventTriggerDimensionArgs : global::Pulumi.ResourceArgs + { + [Input("objectAttributes", required: true)] + private InputList? _objectAttributes; + public InputList ObjectAttributes + { + get => _objectAttributes ?? (_objectAttributes = new InputList()); + set => _objectAttributes = value; + } + + public EventTriggerDimensionArgs() + { + } + public static new EventTriggerDimensionArgs Empty => new EventTriggerDimensionArgs(); + } +} diff --git a/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerLimitsArgs.cs b/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerLimitsArgs.cs new file mode 100644 index 0000000000..22142bc3c2 --- /dev/null +++ b/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerLimitsArgs.cs @@ -0,0 +1,34 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CustomerProfiles.Inputs +{ + + /// + /// Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods. + /// + public sealed class EventTriggerLimitsArgs : global::Pulumi.ResourceArgs + { + [Input("eventExpiration")] + public Input? EventExpiration { get; set; } + + [Input("periods")] + private InputList? _periods; + public InputList Periods + { + get => _periods ?? (_periods = new InputList()); + set => _periods = value; + } + + public EventTriggerLimitsArgs() + { + } + public static new EventTriggerLimitsArgs Empty => new EventTriggerLimitsArgs(); + } +} diff --git a/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerObjectAttributeArgs.cs b/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerObjectAttributeArgs.cs new file mode 100644 index 0000000000..5b20bb77bb --- /dev/null +++ b/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerObjectAttributeArgs.cs @@ -0,0 +1,53 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CustomerProfiles.Inputs +{ + + /// + /// The criteria that a specific object attribute must meet to trigger the destination. + /// + public sealed class EventTriggerObjectAttributeArgs : global::Pulumi.ResourceArgs + { + /// + /// The operator used to compare an attribute against a list of values. + /// + [Input("comparisonOperator", required: true)] + public Input ComparisonOperator { get; set; } = null!; + + /// + /// A field defined within an object type. + /// + [Input("fieldName")] + public Input? FieldName { get; set; } + + /// + /// An attribute contained within a source object. + /// + [Input("source")] + public Input? Source { get; set; } + + [Input("values", required: true)] + private InputList? _values; + + /// + /// A list of attribute values used for comparison. + /// + public InputList Values + { + get => _values ?? (_values = new InputList()); + set => _values = value; + } + + public EventTriggerObjectAttributeArgs() + { + } + public static new EventTriggerObjectAttributeArgs Empty => new EventTriggerObjectAttributeArgs(); + } +} diff --git a/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerPeriodArgs.cs b/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerPeriodArgs.cs new file mode 100644 index 0000000000..c4900104bc --- /dev/null +++ b/sdk/dotnet/CustomerProfiles/Inputs/EventTriggerPeriodArgs.cs @@ -0,0 +1,47 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CustomerProfiles.Inputs +{ + + /// + /// Defines a limit and the time period during which it is enforced. + /// + public sealed class EventTriggerPeriodArgs : global::Pulumi.ResourceArgs + { + /// + /// The maximum allowed number of destination invocations per profile. + /// + [Input("maxInvocationsPerProfile")] + public Input? MaxInvocationsPerProfile { get; set; } + + /// + /// The unit of time. + /// + [Input("unit", required: true)] + public Input Unit { get; set; } = null!; + + /// + /// If set to true, there is no limit on the number of destination invocations per profile. The default is false. + /// + [Input("unlimited")] + public Input? Unlimited { get; set; } + + /// + /// The amount of time of the specified unit. + /// + [Input("value", required: true)] + public Input Value { get; set; } = null!; + + public EventTriggerPeriodArgs() + { + } + public static new EventTriggerPeriodArgs Empty => new EventTriggerPeriodArgs(); + } +} diff --git a/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerCondition.cs b/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerCondition.cs new file mode 100644 index 0000000000..c4c56d61f6 --- /dev/null +++ b/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerCondition.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CustomerProfiles.Outputs +{ + + /// + /// Specifies the circumstances under which the event should trigger the destination. + /// + [OutputType] + public sealed class EventTriggerCondition + { + public readonly ImmutableArray EventTriggerDimensions; + public readonly Pulumi.AwsNative.CustomerProfiles.EventTriggerLogicalOperator LogicalOperator; + + [OutputConstructor] + private EventTriggerCondition( + ImmutableArray eventTriggerDimensions, + + Pulumi.AwsNative.CustomerProfiles.EventTriggerLogicalOperator logicalOperator) + { + EventTriggerDimensions = eventTriggerDimensions; + LogicalOperator = logicalOperator; + } + } +} diff --git a/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerDimension.cs b/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerDimension.cs new file mode 100644 index 0000000000..76a7f5298f --- /dev/null +++ b/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerDimension.cs @@ -0,0 +1,27 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CustomerProfiles.Outputs +{ + + /// + /// A specific event dimension to be assessed. + /// + [OutputType] + public sealed class EventTriggerDimension + { + public readonly ImmutableArray ObjectAttributes; + + [OutputConstructor] + private EventTriggerDimension(ImmutableArray objectAttributes) + { + ObjectAttributes = objectAttributes; + } + } +} diff --git a/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerLimits.cs b/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerLimits.cs new file mode 100644 index 0000000000..c61c2e3f8e --- /dev/null +++ b/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerLimits.cs @@ -0,0 +1,32 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CustomerProfiles.Outputs +{ + + /// + /// Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods. + /// + [OutputType] + public sealed class EventTriggerLimits + { + public readonly int? EventExpiration; + public readonly ImmutableArray Periods; + + [OutputConstructor] + private EventTriggerLimits( + int? eventExpiration, + + ImmutableArray periods) + { + EventExpiration = eventExpiration; + Periods = periods; + } + } +} diff --git a/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerObjectAttribute.cs b/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerObjectAttribute.cs new file mode 100644 index 0000000000..e4c9f3aa84 --- /dev/null +++ b/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerObjectAttribute.cs @@ -0,0 +1,52 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CustomerProfiles.Outputs +{ + + /// + /// The criteria that a specific object attribute must meet to trigger the destination. + /// + [OutputType] + public sealed class EventTriggerObjectAttribute + { + /// + /// The operator used to compare an attribute against a list of values. + /// + public readonly Pulumi.AwsNative.CustomerProfiles.EventTriggerObjectAttributeComparisonOperator ComparisonOperator; + /// + /// A field defined within an object type. + /// + public readonly string? FieldName; + /// + /// An attribute contained within a source object. + /// + public readonly string? Source; + /// + /// A list of attribute values used for comparison. + /// + public readonly ImmutableArray Values; + + [OutputConstructor] + private EventTriggerObjectAttribute( + Pulumi.AwsNative.CustomerProfiles.EventTriggerObjectAttributeComparisonOperator comparisonOperator, + + string? fieldName, + + string? source, + + ImmutableArray values) + { + ComparisonOperator = comparisonOperator; + FieldName = fieldName; + Source = source; + Values = values; + } + } +} diff --git a/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerPeriod.cs b/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerPeriod.cs new file mode 100644 index 0000000000..788602d4bf --- /dev/null +++ b/sdk/dotnet/CustomerProfiles/Outputs/EventTriggerPeriod.cs @@ -0,0 +1,52 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.CustomerProfiles.Outputs +{ + + /// + /// Defines a limit and the time period during which it is enforced. + /// + [OutputType] + public sealed class EventTriggerPeriod + { + /// + /// The maximum allowed number of destination invocations per profile. + /// + public readonly int? MaxInvocationsPerProfile; + /// + /// The unit of time. + /// + public readonly Pulumi.AwsNative.CustomerProfiles.EventTriggerPeriodUnit Unit; + /// + /// If set to true, there is no limit on the number of destination invocations per profile. The default is false. + /// + public readonly bool? Unlimited; + /// + /// The amount of time of the specified unit. + /// + public readonly int Value; + + [OutputConstructor] + private EventTriggerPeriod( + int? maxInvocationsPerProfile, + + Pulumi.AwsNative.CustomerProfiles.EventTriggerPeriodUnit unit, + + bool? unlimited, + + int value) + { + MaxInvocationsPerProfile = maxInvocationsPerProfile; + Unit = unit; + Unlimited = unlimited; + Value = value; + } + } +} diff --git a/sdk/dotnet/Efs/Enums.cs b/sdk/dotnet/Efs/Enums.cs index 3ff42ddb55..90ed3ec8e8 100644 --- a/sdk/dotnet/Efs/Enums.cs +++ b/sdk/dotnet/Efs/Enums.cs @@ -44,7 +44,7 @@ private FileSystemBackupPolicyStatus(string value) /// The status of the file system's replication overwrite protection. /// + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. /// + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - /// + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + /// + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. /// /// If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. /// diff --git a/sdk/dotnet/Efs/Inputs/FileSystemProtectionArgs.cs b/sdk/dotnet/Efs/Inputs/FileSystemProtectionArgs.cs index b3eb3789d8..ebbea8d27d 100644 --- a/sdk/dotnet/Efs/Inputs/FileSystemProtectionArgs.cs +++ b/sdk/dotnet/Efs/Inputs/FileSystemProtectionArgs.cs @@ -19,7 +19,7 @@ public sealed class FileSystemProtectionArgs : global::Pulumi.ResourceArgs /// The status of the file system's replication overwrite protection. /// + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. /// + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - /// + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + /// + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. /// /// If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. /// diff --git a/sdk/dotnet/Efs/Inputs/FileSystemReplicationDestinationArgs.cs b/sdk/dotnet/Efs/Inputs/FileSystemReplicationDestinationArgs.cs index 00235b290f..df759a81cc 100644 --- a/sdk/dotnet/Efs/Inputs/FileSystemReplicationDestinationArgs.cs +++ b/sdk/dotnet/Efs/Inputs/FileSystemReplicationDestinationArgs.cs @@ -49,13 +49,13 @@ public sealed class FileSystemReplicationDestinationArgs : global::Pulumi.Resour public Input? RoleArn { get; set; } /// - /// Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + /// Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. /// [Input("status")] public Input? Status { get; set; } /// - /// Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + /// Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. /// [Input("statusMessage")] public Input? StatusMessage { get; set; } diff --git a/sdk/dotnet/Efs/Outputs/FileSystemProtection.cs b/sdk/dotnet/Efs/Outputs/FileSystemProtection.cs index d2fc211181..2c6fe62225 100644 --- a/sdk/dotnet/Efs/Outputs/FileSystemProtection.cs +++ b/sdk/dotnet/Efs/Outputs/FileSystemProtection.cs @@ -20,7 +20,7 @@ public sealed class FileSystemProtection /// The status of the file system's replication overwrite protection. /// + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. /// + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - /// + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + /// + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. /// /// If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. /// diff --git a/sdk/dotnet/Efs/Outputs/FileSystemReplicationDestination.cs b/sdk/dotnet/Efs/Outputs/FileSystemReplicationDestination.cs index 2eeebee5c5..95eb140c2a 100644 --- a/sdk/dotnet/Efs/Outputs/FileSystemReplicationDestination.cs +++ b/sdk/dotnet/Efs/Outputs/FileSystemReplicationDestination.cs @@ -40,11 +40,11 @@ public sealed class FileSystemReplicationDestination /// public readonly string? RoleArn; /// - /// Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + /// Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. /// public readonly string? Status; /// - /// Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + /// Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. /// public readonly string? StatusMessage; diff --git a/sdk/dotnet/Lex/Bot.cs b/sdk/dotnet/Lex/Bot.cs index 1030860f69..954eb2af89 100644 --- a/sdk/dotnet/Lex/Bot.cs +++ b/sdk/dotnet/Lex/Bot.cs @@ -75,6 +75,9 @@ public partial class Bot : global::Pulumi.CustomResource [Output("name")] public Output Name { get; private set; } = null!; + [Output("replication")] + public Output Replication { get; private set; } = null!; + /// /// The Amazon Resource Name (ARN) of the IAM role used to build and run the bot. /// @@ -198,6 +201,9 @@ public InputList BotTags [Input("name")] public Input? Name { get; set; } + [Input("replication")] + public Input? Replication { get; set; } + /// /// The Amazon Resource Name (ARN) of the IAM role used to build and run the bot. /// diff --git a/sdk/dotnet/Lex/Inputs/BotReplicationArgs.cs b/sdk/dotnet/Lex/Inputs/BotReplicationArgs.cs new file mode 100644 index 0000000000..37172f9358 --- /dev/null +++ b/sdk/dotnet/Lex/Inputs/BotReplicationArgs.cs @@ -0,0 +1,35 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.Lex.Inputs +{ + + /// + /// Parameter used to create a replication of the source bot in the secondary region. + /// + public sealed class BotReplicationArgs : global::Pulumi.ResourceArgs + { + [Input("replicaRegions", required: true)] + private InputList? _replicaRegions; + + /// + /// List of secondary regions for bot replication. + /// + public InputList ReplicaRegions + { + get => _replicaRegions ?? (_replicaRegions = new InputList()); + set => _replicaRegions = value; + } + + public BotReplicationArgs() + { + } + public static new BotReplicationArgs Empty => new BotReplicationArgs(); + } +} diff --git a/sdk/dotnet/Lex/Outputs/BotReplication.cs b/sdk/dotnet/Lex/Outputs/BotReplication.cs new file mode 100644 index 0000000000..0939779b5c --- /dev/null +++ b/sdk/dotnet/Lex/Outputs/BotReplication.cs @@ -0,0 +1,30 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.Lex.Outputs +{ + + /// + /// Parameter used to create a replication of the source bot in the secondary region. + /// + [OutputType] + public sealed class BotReplication + { + /// + /// List of secondary regions for bot replication. + /// + public readonly ImmutableArray ReplicaRegions; + + [OutputConstructor] + private BotReplication(ImmutableArray replicaRegions) + { + ReplicaRegions = replicaRegions; + } + } +} diff --git a/sdk/dotnet/ResilienceHub/App.cs b/sdk/dotnet/ResilienceHub/App.cs index 7562efa13d..28bf2972ab 100644 --- a/sdk/dotnet/ResilienceHub/App.cs +++ b/sdk/dotnet/ResilienceHub/App.cs @@ -63,6 +63,12 @@ public partial class App : global::Pulumi.CustomResource [Output("permissionModel")] public Output PermissionModel { get; private set; } = null!; + /// + /// Amazon Resource Name (ARN) of the Regulatory Policy. + /// + [Output("regulatoryPolicyArn")] + public Output RegulatoryPolicyArn { get; private set; } = null!; + /// /// Amazon Resource Name (ARN) of the Resiliency Policy. /// @@ -172,6 +178,12 @@ public InputList EventSubscriptions [Input("permissionModel")] public Input? PermissionModel { get; set; } + /// + /// Amazon Resource Name (ARN) of the Regulatory Policy. + /// + [Input("regulatoryPolicyArn")] + public Input? RegulatoryPolicyArn { get; set; } + /// /// Amazon Resource Name (ARN) of the Resiliency Policy. /// diff --git a/sdk/dotnet/ResilienceHub/GetApp.cs b/sdk/dotnet/ResilienceHub/GetApp.cs index 8366b77881..e45eedeae4 100644 --- a/sdk/dotnet/ResilienceHub/GetApp.cs +++ b/sdk/dotnet/ResilienceHub/GetApp.cs @@ -92,6 +92,10 @@ public sealed class GetAppResult /// public readonly Outputs.AppPermissionModel? PermissionModel; /// + /// Amazon Resource Name (ARN) of the Regulatory Policy. + /// + public readonly string? RegulatoryPolicyArn; + /// /// Amazon Resource Name (ARN) of the Resiliency Policy. /// public readonly string? ResiliencyPolicyArn; @@ -120,6 +124,8 @@ private GetAppResult( Outputs.AppPermissionModel? permissionModel, + string? regulatoryPolicyArn, + string? resiliencyPolicyArn, ImmutableArray resourceMappings, @@ -133,6 +139,7 @@ private GetAppResult( DriftStatus = driftStatus; EventSubscriptions = eventSubscriptions; PermissionModel = permissionModel; + RegulatoryPolicyArn = regulatoryPolicyArn; ResiliencyPolicyArn = resiliencyPolicyArn; ResourceMappings = resourceMappings; Tags = tags; diff --git a/sdk/dotnet/RolesAnywhere/GetProfile.cs b/sdk/dotnet/RolesAnywhere/GetProfile.cs index 229bda3309..ce2fc3597f 100644 --- a/sdk/dotnet/RolesAnywhere/GetProfile.cs +++ b/sdk/dotnet/RolesAnywhere/GetProfile.cs @@ -96,10 +96,6 @@ public sealed class GetProfileResult /// public readonly string? ProfileId; /// - /// Specifies whether instance properties are required in CreateSession requests with this profile. - /// - public readonly bool? RequireInstanceProperties; - /// /// A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request. /// public readonly ImmutableArray RoleArns; @@ -130,8 +126,6 @@ private GetProfileResult( string? profileId, - bool? requireInstanceProperties, - ImmutableArray roleArns, string? sessionPolicy, @@ -146,7 +140,6 @@ private GetProfileResult( Name = name; ProfileArn = profileArn; ProfileId = profileId; - RequireInstanceProperties = requireInstanceProperties; RoleArns = roleArns; SessionPolicy = sessionPolicy; Tags = tags; diff --git a/sdk/dotnet/RolesAnywhere/Profile.cs b/sdk/dotnet/RolesAnywhere/Profile.cs index 7be69ed820..9c301b6a55 100644 --- a/sdk/dotnet/RolesAnywhere/Profile.cs +++ b/sdk/dotnet/RolesAnywhere/Profile.cs @@ -110,6 +110,10 @@ private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? var defaultOptions = new CustomResourceOptions { Version = Utilities.Version, + ReplaceOnChanges = + { + "requireInstanceProperties", + }, }; var merged = CustomResourceOptions.Merge(defaultOptions, options); // Override the ID if one was specified for consistency with other language SDKs. diff --git a/sdk/dotnet/Ses/Inputs/ConfigurationSetTrackingOptionsArgs.cs b/sdk/dotnet/Ses/Inputs/ConfigurationSetTrackingOptionsArgs.cs index 9d808ca322..46a48a8168 100644 --- a/sdk/dotnet/Ses/Inputs/ConfigurationSetTrackingOptionsArgs.cs +++ b/sdk/dotnet/Ses/Inputs/ConfigurationSetTrackingOptionsArgs.cs @@ -21,6 +21,12 @@ public sealed class ConfigurationSetTrackingOptionsArgs : global::Pulumi.Resourc [Input("customRedirectDomain")] public Input? CustomRedirectDomain { get; set; } + /// + /// The https policy to use for tracking open and click events. + /// + [Input("httpsPolicy")] + public Input? HttpsPolicy { get; set; } + public ConfigurationSetTrackingOptionsArgs() { } diff --git a/sdk/dotnet/Ses/Outputs/ConfigurationSetTrackingOptions.cs b/sdk/dotnet/Ses/Outputs/ConfigurationSetTrackingOptions.cs index 8c6fd4b7f5..72180ec46b 100644 --- a/sdk/dotnet/Ses/Outputs/ConfigurationSetTrackingOptions.cs +++ b/sdk/dotnet/Ses/Outputs/ConfigurationSetTrackingOptions.cs @@ -20,11 +20,19 @@ public sealed class ConfigurationSetTrackingOptions /// The domain to use for tracking open and click events. /// public readonly string? CustomRedirectDomain; + /// + /// The https policy to use for tracking open and click events. + /// + public readonly string? HttpsPolicy; [OutputConstructor] - private ConfigurationSetTrackingOptions(string? customRedirectDomain) + private ConfigurationSetTrackingOptions( + string? customRedirectDomain, + + string? httpsPolicy) { CustomRedirectDomain = customRedirectDomain; + HttpsPolicy = httpsPolicy; } } } diff --git a/sdk/dotnet/Sso/GetPermissionSet.cs b/sdk/dotnet/Sso/GetPermissionSet.cs index eb3c19d7cb..21f5f214be 100644 --- a/sdk/dotnet/Sso/GetPermissionSet.cs +++ b/sdk/dotnet/Sso/GetPermissionSet.cs @@ -90,7 +90,7 @@ public sealed class GetPermissionSetResult /// public readonly object? InlinePolicy; /// - /// A structure that stores the details of the AWS managed policy. + /// A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. /// public readonly ImmutableArray ManagedPolicies; /// diff --git a/sdk/dotnet/Sso/PermissionSet.cs b/sdk/dotnet/Sso/PermissionSet.cs index a4a5c5f2c2..eb7ad8dcec 100644 --- a/sdk/dotnet/Sso/PermissionSet.cs +++ b/sdk/dotnet/Sso/PermissionSet.cs @@ -42,7 +42,7 @@ public partial class PermissionSet : global::Pulumi.CustomResource public Output InstanceArn { get; private set; } = null!; /// - /// A structure that stores the details of the AWS managed policy. + /// A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. /// [Output("managedPolicies")] public Output> ManagedPolicies { get; private set; } = null!; @@ -171,7 +171,7 @@ public InputList Custome private InputList? _managedPolicies; /// - /// A structure that stores the details of the AWS managed policy. + /// A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. /// public InputList ManagedPolicies { diff --git a/sdk/dotnet/VoiceId/GetDomain.cs b/sdk/dotnet/VoiceId/GetDomain.cs index de62f2df4c..f9136cdba5 100644 --- a/sdk/dotnet/VoiceId/GetDomain.cs +++ b/sdk/dotnet/VoiceId/GetDomain.cs @@ -63,22 +63,43 @@ public GetDomainInvokeArgs() [OutputType] public sealed class GetDomainResult { + /// + /// The description of the domain. + /// + public readonly string? Description; /// /// The identifier of the domain. /// public readonly string? DomainId; /// + /// The name for the domain. + /// + public readonly string? Name; + /// + /// The server-side encryption configuration containing the KMS key identifier you want Voice ID to use to encrypt your data. + /// + public readonly Outputs.DomainServerSideEncryptionConfiguration? ServerSideEncryptionConfiguration; + /// /// The tags used to organize, track, or control access for this resource. /// public readonly ImmutableArray Tags; [OutputConstructor] private GetDomainResult( + string? description, + string? domainId, + string? name, + + Outputs.DomainServerSideEncryptionConfiguration? serverSideEncryptionConfiguration, + ImmutableArray tags) { + Description = description; DomainId = domainId; + Name = name; + ServerSideEncryptionConfiguration = serverSideEncryptionConfiguration; Tags = tags; } } diff --git a/sdk/go/aws/backup/logicallyAirGappedBackupVault.go b/sdk/go/aws/backup/logicallyAirGappedBackupVault.go index e19991c42a..2bfd11e189 100644 --- a/sdk/go/aws/backup/logicallyAirGappedBackupVault.go +++ b/sdk/go/aws/backup/logicallyAirGappedBackupVault.go @@ -35,9 +35,9 @@ type LogicallyAirGappedBackupVault struct { // Returns event notifications for the specified backup vault. Notifications LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput `pulumi:"notifications"` // The current state of the vault. - VaultState pulumi.StringPtrOutput `pulumi:"vaultState"` + VaultState pulumi.StringOutput `pulumi:"vaultState"` // The type of vault described. - VaultType pulumi.StringPtrOutput `pulumi:"vaultType"` + VaultType pulumi.StringOutput `pulumi:"vaultType"` } // NewLogicallyAirGappedBackupVault registers a new resource with the given unique name, arguments, and options. @@ -108,10 +108,6 @@ type logicallyAirGappedBackupVaultArgs struct { MinRetentionDays int `pulumi:"minRetentionDays"` // Returns event notifications for the specified backup vault. Notifications *LogicallyAirGappedBackupVaultNotificationObjectType `pulumi:"notifications"` - // The current state of the vault. - VaultState *string `pulumi:"vaultState"` - // The type of vault described. - VaultType *string `pulumi:"vaultType"` } // The set of arguments for constructing a LogicallyAirGappedBackupVault resource. @@ -132,10 +128,6 @@ type LogicallyAirGappedBackupVaultArgs struct { MinRetentionDays pulumi.IntInput // Returns event notifications for the specified backup vault. Notifications LogicallyAirGappedBackupVaultNotificationObjectTypePtrInput - // The current state of the vault. - VaultState pulumi.StringPtrInput - // The type of vault described. - VaultType pulumi.StringPtrInput } func (LogicallyAirGappedBackupVaultArgs) ElementType() reflect.Type { @@ -220,13 +212,13 @@ func (o LogicallyAirGappedBackupVaultOutput) Notifications() LogicallyAirGappedB } // The current state of the vault. -func (o LogicallyAirGappedBackupVaultOutput) VaultState() pulumi.StringPtrOutput { - return o.ApplyT(func(v *LogicallyAirGappedBackupVault) pulumi.StringPtrOutput { return v.VaultState }).(pulumi.StringPtrOutput) +func (o LogicallyAirGappedBackupVaultOutput) VaultState() pulumi.StringOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVault) pulumi.StringOutput { return v.VaultState }).(pulumi.StringOutput) } // The type of vault described. -func (o LogicallyAirGappedBackupVaultOutput) VaultType() pulumi.StringPtrOutput { - return o.ApplyT(func(v *LogicallyAirGappedBackupVault) pulumi.StringPtrOutput { return v.VaultType }).(pulumi.StringPtrOutput) +func (o LogicallyAirGappedBackupVaultOutput) VaultType() pulumi.StringOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVault) pulumi.StringOutput { return v.VaultType }).(pulumi.StringOutput) } func init() { diff --git a/sdk/go/aws/cleanrooms/collaboration.go b/sdk/go/aws/cleanrooms/collaboration.go index 732a9febbc..a0e1fd3c39 100644 --- a/sdk/go/aws/cleanrooms/collaboration.go +++ b/sdk/go/aws/cleanrooms/collaboration.go @@ -33,6 +33,8 @@ type Collaboration struct { // // *Allowed values* `CAN_QUERY` | `CAN_RECEIVE_RESULTS` CreatorMemberAbilities CollaborationMemberAbilityArrayOutput `pulumi:"creatorMemberAbilities"` + // The ML member abilities for a collaboration member. + CreatorMlMemberAbilities CollaborationMlMemberAbilitiesPtrOutput `pulumi:"creatorMlMemberAbilities"` // An object representing the collaboration member's payment responsibilities set by the collaboration creator. CreatorPaymentConfiguration CollaborationPaymentConfigurationPtrOutput `pulumi:"creatorPaymentConfiguration"` // The settings for client-side encryption for cryptographic computing. @@ -75,6 +77,7 @@ func NewCollaboration(ctx *pulumi.Context, "analyticsEngine", "creatorDisplayName", "creatorMemberAbilities[*]", + "creatorMlMemberAbilities", "creatorPaymentConfiguration", "dataEncryptionMetadata", "members[*]", @@ -122,6 +125,8 @@ type collaborationArgs struct { // // *Allowed values* `CAN_QUERY` | `CAN_RECEIVE_RESULTS` CreatorMemberAbilities []CollaborationMemberAbility `pulumi:"creatorMemberAbilities"` + // The ML member abilities for a collaboration member. + CreatorMlMemberAbilities *CollaborationMlMemberAbilities `pulumi:"creatorMlMemberAbilities"` // An object representing the collaboration member's payment responsibilities set by the collaboration creator. CreatorPaymentConfiguration *CollaborationPaymentConfiguration `pulumi:"creatorPaymentConfiguration"` // The settings for client-side encryption for cryptographic computing. @@ -148,6 +153,8 @@ type CollaborationArgs struct { // // *Allowed values* `CAN_QUERY` | `CAN_RECEIVE_RESULTS` CreatorMemberAbilities CollaborationMemberAbilityArrayInput + // The ML member abilities for a collaboration member. + CreatorMlMemberAbilities CollaborationMlMemberAbilitiesPtrInput // An object representing the collaboration member's payment responsibilities set by the collaboration creator. CreatorPaymentConfiguration CollaborationPaymentConfigurationPtrInput // The settings for client-side encryption for cryptographic computing. @@ -232,6 +239,11 @@ func (o CollaborationOutput) CreatorMemberAbilities() CollaborationMemberAbility return o.ApplyT(func(v *Collaboration) CollaborationMemberAbilityArrayOutput { return v.CreatorMemberAbilities }).(CollaborationMemberAbilityArrayOutput) } +// The ML member abilities for a collaboration member. +func (o CollaborationOutput) CreatorMlMemberAbilities() CollaborationMlMemberAbilitiesPtrOutput { + return o.ApplyT(func(v *Collaboration) CollaborationMlMemberAbilitiesPtrOutput { return v.CreatorMlMemberAbilities }).(CollaborationMlMemberAbilitiesPtrOutput) +} + // An object representing the collaboration member's payment responsibilities set by the collaboration creator. func (o CollaborationOutput) CreatorPaymentConfiguration() CollaborationPaymentConfigurationPtrOutput { return o.ApplyT(func(v *Collaboration) CollaborationPaymentConfigurationPtrOutput { diff --git a/sdk/go/aws/cleanrooms/pulumiEnums.go b/sdk/go/aws/cleanrooms/pulumiEnums.go index 5655522c66..8630868dd5 100644 --- a/sdk/go/aws/cleanrooms/pulumiEnums.go +++ b/sdk/go/aws/cleanrooms/pulumiEnums.go @@ -557,6 +557,216 @@ func (in *collaborationAnalyticsEnginePtr) ToCollaborationAnalyticsEnginePtrOutp return pulumi.ToOutputWithContext(ctx, in).(CollaborationAnalyticsEnginePtrOutput) } +type CollaborationCustomMlMemberAbility string + +const ( + CollaborationCustomMlMemberAbilityCanReceiveModelOutput = CollaborationCustomMlMemberAbility("CAN_RECEIVE_MODEL_OUTPUT") + CollaborationCustomMlMemberAbilityCanReceiveInferenceOutput = CollaborationCustomMlMemberAbility("CAN_RECEIVE_INFERENCE_OUTPUT") +) + +func (CollaborationCustomMlMemberAbility) ElementType() reflect.Type { + return reflect.TypeOf((*CollaborationCustomMlMemberAbility)(nil)).Elem() +} + +func (e CollaborationCustomMlMemberAbility) ToCollaborationCustomMlMemberAbilityOutput() CollaborationCustomMlMemberAbilityOutput { + return pulumi.ToOutput(e).(CollaborationCustomMlMemberAbilityOutput) +} + +func (e CollaborationCustomMlMemberAbility) ToCollaborationCustomMlMemberAbilityOutputWithContext(ctx context.Context) CollaborationCustomMlMemberAbilityOutput { + return pulumi.ToOutputWithContext(ctx, e).(CollaborationCustomMlMemberAbilityOutput) +} + +func (e CollaborationCustomMlMemberAbility) ToCollaborationCustomMlMemberAbilityPtrOutput() CollaborationCustomMlMemberAbilityPtrOutput { + return e.ToCollaborationCustomMlMemberAbilityPtrOutputWithContext(context.Background()) +} + +func (e CollaborationCustomMlMemberAbility) ToCollaborationCustomMlMemberAbilityPtrOutputWithContext(ctx context.Context) CollaborationCustomMlMemberAbilityPtrOutput { + return CollaborationCustomMlMemberAbility(e).ToCollaborationCustomMlMemberAbilityOutputWithContext(ctx).ToCollaborationCustomMlMemberAbilityPtrOutputWithContext(ctx) +} + +func (e CollaborationCustomMlMemberAbility) ToStringOutput() pulumi.StringOutput { + return pulumi.ToOutput(pulumi.String(e)).(pulumi.StringOutput) +} + +func (e CollaborationCustomMlMemberAbility) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput { + return pulumi.ToOutputWithContext(ctx, pulumi.String(e)).(pulumi.StringOutput) +} + +func (e CollaborationCustomMlMemberAbility) ToStringPtrOutput() pulumi.StringPtrOutput { + return pulumi.String(e).ToStringPtrOutputWithContext(context.Background()) +} + +func (e CollaborationCustomMlMemberAbility) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return pulumi.String(e).ToStringOutputWithContext(ctx).ToStringPtrOutputWithContext(ctx) +} + +type CollaborationCustomMlMemberAbilityOutput struct{ *pulumi.OutputState } + +func (CollaborationCustomMlMemberAbilityOutput) ElementType() reflect.Type { + return reflect.TypeOf((*CollaborationCustomMlMemberAbility)(nil)).Elem() +} + +func (o CollaborationCustomMlMemberAbilityOutput) ToCollaborationCustomMlMemberAbilityOutput() CollaborationCustomMlMemberAbilityOutput { + return o +} + +func (o CollaborationCustomMlMemberAbilityOutput) ToCollaborationCustomMlMemberAbilityOutputWithContext(ctx context.Context) CollaborationCustomMlMemberAbilityOutput { + return o +} + +func (o CollaborationCustomMlMemberAbilityOutput) ToCollaborationCustomMlMemberAbilityPtrOutput() CollaborationCustomMlMemberAbilityPtrOutput { + return o.ToCollaborationCustomMlMemberAbilityPtrOutputWithContext(context.Background()) +} + +func (o CollaborationCustomMlMemberAbilityOutput) ToCollaborationCustomMlMemberAbilityPtrOutputWithContext(ctx context.Context) CollaborationCustomMlMemberAbilityPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v CollaborationCustomMlMemberAbility) *CollaborationCustomMlMemberAbility { + return &v + }).(CollaborationCustomMlMemberAbilityPtrOutput) +} + +func (o CollaborationCustomMlMemberAbilityOutput) ToStringOutput() pulumi.StringOutput { + return o.ToStringOutputWithContext(context.Background()) +} + +func (o CollaborationCustomMlMemberAbilityOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e CollaborationCustomMlMemberAbility) string { + return string(e) + }).(pulumi.StringOutput) +} + +func (o CollaborationCustomMlMemberAbilityOutput) ToStringPtrOutput() pulumi.StringPtrOutput { + return o.ToStringPtrOutputWithContext(context.Background()) +} + +func (o CollaborationCustomMlMemberAbilityOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e CollaborationCustomMlMemberAbility) *string { + v := string(e) + return &v + }).(pulumi.StringPtrOutput) +} + +type CollaborationCustomMlMemberAbilityPtrOutput struct{ *pulumi.OutputState } + +func (CollaborationCustomMlMemberAbilityPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**CollaborationCustomMlMemberAbility)(nil)).Elem() +} + +func (o CollaborationCustomMlMemberAbilityPtrOutput) ToCollaborationCustomMlMemberAbilityPtrOutput() CollaborationCustomMlMemberAbilityPtrOutput { + return o +} + +func (o CollaborationCustomMlMemberAbilityPtrOutput) ToCollaborationCustomMlMemberAbilityPtrOutputWithContext(ctx context.Context) CollaborationCustomMlMemberAbilityPtrOutput { + return o +} + +func (o CollaborationCustomMlMemberAbilityPtrOutput) Elem() CollaborationCustomMlMemberAbilityOutput { + return o.ApplyT(func(v *CollaborationCustomMlMemberAbility) CollaborationCustomMlMemberAbility { + if v != nil { + return *v + } + var ret CollaborationCustomMlMemberAbility + return ret + }).(CollaborationCustomMlMemberAbilityOutput) +} + +func (o CollaborationCustomMlMemberAbilityPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput { + return o.ToStringPtrOutputWithContext(context.Background()) +} + +func (o CollaborationCustomMlMemberAbilityPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e *CollaborationCustomMlMemberAbility) *string { + if e == nil { + return nil + } + v := string(*e) + return &v + }).(pulumi.StringPtrOutput) +} + +// CollaborationCustomMlMemberAbilityInput is an input type that accepts values of the CollaborationCustomMlMemberAbility enum +// A concrete instance of `CollaborationCustomMlMemberAbilityInput` can be one of the following: +// +// CollaborationCustomMlMemberAbilityCanReceiveModelOutput +// CollaborationCustomMlMemberAbilityCanReceiveInferenceOutput +type CollaborationCustomMlMemberAbilityInput interface { + pulumi.Input + + ToCollaborationCustomMlMemberAbilityOutput() CollaborationCustomMlMemberAbilityOutput + ToCollaborationCustomMlMemberAbilityOutputWithContext(context.Context) CollaborationCustomMlMemberAbilityOutput +} + +var collaborationCustomMlMemberAbilityPtrType = reflect.TypeOf((**CollaborationCustomMlMemberAbility)(nil)).Elem() + +type CollaborationCustomMlMemberAbilityPtrInput interface { + pulumi.Input + + ToCollaborationCustomMlMemberAbilityPtrOutput() CollaborationCustomMlMemberAbilityPtrOutput + ToCollaborationCustomMlMemberAbilityPtrOutputWithContext(context.Context) CollaborationCustomMlMemberAbilityPtrOutput +} + +type collaborationCustomMlMemberAbilityPtr string + +func CollaborationCustomMlMemberAbilityPtr(v string) CollaborationCustomMlMemberAbilityPtrInput { + return (*collaborationCustomMlMemberAbilityPtr)(&v) +} + +func (*collaborationCustomMlMemberAbilityPtr) ElementType() reflect.Type { + return collaborationCustomMlMemberAbilityPtrType +} + +func (in *collaborationCustomMlMemberAbilityPtr) ToCollaborationCustomMlMemberAbilityPtrOutput() CollaborationCustomMlMemberAbilityPtrOutput { + return pulumi.ToOutput(in).(CollaborationCustomMlMemberAbilityPtrOutput) +} + +func (in *collaborationCustomMlMemberAbilityPtr) ToCollaborationCustomMlMemberAbilityPtrOutputWithContext(ctx context.Context) CollaborationCustomMlMemberAbilityPtrOutput { + return pulumi.ToOutputWithContext(ctx, in).(CollaborationCustomMlMemberAbilityPtrOutput) +} + +// CollaborationCustomMlMemberAbilityArrayInput is an input type that accepts CollaborationCustomMlMemberAbilityArray and CollaborationCustomMlMemberAbilityArrayOutput values. +// You can construct a concrete instance of `CollaborationCustomMlMemberAbilityArrayInput` via: +// +// CollaborationCustomMlMemberAbilityArray{ CollaborationCustomMlMemberAbilityArgs{...} } +type CollaborationCustomMlMemberAbilityArrayInput interface { + pulumi.Input + + ToCollaborationCustomMlMemberAbilityArrayOutput() CollaborationCustomMlMemberAbilityArrayOutput + ToCollaborationCustomMlMemberAbilityArrayOutputWithContext(context.Context) CollaborationCustomMlMemberAbilityArrayOutput +} + +type CollaborationCustomMlMemberAbilityArray []CollaborationCustomMlMemberAbility + +func (CollaborationCustomMlMemberAbilityArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]CollaborationCustomMlMemberAbility)(nil)).Elem() +} + +func (i CollaborationCustomMlMemberAbilityArray) ToCollaborationCustomMlMemberAbilityArrayOutput() CollaborationCustomMlMemberAbilityArrayOutput { + return i.ToCollaborationCustomMlMemberAbilityArrayOutputWithContext(context.Background()) +} + +func (i CollaborationCustomMlMemberAbilityArray) ToCollaborationCustomMlMemberAbilityArrayOutputWithContext(ctx context.Context) CollaborationCustomMlMemberAbilityArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(CollaborationCustomMlMemberAbilityArrayOutput) +} + +type CollaborationCustomMlMemberAbilityArrayOutput struct{ *pulumi.OutputState } + +func (CollaborationCustomMlMemberAbilityArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]CollaborationCustomMlMemberAbility)(nil)).Elem() +} + +func (o CollaborationCustomMlMemberAbilityArrayOutput) ToCollaborationCustomMlMemberAbilityArrayOutput() CollaborationCustomMlMemberAbilityArrayOutput { + return o +} + +func (o CollaborationCustomMlMemberAbilityArrayOutput) ToCollaborationCustomMlMemberAbilityArrayOutputWithContext(ctx context.Context) CollaborationCustomMlMemberAbilityArrayOutput { + return o +} + +func (o CollaborationCustomMlMemberAbilityArrayOutput) Index(i pulumi.IntInput) CollaborationCustomMlMemberAbilityOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) CollaborationCustomMlMemberAbility { + return vs[0].([]CollaborationCustomMlMemberAbility)[vs[1].(int)] + }).(CollaborationCustomMlMemberAbilityOutput) +} + type CollaborationMemberAbility string const ( @@ -3408,6 +3618,9 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*AnalysisTemplateFormatPtrInput)(nil)).Elem(), AnalysisTemplateFormat("SQL")) pulumi.RegisterInputType(reflect.TypeOf((*CollaborationAnalyticsEngineInput)(nil)).Elem(), CollaborationAnalyticsEngine("CLEAN_ROOMS_SQL")) pulumi.RegisterInputType(reflect.TypeOf((*CollaborationAnalyticsEnginePtrInput)(nil)).Elem(), CollaborationAnalyticsEngine("CLEAN_ROOMS_SQL")) + pulumi.RegisterInputType(reflect.TypeOf((*CollaborationCustomMlMemberAbilityInput)(nil)).Elem(), CollaborationCustomMlMemberAbility("CAN_RECEIVE_MODEL_OUTPUT")) + pulumi.RegisterInputType(reflect.TypeOf((*CollaborationCustomMlMemberAbilityPtrInput)(nil)).Elem(), CollaborationCustomMlMemberAbility("CAN_RECEIVE_MODEL_OUTPUT")) + pulumi.RegisterInputType(reflect.TypeOf((*CollaborationCustomMlMemberAbilityArrayInput)(nil)).Elem(), CollaborationCustomMlMemberAbilityArray{}) pulumi.RegisterInputType(reflect.TypeOf((*CollaborationMemberAbilityInput)(nil)).Elem(), CollaborationMemberAbility("CAN_QUERY")) pulumi.RegisterInputType(reflect.TypeOf((*CollaborationMemberAbilityPtrInput)(nil)).Elem(), CollaborationMemberAbility("CAN_QUERY")) pulumi.RegisterInputType(reflect.TypeOf((*CollaborationMemberAbilityArrayInput)(nil)).Elem(), CollaborationMemberAbilityArray{}) @@ -3447,6 +3660,9 @@ func init() { pulumi.RegisterOutputType(AnalysisTemplateFormatPtrOutput{}) pulumi.RegisterOutputType(CollaborationAnalyticsEngineOutput{}) pulumi.RegisterOutputType(CollaborationAnalyticsEnginePtrOutput{}) + pulumi.RegisterOutputType(CollaborationCustomMlMemberAbilityOutput{}) + pulumi.RegisterOutputType(CollaborationCustomMlMemberAbilityPtrOutput{}) + pulumi.RegisterOutputType(CollaborationCustomMlMemberAbilityArrayOutput{}) pulumi.RegisterOutputType(CollaborationMemberAbilityOutput{}) pulumi.RegisterOutputType(CollaborationMemberAbilityPtrOutput{}) pulumi.RegisterOutputType(CollaborationMemberAbilityArrayOutput{}) diff --git a/sdk/go/aws/cleanrooms/pulumiTypes.go b/sdk/go/aws/cleanrooms/pulumiTypes.go index 6927e86c0e..6c226df7c3 100644 --- a/sdk/go/aws/cleanrooms/pulumiTypes.go +++ b/sdk/go/aws/cleanrooms/pulumiTypes.go @@ -448,6 +448,8 @@ type CollaborationMemberSpecification struct { // // *Allowed Values* : `CAN_QUERY` | `CAN_RECEIVE_RESULTS` MemberAbilities []CollaborationMemberAbility `pulumi:"memberAbilities"` + // The ML abilities granted to the collaboration member. + MlMemberAbilities *CollaborationMlMemberAbilities `pulumi:"mlMemberAbilities"` // The collaboration member's payment responsibilities set by the collaboration creator. // // If the collaboration creator hasn't specified anyone as the member paying for query compute costs, then the member who can query is the default payer. @@ -474,6 +476,8 @@ type CollaborationMemberSpecificationArgs struct { // // *Allowed Values* : `CAN_QUERY` | `CAN_RECEIVE_RESULTS` MemberAbilities CollaborationMemberAbilityArrayInput `pulumi:"memberAbilities"` + // The ML abilities granted to the collaboration member. + MlMemberAbilities CollaborationMlMemberAbilitiesPtrInput `pulumi:"mlMemberAbilities"` // The collaboration member's payment responsibilities set by the collaboration creator. // // If the collaboration creator hasn't specified anyone as the member paying for query compute costs, then the member who can query is the default payer. @@ -548,6 +552,11 @@ func (o CollaborationMemberSpecificationOutput) MemberAbilities() CollaborationM return o.ApplyT(func(v CollaborationMemberSpecification) []CollaborationMemberAbility { return v.MemberAbilities }).(CollaborationMemberAbilityArrayOutput) } +// The ML abilities granted to the collaboration member. +func (o CollaborationMemberSpecificationOutput) MlMemberAbilities() CollaborationMlMemberAbilitiesPtrOutput { + return o.ApplyT(func(v CollaborationMemberSpecification) *CollaborationMlMemberAbilities { return v.MlMemberAbilities }).(CollaborationMlMemberAbilitiesPtrOutput) +} + // The collaboration member's payment responsibilities set by the collaboration creator. // // If the collaboration creator hasn't specified anyone as the member paying for query compute costs, then the member who can query is the default payer. @@ -577,7 +586,612 @@ func (o CollaborationMemberSpecificationArrayOutput) Index(i pulumi.IntInput) Co }).(CollaborationMemberSpecificationOutput) } +type CollaborationMlMemberAbilities struct { + // The custom ML member abilities for a collaboration member. + CustomMlMemberAbilities []CollaborationCustomMlMemberAbility `pulumi:"customMlMemberAbilities"` +} + +// CollaborationMlMemberAbilitiesInput is an input type that accepts CollaborationMlMemberAbilitiesArgs and CollaborationMlMemberAbilitiesOutput values. +// You can construct a concrete instance of `CollaborationMlMemberAbilitiesInput` via: +// +// CollaborationMlMemberAbilitiesArgs{...} +type CollaborationMlMemberAbilitiesInput interface { + pulumi.Input + + ToCollaborationMlMemberAbilitiesOutput() CollaborationMlMemberAbilitiesOutput + ToCollaborationMlMemberAbilitiesOutputWithContext(context.Context) CollaborationMlMemberAbilitiesOutput +} + +type CollaborationMlMemberAbilitiesArgs struct { + // The custom ML member abilities for a collaboration member. + CustomMlMemberAbilities CollaborationCustomMlMemberAbilityArrayInput `pulumi:"customMlMemberAbilities"` +} + +func (CollaborationMlMemberAbilitiesArgs) ElementType() reflect.Type { + return reflect.TypeOf((*CollaborationMlMemberAbilities)(nil)).Elem() +} + +func (i CollaborationMlMemberAbilitiesArgs) ToCollaborationMlMemberAbilitiesOutput() CollaborationMlMemberAbilitiesOutput { + return i.ToCollaborationMlMemberAbilitiesOutputWithContext(context.Background()) +} + +func (i CollaborationMlMemberAbilitiesArgs) ToCollaborationMlMemberAbilitiesOutputWithContext(ctx context.Context) CollaborationMlMemberAbilitiesOutput { + return pulumi.ToOutputWithContext(ctx, i).(CollaborationMlMemberAbilitiesOutput) +} + +func (i CollaborationMlMemberAbilitiesArgs) ToCollaborationMlMemberAbilitiesPtrOutput() CollaborationMlMemberAbilitiesPtrOutput { + return i.ToCollaborationMlMemberAbilitiesPtrOutputWithContext(context.Background()) +} + +func (i CollaborationMlMemberAbilitiesArgs) ToCollaborationMlMemberAbilitiesPtrOutputWithContext(ctx context.Context) CollaborationMlMemberAbilitiesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(CollaborationMlMemberAbilitiesOutput).ToCollaborationMlMemberAbilitiesPtrOutputWithContext(ctx) +} + +// CollaborationMlMemberAbilitiesPtrInput is an input type that accepts CollaborationMlMemberAbilitiesArgs, CollaborationMlMemberAbilitiesPtr and CollaborationMlMemberAbilitiesPtrOutput values. +// You can construct a concrete instance of `CollaborationMlMemberAbilitiesPtrInput` via: +// +// CollaborationMlMemberAbilitiesArgs{...} +// +// or: +// +// nil +type CollaborationMlMemberAbilitiesPtrInput interface { + pulumi.Input + + ToCollaborationMlMemberAbilitiesPtrOutput() CollaborationMlMemberAbilitiesPtrOutput + ToCollaborationMlMemberAbilitiesPtrOutputWithContext(context.Context) CollaborationMlMemberAbilitiesPtrOutput +} + +type collaborationMlMemberAbilitiesPtrType CollaborationMlMemberAbilitiesArgs + +func CollaborationMlMemberAbilitiesPtr(v *CollaborationMlMemberAbilitiesArgs) CollaborationMlMemberAbilitiesPtrInput { + return (*collaborationMlMemberAbilitiesPtrType)(v) +} + +func (*collaborationMlMemberAbilitiesPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**CollaborationMlMemberAbilities)(nil)).Elem() +} + +func (i *collaborationMlMemberAbilitiesPtrType) ToCollaborationMlMemberAbilitiesPtrOutput() CollaborationMlMemberAbilitiesPtrOutput { + return i.ToCollaborationMlMemberAbilitiesPtrOutputWithContext(context.Background()) +} + +func (i *collaborationMlMemberAbilitiesPtrType) ToCollaborationMlMemberAbilitiesPtrOutputWithContext(ctx context.Context) CollaborationMlMemberAbilitiesPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(CollaborationMlMemberAbilitiesPtrOutput) +} + +type CollaborationMlMemberAbilitiesOutput struct{ *pulumi.OutputState } + +func (CollaborationMlMemberAbilitiesOutput) ElementType() reflect.Type { + return reflect.TypeOf((*CollaborationMlMemberAbilities)(nil)).Elem() +} + +func (o CollaborationMlMemberAbilitiesOutput) ToCollaborationMlMemberAbilitiesOutput() CollaborationMlMemberAbilitiesOutput { + return o +} + +func (o CollaborationMlMemberAbilitiesOutput) ToCollaborationMlMemberAbilitiesOutputWithContext(ctx context.Context) CollaborationMlMemberAbilitiesOutput { + return o +} + +func (o CollaborationMlMemberAbilitiesOutput) ToCollaborationMlMemberAbilitiesPtrOutput() CollaborationMlMemberAbilitiesPtrOutput { + return o.ToCollaborationMlMemberAbilitiesPtrOutputWithContext(context.Background()) +} + +func (o CollaborationMlMemberAbilitiesOutput) ToCollaborationMlMemberAbilitiesPtrOutputWithContext(ctx context.Context) CollaborationMlMemberAbilitiesPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v CollaborationMlMemberAbilities) *CollaborationMlMemberAbilities { + return &v + }).(CollaborationMlMemberAbilitiesPtrOutput) +} + +// The custom ML member abilities for a collaboration member. +func (o CollaborationMlMemberAbilitiesOutput) CustomMlMemberAbilities() CollaborationCustomMlMemberAbilityArrayOutput { + return o.ApplyT(func(v CollaborationMlMemberAbilities) []CollaborationCustomMlMemberAbility { + return v.CustomMlMemberAbilities + }).(CollaborationCustomMlMemberAbilityArrayOutput) +} + +type CollaborationMlMemberAbilitiesPtrOutput struct{ *pulumi.OutputState } + +func (CollaborationMlMemberAbilitiesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**CollaborationMlMemberAbilities)(nil)).Elem() +} + +func (o CollaborationMlMemberAbilitiesPtrOutput) ToCollaborationMlMemberAbilitiesPtrOutput() CollaborationMlMemberAbilitiesPtrOutput { + return o +} + +func (o CollaborationMlMemberAbilitiesPtrOutput) ToCollaborationMlMemberAbilitiesPtrOutputWithContext(ctx context.Context) CollaborationMlMemberAbilitiesPtrOutput { + return o +} + +func (o CollaborationMlMemberAbilitiesPtrOutput) Elem() CollaborationMlMemberAbilitiesOutput { + return o.ApplyT(func(v *CollaborationMlMemberAbilities) CollaborationMlMemberAbilities { + if v != nil { + return *v + } + var ret CollaborationMlMemberAbilities + return ret + }).(CollaborationMlMemberAbilitiesOutput) +} + +// The custom ML member abilities for a collaboration member. +func (o CollaborationMlMemberAbilitiesPtrOutput) CustomMlMemberAbilities() CollaborationCustomMlMemberAbilityArrayOutput { + return o.ApplyT(func(v *CollaborationMlMemberAbilities) []CollaborationCustomMlMemberAbility { + if v == nil { + return nil + } + return v.CustomMlMemberAbilities + }).(CollaborationCustomMlMemberAbilityArrayOutput) +} + +type CollaborationMlPaymentConfig struct { + // The payment responsibilities accepted by the member for model inference. + ModelInference *CollaborationModelInferencePaymentConfig `pulumi:"modelInference"` + // The payment responsibilities accepted by the member for model training. + ModelTraining *CollaborationModelTrainingPaymentConfig `pulumi:"modelTraining"` +} + +// CollaborationMlPaymentConfigInput is an input type that accepts CollaborationMlPaymentConfigArgs and CollaborationMlPaymentConfigOutput values. +// You can construct a concrete instance of `CollaborationMlPaymentConfigInput` via: +// +// CollaborationMlPaymentConfigArgs{...} +type CollaborationMlPaymentConfigInput interface { + pulumi.Input + + ToCollaborationMlPaymentConfigOutput() CollaborationMlPaymentConfigOutput + ToCollaborationMlPaymentConfigOutputWithContext(context.Context) CollaborationMlPaymentConfigOutput +} + +type CollaborationMlPaymentConfigArgs struct { + // The payment responsibilities accepted by the member for model inference. + ModelInference CollaborationModelInferencePaymentConfigPtrInput `pulumi:"modelInference"` + // The payment responsibilities accepted by the member for model training. + ModelTraining CollaborationModelTrainingPaymentConfigPtrInput `pulumi:"modelTraining"` +} + +func (CollaborationMlPaymentConfigArgs) ElementType() reflect.Type { + return reflect.TypeOf((*CollaborationMlPaymentConfig)(nil)).Elem() +} + +func (i CollaborationMlPaymentConfigArgs) ToCollaborationMlPaymentConfigOutput() CollaborationMlPaymentConfigOutput { + return i.ToCollaborationMlPaymentConfigOutputWithContext(context.Background()) +} + +func (i CollaborationMlPaymentConfigArgs) ToCollaborationMlPaymentConfigOutputWithContext(ctx context.Context) CollaborationMlPaymentConfigOutput { + return pulumi.ToOutputWithContext(ctx, i).(CollaborationMlPaymentConfigOutput) +} + +func (i CollaborationMlPaymentConfigArgs) ToCollaborationMlPaymentConfigPtrOutput() CollaborationMlPaymentConfigPtrOutput { + return i.ToCollaborationMlPaymentConfigPtrOutputWithContext(context.Background()) +} + +func (i CollaborationMlPaymentConfigArgs) ToCollaborationMlPaymentConfigPtrOutputWithContext(ctx context.Context) CollaborationMlPaymentConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(CollaborationMlPaymentConfigOutput).ToCollaborationMlPaymentConfigPtrOutputWithContext(ctx) +} + +// CollaborationMlPaymentConfigPtrInput is an input type that accepts CollaborationMlPaymentConfigArgs, CollaborationMlPaymentConfigPtr and CollaborationMlPaymentConfigPtrOutput values. +// You can construct a concrete instance of `CollaborationMlPaymentConfigPtrInput` via: +// +// CollaborationMlPaymentConfigArgs{...} +// +// or: +// +// nil +type CollaborationMlPaymentConfigPtrInput interface { + pulumi.Input + + ToCollaborationMlPaymentConfigPtrOutput() CollaborationMlPaymentConfigPtrOutput + ToCollaborationMlPaymentConfigPtrOutputWithContext(context.Context) CollaborationMlPaymentConfigPtrOutput +} + +type collaborationMlPaymentConfigPtrType CollaborationMlPaymentConfigArgs + +func CollaborationMlPaymentConfigPtr(v *CollaborationMlPaymentConfigArgs) CollaborationMlPaymentConfigPtrInput { + return (*collaborationMlPaymentConfigPtrType)(v) +} + +func (*collaborationMlPaymentConfigPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**CollaborationMlPaymentConfig)(nil)).Elem() +} + +func (i *collaborationMlPaymentConfigPtrType) ToCollaborationMlPaymentConfigPtrOutput() CollaborationMlPaymentConfigPtrOutput { + return i.ToCollaborationMlPaymentConfigPtrOutputWithContext(context.Background()) +} + +func (i *collaborationMlPaymentConfigPtrType) ToCollaborationMlPaymentConfigPtrOutputWithContext(ctx context.Context) CollaborationMlPaymentConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(CollaborationMlPaymentConfigPtrOutput) +} + +type CollaborationMlPaymentConfigOutput struct{ *pulumi.OutputState } + +func (CollaborationMlPaymentConfigOutput) ElementType() reflect.Type { + return reflect.TypeOf((*CollaborationMlPaymentConfig)(nil)).Elem() +} + +func (o CollaborationMlPaymentConfigOutput) ToCollaborationMlPaymentConfigOutput() CollaborationMlPaymentConfigOutput { + return o +} + +func (o CollaborationMlPaymentConfigOutput) ToCollaborationMlPaymentConfigOutputWithContext(ctx context.Context) CollaborationMlPaymentConfigOutput { + return o +} + +func (o CollaborationMlPaymentConfigOutput) ToCollaborationMlPaymentConfigPtrOutput() CollaborationMlPaymentConfigPtrOutput { + return o.ToCollaborationMlPaymentConfigPtrOutputWithContext(context.Background()) +} + +func (o CollaborationMlPaymentConfigOutput) ToCollaborationMlPaymentConfigPtrOutputWithContext(ctx context.Context) CollaborationMlPaymentConfigPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v CollaborationMlPaymentConfig) *CollaborationMlPaymentConfig { + return &v + }).(CollaborationMlPaymentConfigPtrOutput) +} + +// The payment responsibilities accepted by the member for model inference. +func (o CollaborationMlPaymentConfigOutput) ModelInference() CollaborationModelInferencePaymentConfigPtrOutput { + return o.ApplyT(func(v CollaborationMlPaymentConfig) *CollaborationModelInferencePaymentConfig { + return v.ModelInference + }).(CollaborationModelInferencePaymentConfigPtrOutput) +} + +// The payment responsibilities accepted by the member for model training. +func (o CollaborationMlPaymentConfigOutput) ModelTraining() CollaborationModelTrainingPaymentConfigPtrOutput { + return o.ApplyT(func(v CollaborationMlPaymentConfig) *CollaborationModelTrainingPaymentConfig { return v.ModelTraining }).(CollaborationModelTrainingPaymentConfigPtrOutput) +} + +type CollaborationMlPaymentConfigPtrOutput struct{ *pulumi.OutputState } + +func (CollaborationMlPaymentConfigPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**CollaborationMlPaymentConfig)(nil)).Elem() +} + +func (o CollaborationMlPaymentConfigPtrOutput) ToCollaborationMlPaymentConfigPtrOutput() CollaborationMlPaymentConfigPtrOutput { + return o +} + +func (o CollaborationMlPaymentConfigPtrOutput) ToCollaborationMlPaymentConfigPtrOutputWithContext(ctx context.Context) CollaborationMlPaymentConfigPtrOutput { + return o +} + +func (o CollaborationMlPaymentConfigPtrOutput) Elem() CollaborationMlPaymentConfigOutput { + return o.ApplyT(func(v *CollaborationMlPaymentConfig) CollaborationMlPaymentConfig { + if v != nil { + return *v + } + var ret CollaborationMlPaymentConfig + return ret + }).(CollaborationMlPaymentConfigOutput) +} + +// The payment responsibilities accepted by the member for model inference. +func (o CollaborationMlPaymentConfigPtrOutput) ModelInference() CollaborationModelInferencePaymentConfigPtrOutput { + return o.ApplyT(func(v *CollaborationMlPaymentConfig) *CollaborationModelInferencePaymentConfig { + if v == nil { + return nil + } + return v.ModelInference + }).(CollaborationModelInferencePaymentConfigPtrOutput) +} + +// The payment responsibilities accepted by the member for model training. +func (o CollaborationMlPaymentConfigPtrOutput) ModelTraining() CollaborationModelTrainingPaymentConfigPtrOutput { + return o.ApplyT(func(v *CollaborationMlPaymentConfig) *CollaborationModelTrainingPaymentConfig { + if v == nil { + return nil + } + return v.ModelTraining + }).(CollaborationModelTrainingPaymentConfigPtrOutput) +} + +type CollaborationModelInferencePaymentConfig struct { + // Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ). + // + // Exactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + // + // If the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + IsResponsible bool `pulumi:"isResponsible"` +} + +// CollaborationModelInferencePaymentConfigInput is an input type that accepts CollaborationModelInferencePaymentConfigArgs and CollaborationModelInferencePaymentConfigOutput values. +// You can construct a concrete instance of `CollaborationModelInferencePaymentConfigInput` via: +// +// CollaborationModelInferencePaymentConfigArgs{...} +type CollaborationModelInferencePaymentConfigInput interface { + pulumi.Input + + ToCollaborationModelInferencePaymentConfigOutput() CollaborationModelInferencePaymentConfigOutput + ToCollaborationModelInferencePaymentConfigOutputWithContext(context.Context) CollaborationModelInferencePaymentConfigOutput +} + +type CollaborationModelInferencePaymentConfigArgs struct { + // Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ). + // + // Exactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + // + // If the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + IsResponsible pulumi.BoolInput `pulumi:"isResponsible"` +} + +func (CollaborationModelInferencePaymentConfigArgs) ElementType() reflect.Type { + return reflect.TypeOf((*CollaborationModelInferencePaymentConfig)(nil)).Elem() +} + +func (i CollaborationModelInferencePaymentConfigArgs) ToCollaborationModelInferencePaymentConfigOutput() CollaborationModelInferencePaymentConfigOutput { + return i.ToCollaborationModelInferencePaymentConfigOutputWithContext(context.Background()) +} + +func (i CollaborationModelInferencePaymentConfigArgs) ToCollaborationModelInferencePaymentConfigOutputWithContext(ctx context.Context) CollaborationModelInferencePaymentConfigOutput { + return pulumi.ToOutputWithContext(ctx, i).(CollaborationModelInferencePaymentConfigOutput) +} + +func (i CollaborationModelInferencePaymentConfigArgs) ToCollaborationModelInferencePaymentConfigPtrOutput() CollaborationModelInferencePaymentConfigPtrOutput { + return i.ToCollaborationModelInferencePaymentConfigPtrOutputWithContext(context.Background()) +} + +func (i CollaborationModelInferencePaymentConfigArgs) ToCollaborationModelInferencePaymentConfigPtrOutputWithContext(ctx context.Context) CollaborationModelInferencePaymentConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(CollaborationModelInferencePaymentConfigOutput).ToCollaborationModelInferencePaymentConfigPtrOutputWithContext(ctx) +} + +// CollaborationModelInferencePaymentConfigPtrInput is an input type that accepts CollaborationModelInferencePaymentConfigArgs, CollaborationModelInferencePaymentConfigPtr and CollaborationModelInferencePaymentConfigPtrOutput values. +// You can construct a concrete instance of `CollaborationModelInferencePaymentConfigPtrInput` via: +// +// CollaborationModelInferencePaymentConfigArgs{...} +// +// or: +// +// nil +type CollaborationModelInferencePaymentConfigPtrInput interface { + pulumi.Input + + ToCollaborationModelInferencePaymentConfigPtrOutput() CollaborationModelInferencePaymentConfigPtrOutput + ToCollaborationModelInferencePaymentConfigPtrOutputWithContext(context.Context) CollaborationModelInferencePaymentConfigPtrOutput +} + +type collaborationModelInferencePaymentConfigPtrType CollaborationModelInferencePaymentConfigArgs + +func CollaborationModelInferencePaymentConfigPtr(v *CollaborationModelInferencePaymentConfigArgs) CollaborationModelInferencePaymentConfigPtrInput { + return (*collaborationModelInferencePaymentConfigPtrType)(v) +} + +func (*collaborationModelInferencePaymentConfigPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**CollaborationModelInferencePaymentConfig)(nil)).Elem() +} + +func (i *collaborationModelInferencePaymentConfigPtrType) ToCollaborationModelInferencePaymentConfigPtrOutput() CollaborationModelInferencePaymentConfigPtrOutput { + return i.ToCollaborationModelInferencePaymentConfigPtrOutputWithContext(context.Background()) +} + +func (i *collaborationModelInferencePaymentConfigPtrType) ToCollaborationModelInferencePaymentConfigPtrOutputWithContext(ctx context.Context) CollaborationModelInferencePaymentConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(CollaborationModelInferencePaymentConfigPtrOutput) +} + +type CollaborationModelInferencePaymentConfigOutput struct{ *pulumi.OutputState } + +func (CollaborationModelInferencePaymentConfigOutput) ElementType() reflect.Type { + return reflect.TypeOf((*CollaborationModelInferencePaymentConfig)(nil)).Elem() +} + +func (o CollaborationModelInferencePaymentConfigOutput) ToCollaborationModelInferencePaymentConfigOutput() CollaborationModelInferencePaymentConfigOutput { + return o +} + +func (o CollaborationModelInferencePaymentConfigOutput) ToCollaborationModelInferencePaymentConfigOutputWithContext(ctx context.Context) CollaborationModelInferencePaymentConfigOutput { + return o +} + +func (o CollaborationModelInferencePaymentConfigOutput) ToCollaborationModelInferencePaymentConfigPtrOutput() CollaborationModelInferencePaymentConfigPtrOutput { + return o.ToCollaborationModelInferencePaymentConfigPtrOutputWithContext(context.Background()) +} + +func (o CollaborationModelInferencePaymentConfigOutput) ToCollaborationModelInferencePaymentConfigPtrOutputWithContext(ctx context.Context) CollaborationModelInferencePaymentConfigPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v CollaborationModelInferencePaymentConfig) *CollaborationModelInferencePaymentConfig { + return &v + }).(CollaborationModelInferencePaymentConfigPtrOutput) +} + +// Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ). +// +// Exactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. +// +// If the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. +func (o CollaborationModelInferencePaymentConfigOutput) IsResponsible() pulumi.BoolOutput { + return o.ApplyT(func(v CollaborationModelInferencePaymentConfig) bool { return v.IsResponsible }).(pulumi.BoolOutput) +} + +type CollaborationModelInferencePaymentConfigPtrOutput struct{ *pulumi.OutputState } + +func (CollaborationModelInferencePaymentConfigPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**CollaborationModelInferencePaymentConfig)(nil)).Elem() +} + +func (o CollaborationModelInferencePaymentConfigPtrOutput) ToCollaborationModelInferencePaymentConfigPtrOutput() CollaborationModelInferencePaymentConfigPtrOutput { + return o +} + +func (o CollaborationModelInferencePaymentConfigPtrOutput) ToCollaborationModelInferencePaymentConfigPtrOutputWithContext(ctx context.Context) CollaborationModelInferencePaymentConfigPtrOutput { + return o +} + +func (o CollaborationModelInferencePaymentConfigPtrOutput) Elem() CollaborationModelInferencePaymentConfigOutput { + return o.ApplyT(func(v *CollaborationModelInferencePaymentConfig) CollaborationModelInferencePaymentConfig { + if v != nil { + return *v + } + var ret CollaborationModelInferencePaymentConfig + return ret + }).(CollaborationModelInferencePaymentConfigOutput) +} + +// Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ). +// +// Exactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. +// +// If the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. +func (o CollaborationModelInferencePaymentConfigPtrOutput) IsResponsible() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *CollaborationModelInferencePaymentConfig) *bool { + if v == nil { + return nil + } + return &v.IsResponsible + }).(pulumi.BoolPtrOutput) +} + +type CollaborationModelTrainingPaymentConfig struct { + // Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ). + // + // Exactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + // + // If the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + IsResponsible bool `pulumi:"isResponsible"` +} + +// CollaborationModelTrainingPaymentConfigInput is an input type that accepts CollaborationModelTrainingPaymentConfigArgs and CollaborationModelTrainingPaymentConfigOutput values. +// You can construct a concrete instance of `CollaborationModelTrainingPaymentConfigInput` via: +// +// CollaborationModelTrainingPaymentConfigArgs{...} +type CollaborationModelTrainingPaymentConfigInput interface { + pulumi.Input + + ToCollaborationModelTrainingPaymentConfigOutput() CollaborationModelTrainingPaymentConfigOutput + ToCollaborationModelTrainingPaymentConfigOutputWithContext(context.Context) CollaborationModelTrainingPaymentConfigOutput +} + +type CollaborationModelTrainingPaymentConfigArgs struct { + // Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ). + // + // Exactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + // + // If the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + IsResponsible pulumi.BoolInput `pulumi:"isResponsible"` +} + +func (CollaborationModelTrainingPaymentConfigArgs) ElementType() reflect.Type { + return reflect.TypeOf((*CollaborationModelTrainingPaymentConfig)(nil)).Elem() +} + +func (i CollaborationModelTrainingPaymentConfigArgs) ToCollaborationModelTrainingPaymentConfigOutput() CollaborationModelTrainingPaymentConfigOutput { + return i.ToCollaborationModelTrainingPaymentConfigOutputWithContext(context.Background()) +} + +func (i CollaborationModelTrainingPaymentConfigArgs) ToCollaborationModelTrainingPaymentConfigOutputWithContext(ctx context.Context) CollaborationModelTrainingPaymentConfigOutput { + return pulumi.ToOutputWithContext(ctx, i).(CollaborationModelTrainingPaymentConfigOutput) +} + +func (i CollaborationModelTrainingPaymentConfigArgs) ToCollaborationModelTrainingPaymentConfigPtrOutput() CollaborationModelTrainingPaymentConfigPtrOutput { + return i.ToCollaborationModelTrainingPaymentConfigPtrOutputWithContext(context.Background()) +} + +func (i CollaborationModelTrainingPaymentConfigArgs) ToCollaborationModelTrainingPaymentConfigPtrOutputWithContext(ctx context.Context) CollaborationModelTrainingPaymentConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(CollaborationModelTrainingPaymentConfigOutput).ToCollaborationModelTrainingPaymentConfigPtrOutputWithContext(ctx) +} + +// CollaborationModelTrainingPaymentConfigPtrInput is an input type that accepts CollaborationModelTrainingPaymentConfigArgs, CollaborationModelTrainingPaymentConfigPtr and CollaborationModelTrainingPaymentConfigPtrOutput values. +// You can construct a concrete instance of `CollaborationModelTrainingPaymentConfigPtrInput` via: +// +// CollaborationModelTrainingPaymentConfigArgs{...} +// +// or: +// +// nil +type CollaborationModelTrainingPaymentConfigPtrInput interface { + pulumi.Input + + ToCollaborationModelTrainingPaymentConfigPtrOutput() CollaborationModelTrainingPaymentConfigPtrOutput + ToCollaborationModelTrainingPaymentConfigPtrOutputWithContext(context.Context) CollaborationModelTrainingPaymentConfigPtrOutput +} + +type collaborationModelTrainingPaymentConfigPtrType CollaborationModelTrainingPaymentConfigArgs + +func CollaborationModelTrainingPaymentConfigPtr(v *CollaborationModelTrainingPaymentConfigArgs) CollaborationModelTrainingPaymentConfigPtrInput { + return (*collaborationModelTrainingPaymentConfigPtrType)(v) +} + +func (*collaborationModelTrainingPaymentConfigPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**CollaborationModelTrainingPaymentConfig)(nil)).Elem() +} + +func (i *collaborationModelTrainingPaymentConfigPtrType) ToCollaborationModelTrainingPaymentConfigPtrOutput() CollaborationModelTrainingPaymentConfigPtrOutput { + return i.ToCollaborationModelTrainingPaymentConfigPtrOutputWithContext(context.Background()) +} + +func (i *collaborationModelTrainingPaymentConfigPtrType) ToCollaborationModelTrainingPaymentConfigPtrOutputWithContext(ctx context.Context) CollaborationModelTrainingPaymentConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(CollaborationModelTrainingPaymentConfigPtrOutput) +} + +type CollaborationModelTrainingPaymentConfigOutput struct{ *pulumi.OutputState } + +func (CollaborationModelTrainingPaymentConfigOutput) ElementType() reflect.Type { + return reflect.TypeOf((*CollaborationModelTrainingPaymentConfig)(nil)).Elem() +} + +func (o CollaborationModelTrainingPaymentConfigOutput) ToCollaborationModelTrainingPaymentConfigOutput() CollaborationModelTrainingPaymentConfigOutput { + return o +} + +func (o CollaborationModelTrainingPaymentConfigOutput) ToCollaborationModelTrainingPaymentConfigOutputWithContext(ctx context.Context) CollaborationModelTrainingPaymentConfigOutput { + return o +} + +func (o CollaborationModelTrainingPaymentConfigOutput) ToCollaborationModelTrainingPaymentConfigPtrOutput() CollaborationModelTrainingPaymentConfigPtrOutput { + return o.ToCollaborationModelTrainingPaymentConfigPtrOutputWithContext(context.Background()) +} + +func (o CollaborationModelTrainingPaymentConfigOutput) ToCollaborationModelTrainingPaymentConfigPtrOutputWithContext(ctx context.Context) CollaborationModelTrainingPaymentConfigPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v CollaborationModelTrainingPaymentConfig) *CollaborationModelTrainingPaymentConfig { + return &v + }).(CollaborationModelTrainingPaymentConfigPtrOutput) +} + +// Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ). +// +// Exactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. +// +// If the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. +func (o CollaborationModelTrainingPaymentConfigOutput) IsResponsible() pulumi.BoolOutput { + return o.ApplyT(func(v CollaborationModelTrainingPaymentConfig) bool { return v.IsResponsible }).(pulumi.BoolOutput) +} + +type CollaborationModelTrainingPaymentConfigPtrOutput struct{ *pulumi.OutputState } + +func (CollaborationModelTrainingPaymentConfigPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**CollaborationModelTrainingPaymentConfig)(nil)).Elem() +} + +func (o CollaborationModelTrainingPaymentConfigPtrOutput) ToCollaborationModelTrainingPaymentConfigPtrOutput() CollaborationModelTrainingPaymentConfigPtrOutput { + return o +} + +func (o CollaborationModelTrainingPaymentConfigPtrOutput) ToCollaborationModelTrainingPaymentConfigPtrOutputWithContext(ctx context.Context) CollaborationModelTrainingPaymentConfigPtrOutput { + return o +} + +func (o CollaborationModelTrainingPaymentConfigPtrOutput) Elem() CollaborationModelTrainingPaymentConfigOutput { + return o.ApplyT(func(v *CollaborationModelTrainingPaymentConfig) CollaborationModelTrainingPaymentConfig { + if v != nil { + return *v + } + var ret CollaborationModelTrainingPaymentConfig + return ret + }).(CollaborationModelTrainingPaymentConfigOutput) +} + +// Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ). +// +// Exactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. +// +// If the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. +func (o CollaborationModelTrainingPaymentConfigPtrOutput) IsResponsible() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *CollaborationModelTrainingPaymentConfig) *bool { + if v == nil { + return nil + } + return &v.IsResponsible + }).(pulumi.BoolPtrOutput) +} + type CollaborationPaymentConfiguration struct { + // An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. + MachineLearning *CollaborationMlPaymentConfig `pulumi:"machineLearning"` // The collaboration member's payment responsibilities set by the collaboration creator for query compute costs. QueryCompute CollaborationQueryComputePaymentConfig `pulumi:"queryCompute"` } @@ -594,6 +1208,8 @@ type CollaborationPaymentConfigurationInput interface { } type CollaborationPaymentConfigurationArgs struct { + // An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. + MachineLearning CollaborationMlPaymentConfigPtrInput `pulumi:"machineLearning"` // The collaboration member's payment responsibilities set by the collaboration creator for query compute costs. QueryCompute CollaborationQueryComputePaymentConfigInput `pulumi:"queryCompute"` } @@ -675,6 +1291,11 @@ func (o CollaborationPaymentConfigurationOutput) ToCollaborationPaymentConfigura }).(CollaborationPaymentConfigurationPtrOutput) } +// An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. +func (o CollaborationPaymentConfigurationOutput) MachineLearning() CollaborationMlPaymentConfigPtrOutput { + return o.ApplyT(func(v CollaborationPaymentConfiguration) *CollaborationMlPaymentConfig { return v.MachineLearning }).(CollaborationMlPaymentConfigPtrOutput) +} + // The collaboration member's payment responsibilities set by the collaboration creator for query compute costs. func (o CollaborationPaymentConfigurationOutput) QueryCompute() CollaborationQueryComputePaymentConfigOutput { return o.ApplyT(func(v CollaborationPaymentConfiguration) CollaborationQueryComputePaymentConfig { @@ -706,6 +1327,16 @@ func (o CollaborationPaymentConfigurationPtrOutput) Elem() CollaborationPaymentC }).(CollaborationPaymentConfigurationOutput) } +// An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. +func (o CollaborationPaymentConfigurationPtrOutput) MachineLearning() CollaborationMlPaymentConfigPtrOutput { + return o.ApplyT(func(v *CollaborationPaymentConfiguration) *CollaborationMlPaymentConfig { + if v == nil { + return nil + } + return v.MachineLearning + }).(CollaborationMlPaymentConfigPtrOutput) +} + // The collaboration member's payment responsibilities set by the collaboration creator for query compute costs. func (o CollaborationPaymentConfigurationPtrOutput) QueryCompute() CollaborationQueryComputePaymentConfigPtrOutput { return o.ApplyT(func(v *CollaborationPaymentConfiguration) *CollaborationQueryComputePaymentConfig { @@ -3390,7 +4021,422 @@ type IdNamespaceAssociationTag struct { Value string `pulumi:"value"` } +type MembershipMlPaymentConfig struct { + ModelInference *MembershipModelInferencePaymentConfig `pulumi:"modelInference"` + ModelTraining *MembershipModelTrainingPaymentConfig `pulumi:"modelTraining"` +} + +// MembershipMlPaymentConfigInput is an input type that accepts MembershipMlPaymentConfigArgs and MembershipMlPaymentConfigOutput values. +// You can construct a concrete instance of `MembershipMlPaymentConfigInput` via: +// +// MembershipMlPaymentConfigArgs{...} +type MembershipMlPaymentConfigInput interface { + pulumi.Input + + ToMembershipMlPaymentConfigOutput() MembershipMlPaymentConfigOutput + ToMembershipMlPaymentConfigOutputWithContext(context.Context) MembershipMlPaymentConfigOutput +} + +type MembershipMlPaymentConfigArgs struct { + ModelInference MembershipModelInferencePaymentConfigPtrInput `pulumi:"modelInference"` + ModelTraining MembershipModelTrainingPaymentConfigPtrInput `pulumi:"modelTraining"` +} + +func (MembershipMlPaymentConfigArgs) ElementType() reflect.Type { + return reflect.TypeOf((*MembershipMlPaymentConfig)(nil)).Elem() +} + +func (i MembershipMlPaymentConfigArgs) ToMembershipMlPaymentConfigOutput() MembershipMlPaymentConfigOutput { + return i.ToMembershipMlPaymentConfigOutputWithContext(context.Background()) +} + +func (i MembershipMlPaymentConfigArgs) ToMembershipMlPaymentConfigOutputWithContext(ctx context.Context) MembershipMlPaymentConfigOutput { + return pulumi.ToOutputWithContext(ctx, i).(MembershipMlPaymentConfigOutput) +} + +func (i MembershipMlPaymentConfigArgs) ToMembershipMlPaymentConfigPtrOutput() MembershipMlPaymentConfigPtrOutput { + return i.ToMembershipMlPaymentConfigPtrOutputWithContext(context.Background()) +} + +func (i MembershipMlPaymentConfigArgs) ToMembershipMlPaymentConfigPtrOutputWithContext(ctx context.Context) MembershipMlPaymentConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(MembershipMlPaymentConfigOutput).ToMembershipMlPaymentConfigPtrOutputWithContext(ctx) +} + +// MembershipMlPaymentConfigPtrInput is an input type that accepts MembershipMlPaymentConfigArgs, MembershipMlPaymentConfigPtr and MembershipMlPaymentConfigPtrOutput values. +// You can construct a concrete instance of `MembershipMlPaymentConfigPtrInput` via: +// +// MembershipMlPaymentConfigArgs{...} +// +// or: +// +// nil +type MembershipMlPaymentConfigPtrInput interface { + pulumi.Input + + ToMembershipMlPaymentConfigPtrOutput() MembershipMlPaymentConfigPtrOutput + ToMembershipMlPaymentConfigPtrOutputWithContext(context.Context) MembershipMlPaymentConfigPtrOutput +} + +type membershipMlPaymentConfigPtrType MembershipMlPaymentConfigArgs + +func MembershipMlPaymentConfigPtr(v *MembershipMlPaymentConfigArgs) MembershipMlPaymentConfigPtrInput { + return (*membershipMlPaymentConfigPtrType)(v) +} + +func (*membershipMlPaymentConfigPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**MembershipMlPaymentConfig)(nil)).Elem() +} + +func (i *membershipMlPaymentConfigPtrType) ToMembershipMlPaymentConfigPtrOutput() MembershipMlPaymentConfigPtrOutput { + return i.ToMembershipMlPaymentConfigPtrOutputWithContext(context.Background()) +} + +func (i *membershipMlPaymentConfigPtrType) ToMembershipMlPaymentConfigPtrOutputWithContext(ctx context.Context) MembershipMlPaymentConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(MembershipMlPaymentConfigPtrOutput) +} + +type MembershipMlPaymentConfigOutput struct{ *pulumi.OutputState } + +func (MembershipMlPaymentConfigOutput) ElementType() reflect.Type { + return reflect.TypeOf((*MembershipMlPaymentConfig)(nil)).Elem() +} + +func (o MembershipMlPaymentConfigOutput) ToMembershipMlPaymentConfigOutput() MembershipMlPaymentConfigOutput { + return o +} + +func (o MembershipMlPaymentConfigOutput) ToMembershipMlPaymentConfigOutputWithContext(ctx context.Context) MembershipMlPaymentConfigOutput { + return o +} + +func (o MembershipMlPaymentConfigOutput) ToMembershipMlPaymentConfigPtrOutput() MembershipMlPaymentConfigPtrOutput { + return o.ToMembershipMlPaymentConfigPtrOutputWithContext(context.Background()) +} + +func (o MembershipMlPaymentConfigOutput) ToMembershipMlPaymentConfigPtrOutputWithContext(ctx context.Context) MembershipMlPaymentConfigPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v MembershipMlPaymentConfig) *MembershipMlPaymentConfig { + return &v + }).(MembershipMlPaymentConfigPtrOutput) +} + +func (o MembershipMlPaymentConfigOutput) ModelInference() MembershipModelInferencePaymentConfigPtrOutput { + return o.ApplyT(func(v MembershipMlPaymentConfig) *MembershipModelInferencePaymentConfig { return v.ModelInference }).(MembershipModelInferencePaymentConfigPtrOutput) +} + +func (o MembershipMlPaymentConfigOutput) ModelTraining() MembershipModelTrainingPaymentConfigPtrOutput { + return o.ApplyT(func(v MembershipMlPaymentConfig) *MembershipModelTrainingPaymentConfig { return v.ModelTraining }).(MembershipModelTrainingPaymentConfigPtrOutput) +} + +type MembershipMlPaymentConfigPtrOutput struct{ *pulumi.OutputState } + +func (MembershipMlPaymentConfigPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**MembershipMlPaymentConfig)(nil)).Elem() +} + +func (o MembershipMlPaymentConfigPtrOutput) ToMembershipMlPaymentConfigPtrOutput() MembershipMlPaymentConfigPtrOutput { + return o +} + +func (o MembershipMlPaymentConfigPtrOutput) ToMembershipMlPaymentConfigPtrOutputWithContext(ctx context.Context) MembershipMlPaymentConfigPtrOutput { + return o +} + +func (o MembershipMlPaymentConfigPtrOutput) Elem() MembershipMlPaymentConfigOutput { + return o.ApplyT(func(v *MembershipMlPaymentConfig) MembershipMlPaymentConfig { + if v != nil { + return *v + } + var ret MembershipMlPaymentConfig + return ret + }).(MembershipMlPaymentConfigOutput) +} + +func (o MembershipMlPaymentConfigPtrOutput) ModelInference() MembershipModelInferencePaymentConfigPtrOutput { + return o.ApplyT(func(v *MembershipMlPaymentConfig) *MembershipModelInferencePaymentConfig { + if v == nil { + return nil + } + return v.ModelInference + }).(MembershipModelInferencePaymentConfigPtrOutput) +} + +func (o MembershipMlPaymentConfigPtrOutput) ModelTraining() MembershipModelTrainingPaymentConfigPtrOutput { + return o.ApplyT(func(v *MembershipMlPaymentConfig) *MembershipModelTrainingPaymentConfig { + if v == nil { + return nil + } + return v.ModelTraining + }).(MembershipModelTrainingPaymentConfigPtrOutput) +} + +type MembershipModelInferencePaymentConfig struct { + IsResponsible bool `pulumi:"isResponsible"` +} + +// MembershipModelInferencePaymentConfigInput is an input type that accepts MembershipModelInferencePaymentConfigArgs and MembershipModelInferencePaymentConfigOutput values. +// You can construct a concrete instance of `MembershipModelInferencePaymentConfigInput` via: +// +// MembershipModelInferencePaymentConfigArgs{...} +type MembershipModelInferencePaymentConfigInput interface { + pulumi.Input + + ToMembershipModelInferencePaymentConfigOutput() MembershipModelInferencePaymentConfigOutput + ToMembershipModelInferencePaymentConfigOutputWithContext(context.Context) MembershipModelInferencePaymentConfigOutput +} + +type MembershipModelInferencePaymentConfigArgs struct { + IsResponsible pulumi.BoolInput `pulumi:"isResponsible"` +} + +func (MembershipModelInferencePaymentConfigArgs) ElementType() reflect.Type { + return reflect.TypeOf((*MembershipModelInferencePaymentConfig)(nil)).Elem() +} + +func (i MembershipModelInferencePaymentConfigArgs) ToMembershipModelInferencePaymentConfigOutput() MembershipModelInferencePaymentConfigOutput { + return i.ToMembershipModelInferencePaymentConfigOutputWithContext(context.Background()) +} + +func (i MembershipModelInferencePaymentConfigArgs) ToMembershipModelInferencePaymentConfigOutputWithContext(ctx context.Context) MembershipModelInferencePaymentConfigOutput { + return pulumi.ToOutputWithContext(ctx, i).(MembershipModelInferencePaymentConfigOutput) +} + +func (i MembershipModelInferencePaymentConfigArgs) ToMembershipModelInferencePaymentConfigPtrOutput() MembershipModelInferencePaymentConfigPtrOutput { + return i.ToMembershipModelInferencePaymentConfigPtrOutputWithContext(context.Background()) +} + +func (i MembershipModelInferencePaymentConfigArgs) ToMembershipModelInferencePaymentConfigPtrOutputWithContext(ctx context.Context) MembershipModelInferencePaymentConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(MembershipModelInferencePaymentConfigOutput).ToMembershipModelInferencePaymentConfigPtrOutputWithContext(ctx) +} + +// MembershipModelInferencePaymentConfigPtrInput is an input type that accepts MembershipModelInferencePaymentConfigArgs, MembershipModelInferencePaymentConfigPtr and MembershipModelInferencePaymentConfigPtrOutput values. +// You can construct a concrete instance of `MembershipModelInferencePaymentConfigPtrInput` via: +// +// MembershipModelInferencePaymentConfigArgs{...} +// +// or: +// +// nil +type MembershipModelInferencePaymentConfigPtrInput interface { + pulumi.Input + + ToMembershipModelInferencePaymentConfigPtrOutput() MembershipModelInferencePaymentConfigPtrOutput + ToMembershipModelInferencePaymentConfigPtrOutputWithContext(context.Context) MembershipModelInferencePaymentConfigPtrOutput +} + +type membershipModelInferencePaymentConfigPtrType MembershipModelInferencePaymentConfigArgs + +func MembershipModelInferencePaymentConfigPtr(v *MembershipModelInferencePaymentConfigArgs) MembershipModelInferencePaymentConfigPtrInput { + return (*membershipModelInferencePaymentConfigPtrType)(v) +} + +func (*membershipModelInferencePaymentConfigPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**MembershipModelInferencePaymentConfig)(nil)).Elem() +} + +func (i *membershipModelInferencePaymentConfigPtrType) ToMembershipModelInferencePaymentConfigPtrOutput() MembershipModelInferencePaymentConfigPtrOutput { + return i.ToMembershipModelInferencePaymentConfigPtrOutputWithContext(context.Background()) +} + +func (i *membershipModelInferencePaymentConfigPtrType) ToMembershipModelInferencePaymentConfigPtrOutputWithContext(ctx context.Context) MembershipModelInferencePaymentConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(MembershipModelInferencePaymentConfigPtrOutput) +} + +type MembershipModelInferencePaymentConfigOutput struct{ *pulumi.OutputState } + +func (MembershipModelInferencePaymentConfigOutput) ElementType() reflect.Type { + return reflect.TypeOf((*MembershipModelInferencePaymentConfig)(nil)).Elem() +} + +func (o MembershipModelInferencePaymentConfigOutput) ToMembershipModelInferencePaymentConfigOutput() MembershipModelInferencePaymentConfigOutput { + return o +} + +func (o MembershipModelInferencePaymentConfigOutput) ToMembershipModelInferencePaymentConfigOutputWithContext(ctx context.Context) MembershipModelInferencePaymentConfigOutput { + return o +} + +func (o MembershipModelInferencePaymentConfigOutput) ToMembershipModelInferencePaymentConfigPtrOutput() MembershipModelInferencePaymentConfigPtrOutput { + return o.ToMembershipModelInferencePaymentConfigPtrOutputWithContext(context.Background()) +} + +func (o MembershipModelInferencePaymentConfigOutput) ToMembershipModelInferencePaymentConfigPtrOutputWithContext(ctx context.Context) MembershipModelInferencePaymentConfigPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v MembershipModelInferencePaymentConfig) *MembershipModelInferencePaymentConfig { + return &v + }).(MembershipModelInferencePaymentConfigPtrOutput) +} + +func (o MembershipModelInferencePaymentConfigOutput) IsResponsible() pulumi.BoolOutput { + return o.ApplyT(func(v MembershipModelInferencePaymentConfig) bool { return v.IsResponsible }).(pulumi.BoolOutput) +} + +type MembershipModelInferencePaymentConfigPtrOutput struct{ *pulumi.OutputState } + +func (MembershipModelInferencePaymentConfigPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**MembershipModelInferencePaymentConfig)(nil)).Elem() +} + +func (o MembershipModelInferencePaymentConfigPtrOutput) ToMembershipModelInferencePaymentConfigPtrOutput() MembershipModelInferencePaymentConfigPtrOutput { + return o +} + +func (o MembershipModelInferencePaymentConfigPtrOutput) ToMembershipModelInferencePaymentConfigPtrOutputWithContext(ctx context.Context) MembershipModelInferencePaymentConfigPtrOutput { + return o +} + +func (o MembershipModelInferencePaymentConfigPtrOutput) Elem() MembershipModelInferencePaymentConfigOutput { + return o.ApplyT(func(v *MembershipModelInferencePaymentConfig) MembershipModelInferencePaymentConfig { + if v != nil { + return *v + } + var ret MembershipModelInferencePaymentConfig + return ret + }).(MembershipModelInferencePaymentConfigOutput) +} + +func (o MembershipModelInferencePaymentConfigPtrOutput) IsResponsible() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *MembershipModelInferencePaymentConfig) *bool { + if v == nil { + return nil + } + return &v.IsResponsible + }).(pulumi.BoolPtrOutput) +} + +type MembershipModelTrainingPaymentConfig struct { + IsResponsible bool `pulumi:"isResponsible"` +} + +// MembershipModelTrainingPaymentConfigInput is an input type that accepts MembershipModelTrainingPaymentConfigArgs and MembershipModelTrainingPaymentConfigOutput values. +// You can construct a concrete instance of `MembershipModelTrainingPaymentConfigInput` via: +// +// MembershipModelTrainingPaymentConfigArgs{...} +type MembershipModelTrainingPaymentConfigInput interface { + pulumi.Input + + ToMembershipModelTrainingPaymentConfigOutput() MembershipModelTrainingPaymentConfigOutput + ToMembershipModelTrainingPaymentConfigOutputWithContext(context.Context) MembershipModelTrainingPaymentConfigOutput +} + +type MembershipModelTrainingPaymentConfigArgs struct { + IsResponsible pulumi.BoolInput `pulumi:"isResponsible"` +} + +func (MembershipModelTrainingPaymentConfigArgs) ElementType() reflect.Type { + return reflect.TypeOf((*MembershipModelTrainingPaymentConfig)(nil)).Elem() +} + +func (i MembershipModelTrainingPaymentConfigArgs) ToMembershipModelTrainingPaymentConfigOutput() MembershipModelTrainingPaymentConfigOutput { + return i.ToMembershipModelTrainingPaymentConfigOutputWithContext(context.Background()) +} + +func (i MembershipModelTrainingPaymentConfigArgs) ToMembershipModelTrainingPaymentConfigOutputWithContext(ctx context.Context) MembershipModelTrainingPaymentConfigOutput { + return pulumi.ToOutputWithContext(ctx, i).(MembershipModelTrainingPaymentConfigOutput) +} + +func (i MembershipModelTrainingPaymentConfigArgs) ToMembershipModelTrainingPaymentConfigPtrOutput() MembershipModelTrainingPaymentConfigPtrOutput { + return i.ToMembershipModelTrainingPaymentConfigPtrOutputWithContext(context.Background()) +} + +func (i MembershipModelTrainingPaymentConfigArgs) ToMembershipModelTrainingPaymentConfigPtrOutputWithContext(ctx context.Context) MembershipModelTrainingPaymentConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(MembershipModelTrainingPaymentConfigOutput).ToMembershipModelTrainingPaymentConfigPtrOutputWithContext(ctx) +} + +// MembershipModelTrainingPaymentConfigPtrInput is an input type that accepts MembershipModelTrainingPaymentConfigArgs, MembershipModelTrainingPaymentConfigPtr and MembershipModelTrainingPaymentConfigPtrOutput values. +// You can construct a concrete instance of `MembershipModelTrainingPaymentConfigPtrInput` via: +// +// MembershipModelTrainingPaymentConfigArgs{...} +// +// or: +// +// nil +type MembershipModelTrainingPaymentConfigPtrInput interface { + pulumi.Input + + ToMembershipModelTrainingPaymentConfigPtrOutput() MembershipModelTrainingPaymentConfigPtrOutput + ToMembershipModelTrainingPaymentConfigPtrOutputWithContext(context.Context) MembershipModelTrainingPaymentConfigPtrOutput +} + +type membershipModelTrainingPaymentConfigPtrType MembershipModelTrainingPaymentConfigArgs + +func MembershipModelTrainingPaymentConfigPtr(v *MembershipModelTrainingPaymentConfigArgs) MembershipModelTrainingPaymentConfigPtrInput { + return (*membershipModelTrainingPaymentConfigPtrType)(v) +} + +func (*membershipModelTrainingPaymentConfigPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**MembershipModelTrainingPaymentConfig)(nil)).Elem() +} + +func (i *membershipModelTrainingPaymentConfigPtrType) ToMembershipModelTrainingPaymentConfigPtrOutput() MembershipModelTrainingPaymentConfigPtrOutput { + return i.ToMembershipModelTrainingPaymentConfigPtrOutputWithContext(context.Background()) +} + +func (i *membershipModelTrainingPaymentConfigPtrType) ToMembershipModelTrainingPaymentConfigPtrOutputWithContext(ctx context.Context) MembershipModelTrainingPaymentConfigPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(MembershipModelTrainingPaymentConfigPtrOutput) +} + +type MembershipModelTrainingPaymentConfigOutput struct{ *pulumi.OutputState } + +func (MembershipModelTrainingPaymentConfigOutput) ElementType() reflect.Type { + return reflect.TypeOf((*MembershipModelTrainingPaymentConfig)(nil)).Elem() +} + +func (o MembershipModelTrainingPaymentConfigOutput) ToMembershipModelTrainingPaymentConfigOutput() MembershipModelTrainingPaymentConfigOutput { + return o +} + +func (o MembershipModelTrainingPaymentConfigOutput) ToMembershipModelTrainingPaymentConfigOutputWithContext(ctx context.Context) MembershipModelTrainingPaymentConfigOutput { + return o +} + +func (o MembershipModelTrainingPaymentConfigOutput) ToMembershipModelTrainingPaymentConfigPtrOutput() MembershipModelTrainingPaymentConfigPtrOutput { + return o.ToMembershipModelTrainingPaymentConfigPtrOutputWithContext(context.Background()) +} + +func (o MembershipModelTrainingPaymentConfigOutput) ToMembershipModelTrainingPaymentConfigPtrOutputWithContext(ctx context.Context) MembershipModelTrainingPaymentConfigPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v MembershipModelTrainingPaymentConfig) *MembershipModelTrainingPaymentConfig { + return &v + }).(MembershipModelTrainingPaymentConfigPtrOutput) +} + +func (o MembershipModelTrainingPaymentConfigOutput) IsResponsible() pulumi.BoolOutput { + return o.ApplyT(func(v MembershipModelTrainingPaymentConfig) bool { return v.IsResponsible }).(pulumi.BoolOutput) +} + +type MembershipModelTrainingPaymentConfigPtrOutput struct{ *pulumi.OutputState } + +func (MembershipModelTrainingPaymentConfigPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**MembershipModelTrainingPaymentConfig)(nil)).Elem() +} + +func (o MembershipModelTrainingPaymentConfigPtrOutput) ToMembershipModelTrainingPaymentConfigPtrOutput() MembershipModelTrainingPaymentConfigPtrOutput { + return o +} + +func (o MembershipModelTrainingPaymentConfigPtrOutput) ToMembershipModelTrainingPaymentConfigPtrOutputWithContext(ctx context.Context) MembershipModelTrainingPaymentConfigPtrOutput { + return o +} + +func (o MembershipModelTrainingPaymentConfigPtrOutput) Elem() MembershipModelTrainingPaymentConfigOutput { + return o.ApplyT(func(v *MembershipModelTrainingPaymentConfig) MembershipModelTrainingPaymentConfig { + if v != nil { + return *v + } + var ret MembershipModelTrainingPaymentConfig + return ret + }).(MembershipModelTrainingPaymentConfigOutput) +} + +func (o MembershipModelTrainingPaymentConfigPtrOutput) IsResponsible() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *MembershipModelTrainingPaymentConfig) *bool { + if v == nil { + return nil + } + return &v.IsResponsible + }).(pulumi.BoolPtrOutput) +} + type MembershipPaymentConfiguration struct { + MachineLearning *MembershipMlPaymentConfig `pulumi:"machineLearning"` // The payment responsibilities accepted by the collaboration member for query compute costs. QueryCompute MembershipQueryComputePaymentConfig `pulumi:"queryCompute"` } @@ -3407,6 +4453,7 @@ type MembershipPaymentConfigurationInput interface { } type MembershipPaymentConfigurationArgs struct { + MachineLearning MembershipMlPaymentConfigPtrInput `pulumi:"machineLearning"` // The payment responsibilities accepted by the collaboration member for query compute costs. QueryCompute MembershipQueryComputePaymentConfigInput `pulumi:"queryCompute"` } @@ -3488,6 +4535,10 @@ func (o MembershipPaymentConfigurationOutput) ToMembershipPaymentConfigurationPt }).(MembershipPaymentConfigurationPtrOutput) } +func (o MembershipPaymentConfigurationOutput) MachineLearning() MembershipMlPaymentConfigPtrOutput { + return o.ApplyT(func(v MembershipPaymentConfiguration) *MembershipMlPaymentConfig { return v.MachineLearning }).(MembershipMlPaymentConfigPtrOutput) +} + // The payment responsibilities accepted by the collaboration member for query compute costs. func (o MembershipPaymentConfigurationOutput) QueryCompute() MembershipQueryComputePaymentConfigOutput { return o.ApplyT(func(v MembershipPaymentConfiguration) MembershipQueryComputePaymentConfig { return v.QueryCompute }).(MembershipQueryComputePaymentConfigOutput) @@ -3517,6 +4568,15 @@ func (o MembershipPaymentConfigurationPtrOutput) Elem() MembershipPaymentConfigu }).(MembershipPaymentConfigurationOutput) } +func (o MembershipPaymentConfigurationPtrOutput) MachineLearning() MembershipMlPaymentConfigPtrOutput { + return o.ApplyT(func(v *MembershipPaymentConfiguration) *MembershipMlPaymentConfig { + if v == nil { + return nil + } + return v.MachineLearning + }).(MembershipMlPaymentConfigPtrOutput) +} + // The payment responsibilities accepted by the collaboration member for query compute costs. func (o MembershipPaymentConfigurationPtrOutput) QueryCompute() MembershipQueryComputePaymentConfigPtrOutput { return o.ApplyT(func(v *MembershipPaymentConfiguration) *MembershipQueryComputePaymentConfig { @@ -4317,6 +5377,14 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*CollaborationDataEncryptionMetadataPtrInput)(nil)).Elem(), CollaborationDataEncryptionMetadataArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*CollaborationMemberSpecificationInput)(nil)).Elem(), CollaborationMemberSpecificationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*CollaborationMemberSpecificationArrayInput)(nil)).Elem(), CollaborationMemberSpecificationArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*CollaborationMlMemberAbilitiesInput)(nil)).Elem(), CollaborationMlMemberAbilitiesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*CollaborationMlMemberAbilitiesPtrInput)(nil)).Elem(), CollaborationMlMemberAbilitiesArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*CollaborationMlPaymentConfigInput)(nil)).Elem(), CollaborationMlPaymentConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*CollaborationMlPaymentConfigPtrInput)(nil)).Elem(), CollaborationMlPaymentConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*CollaborationModelInferencePaymentConfigInput)(nil)).Elem(), CollaborationModelInferencePaymentConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*CollaborationModelInferencePaymentConfigPtrInput)(nil)).Elem(), CollaborationModelInferencePaymentConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*CollaborationModelTrainingPaymentConfigInput)(nil)).Elem(), CollaborationModelTrainingPaymentConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*CollaborationModelTrainingPaymentConfigPtrInput)(nil)).Elem(), CollaborationModelTrainingPaymentConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*CollaborationPaymentConfigurationInput)(nil)).Elem(), CollaborationPaymentConfigurationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*CollaborationPaymentConfigurationPtrInput)(nil)).Elem(), CollaborationPaymentConfigurationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*CollaborationQueryComputePaymentConfigInput)(nil)).Elem(), CollaborationQueryComputePaymentConfigArgs{}) @@ -4360,6 +5428,12 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*IdNamespaceAssociationIdMappingConfigInput)(nil)).Elem(), IdNamespaceAssociationIdMappingConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*IdNamespaceAssociationIdMappingConfigPtrInput)(nil)).Elem(), IdNamespaceAssociationIdMappingConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*IdNamespaceAssociationInputReferenceConfigInput)(nil)).Elem(), IdNamespaceAssociationInputReferenceConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*MembershipMlPaymentConfigInput)(nil)).Elem(), MembershipMlPaymentConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*MembershipMlPaymentConfigPtrInput)(nil)).Elem(), MembershipMlPaymentConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*MembershipModelInferencePaymentConfigInput)(nil)).Elem(), MembershipModelInferencePaymentConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*MembershipModelInferencePaymentConfigPtrInput)(nil)).Elem(), MembershipModelInferencePaymentConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*MembershipModelTrainingPaymentConfigInput)(nil)).Elem(), MembershipModelTrainingPaymentConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*MembershipModelTrainingPaymentConfigPtrInput)(nil)).Elem(), MembershipModelTrainingPaymentConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*MembershipPaymentConfigurationInput)(nil)).Elem(), MembershipPaymentConfigurationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*MembershipPaymentConfigurationPtrInput)(nil)).Elem(), MembershipPaymentConfigurationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*MembershipProtectedQueryOutputConfigurationInput)(nil)).Elem(), MembershipProtectedQueryOutputConfigurationArgs{}) @@ -4380,6 +5454,14 @@ func init() { pulumi.RegisterOutputType(CollaborationDataEncryptionMetadataPtrOutput{}) pulumi.RegisterOutputType(CollaborationMemberSpecificationOutput{}) pulumi.RegisterOutputType(CollaborationMemberSpecificationArrayOutput{}) + pulumi.RegisterOutputType(CollaborationMlMemberAbilitiesOutput{}) + pulumi.RegisterOutputType(CollaborationMlMemberAbilitiesPtrOutput{}) + pulumi.RegisterOutputType(CollaborationMlPaymentConfigOutput{}) + pulumi.RegisterOutputType(CollaborationMlPaymentConfigPtrOutput{}) + pulumi.RegisterOutputType(CollaborationModelInferencePaymentConfigOutput{}) + pulumi.RegisterOutputType(CollaborationModelInferencePaymentConfigPtrOutput{}) + pulumi.RegisterOutputType(CollaborationModelTrainingPaymentConfigOutput{}) + pulumi.RegisterOutputType(CollaborationModelTrainingPaymentConfigPtrOutput{}) pulumi.RegisterOutputType(CollaborationPaymentConfigurationOutput{}) pulumi.RegisterOutputType(CollaborationPaymentConfigurationPtrOutput{}) pulumi.RegisterOutputType(CollaborationQueryComputePaymentConfigOutput{}) @@ -4431,6 +5513,12 @@ func init() { pulumi.RegisterOutputType(IdNamespaceAssociationInputReferenceConfigOutput{}) pulumi.RegisterOutputType(IdNamespaceAssociationInputReferencePropertiesOutput{}) pulumi.RegisterOutputType(IdNamespaceAssociationInputReferencePropertiesPtrOutput{}) + pulumi.RegisterOutputType(MembershipMlPaymentConfigOutput{}) + pulumi.RegisterOutputType(MembershipMlPaymentConfigPtrOutput{}) + pulumi.RegisterOutputType(MembershipModelInferencePaymentConfigOutput{}) + pulumi.RegisterOutputType(MembershipModelInferencePaymentConfigPtrOutput{}) + pulumi.RegisterOutputType(MembershipModelTrainingPaymentConfigOutput{}) + pulumi.RegisterOutputType(MembershipModelTrainingPaymentConfigPtrOutput{}) pulumi.RegisterOutputType(MembershipPaymentConfigurationOutput{}) pulumi.RegisterOutputType(MembershipPaymentConfigurationPtrOutput{}) pulumi.RegisterOutputType(MembershipProtectedQueryOutputConfigurationOutput{}) diff --git a/sdk/go/aws/cognito/getUserPool.go b/sdk/go/aws/cognito/getUserPool.go index 12a2fde32e..4c45dbd265 100644 --- a/sdk/go/aws/cognito/getUserPool.go +++ b/sdk/go/aws/cognito/getUserPool.go @@ -32,13 +32,13 @@ type LookupUserPoolResult struct { AccountRecoverySetting *UserPoolAccountRecoverySetting `pulumi:"accountRecoverySetting"` // The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. // - // This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + // This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . AdminCreateUserConfig *UserPoolAdminCreateUserConfig `pulumi:"adminCreateUserConfig"` - // Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + // Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . AliasAttributes []string `pulumi:"aliasAttributes"` // The Amazon Resource Name (ARN) of the user pool, such as `arn:aws:cognito-idp:us-east-1:123412341234:userpool/us-east-1_123412341` . Arn *string `pulumi:"arn"` - // The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + // The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . AutoVerifiedAttributes []string `pulumi:"autoVerifiedAttributes"` // When active, `DeletionProtection` prevents accidental deletion of your user // pool. Before you can delete a user pool that you have protected against deletion, you @@ -60,15 +60,13 @@ type LookupUserPoolResult struct { EmailVerificationSubject *string `pulumi:"emailVerificationSubject"` // A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of authentication operations. Triggers can modify the outcome of the operations that invoked them. LambdaConfig *UserPoolLambdaConfig `pulumi:"lambdaConfig"` - // The multi-factor authentication (MFA) configuration. Valid values include: + // Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . // - // - `OFF` MFA won't be used for any users. - // - `ON` MFA is required for all users to sign in. - // - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + // When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. MfaConfiguration *string `pulumi:"mfaConfiguration"` // A list of user pool policies. Contains the policy that sets password-complexity requirements. // - // This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + // This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . Policies *UserPoolPolicies `pulumi:"policies"` // A friendly name for the IdP. ProviderName *string `pulumi:"providerName"` @@ -78,7 +76,7 @@ type LookupUserPoolResult struct { Schema []UserPoolSchemaAttribute `pulumi:"schema"` // The contents of the SMS authentication message. SmsAuthenticationMessage *string `pulumi:"smsAuthenticationMessage"` - // The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + // The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . SmsConfiguration *UserPoolSmsConfiguration `pulumi:"smsConfiguration"` // This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html) . SmsVerificationMessage *string `pulumi:"smsVerificationMessage"` @@ -86,13 +84,13 @@ type LookupUserPoolResult struct { // a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users' email address and phone number attributes. For // more information, see [Verifying updates to email addresses and phone numbers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates) . UserAttributeUpdateSettings *UserPoolUserAttributeUpdateSettings `pulumi:"userAttributeUpdateSettings"` - // User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + // Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . // // For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . UserPoolAddOns *UserPoolAddOns `pulumi:"userPoolAddOns"` // The ID of the user pool. UserPoolId *string `pulumi:"userPoolId"` - // A friendlhy name for your user pool. + // A friendly name for your user pool. UserPoolName *string `pulumi:"userPoolName"` // The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria. UserPoolTags map[string]string `pulumi:"userPoolTags"` @@ -161,12 +159,12 @@ func (o LookupUserPoolResultOutput) AccountRecoverySetting() UserPoolAccountReco // The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. // -// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . +// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . func (o LookupUserPoolResultOutput) AdminCreateUserConfig() UserPoolAdminCreateUserConfigPtrOutput { return o.ApplyT(func(v LookupUserPoolResult) *UserPoolAdminCreateUserConfig { return v.AdminCreateUserConfig }).(UserPoolAdminCreateUserConfigPtrOutput) } -// Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . +// Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . func (o LookupUserPoolResultOutput) AliasAttributes() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupUserPoolResult) []string { return v.AliasAttributes }).(pulumi.StringArrayOutput) } @@ -176,7 +174,7 @@ func (o LookupUserPoolResultOutput) Arn() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupUserPoolResult) *string { return v.Arn }).(pulumi.StringPtrOutput) } -// The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . +// The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . func (o LookupUserPoolResultOutput) AutoVerifiedAttributes() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupUserPoolResult) []string { return v.AutoVerifiedAttributes }).(pulumi.StringArrayOutput) } @@ -225,18 +223,16 @@ func (o LookupUserPoolResultOutput) LambdaConfig() UserPoolLambdaConfigPtrOutput return o.ApplyT(func(v LookupUserPoolResult) *UserPoolLambdaConfig { return v.LambdaConfig }).(UserPoolLambdaConfigPtrOutput) } -// The multi-factor authentication (MFA) configuration. Valid values include: +// Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . // -// - `OFF` MFA won't be used for any users. -// - `ON` MFA is required for all users to sign in. -// - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. +// When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. func (o LookupUserPoolResultOutput) MfaConfiguration() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupUserPoolResult) *string { return v.MfaConfiguration }).(pulumi.StringPtrOutput) } // A list of user pool policies. Contains the policy that sets password-complexity requirements. // -// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . +// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . func (o LookupUserPoolResultOutput) Policies() UserPoolPoliciesPtrOutput { return o.ApplyT(func(v LookupUserPoolResult) *UserPoolPolicies { return v.Policies }).(UserPoolPoliciesPtrOutput) } @@ -261,7 +257,7 @@ func (o LookupUserPoolResultOutput) SmsAuthenticationMessage() pulumi.StringPtrO return o.ApplyT(func(v LookupUserPoolResult) *string { return v.SmsAuthenticationMessage }).(pulumi.StringPtrOutput) } -// The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . +// The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . func (o LookupUserPoolResultOutput) SmsConfiguration() UserPoolSmsConfigurationPtrOutput { return o.ApplyT(func(v LookupUserPoolResult) *UserPoolSmsConfiguration { return v.SmsConfiguration }).(UserPoolSmsConfigurationPtrOutput) } @@ -280,7 +276,7 @@ func (o LookupUserPoolResultOutput) UserAttributeUpdateSettings() UserPoolUserAt }).(UserPoolUserAttributeUpdateSettingsPtrOutput) } -// User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . +// Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . // // For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . func (o LookupUserPoolResultOutput) UserPoolAddOns() UserPoolAddOnsPtrOutput { @@ -292,7 +288,7 @@ func (o LookupUserPoolResultOutput) UserPoolId() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupUserPoolResult) *string { return v.UserPoolId }).(pulumi.StringPtrOutput) } -// A friendlhy name for your user pool. +// A friendly name for your user pool. func (o LookupUserPoolResultOutput) UserPoolName() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupUserPoolResult) *string { return v.UserPoolName }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/aws/cognito/getUserPoolClient.go b/sdk/go/aws/cognito/getUserPoolClient.go index 0bfd963fb5..e45b64c2b2 100644 --- a/sdk/go/aws/cognito/getUserPoolClient.go +++ b/sdk/go/aws/cognito/getUserPoolClient.go @@ -40,24 +40,24 @@ type LookupUserPoolClientResult struct { // If you don't specify otherwise in the configuration of your app client, your access // tokens are valid for one hour. AccessTokenValidity *int `pulumi:"accessTokenValidity"` - // The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + // The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. // // - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - // - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - // - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. + // - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + // - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. AllowedOAuthFlows []string `pulumi:"allowedOAuthFlows"` - // Set to `true` to use OAuth 2.0 features in your user pool app client. + // Set to `true` to use OAuth 2.0 authorization server features in your app client. // - // `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + // This parameter must have a value of `true` before you can configure the following features in your app client. // // - `CallBackURLs` : Callback URLs. // - `LogoutURLs` : Sign-out redirect URLs. // - `AllowedOAuthScopes` : OAuth 2.0 scopes. // - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. // - // To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . + // To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. AllowedOAuthFlowsUserPoolClient *bool `pulumi:"allowedOAuthFlowsUserPoolClient"` - // The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + // The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. AllowedOAuthScopes []string `pulumi:"allowedOAuthScopes"` // The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign. // @@ -65,9 +65,9 @@ type LookupUserPoolClientResult struct { AnalyticsConfiguration *UserPoolClientAnalyticsConfiguration `pulumi:"analyticsConfiguration"` // Amazon Cognito creates a session token for each API request in an authentication flow. `AuthSessionValidity` is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. AuthSessionValidity *int `pulumi:"authSessionValidity"` - // A list of allowed redirect (callback) URLs for the IdPs. + // A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. // - // A redirect URI must: + // A redirect URI must meet the following requirements: // // - Be an absolute URI. // - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -86,17 +86,19 @@ type LookupUserPoolClientResult struct { ClientSecret *string `pulumi:"clientSecret"` // The default redirect URI. In app clients with one assigned IdP, replaces `redirect_uri` in authentication requests. Must be in the `CallbackURLs` list. DefaultRedirectUri *string `pulumi:"defaultRedirectUri"` - // Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + // When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. EnablePropagateAdditionalUserContextData *bool `pulumi:"enablePropagateAdditionalUserContextData"` - // Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + // Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + // + // Revoke tokens with `API_RevokeToken` . // // If you don't include this parameter, token revocation is automatically activated for the new user pool client. EnableTokenRevocation *bool `pulumi:"enableTokenRevocation"` - // The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + // The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. // - // > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + // > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . // - // Valid values include: + // The values for authentication flow options include the following. // // - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . // @@ -119,7 +121,7 @@ type LookupUserPoolClientResult struct { // If you don't specify otherwise in the configuration of your app client, your ID // tokens are valid for one hour. IdTokenValidity *int `pulumi:"idTokenValidity"` - // A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + // A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . LogoutUrls []string `pulumi:"logoutUrls"` Name *string `pulumi:"name"` // Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to `ENABLED` and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs return a `UserNotFoundException` exception if the user doesn't exist in the user pool. @@ -131,9 +133,11 @@ type LookupUserPoolClientResult struct { // // Defaults to `LEGACY` when you don't provide a value. PreventUserExistenceErrors *string `pulumi:"preventUserExistenceErrors"` - // The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + // The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. // - // When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + // An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + // + // When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. ReadAttributes []string `pulumi:"readAttributes"` // The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for `RefreshTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request. // @@ -147,11 +151,13 @@ type LookupUserPoolClientResult struct { RefreshTokenValidity *int `pulumi:"refreshTokenValidity"` // A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . // - // This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + // This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . SupportedIdentityProviders []string `pulumi:"supportedIdentityProviders"` // The units that validity times are represented in. The default unit for refresh tokens is days, and the default for ID and access tokens are hours. TokenValidityUnits *UserPoolClientTokenValidityUnits `pulumi:"tokenValidityUnits"` - // The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + // The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + // + // An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. // // When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. // @@ -206,30 +212,30 @@ func (o LookupUserPoolClientResultOutput) AccessTokenValidity() pulumi.IntPtrOut return o.ApplyT(func(v LookupUserPoolClientResult) *int { return v.AccessTokenValidity }).(pulumi.IntPtrOutput) } -// The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. +// The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. // // - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. -// - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. -// - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. +// - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. +// - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. func (o LookupUserPoolClientResultOutput) AllowedOAuthFlows() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupUserPoolClientResult) []string { return v.AllowedOAuthFlows }).(pulumi.StringArrayOutput) } -// Set to `true` to use OAuth 2.0 features in your user pool app client. +// Set to `true` to use OAuth 2.0 authorization server features in your app client. // -// `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. +// This parameter must have a value of `true` before you can configure the following features in your app client. // // - `CallBackURLs` : Callback URLs. // - `LogoutURLs` : Sign-out redirect URLs. // - `AllowedOAuthScopes` : OAuth 2.0 scopes. // - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. // -// To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . +// To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. func (o LookupUserPoolClientResultOutput) AllowedOAuthFlowsUserPoolClient() pulumi.BoolPtrOutput { return o.ApplyT(func(v LookupUserPoolClientResult) *bool { return v.AllowedOAuthFlowsUserPoolClient }).(pulumi.BoolPtrOutput) } -// The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. +// The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. func (o LookupUserPoolClientResultOutput) AllowedOAuthScopes() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupUserPoolClientResult) []string { return v.AllowedOAuthScopes }).(pulumi.StringArrayOutput) } @@ -248,9 +254,9 @@ func (o LookupUserPoolClientResultOutput) AuthSessionValidity() pulumi.IntPtrOut return o.ApplyT(func(v LookupUserPoolClientResult) *int { return v.AuthSessionValidity }).(pulumi.IntPtrOutput) } -// A list of allowed redirect (callback) URLs for the IdPs. +// A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. // -// A redirect URI must: +// A redirect URI must meet the following requirements: // // - Be an absolute URI. // - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -284,23 +290,25 @@ func (o LookupUserPoolClientResultOutput) DefaultRedirectUri() pulumi.StringPtrO return o.ApplyT(func(v LookupUserPoolClientResult) *string { return v.DefaultRedirectUri }).(pulumi.StringPtrOutput) } -// Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. +// When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. func (o LookupUserPoolClientResultOutput) EnablePropagateAdditionalUserContextData() pulumi.BoolPtrOutput { return o.ApplyT(func(v LookupUserPoolClientResult) *bool { return v.EnablePropagateAdditionalUserContextData }).(pulumi.BoolPtrOutput) } -// Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . +// Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. +// +// Revoke tokens with `API_RevokeToken` . // // If you don't include this parameter, token revocation is automatically activated for the new user pool client. func (o LookupUserPoolClientResultOutput) EnableTokenRevocation() pulumi.BoolPtrOutput { return o.ApplyT(func(v LookupUserPoolClientResult) *bool { return v.EnableTokenRevocation }).(pulumi.BoolPtrOutput) } -// The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. +// The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. // -// > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . +// > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . // -// Valid values include: +// The values for authentication flow options include the following. // // - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . // @@ -329,7 +337,7 @@ func (o LookupUserPoolClientResultOutput) IdTokenValidity() pulumi.IntPtrOutput return o.ApplyT(func(v LookupUserPoolClientResult) *int { return v.IdTokenValidity }).(pulumi.IntPtrOutput) } -// A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . +// A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . func (o LookupUserPoolClientResultOutput) LogoutUrls() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupUserPoolClientResult) []string { return v.LogoutUrls }).(pulumi.StringArrayOutput) } @@ -350,9 +358,11 @@ func (o LookupUserPoolClientResultOutput) PreventUserExistenceErrors() pulumi.St return o.ApplyT(func(v LookupUserPoolClientResult) *string { return v.PreventUserExistenceErrors }).(pulumi.StringPtrOutput) } -// The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. +// The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. // -// When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. +// An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. +// +// When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. func (o LookupUserPoolClientResultOutput) ReadAttributes() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupUserPoolClientResult) []string { return v.ReadAttributes }).(pulumi.StringArrayOutput) } @@ -372,7 +382,7 @@ func (o LookupUserPoolClientResultOutput) RefreshTokenValidity() pulumi.IntPtrOu // A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . // -// This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . +// This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . func (o LookupUserPoolClientResultOutput) SupportedIdentityProviders() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupUserPoolClientResult) []string { return v.SupportedIdentityProviders }).(pulumi.StringArrayOutput) } @@ -382,7 +392,9 @@ func (o LookupUserPoolClientResultOutput) TokenValidityUnits() UserPoolClientTok return o.ApplyT(func(v LookupUserPoolClientResult) *UserPoolClientTokenValidityUnits { return v.TokenValidityUnits }).(UserPoolClientTokenValidityUnitsPtrOutput) } -// The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. +// The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. +// +// An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. // // When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. // diff --git a/sdk/go/aws/cognito/getUserPoolDomain.go b/sdk/go/aws/cognito/getUserPoolDomain.go index 2d70efefdc..a04097743b 100644 --- a/sdk/go/aws/cognito/getUserPoolDomain.go +++ b/sdk/go/aws/cognito/getUserPoolDomain.go @@ -30,9 +30,11 @@ type LookupUserPoolDomainArgs struct { type LookupUserPoolDomainResult struct { // The Amazon CloudFront endpoint that you use as the target of the alias that you set up with your Domain Name Service (DNS) provider. CloudFrontDistribution *string `pulumi:"cloudFrontDistribution"` - // The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + // The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . // - // When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. + // When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. + // + // Update the RP ID in a `API_SetUserPoolMfaConfig` request. CustomDomainConfig *UserPoolDomainCustomDomainConfigType `pulumi:"customDomainConfig"` // The resource ID. Id *string `pulumi:"id"` @@ -77,9 +79,11 @@ func (o LookupUserPoolDomainResultOutput) CloudFrontDistribution() pulumi.String return o.ApplyT(func(v LookupUserPoolDomainResult) *string { return v.CloudFrontDistribution }).(pulumi.StringPtrOutput) } -// The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. +// The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . +// +// When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. // -// When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. +// Update the RP ID in a `API_SetUserPoolMfaConfig` request. func (o LookupUserPoolDomainResultOutput) CustomDomainConfig() UserPoolDomainCustomDomainConfigTypePtrOutput { return o.ApplyT(func(v LookupUserPoolDomainResult) *UserPoolDomainCustomDomainConfigType { return v.CustomDomainConfig }).(UserPoolDomainCustomDomainConfigTypePtrOutput) } diff --git a/sdk/go/aws/cognito/getUserPoolRiskConfigurationAttachment.go b/sdk/go/aws/cognito/getUserPoolRiskConfigurationAttachment.go index 6fddadc5e9..b237067e69 100644 --- a/sdk/go/aws/cognito/getUserPoolRiskConfigurationAttachment.go +++ b/sdk/go/aws/cognito/getUserPoolRiskConfigurationAttachment.go @@ -30,9 +30,9 @@ type LookupUserPoolRiskConfigurationAttachmentArgs struct { } type LookupUserPoolRiskConfigurationAttachmentResult struct { - // The settings for automated responses and notification templates for adaptive authentication with advanced security features. + // The settings for automated responses and notification templates for adaptive authentication with threat protection. AccountTakeoverRiskConfiguration *UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType `pulumi:"accountTakeoverRiskConfiguration"` - // Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + // Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. CompromisedCredentialsRiskConfiguration *UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType `pulumi:"compromisedCredentialsRiskConfiguration"` // Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges. RiskExceptionConfiguration *UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationType `pulumi:"riskExceptionConfiguration"` @@ -72,14 +72,14 @@ func (o LookupUserPoolRiskConfigurationAttachmentResultOutput) ToLookupUserPoolR return o } -// The settings for automated responses and notification templates for adaptive authentication with advanced security features. +// The settings for automated responses and notification templates for adaptive authentication with threat protection. func (o LookupUserPoolRiskConfigurationAttachmentResultOutput) AccountTakeoverRiskConfiguration() UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypePtrOutput { return o.ApplyT(func(v LookupUserPoolRiskConfigurationAttachmentResult) *UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType { return v.AccountTakeoverRiskConfiguration }).(UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypePtrOutput) } -// Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. +// Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. func (o LookupUserPoolRiskConfigurationAttachmentResultOutput) CompromisedCredentialsRiskConfiguration() UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationTypePtrOutput { return o.ApplyT(func(v LookupUserPoolRiskConfigurationAttachmentResult) *UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType { return v.CompromisedCredentialsRiskConfiguration diff --git a/sdk/go/aws/cognito/getUserPoolUiCustomizationAttachment.go b/sdk/go/aws/cognito/getUserPoolUiCustomizationAttachment.go index c0020596dd..2e4f610fd4 100644 --- a/sdk/go/aws/cognito/getUserPoolUiCustomizationAttachment.go +++ b/sdk/go/aws/cognito/getUserPoolUiCustomizationAttachment.go @@ -25,12 +25,12 @@ func LookupUserPoolUiCustomizationAttachment(ctx *pulumi.Context, args *LookupUs type LookupUserPoolUiCustomizationAttachmentArgs struct { // The app client ID for your UI customization. When this value isn't present, the customization applies to all user pool app clients that don't have client-level settings.. ClientId string `pulumi:"clientId"` - // The ID of the user pool. + // The ID of the user pool where you want to apply branding to the classic hosted UI. UserPoolId string `pulumi:"userPoolId"` } type LookupUserPoolUiCustomizationAttachmentResult struct { - // The CSS values in the UI customization. + // A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . Css *string `pulumi:"css"` } @@ -46,7 +46,7 @@ func LookupUserPoolUiCustomizationAttachmentOutput(ctx *pulumi.Context, args Loo type LookupUserPoolUiCustomizationAttachmentOutputArgs struct { // The app client ID for your UI customization. When this value isn't present, the customization applies to all user pool app clients that don't have client-level settings.. ClientId pulumi.StringInput `pulumi:"clientId"` - // The ID of the user pool. + // The ID of the user pool where you want to apply branding to the classic hosted UI. UserPoolId pulumi.StringInput `pulumi:"userPoolId"` } @@ -68,7 +68,7 @@ func (o LookupUserPoolUiCustomizationAttachmentResultOutput) ToLookupUserPoolUiC return o } -// The CSS values in the UI customization. +// A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . func (o LookupUserPoolUiCustomizationAttachmentResultOutput) Css() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupUserPoolUiCustomizationAttachmentResult) *string { return v.Css }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/aws/cognito/pulumiTypes.go b/sdk/go/aws/cognito/pulumiTypes.go index 99037c99fe..eb9bc12ef4 100644 --- a/sdk/go/aws/cognito/pulumiTypes.go +++ b/sdk/go/aws/cognito/pulumiTypes.go @@ -1619,9 +1619,9 @@ func (o UserPoolAccountRecoverySettingPtrOutput) RecoveryMechanisms() UserPoolRe } type UserPoolAddOns struct { - // Advanced security configuration options for additional authentication types in your user pool, including custom authentication. + // Threat protection configuration options for additional authentication types in your user pool, including custom authentication. AdvancedSecurityAdditionalFlows *UserPoolAdvancedSecurityAdditionalFlows `pulumi:"advancedSecurityAdditionalFlows"` - // The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. + // The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. AdvancedSecurityMode *string `pulumi:"advancedSecurityMode"` } @@ -1637,9 +1637,9 @@ type UserPoolAddOnsInput interface { } type UserPoolAddOnsArgs struct { - // Advanced security configuration options for additional authentication types in your user pool, including custom authentication. + // Threat protection configuration options for additional authentication types in your user pool, including custom authentication. AdvancedSecurityAdditionalFlows UserPoolAdvancedSecurityAdditionalFlowsPtrInput `pulumi:"advancedSecurityAdditionalFlows"` - // The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. + // The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. AdvancedSecurityMode pulumi.StringPtrInput `pulumi:"advancedSecurityMode"` } @@ -1720,14 +1720,14 @@ func (o UserPoolAddOnsOutput) ToUserPoolAddOnsPtrOutputWithContext(ctx context.C }).(UserPoolAddOnsPtrOutput) } -// Advanced security configuration options for additional authentication types in your user pool, including custom authentication. +// Threat protection configuration options for additional authentication types in your user pool, including custom authentication. func (o UserPoolAddOnsOutput) AdvancedSecurityAdditionalFlows() UserPoolAdvancedSecurityAdditionalFlowsPtrOutput { return o.ApplyT(func(v UserPoolAddOns) *UserPoolAdvancedSecurityAdditionalFlows { return v.AdvancedSecurityAdditionalFlows }).(UserPoolAdvancedSecurityAdditionalFlowsPtrOutput) } -// The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. +// The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. func (o UserPoolAddOnsOutput) AdvancedSecurityMode() pulumi.StringPtrOutput { return o.ApplyT(func(v UserPoolAddOns) *string { return v.AdvancedSecurityMode }).(pulumi.StringPtrOutput) } @@ -1756,7 +1756,7 @@ func (o UserPoolAddOnsPtrOutput) Elem() UserPoolAddOnsOutput { }).(UserPoolAddOnsOutput) } -// Advanced security configuration options for additional authentication types in your user pool, including custom authentication. +// Threat protection configuration options for additional authentication types in your user pool, including custom authentication. func (o UserPoolAddOnsPtrOutput) AdvancedSecurityAdditionalFlows() UserPoolAdvancedSecurityAdditionalFlowsPtrOutput { return o.ApplyT(func(v *UserPoolAddOns) *UserPoolAdvancedSecurityAdditionalFlows { if v == nil { @@ -1766,7 +1766,7 @@ func (o UserPoolAddOnsPtrOutput) AdvancedSecurityAdditionalFlows() UserPoolAdvan }).(UserPoolAdvancedSecurityAdditionalFlowsPtrOutput) } -// The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. +// The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. func (o UserPoolAddOnsPtrOutput) AdvancedSecurityMode() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserPoolAddOns) *string { if v == nil { @@ -1777,13 +1777,15 @@ func (o UserPoolAddOnsPtrOutput) AdvancedSecurityMode() pulumi.StringPtrOutput { } type UserPoolAdminCreateUserConfig struct { - // The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation. + // The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation. AllowAdminCreateUserOnly *bool `pulumi:"allowAdminCreateUserOnly"` // The template for the welcome message to new users. This template must include the `{####}` temporary password placeholder if you are creating users with passwords. If your users don't have passwords, you can omit the placeholder. // // See also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) . InviteMessageTemplate *UserPoolInviteMessageTemplate `pulumi:"inviteMessageTemplate"` - // This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . + // This parameter is no longer in use. + // + // Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . // // The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter. // @@ -1803,13 +1805,15 @@ type UserPoolAdminCreateUserConfigInput interface { } type UserPoolAdminCreateUserConfigArgs struct { - // The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation. + // The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation. AllowAdminCreateUserOnly pulumi.BoolPtrInput `pulumi:"allowAdminCreateUserOnly"` // The template for the welcome message to new users. This template must include the `{####}` temporary password placeholder if you are creating users with passwords. If your users don't have passwords, you can omit the placeholder. // // See also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) . InviteMessageTemplate UserPoolInviteMessageTemplatePtrInput `pulumi:"inviteMessageTemplate"` - // This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . + // This parameter is no longer in use. + // + // Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . // // The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter. // @@ -1894,7 +1898,7 @@ func (o UserPoolAdminCreateUserConfigOutput) ToUserPoolAdminCreateUserConfigPtrO }).(UserPoolAdminCreateUserConfigPtrOutput) } -// The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation. +// The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation. func (o UserPoolAdminCreateUserConfigOutput) AllowAdminCreateUserOnly() pulumi.BoolPtrOutput { return o.ApplyT(func(v UserPoolAdminCreateUserConfig) *bool { return v.AllowAdminCreateUserOnly }).(pulumi.BoolPtrOutput) } @@ -1906,7 +1910,9 @@ func (o UserPoolAdminCreateUserConfigOutput) InviteMessageTemplate() UserPoolInv return o.ApplyT(func(v UserPoolAdminCreateUserConfig) *UserPoolInviteMessageTemplate { return v.InviteMessageTemplate }).(UserPoolInviteMessageTemplatePtrOutput) } -// This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . +// This parameter is no longer in use. +// +// Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . // // The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter. // @@ -1939,7 +1945,7 @@ func (o UserPoolAdminCreateUserConfigPtrOutput) Elem() UserPoolAdminCreateUserCo }).(UserPoolAdminCreateUserConfigOutput) } -// The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation. +// The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation. func (o UserPoolAdminCreateUserConfigPtrOutput) AllowAdminCreateUserOnly() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserPoolAdminCreateUserConfig) *bool { if v == nil { @@ -1961,7 +1967,9 @@ func (o UserPoolAdminCreateUserConfigPtrOutput) InviteMessageTemplate() UserPool }).(UserPoolInviteMessageTemplatePtrOutput) } -// This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . +// This parameter is no longer in use. +// +// Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . // // The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter. // @@ -1976,7 +1984,7 @@ func (o UserPoolAdminCreateUserConfigPtrOutput) UnusedAccountValidityDays() pulu } type UserPoolAdvancedSecurityAdditionalFlows struct { - // The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . + // The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . CustomAuthMode *string `pulumi:"customAuthMode"` } @@ -1992,7 +2000,7 @@ type UserPoolAdvancedSecurityAdditionalFlowsInput interface { } type UserPoolAdvancedSecurityAdditionalFlowsArgs struct { - // The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . + // The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . CustomAuthMode pulumi.StringPtrInput `pulumi:"customAuthMode"` } @@ -2073,7 +2081,7 @@ func (o UserPoolAdvancedSecurityAdditionalFlowsOutput) ToUserPoolAdvancedSecurit }).(UserPoolAdvancedSecurityAdditionalFlowsPtrOutput) } -// The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . +// The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . func (o UserPoolAdvancedSecurityAdditionalFlowsOutput) CustomAuthMode() pulumi.StringPtrOutput { return o.ApplyT(func(v UserPoolAdvancedSecurityAdditionalFlows) *string { return v.CustomAuthMode }).(pulumi.StringPtrOutput) } @@ -2102,7 +2110,7 @@ func (o UserPoolAdvancedSecurityAdditionalFlowsPtrOutput) Elem() UserPoolAdvance }).(UserPoolAdvancedSecurityAdditionalFlowsOutput) } -// The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . +// The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . func (o UserPoolAdvancedSecurityAdditionalFlowsPtrOutput) CustomAuthMode() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserPoolAdvancedSecurityAdditionalFlows) *string { if v == nil { @@ -2833,7 +2841,7 @@ type UserPoolDeviceConfiguration struct { // // > Whether or not `ChallengeRequiredOnNewDevice` is true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA. ChallengeRequiredOnNewDevice *bool `pulumi:"challengeRequiredOnNewDevice"` - // When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request. + // When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request. // // When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request. DeviceOnlyRememberedOnUserPrompt *bool `pulumi:"deviceOnlyRememberedOnUserPrompt"` @@ -2855,7 +2863,7 @@ type UserPoolDeviceConfigurationArgs struct { // // > Whether or not `ChallengeRequiredOnNewDevice` is true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA. ChallengeRequiredOnNewDevice pulumi.BoolPtrInput `pulumi:"challengeRequiredOnNewDevice"` - // When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request. + // When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request. // // When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request. DeviceOnlyRememberedOnUserPrompt pulumi.BoolPtrInput `pulumi:"deviceOnlyRememberedOnUserPrompt"` @@ -2945,7 +2953,7 @@ func (o UserPoolDeviceConfigurationOutput) ChallengeRequiredOnNewDevice() pulumi return o.ApplyT(func(v UserPoolDeviceConfiguration) *bool { return v.ChallengeRequiredOnNewDevice }).(pulumi.BoolPtrOutput) } -// When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request. +// When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request. // // When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request. func (o UserPoolDeviceConfigurationOutput) DeviceOnlyRememberedOnUserPrompt() pulumi.BoolPtrOutput { @@ -2988,7 +2996,7 @@ func (o UserPoolDeviceConfigurationPtrOutput) ChallengeRequiredOnNewDevice() pul }).(pulumi.BoolPtrOutput) } -// When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request. +// When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request. // // When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request. func (o UserPoolDeviceConfigurationPtrOutput) DeviceOnlyRememberedOnUserPrompt() pulumi.BoolPtrOutput { @@ -4154,7 +4162,7 @@ type UserPoolPasswordPolicy struct { MinimumLength *int `pulumi:"minimumLength"` // The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` . // - // Password history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. + // Password history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. PasswordHistorySize *int `pulumi:"passwordHistorySize"` // The requirement in a password policy that users must include at least one lowercase letter in their password. RequireLowercase *bool `pulumi:"requireLowercase"` @@ -4186,7 +4194,7 @@ type UserPoolPasswordPolicyArgs struct { MinimumLength pulumi.IntPtrInput `pulumi:"minimumLength"` // The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` . // - // Password history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. + // Password history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. PasswordHistorySize pulumi.IntPtrInput `pulumi:"passwordHistorySize"` // The requirement in a password policy that users must include at least one lowercase letter in their password. RequireLowercase pulumi.BoolPtrInput `pulumi:"requireLowercase"` @@ -4286,7 +4294,7 @@ func (o UserPoolPasswordPolicyOutput) MinimumLength() pulumi.IntPtrOutput { // The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` . // -// Password history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. +// Password history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. func (o UserPoolPasswordPolicyOutput) PasswordHistorySize() pulumi.IntPtrOutput { return o.ApplyT(func(v UserPoolPasswordPolicy) *int { return v.PasswordHistorySize }).(pulumi.IntPtrOutput) } @@ -4354,7 +4362,7 @@ func (o UserPoolPasswordPolicyPtrOutput) MinimumLength() pulumi.IntPtrOutput { // The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` . // -// Password history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. +// Password history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. func (o UserPoolPasswordPolicyPtrOutput) PasswordHistorySize() pulumi.IntPtrOutput { return o.ApplyT(func(v *UserPoolPasswordPolicy) *int { if v == nil { @@ -4421,7 +4429,7 @@ type UserPoolPolicies struct { PasswordPolicy *UserPoolPasswordPolicy `pulumi:"passwordPolicy"` // The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. // - // This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + // This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . SignInPolicy *UserPoolSignInPolicy `pulumi:"signInPolicy"` } @@ -4441,7 +4449,7 @@ type UserPoolPoliciesArgs struct { PasswordPolicy UserPoolPasswordPolicyPtrInput `pulumi:"passwordPolicy"` // The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. // - // This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + // This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . SignInPolicy UserPoolSignInPolicyPtrInput `pulumi:"signInPolicy"` } @@ -4529,7 +4537,7 @@ func (o UserPoolPoliciesOutput) PasswordPolicy() UserPoolPasswordPolicyPtrOutput // The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. // -// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . +// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . func (o UserPoolPoliciesOutput) SignInPolicy() UserPoolSignInPolicyPtrOutput { return o.ApplyT(func(v UserPoolPolicies) *UserPoolSignInPolicy { return v.SignInPolicy }).(UserPoolSignInPolicyPtrOutput) } @@ -4570,7 +4578,7 @@ func (o UserPoolPoliciesPtrOutput) PasswordPolicy() UserPoolPasswordPolicyPtrOut // The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. // -// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . +// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . func (o UserPoolPoliciesPtrOutput) SignInPolicy() UserPoolSignInPolicyPtrOutput { return o.ApplyT(func(v *UserPoolPolicies) *UserPoolSignInPolicy { if v == nil { @@ -5133,11 +5141,11 @@ func (o UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrOutput) N } type UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType struct { - // The action that you assign to a high-risk assessment by advanced security features. + // The action that you assign to a high-risk assessment by threat protection. HighAction *UserPoolRiskConfigurationAttachmentAccountTakeoverActionType `pulumi:"highAction"` - // The action that you assign to a low-risk assessment by advanced security features. + // The action that you assign to a low-risk assessment by threat protection. LowAction *UserPoolRiskConfigurationAttachmentAccountTakeoverActionType `pulumi:"lowAction"` - // The action that you assign to a medium-risk assessment by advanced security features. + // The action that you assign to a medium-risk assessment by threat protection. MediumAction *UserPoolRiskConfigurationAttachmentAccountTakeoverActionType `pulumi:"mediumAction"` } @@ -5153,11 +5161,11 @@ type UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeInput interfac } type UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgs struct { - // The action that you assign to a high-risk assessment by advanced security features. + // The action that you assign to a high-risk assessment by threat protection. HighAction UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrInput `pulumi:"highAction"` - // The action that you assign to a low-risk assessment by advanced security features. + // The action that you assign to a low-risk assessment by threat protection. LowAction UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrInput `pulumi:"lowAction"` - // The action that you assign to a medium-risk assessment by advanced security features. + // The action that you assign to a medium-risk assessment by threat protection. MediumAction UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrInput `pulumi:"mediumAction"` } @@ -5238,21 +5246,21 @@ func (o UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeOutput) ToU }).(UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypePtrOutput) } -// The action that you assign to a high-risk assessment by advanced security features. +// The action that you assign to a high-risk assessment by threat protection. func (o UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeOutput) HighAction() UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrOutput { return o.ApplyT(func(v UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType) *UserPoolRiskConfigurationAttachmentAccountTakeoverActionType { return v.HighAction }).(UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrOutput) } -// The action that you assign to a low-risk assessment by advanced security features. +// The action that you assign to a low-risk assessment by threat protection. func (o UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeOutput) LowAction() UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrOutput { return o.ApplyT(func(v UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType) *UserPoolRiskConfigurationAttachmentAccountTakeoverActionType { return v.LowAction }).(UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrOutput) } -// The action that you assign to a medium-risk assessment by advanced security features. +// The action that you assign to a medium-risk assessment by threat protection. func (o UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeOutput) MediumAction() UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrOutput { return o.ApplyT(func(v UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType) *UserPoolRiskConfigurationAttachmentAccountTakeoverActionType { return v.MediumAction @@ -5283,7 +5291,7 @@ func (o UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypePtrOutput) }).(UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeOutput) } -// The action that you assign to a high-risk assessment by advanced security features. +// The action that you assign to a high-risk assessment by threat protection. func (o UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypePtrOutput) HighAction() UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrOutput { return o.ApplyT(func(v *UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType) *UserPoolRiskConfigurationAttachmentAccountTakeoverActionType { if v == nil { @@ -5293,7 +5301,7 @@ func (o UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypePtrOutput) }).(UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrOutput) } -// The action that you assign to a low-risk assessment by advanced security features. +// The action that you assign to a low-risk assessment by threat protection. func (o UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypePtrOutput) LowAction() UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrOutput { return o.ApplyT(func(v *UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType) *UserPoolRiskConfigurationAttachmentAccountTakeoverActionType { if v == nil { @@ -5303,7 +5311,7 @@ func (o UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypePtrOutput) }).(UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrOutput) } -// The action that you assign to a medium-risk assessment by advanced security features. +// The action that you assign to a medium-risk assessment by threat protection. func (o UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypePtrOutput) MediumAction() UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypePtrOutput { return o.ApplyT(func(v *UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType) *UserPoolRiskConfigurationAttachmentAccountTakeoverActionType { if v == nil { @@ -5314,9 +5322,9 @@ func (o UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypePtrOutput) } type UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType struct { - // A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. + // A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. Actions UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType `pulumi:"actions"` - // The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. + // The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. NotifyConfiguration *UserPoolRiskConfigurationAttachmentNotifyConfigurationType `pulumi:"notifyConfiguration"` } @@ -5332,9 +5340,9 @@ type UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeInpu } type UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgs struct { - // A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. + // A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. Actions UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeInput `pulumi:"actions"` - // The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. + // The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. NotifyConfiguration UserPoolRiskConfigurationAttachmentNotifyConfigurationTypePtrInput `pulumi:"notifyConfiguration"` } @@ -5415,14 +5423,14 @@ func (o UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeO }).(UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypePtrOutput) } -// A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. +// A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. func (o UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeOutput) Actions() UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeOutput { return o.ApplyT(func(v UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType) UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType { return v.Actions }).(UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeOutput) } -// The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. +// The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. func (o UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeOutput) NotifyConfiguration() UserPoolRiskConfigurationAttachmentNotifyConfigurationTypePtrOutput { return o.ApplyT(func(v UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType) *UserPoolRiskConfigurationAttachmentNotifyConfigurationType { return v.NotifyConfiguration @@ -5453,7 +5461,7 @@ func (o UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeP }).(UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeOutput) } -// A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. +// A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. func (o UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypePtrOutput) Actions() UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypePtrOutput { return o.ApplyT(func(v *UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType) *UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType { if v == nil { @@ -5463,7 +5471,7 @@ func (o UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeP }).(UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypePtrOutput) } -// The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. +// The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. func (o UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypePtrOutput) NotifyConfiguration() UserPoolRiskConfigurationAttachmentNotifyConfigurationTypePtrOutput { return o.ApplyT(func(v *UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType) *UserPoolRiskConfigurationAttachmentNotifyConfigurationType { if v == nil { @@ -7113,7 +7121,7 @@ func (o UserPoolUserAttributeTypeArrayOutput) Index(i pulumi.IntInput) UserPoolU type UserPoolUserAttributeUpdateSettings struct { // Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. // - // You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true. + // You can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true. // // When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute. AttributesRequireVerificationBeforeUpdate []string `pulumi:"attributesRequireVerificationBeforeUpdate"` @@ -7133,7 +7141,7 @@ type UserPoolUserAttributeUpdateSettingsInput interface { type UserPoolUserAttributeUpdateSettingsArgs struct { // Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. // - // You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true. + // You can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true. // // When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute. AttributesRequireVerificationBeforeUpdate pulumi.StringArrayInput `pulumi:"attributesRequireVerificationBeforeUpdate"` @@ -7218,7 +7226,7 @@ func (o UserPoolUserAttributeUpdateSettingsOutput) ToUserPoolUserAttributeUpdate // Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. // -// You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true. +// You can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true. // // When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute. func (o UserPoolUserAttributeUpdateSettingsOutput) AttributesRequireVerificationBeforeUpdate() pulumi.StringArrayOutput { @@ -7253,7 +7261,7 @@ func (o UserPoolUserAttributeUpdateSettingsPtrOutput) Elem() UserPoolUserAttribu // Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. // -// You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true. +// You can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true. // // When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute. func (o UserPoolUserAttributeUpdateSettingsPtrOutput) AttributesRequireVerificationBeforeUpdate() pulumi.StringArrayOutput { diff --git a/sdk/go/aws/cognito/userPool.go b/sdk/go/aws/cognito/userPool.go index c3a68e10ec..f2e6ed90fe 100644 --- a/sdk/go/aws/cognito/userPool.go +++ b/sdk/go/aws/cognito/userPool.go @@ -19,13 +19,13 @@ type UserPool struct { AccountRecoverySetting UserPoolAccountRecoverySettingPtrOutput `pulumi:"accountRecoverySetting"` // The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. // - // This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + // This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . AdminCreateUserConfig UserPoolAdminCreateUserConfigPtrOutput `pulumi:"adminCreateUserConfig"` - // Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + // Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . AliasAttributes pulumi.StringArrayOutput `pulumi:"aliasAttributes"` // The Amazon Resource Name (ARN) of the user pool, such as `arn:aws:cognito-idp:us-east-1:123412341234:userpool/us-east-1_123412341` . Arn pulumi.StringOutput `pulumi:"arn"` - // The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + // The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . AutoVerifiedAttributes pulumi.StringArrayOutput `pulumi:"autoVerifiedAttributes"` // When active, `DeletionProtection` prevents accidental deletion of your user // pool. Before you can delete a user pool that you have protected against deletion, you @@ -55,15 +55,13 @@ type UserPool struct { EnabledMfas pulumi.StringArrayOutput `pulumi:"enabledMfas"` // A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of authentication operations. Triggers can modify the outcome of the operations that invoked them. LambdaConfig UserPoolLambdaConfigPtrOutput `pulumi:"lambdaConfig"` - // The multi-factor authentication (MFA) configuration. Valid values include: + // Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . // - // - `OFF` MFA won't be used for any users. - // - `ON` MFA is required for all users to sign in. - // - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + // When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. MfaConfiguration pulumi.StringPtrOutput `pulumi:"mfaConfiguration"` // A list of user pool policies. Contains the policy that sets password-complexity requirements. // - // This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + // This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . Policies UserPoolPoliciesPtrOutput `pulumi:"policies"` // A friendly name for the IdP. ProviderName pulumi.StringOutput `pulumi:"providerName"` @@ -73,7 +71,7 @@ type UserPool struct { Schema UserPoolSchemaAttributeArrayOutput `pulumi:"schema"` // The contents of the SMS authentication message. SmsAuthenticationMessage pulumi.StringPtrOutput `pulumi:"smsAuthenticationMessage"` - // The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + // The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . SmsConfiguration UserPoolSmsConfigurationPtrOutput `pulumi:"smsConfiguration"` // This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html) . SmsVerificationMessage pulumi.StringPtrOutput `pulumi:"smsVerificationMessage"` @@ -81,13 +79,13 @@ type UserPool struct { // a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users' email address and phone number attributes. For // more information, see [Verifying updates to email addresses and phone numbers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates) . UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettingsPtrOutput `pulumi:"userAttributeUpdateSettings"` - // User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + // Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . // // For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . UserPoolAddOns UserPoolAddOnsPtrOutput `pulumi:"userPoolAddOns"` // The ID of the user pool. UserPoolId pulumi.StringOutput `pulumi:"userPoolId"` - // A friendlhy name for your user pool. + // A friendly name for your user pool. UserPoolName pulumi.StringPtrOutput `pulumi:"userPoolName"` // The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria. UserPoolTags pulumi.StringMapOutput `pulumi:"userPoolTags"` @@ -161,11 +159,11 @@ type userPoolArgs struct { AccountRecoverySetting *UserPoolAccountRecoverySetting `pulumi:"accountRecoverySetting"` // The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. // - // This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + // This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . AdminCreateUserConfig *UserPoolAdminCreateUserConfig `pulumi:"adminCreateUserConfig"` - // Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + // Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . AliasAttributes []string `pulumi:"aliasAttributes"` - // The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + // The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . AutoVerifiedAttributes []string `pulumi:"autoVerifiedAttributes"` // When active, `DeletionProtection` prevents accidental deletion of your user // pool. Before you can delete a user pool that you have protected against deletion, you @@ -195,21 +193,19 @@ type userPoolArgs struct { EnabledMfas []string `pulumi:"enabledMfas"` // A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of authentication operations. Triggers can modify the outcome of the operations that invoked them. LambdaConfig *UserPoolLambdaConfig `pulumi:"lambdaConfig"` - // The multi-factor authentication (MFA) configuration. Valid values include: + // Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . // - // - `OFF` MFA won't be used for any users. - // - `ON` MFA is required for all users to sign in. - // - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + // When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. MfaConfiguration *string `pulumi:"mfaConfiguration"` // A list of user pool policies. Contains the policy that sets password-complexity requirements. // - // This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + // This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . Policies *UserPoolPolicies `pulumi:"policies"` // An array of attributes for the new user pool. You can add custom attributes and modify the properties of default attributes. The specifications in this parameter set the required attributes in your user pool. For more information, see [Working with user attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html) . Schema []UserPoolSchemaAttribute `pulumi:"schema"` // The contents of the SMS authentication message. SmsAuthenticationMessage *string `pulumi:"smsAuthenticationMessage"` - // The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + // The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . SmsConfiguration *UserPoolSmsConfiguration `pulumi:"smsConfiguration"` // This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html) . SmsVerificationMessage *string `pulumi:"smsVerificationMessage"` @@ -217,11 +213,11 @@ type userPoolArgs struct { // a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users' email address and phone number attributes. For // more information, see [Verifying updates to email addresses and phone numbers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates) . UserAttributeUpdateSettings *UserPoolUserAttributeUpdateSettings `pulumi:"userAttributeUpdateSettings"` - // User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + // Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . // // For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . UserPoolAddOns *UserPoolAddOns `pulumi:"userPoolAddOns"` - // A friendlhy name for your user pool. + // A friendly name for your user pool. UserPoolName *string `pulumi:"userPoolName"` // The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria. UserPoolTags map[string]string `pulumi:"userPoolTags"` @@ -257,11 +253,11 @@ type UserPoolArgs struct { AccountRecoverySetting UserPoolAccountRecoverySettingPtrInput // The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. // - // This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + // This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . AdminCreateUserConfig UserPoolAdminCreateUserConfigPtrInput - // Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + // Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . AliasAttributes pulumi.StringArrayInput - // The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + // The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . AutoVerifiedAttributes pulumi.StringArrayInput // When active, `DeletionProtection` prevents accidental deletion of your user // pool. Before you can delete a user pool that you have protected against deletion, you @@ -291,21 +287,19 @@ type UserPoolArgs struct { EnabledMfas pulumi.StringArrayInput // A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of authentication operations. Triggers can modify the outcome of the operations that invoked them. LambdaConfig UserPoolLambdaConfigPtrInput - // The multi-factor authentication (MFA) configuration. Valid values include: + // Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . // - // - `OFF` MFA won't be used for any users. - // - `ON` MFA is required for all users to sign in. - // - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + // When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. MfaConfiguration pulumi.StringPtrInput // A list of user pool policies. Contains the policy that sets password-complexity requirements. // - // This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + // This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . Policies UserPoolPoliciesPtrInput // An array of attributes for the new user pool. You can add custom attributes and modify the properties of default attributes. The specifications in this parameter set the required attributes in your user pool. For more information, see [Working with user attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html) . Schema UserPoolSchemaAttributeArrayInput // The contents of the SMS authentication message. SmsAuthenticationMessage pulumi.StringPtrInput - // The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + // The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . SmsConfiguration UserPoolSmsConfigurationPtrInput // This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html) . SmsVerificationMessage pulumi.StringPtrInput @@ -313,11 +307,11 @@ type UserPoolArgs struct { // a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users' email address and phone number attributes. For // more information, see [Verifying updates to email addresses and phone numbers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates) . UserAttributeUpdateSettings UserPoolUserAttributeUpdateSettingsPtrInput - // User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + // Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . // // For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . UserPoolAddOns UserPoolAddOnsPtrInput - // A friendlhy name for your user pool. + // A friendly name for your user pool. UserPoolName pulumi.StringPtrInput // The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria. UserPoolTags pulumi.StringMapInput @@ -391,12 +385,12 @@ func (o UserPoolOutput) AccountRecoverySetting() UserPoolAccountRecoverySettingP // The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. // -// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . +// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . func (o UserPoolOutput) AdminCreateUserConfig() UserPoolAdminCreateUserConfigPtrOutput { return o.ApplyT(func(v *UserPool) UserPoolAdminCreateUserConfigPtrOutput { return v.AdminCreateUserConfig }).(UserPoolAdminCreateUserConfigPtrOutput) } -// Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . +// Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . func (o UserPoolOutput) AliasAttributes() pulumi.StringArrayOutput { return o.ApplyT(func(v *UserPool) pulumi.StringArrayOutput { return v.AliasAttributes }).(pulumi.StringArrayOutput) } @@ -406,7 +400,7 @@ func (o UserPoolOutput) Arn() pulumi.StringOutput { return o.ApplyT(func(v *UserPool) pulumi.StringOutput { return v.Arn }).(pulumi.StringOutput) } -// The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . +// The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . func (o UserPoolOutput) AutoVerifiedAttributes() pulumi.StringArrayOutput { return o.ApplyT(func(v *UserPool) pulumi.StringArrayOutput { return v.AutoVerifiedAttributes }).(pulumi.StringArrayOutput) } @@ -466,18 +460,16 @@ func (o UserPoolOutput) LambdaConfig() UserPoolLambdaConfigPtrOutput { return o.ApplyT(func(v *UserPool) UserPoolLambdaConfigPtrOutput { return v.LambdaConfig }).(UserPoolLambdaConfigPtrOutput) } -// The multi-factor authentication (MFA) configuration. Valid values include: +// Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . // -// - `OFF` MFA won't be used for any users. -// - `ON` MFA is required for all users to sign in. -// - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. +// When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. func (o UserPoolOutput) MfaConfiguration() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserPool) pulumi.StringPtrOutput { return v.MfaConfiguration }).(pulumi.StringPtrOutput) } // A list of user pool policies. Contains the policy that sets password-complexity requirements. // -// This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . +// This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . func (o UserPoolOutput) Policies() UserPoolPoliciesPtrOutput { return o.ApplyT(func(v *UserPool) UserPoolPoliciesPtrOutput { return v.Policies }).(UserPoolPoliciesPtrOutput) } @@ -502,7 +494,7 @@ func (o UserPoolOutput) SmsAuthenticationMessage() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserPool) pulumi.StringPtrOutput { return v.SmsAuthenticationMessage }).(pulumi.StringPtrOutput) } -// The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . +// The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . func (o UserPoolOutput) SmsConfiguration() UserPoolSmsConfigurationPtrOutput { return o.ApplyT(func(v *UserPool) UserPoolSmsConfigurationPtrOutput { return v.SmsConfiguration }).(UserPoolSmsConfigurationPtrOutput) } @@ -519,7 +511,7 @@ func (o UserPoolOutput) UserAttributeUpdateSettings() UserPoolUserAttributeUpdat return o.ApplyT(func(v *UserPool) UserPoolUserAttributeUpdateSettingsPtrOutput { return v.UserAttributeUpdateSettings }).(UserPoolUserAttributeUpdateSettingsPtrOutput) } -// User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . +// Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . // // For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . func (o UserPoolOutput) UserPoolAddOns() UserPoolAddOnsPtrOutput { @@ -531,7 +523,7 @@ func (o UserPoolOutput) UserPoolId() pulumi.StringOutput { return o.ApplyT(func(v *UserPool) pulumi.StringOutput { return v.UserPoolId }).(pulumi.StringOutput) } -// A friendlhy name for your user pool. +// A friendly name for your user pool. func (o UserPoolOutput) UserPoolName() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserPool) pulumi.StringPtrOutput { return v.UserPoolName }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/aws/cognito/userPoolClient.go b/sdk/go/aws/cognito/userPoolClient.go index 70d7564cd1..1561de3874 100644 --- a/sdk/go/aws/cognito/userPoolClient.go +++ b/sdk/go/aws/cognito/userPoolClient.go @@ -26,24 +26,24 @@ type UserPoolClient struct { // If you don't specify otherwise in the configuration of your app client, your access // tokens are valid for one hour. AccessTokenValidity pulumi.IntPtrOutput `pulumi:"accessTokenValidity"` - // The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + // The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. // // - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - // - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - // - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. + // - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + // - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. AllowedOAuthFlows pulumi.StringArrayOutput `pulumi:"allowedOAuthFlows"` - // Set to `true` to use OAuth 2.0 features in your user pool app client. + // Set to `true` to use OAuth 2.0 authorization server features in your app client. // - // `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + // This parameter must have a value of `true` before you can configure the following features in your app client. // // - `CallBackURLs` : Callback URLs. // - `LogoutURLs` : Sign-out redirect URLs. // - `AllowedOAuthScopes` : OAuth 2.0 scopes. // - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. // - // To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . + // To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. AllowedOAuthFlowsUserPoolClient pulumi.BoolPtrOutput `pulumi:"allowedOAuthFlowsUserPoolClient"` - // The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + // The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. AllowedOAuthScopes pulumi.StringArrayOutput `pulumi:"allowedOAuthScopes"` // The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign. // @@ -51,9 +51,9 @@ type UserPoolClient struct { AnalyticsConfiguration UserPoolClientAnalyticsConfigurationPtrOutput `pulumi:"analyticsConfiguration"` // Amazon Cognito creates a session token for each API request in an authentication flow. `AuthSessionValidity` is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. AuthSessionValidity pulumi.IntPtrOutput `pulumi:"authSessionValidity"` - // A list of allowed redirect (callback) URLs for the IdPs. + // A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. // - // A redirect URI must: + // A redirect URI must meet the following requirements: // // - Be an absolute URI. // - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -72,17 +72,19 @@ type UserPoolClient struct { ClientSecret pulumi.StringOutput `pulumi:"clientSecret"` // The default redirect URI. In app clients with one assigned IdP, replaces `redirect_uri` in authentication requests. Must be in the `CallbackURLs` list. DefaultRedirectUri pulumi.StringPtrOutput `pulumi:"defaultRedirectUri"` - // Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + // When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. EnablePropagateAdditionalUserContextData pulumi.BoolPtrOutput `pulumi:"enablePropagateAdditionalUserContextData"` - // Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + // Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + // + // Revoke tokens with `API_RevokeToken` . // // If you don't include this parameter, token revocation is automatically activated for the new user pool client. EnableTokenRevocation pulumi.BoolPtrOutput `pulumi:"enableTokenRevocation"` - // The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + // The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. // - // > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + // > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . // - // Valid values include: + // The values for authentication flow options include the following. // // - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . // @@ -96,7 +98,7 @@ type UserPoolClient struct { // In some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` , // like `ALLOW_USER_SRP_AUTH` . ExplicitAuthFlows pulumi.StringArrayOutput `pulumi:"explicitAuthFlows"` - // When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . + // When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . GenerateSecret pulumi.BoolPtrOutput `pulumi:"generateSecret"` // The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for `IdTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request. // @@ -107,7 +109,7 @@ type UserPoolClient struct { // If you don't specify otherwise in the configuration of your app client, your ID // tokens are valid for one hour. IdTokenValidity pulumi.IntPtrOutput `pulumi:"idTokenValidity"` - // A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + // A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . LogoutUrls pulumi.StringArrayOutput `pulumi:"logoutUrls"` Name pulumi.StringOutput `pulumi:"name"` // Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to `ENABLED` and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs return a `UserNotFoundException` exception if the user doesn't exist in the user pool. @@ -119,9 +121,11 @@ type UserPoolClient struct { // // Defaults to `LEGACY` when you don't provide a value. PreventUserExistenceErrors pulumi.StringPtrOutput `pulumi:"preventUserExistenceErrors"` - // The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + // The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. // - // When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + // An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + // + // When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. ReadAttributes pulumi.StringArrayOutput `pulumi:"readAttributes"` // The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for `RefreshTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request. // @@ -135,13 +139,15 @@ type UserPoolClient struct { RefreshTokenValidity pulumi.IntPtrOutput `pulumi:"refreshTokenValidity"` // A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . // - // This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + // This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . SupportedIdentityProviders pulumi.StringArrayOutput `pulumi:"supportedIdentityProviders"` // The units that validity times are represented in. The default unit for refresh tokens is days, and the default for ID and access tokens are hours. TokenValidityUnits UserPoolClientTokenValidityUnitsPtrOutput `pulumi:"tokenValidityUnits"` // The ID of the user pool where you want to create an app client. UserPoolId pulumi.StringOutput `pulumi:"userPoolId"` - // The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + // The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + // + // An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. // // When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. // @@ -207,24 +213,24 @@ type userPoolClientArgs struct { // If you don't specify otherwise in the configuration of your app client, your access // tokens are valid for one hour. AccessTokenValidity *int `pulumi:"accessTokenValidity"` - // The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + // The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. // // - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - // - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - // - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. + // - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + // - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. AllowedOAuthFlows []string `pulumi:"allowedOAuthFlows"` - // Set to `true` to use OAuth 2.0 features in your user pool app client. + // Set to `true` to use OAuth 2.0 authorization server features in your app client. // - // `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + // This parameter must have a value of `true` before you can configure the following features in your app client. // // - `CallBackURLs` : Callback URLs. // - `LogoutURLs` : Sign-out redirect URLs. // - `AllowedOAuthScopes` : OAuth 2.0 scopes. // - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. // - // To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . + // To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. AllowedOAuthFlowsUserPoolClient *bool `pulumi:"allowedOAuthFlowsUserPoolClient"` - // The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + // The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. AllowedOAuthScopes []string `pulumi:"allowedOAuthScopes"` // The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign. // @@ -232,9 +238,9 @@ type userPoolClientArgs struct { AnalyticsConfiguration *UserPoolClientAnalyticsConfiguration `pulumi:"analyticsConfiguration"` // Amazon Cognito creates a session token for each API request in an authentication flow. `AuthSessionValidity` is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. AuthSessionValidity *int `pulumi:"authSessionValidity"` - // A list of allowed redirect (callback) URLs for the IdPs. + // A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. // - // A redirect URI must: + // A redirect URI must meet the following requirements: // // - Be an absolute URI. // - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -250,17 +256,19 @@ type userPoolClientArgs struct { ClientName *string `pulumi:"clientName"` // The default redirect URI. In app clients with one assigned IdP, replaces `redirect_uri` in authentication requests. Must be in the `CallbackURLs` list. DefaultRedirectUri *string `pulumi:"defaultRedirectUri"` - // Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + // When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. EnablePropagateAdditionalUserContextData *bool `pulumi:"enablePropagateAdditionalUserContextData"` - // Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + // Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + // + // Revoke tokens with `API_RevokeToken` . // // If you don't include this parameter, token revocation is automatically activated for the new user pool client. EnableTokenRevocation *bool `pulumi:"enableTokenRevocation"` - // The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + // The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. // - // > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + // > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . // - // Valid values include: + // The values for authentication flow options include the following. // // - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . // @@ -274,7 +282,7 @@ type userPoolClientArgs struct { // In some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` , // like `ALLOW_USER_SRP_AUTH` . ExplicitAuthFlows []string `pulumi:"explicitAuthFlows"` - // When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . + // When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . GenerateSecret *bool `pulumi:"generateSecret"` // The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for `IdTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request. // @@ -285,7 +293,7 @@ type userPoolClientArgs struct { // If you don't specify otherwise in the configuration of your app client, your ID // tokens are valid for one hour. IdTokenValidity *int `pulumi:"idTokenValidity"` - // A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + // A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . LogoutUrls []string `pulumi:"logoutUrls"` // Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to `ENABLED` and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs return a `UserNotFoundException` exception if the user doesn't exist in the user pool. // @@ -296,9 +304,11 @@ type userPoolClientArgs struct { // // Defaults to `LEGACY` when you don't provide a value. PreventUserExistenceErrors *string `pulumi:"preventUserExistenceErrors"` - // The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + // The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. // - // When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + // An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + // + // When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. ReadAttributes []string `pulumi:"readAttributes"` // The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for `RefreshTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request. // @@ -312,13 +322,15 @@ type userPoolClientArgs struct { RefreshTokenValidity *int `pulumi:"refreshTokenValidity"` // A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . // - // This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + // This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . SupportedIdentityProviders []string `pulumi:"supportedIdentityProviders"` // The units that validity times are represented in. The default unit for refresh tokens is days, and the default for ID and access tokens are hours. TokenValidityUnits *UserPoolClientTokenValidityUnits `pulumi:"tokenValidityUnits"` // The ID of the user pool where you want to create an app client. UserPoolId string `pulumi:"userPoolId"` - // The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + // The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + // + // An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. // // When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. // @@ -338,24 +350,24 @@ type UserPoolClientArgs struct { // If you don't specify otherwise in the configuration of your app client, your access // tokens are valid for one hour. AccessTokenValidity pulumi.IntPtrInput - // The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + // The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. // // - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - // - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - // - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. + // - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + // - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. AllowedOAuthFlows pulumi.StringArrayInput - // Set to `true` to use OAuth 2.0 features in your user pool app client. + // Set to `true` to use OAuth 2.0 authorization server features in your app client. // - // `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + // This parameter must have a value of `true` before you can configure the following features in your app client. // // - `CallBackURLs` : Callback URLs. // - `LogoutURLs` : Sign-out redirect URLs. // - `AllowedOAuthScopes` : OAuth 2.0 scopes. // - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. // - // To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . + // To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. AllowedOAuthFlowsUserPoolClient pulumi.BoolPtrInput - // The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + // The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. AllowedOAuthScopes pulumi.StringArrayInput // The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign. // @@ -363,9 +375,9 @@ type UserPoolClientArgs struct { AnalyticsConfiguration UserPoolClientAnalyticsConfigurationPtrInput // Amazon Cognito creates a session token for each API request in an authentication flow. `AuthSessionValidity` is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. AuthSessionValidity pulumi.IntPtrInput - // A list of allowed redirect (callback) URLs for the IdPs. + // A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. // - // A redirect URI must: + // A redirect URI must meet the following requirements: // // - Be an absolute URI. // - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -381,17 +393,19 @@ type UserPoolClientArgs struct { ClientName pulumi.StringPtrInput // The default redirect URI. In app clients with one assigned IdP, replaces `redirect_uri` in authentication requests. Must be in the `CallbackURLs` list. DefaultRedirectUri pulumi.StringPtrInput - // Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + // When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. EnablePropagateAdditionalUserContextData pulumi.BoolPtrInput - // Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + // Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + // + // Revoke tokens with `API_RevokeToken` . // // If you don't include this parameter, token revocation is automatically activated for the new user pool client. EnableTokenRevocation pulumi.BoolPtrInput - // The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + // The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. // - // > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + // > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . // - // Valid values include: + // The values for authentication flow options include the following. // // - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . // @@ -405,7 +419,7 @@ type UserPoolClientArgs struct { // In some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` , // like `ALLOW_USER_SRP_AUTH` . ExplicitAuthFlows pulumi.StringArrayInput - // When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . + // When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . GenerateSecret pulumi.BoolPtrInput // The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for `IdTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request. // @@ -416,7 +430,7 @@ type UserPoolClientArgs struct { // If you don't specify otherwise in the configuration of your app client, your ID // tokens are valid for one hour. IdTokenValidity pulumi.IntPtrInput - // A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + // A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . LogoutUrls pulumi.StringArrayInput // Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to `ENABLED` and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs return a `UserNotFoundException` exception if the user doesn't exist in the user pool. // @@ -427,9 +441,11 @@ type UserPoolClientArgs struct { // // Defaults to `LEGACY` when you don't provide a value. PreventUserExistenceErrors pulumi.StringPtrInput - // The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + // The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. // - // When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + // An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + // + // When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. ReadAttributes pulumi.StringArrayInput // The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for `RefreshTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request. // @@ -443,13 +459,15 @@ type UserPoolClientArgs struct { RefreshTokenValidity pulumi.IntPtrInput // A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . // - // This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + // This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . SupportedIdentityProviders pulumi.StringArrayInput // The units that validity times are represented in. The default unit for refresh tokens is days, and the default for ID and access tokens are hours. TokenValidityUnits UserPoolClientTokenValidityUnitsPtrInput // The ID of the user pool where you want to create an app client. UserPoolId pulumi.StringInput - // The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + // The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + // + // An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. // // When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. // @@ -507,30 +525,30 @@ func (o UserPoolClientOutput) AccessTokenValidity() pulumi.IntPtrOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.IntPtrOutput { return v.AccessTokenValidity }).(pulumi.IntPtrOutput) } -// The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. +// The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. // // - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. -// - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. -// - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. +// - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. +// - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. func (o UserPoolClientOutput) AllowedOAuthFlows() pulumi.StringArrayOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.StringArrayOutput { return v.AllowedOAuthFlows }).(pulumi.StringArrayOutput) } -// Set to `true` to use OAuth 2.0 features in your user pool app client. +// Set to `true` to use OAuth 2.0 authorization server features in your app client. // -// `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. +// This parameter must have a value of `true` before you can configure the following features in your app client. // // - `CallBackURLs` : Callback URLs. // - `LogoutURLs` : Sign-out redirect URLs. // - `AllowedOAuthScopes` : OAuth 2.0 scopes. // - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. // -// To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . +// To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. func (o UserPoolClientOutput) AllowedOAuthFlowsUserPoolClient() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.BoolPtrOutput { return v.AllowedOAuthFlowsUserPoolClient }).(pulumi.BoolPtrOutput) } -// The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. +// The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. func (o UserPoolClientOutput) AllowedOAuthScopes() pulumi.StringArrayOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.StringArrayOutput { return v.AllowedOAuthScopes }).(pulumi.StringArrayOutput) } @@ -547,9 +565,9 @@ func (o UserPoolClientOutput) AuthSessionValidity() pulumi.IntPtrOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.IntPtrOutput { return v.AuthSessionValidity }).(pulumi.IntPtrOutput) } -// A list of allowed redirect (callback) URLs for the IdPs. +// A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. // -// A redirect URI must: +// A redirect URI must meet the following requirements: // // - Be an absolute URI. // - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -583,23 +601,25 @@ func (o UserPoolClientOutput) DefaultRedirectUri() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.StringPtrOutput { return v.DefaultRedirectUri }).(pulumi.StringPtrOutput) } -// Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. +// When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. func (o UserPoolClientOutput) EnablePropagateAdditionalUserContextData() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.BoolPtrOutput { return v.EnablePropagateAdditionalUserContextData }).(pulumi.BoolPtrOutput) } -// Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . +// Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. +// +// Revoke tokens with `API_RevokeToken` . // // If you don't include this parameter, token revocation is automatically activated for the new user pool client. func (o UserPoolClientOutput) EnableTokenRevocation() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.BoolPtrOutput { return v.EnableTokenRevocation }).(pulumi.BoolPtrOutput) } -// The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. +// The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. // -// > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . +// > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . // -// Valid values include: +// The values for authentication flow options include the following. // // - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . // @@ -616,7 +636,7 @@ func (o UserPoolClientOutput) ExplicitAuthFlows() pulumi.StringArrayOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.StringArrayOutput { return v.ExplicitAuthFlows }).(pulumi.StringArrayOutput) } -// When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . +// When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . func (o UserPoolClientOutput) GenerateSecret() pulumi.BoolPtrOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.BoolPtrOutput { return v.GenerateSecret }).(pulumi.BoolPtrOutput) } @@ -633,7 +653,7 @@ func (o UserPoolClientOutput) IdTokenValidity() pulumi.IntPtrOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.IntPtrOutput { return v.IdTokenValidity }).(pulumi.IntPtrOutput) } -// A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . +// A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . func (o UserPoolClientOutput) LogoutUrls() pulumi.StringArrayOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.StringArrayOutput { return v.LogoutUrls }).(pulumi.StringArrayOutput) } @@ -654,9 +674,11 @@ func (o UserPoolClientOutput) PreventUserExistenceErrors() pulumi.StringPtrOutpu return o.ApplyT(func(v *UserPoolClient) pulumi.StringPtrOutput { return v.PreventUserExistenceErrors }).(pulumi.StringPtrOutput) } -// The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. +// The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. // -// When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. +// An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. +// +// When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. func (o UserPoolClientOutput) ReadAttributes() pulumi.StringArrayOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.StringArrayOutput { return v.ReadAttributes }).(pulumi.StringArrayOutput) } @@ -676,7 +698,7 @@ func (o UserPoolClientOutput) RefreshTokenValidity() pulumi.IntPtrOutput { // A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . // -// This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . +// This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . func (o UserPoolClientOutput) SupportedIdentityProviders() pulumi.StringArrayOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.StringArrayOutput { return v.SupportedIdentityProviders }).(pulumi.StringArrayOutput) } @@ -691,7 +713,9 @@ func (o UserPoolClientOutput) UserPoolId() pulumi.StringOutput { return o.ApplyT(func(v *UserPoolClient) pulumi.StringOutput { return v.UserPoolId }).(pulumi.StringOutput) } -// The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. +// The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. +// +// An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. // // When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. // diff --git a/sdk/go/aws/cognito/userPoolDomain.go b/sdk/go/aws/cognito/userPoolDomain.go index 85944ac526..378c6ab8f5 100644 --- a/sdk/go/aws/cognito/userPoolDomain.go +++ b/sdk/go/aws/cognito/userPoolDomain.go @@ -20,17 +20,17 @@ type UserPoolDomain struct { AwsId pulumi.StringOutput `pulumi:"awsId"` // The Amazon CloudFront endpoint that you use as the target of the alias that you set up with your Domain Name Service (DNS) provider. CloudFrontDistribution pulumi.StringOutput `pulumi:"cloudFrontDistribution"` - // The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + // The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . // - // When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. - CustomDomainConfig UserPoolDomainCustomDomainConfigTypePtrOutput `pulumi:"customDomainConfig"` - // The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` . + // When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. // - // This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names. + // Update the RP ID in a `API_SetUserPoolMfaConfig` request. + CustomDomainConfig UserPoolDomainCustomDomainConfigTypePtrOutput `pulumi:"customDomainConfig"` + // The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` . Domain pulumi.StringOutput `pulumi:"domain"` // A version number that indicates the state of managed login for your domain. Version `1` is hosted UI (classic). Version `2` is the newer managed login with the branding designer. For more information, see [Managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . ManagedLoginVersion pulumi.IntPtrOutput `pulumi:"managedLoginVersion"` - // The ID of the user pool that is associated with the custom domain whose certificate you're updating. + // The ID of the user pool that is associated with the domain you're updating. UserPoolId pulumi.StringOutput `pulumi:"userPoolId"` } @@ -85,33 +85,33 @@ func (UserPoolDomainState) ElementType() reflect.Type { } type userPoolDomainArgs struct { - // The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + // The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . // - // When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. - CustomDomainConfig *UserPoolDomainCustomDomainConfigType `pulumi:"customDomainConfig"` - // The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` . + // When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. // - // This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names. + // Update the RP ID in a `API_SetUserPoolMfaConfig` request. + CustomDomainConfig *UserPoolDomainCustomDomainConfigType `pulumi:"customDomainConfig"` + // The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` . Domain string `pulumi:"domain"` // A version number that indicates the state of managed login for your domain. Version `1` is hosted UI (classic). Version `2` is the newer managed login with the branding designer. For more information, see [Managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . ManagedLoginVersion *int `pulumi:"managedLoginVersion"` - // The ID of the user pool that is associated with the custom domain whose certificate you're updating. + // The ID of the user pool that is associated with the domain you're updating. UserPoolId string `pulumi:"userPoolId"` } // The set of arguments for constructing a UserPoolDomain resource. type UserPoolDomainArgs struct { - // The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + // The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . // - // When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. - CustomDomainConfig UserPoolDomainCustomDomainConfigTypePtrInput - // The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` . + // When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. // - // This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names. + // Update the RP ID in a `API_SetUserPoolMfaConfig` request. + CustomDomainConfig UserPoolDomainCustomDomainConfigTypePtrInput + // The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` . Domain pulumi.StringInput // A version number that indicates the state of managed login for your domain. Version `1` is hosted UI (classic). Version `2` is the newer managed login with the branding designer. For more information, see [Managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . ManagedLoginVersion pulumi.IntPtrInput - // The ID of the user pool that is associated with the custom domain whose certificate you're updating. + // The ID of the user pool that is associated with the domain you're updating. UserPoolId pulumi.StringInput } @@ -162,16 +162,16 @@ func (o UserPoolDomainOutput) CloudFrontDistribution() pulumi.StringOutput { return o.ApplyT(func(v *UserPoolDomain) pulumi.StringOutput { return v.CloudFrontDistribution }).(pulumi.StringOutput) } -// The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. +// The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . // -// When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. +// When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. +// +// Update the RP ID in a `API_SetUserPoolMfaConfig` request. func (o UserPoolDomainOutput) CustomDomainConfig() UserPoolDomainCustomDomainConfigTypePtrOutput { return o.ApplyT(func(v *UserPoolDomain) UserPoolDomainCustomDomainConfigTypePtrOutput { return v.CustomDomainConfig }).(UserPoolDomainCustomDomainConfigTypePtrOutput) } -// The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` . -// -// This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names. +// The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` . func (o UserPoolDomainOutput) Domain() pulumi.StringOutput { return o.ApplyT(func(v *UserPoolDomain) pulumi.StringOutput { return v.Domain }).(pulumi.StringOutput) } @@ -181,7 +181,7 @@ func (o UserPoolDomainOutput) ManagedLoginVersion() pulumi.IntPtrOutput { return o.ApplyT(func(v *UserPoolDomain) pulumi.IntPtrOutput { return v.ManagedLoginVersion }).(pulumi.IntPtrOutput) } -// The ID of the user pool that is associated with the custom domain whose certificate you're updating. +// The ID of the user pool that is associated with the domain you're updating. func (o UserPoolDomainOutput) UserPoolId() pulumi.StringOutput { return o.ApplyT(func(v *UserPoolDomain) pulumi.StringOutput { return v.UserPoolId }).(pulumi.StringOutput) } diff --git a/sdk/go/aws/cognito/userPoolRiskConfigurationAttachment.go b/sdk/go/aws/cognito/userPoolRiskConfigurationAttachment.go index d302c5e1f6..fce91ec2e3 100644 --- a/sdk/go/aws/cognito/userPoolRiskConfigurationAttachment.go +++ b/sdk/go/aws/cognito/userPoolRiskConfigurationAttachment.go @@ -16,11 +16,11 @@ import ( type UserPoolRiskConfigurationAttachment struct { pulumi.CustomResourceState - // The settings for automated responses and notification templates for adaptive authentication with advanced security features. + // The settings for automated responses and notification templates for adaptive authentication with threat protection. AccountTakeoverRiskConfiguration UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypePtrOutput `pulumi:"accountTakeoverRiskConfiguration"` // The app client where this configuration is applied. When this parameter isn't present, the risk configuration applies to all user pool app clients that don't have client-level settings. ClientId pulumi.StringOutput `pulumi:"clientId"` - // Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + // Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. CompromisedCredentialsRiskConfiguration UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationTypePtrOutput `pulumi:"compromisedCredentialsRiskConfiguration"` // Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges. RiskExceptionConfiguration UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationTypePtrOutput `pulumi:"riskExceptionConfiguration"` @@ -79,11 +79,11 @@ func (UserPoolRiskConfigurationAttachmentState) ElementType() reflect.Type { } type userPoolRiskConfigurationAttachmentArgs struct { - // The settings for automated responses and notification templates for adaptive authentication with advanced security features. + // The settings for automated responses and notification templates for adaptive authentication with threat protection. AccountTakeoverRiskConfiguration *UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType `pulumi:"accountTakeoverRiskConfiguration"` // The app client where this configuration is applied. When this parameter isn't present, the risk configuration applies to all user pool app clients that don't have client-level settings. ClientId string `pulumi:"clientId"` - // Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + // Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. CompromisedCredentialsRiskConfiguration *UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType `pulumi:"compromisedCredentialsRiskConfiguration"` // Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges. RiskExceptionConfiguration *UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationType `pulumi:"riskExceptionConfiguration"` @@ -93,11 +93,11 @@ type userPoolRiskConfigurationAttachmentArgs struct { // The set of arguments for constructing a UserPoolRiskConfigurationAttachment resource. type UserPoolRiskConfigurationAttachmentArgs struct { - // The settings for automated responses and notification templates for adaptive authentication with advanced security features. + // The settings for automated responses and notification templates for adaptive authentication with threat protection. AccountTakeoverRiskConfiguration UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypePtrInput // The app client where this configuration is applied. When this parameter isn't present, the risk configuration applies to all user pool app clients that don't have client-level settings. ClientId pulumi.StringInput - // Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + // Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. CompromisedCredentialsRiskConfiguration UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationTypePtrInput // Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges. RiskExceptionConfiguration UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationTypePtrInput @@ -142,7 +142,7 @@ func (o UserPoolRiskConfigurationAttachmentOutput) ToUserPoolRiskConfigurationAt return o } -// The settings for automated responses and notification templates for adaptive authentication with advanced security features. +// The settings for automated responses and notification templates for adaptive authentication with threat protection. func (o UserPoolRiskConfigurationAttachmentOutput) AccountTakeoverRiskConfiguration() UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypePtrOutput { return o.ApplyT(func(v *UserPoolRiskConfigurationAttachment) UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypePtrOutput { return v.AccountTakeoverRiskConfiguration @@ -154,7 +154,7 @@ func (o UserPoolRiskConfigurationAttachmentOutput) ClientId() pulumi.StringOutpu return o.ApplyT(func(v *UserPoolRiskConfigurationAttachment) pulumi.StringOutput { return v.ClientId }).(pulumi.StringOutput) } -// Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. +// Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. func (o UserPoolRiskConfigurationAttachmentOutput) CompromisedCredentialsRiskConfiguration() UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationTypePtrOutput { return o.ApplyT(func(v *UserPoolRiskConfigurationAttachment) UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationTypePtrOutput { return v.CompromisedCredentialsRiskConfiguration diff --git a/sdk/go/aws/cognito/userPoolUiCustomizationAttachment.go b/sdk/go/aws/cognito/userPoolUiCustomizationAttachment.go index 2e4fd1cbca..c21d0029c7 100644 --- a/sdk/go/aws/cognito/userPoolUiCustomizationAttachment.go +++ b/sdk/go/aws/cognito/userPoolUiCustomizationAttachment.go @@ -18,9 +18,9 @@ type UserPoolUiCustomizationAttachment struct { // The app client ID for your UI customization. When this value isn't present, the customization applies to all user pool app clients that don't have client-level settings.. ClientId pulumi.StringOutput `pulumi:"clientId"` - // The CSS values in the UI customization. + // A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . Css pulumi.StringPtrOutput `pulumi:"css"` - // The ID of the user pool. + // The ID of the user pool where you want to apply branding to the classic hosted UI. UserPoolId pulumi.StringOutput `pulumi:"userPoolId"` } @@ -77,9 +77,9 @@ func (UserPoolUiCustomizationAttachmentState) ElementType() reflect.Type { type userPoolUiCustomizationAttachmentArgs struct { // The app client ID for your UI customization. When this value isn't present, the customization applies to all user pool app clients that don't have client-level settings.. ClientId string `pulumi:"clientId"` - // The CSS values in the UI customization. + // A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . Css *string `pulumi:"css"` - // The ID of the user pool. + // The ID of the user pool where you want to apply branding to the classic hosted UI. UserPoolId string `pulumi:"userPoolId"` } @@ -87,9 +87,9 @@ type userPoolUiCustomizationAttachmentArgs struct { type UserPoolUiCustomizationAttachmentArgs struct { // The app client ID for your UI customization. When this value isn't present, the customization applies to all user pool app clients that don't have client-level settings.. ClientId pulumi.StringInput - // The CSS values in the UI customization. + // A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . Css pulumi.StringPtrInput - // The ID of the user pool. + // The ID of the user pool where you want to apply branding to the classic hosted UI. UserPoolId pulumi.StringInput } @@ -135,12 +135,12 @@ func (o UserPoolUiCustomizationAttachmentOutput) ClientId() pulumi.StringOutput return o.ApplyT(func(v *UserPoolUiCustomizationAttachment) pulumi.StringOutput { return v.ClientId }).(pulumi.StringOutput) } -// The CSS values in the UI customization. +// A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . func (o UserPoolUiCustomizationAttachmentOutput) Css() pulumi.StringPtrOutput { return o.ApplyT(func(v *UserPoolUiCustomizationAttachment) pulumi.StringPtrOutput { return v.Css }).(pulumi.StringPtrOutput) } -// The ID of the user pool. +// The ID of the user pool where you want to apply branding to the classic hosted UI. func (o UserPoolUiCustomizationAttachmentOutput) UserPoolId() pulumi.StringOutput { return o.ApplyT(func(v *UserPoolUiCustomizationAttachment) pulumi.StringOutput { return v.UserPoolId }).(pulumi.StringOutput) } diff --git a/sdk/go/aws/cognito/userPoolUser.go b/sdk/go/aws/cognito/userPoolUser.go index c0ac4fb61d..66db7135b2 100644 --- a/sdk/go/aws/cognito/userPoolUser.go +++ b/sdk/go/aws/cognito/userPoolUser.go @@ -45,10 +45,12 @@ type UserPoolUser struct { // // You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` . // - // In your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) . + // In your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply: // - // - *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `"EMAIL"` is specified in the `DesiredDeliveryMediums` parameter. - // - *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `"SMS"` is specified in the `DesiredDeliveryMediums` parameter. + // - **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter. + // - **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter. + // + // You can also set attributes verified with `API_AdminUpdateUserAttributes` . UserAttributes UserPoolUserAttributeTypeArrayOutput `pulumi:"userAttributes"` // The ID of the user pool where you want to create a user. UserPoolId pulumi.StringOutput `pulumi:"userPoolId"` @@ -60,7 +62,7 @@ type UserPoolUser struct { Username pulumi.StringPtrOutput `pulumi:"username"` // Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. // - // Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. + // Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. // // For more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) . ValidationData UserPoolUserAttributeTypeArrayOutput `pulumi:"validationData"` @@ -149,10 +151,12 @@ type userPoolUserArgs struct { // // You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` . // - // In your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) . + // In your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply: + // + // - **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter. + // - **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter. // - // - *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `"EMAIL"` is specified in the `DesiredDeliveryMediums` parameter. - // - *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `"SMS"` is specified in the `DesiredDeliveryMediums` parameter. + // You can also set attributes verified with `API_AdminUpdateUserAttributes` . UserAttributes []UserPoolUserAttributeType `pulumi:"userAttributes"` // The ID of the user pool where you want to create a user. UserPoolId string `pulumi:"userPoolId"` @@ -164,7 +168,7 @@ type userPoolUserArgs struct { Username *string `pulumi:"username"` // Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. // - // Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. + // Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. // // For more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) . ValidationData []UserPoolUserAttributeType `pulumi:"validationData"` @@ -201,10 +205,12 @@ type UserPoolUserArgs struct { // // You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` . // - // In your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) . + // In your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply: // - // - *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `"EMAIL"` is specified in the `DesiredDeliveryMediums` parameter. - // - *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `"SMS"` is specified in the `DesiredDeliveryMediums` parameter. + // - **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter. + // - **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter. + // + // You can also set attributes verified with `API_AdminUpdateUserAttributes` . UserAttributes UserPoolUserAttributeTypeArrayInput // The ID of the user pool where you want to create a user. UserPoolId pulumi.StringInput @@ -216,7 +222,7 @@ type UserPoolUserArgs struct { Username pulumi.StringPtrInput // Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. // - // Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. + // Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. // // For more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) . ValidationData UserPoolUserAttributeTypeArrayInput @@ -300,10 +306,12 @@ func (o UserPoolUserOutput) MessageAction() pulumi.StringPtrOutput { // // You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` . // -// In your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) . +// In your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply: +// +// - **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter. +// - **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter. // -// - *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `"EMAIL"` is specified in the `DesiredDeliveryMediums` parameter. -// - *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `"SMS"` is specified in the `DesiredDeliveryMediums` parameter. +// You can also set attributes verified with `API_AdminUpdateUserAttributes` . func (o UserPoolUserOutput) UserAttributes() UserPoolUserAttributeTypeArrayOutput { return o.ApplyT(func(v *UserPoolUser) UserPoolUserAttributeTypeArrayOutput { return v.UserAttributes }).(UserPoolUserAttributeTypeArrayOutput) } @@ -324,7 +332,7 @@ func (o UserPoolUserOutput) Username() pulumi.StringPtrOutput { // Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. // -// Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. +// Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. // // For more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) . func (o UserPoolUserOutput) ValidationData() UserPoolUserAttributeTypeArrayOutput { diff --git a/sdk/go/aws/customerprofiles/eventTrigger.go b/sdk/go/aws/customerprofiles/eventTrigger.go new file mode 100644 index 0000000000..838736e9ea --- /dev/null +++ b/sdk/go/aws/customerprofiles/eventTrigger.go @@ -0,0 +1,192 @@ +// Code generated by pulumi-language-go DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package customerprofiles + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-aws-native/sdk/go/aws" + "github.com/pulumi/pulumi-aws-native/sdk/go/aws/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// An event trigger resource of Amazon Connect Customer Profiles +type EventTrigger struct { + pulumi.CustomResourceState + + // The timestamp of when the event trigger was created. + CreatedAt pulumi.StringOutput `pulumi:"createdAt"` + Description pulumi.StringPtrOutput `pulumi:"description"` + DomainName pulumi.StringOutput `pulumi:"domainName"` + EventTriggerConditions EventTriggerConditionArrayOutput `pulumi:"eventTriggerConditions"` + EventTriggerLimits EventTriggerLimitsPtrOutput `pulumi:"eventTriggerLimits"` + EventTriggerName pulumi.StringOutput `pulumi:"eventTriggerName"` + // The timestamp of when the event trigger was most recently updated. + LastUpdatedAt pulumi.StringOutput `pulumi:"lastUpdatedAt"` + ObjectTypeName pulumi.StringOutput `pulumi:"objectTypeName"` + SegmentFilter pulumi.StringPtrOutput `pulumi:"segmentFilter"` + Tags aws.TagArrayOutput `pulumi:"tags"` +} + +// NewEventTrigger registers a new resource with the given unique name, arguments, and options. +func NewEventTrigger(ctx *pulumi.Context, + name string, args *EventTriggerArgs, opts ...pulumi.ResourceOption) (*EventTrigger, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.DomainName == nil { + return nil, errors.New("invalid value for required argument 'DomainName'") + } + if args.EventTriggerConditions == nil { + return nil, errors.New("invalid value for required argument 'EventTriggerConditions'") + } + if args.ObjectTypeName == nil { + return nil, errors.New("invalid value for required argument 'ObjectTypeName'") + } + replaceOnChanges := pulumi.ReplaceOnChanges([]string{ + "domainName", + "eventTriggerName", + }) + opts = append(opts, replaceOnChanges) + opts = internal.PkgResourceDefaultOpts(opts) + var resource EventTrigger + err := ctx.RegisterResource("aws-native:customerprofiles:EventTrigger", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetEventTrigger gets an existing EventTrigger resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetEventTrigger(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *EventTriggerState, opts ...pulumi.ResourceOption) (*EventTrigger, error) { + var resource EventTrigger + err := ctx.ReadResource("aws-native:customerprofiles:EventTrigger", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering EventTrigger resources. +type eventTriggerState struct { +} + +type EventTriggerState struct { +} + +func (EventTriggerState) ElementType() reflect.Type { + return reflect.TypeOf((*eventTriggerState)(nil)).Elem() +} + +type eventTriggerArgs struct { + Description *string `pulumi:"description"` + DomainName string `pulumi:"domainName"` + EventTriggerConditions []EventTriggerCondition `pulumi:"eventTriggerConditions"` + EventTriggerLimits *EventTriggerLimits `pulumi:"eventTriggerLimits"` + EventTriggerName *string `pulumi:"eventTriggerName"` + ObjectTypeName string `pulumi:"objectTypeName"` + SegmentFilter *string `pulumi:"segmentFilter"` + Tags []aws.Tag `pulumi:"tags"` +} + +// The set of arguments for constructing a EventTrigger resource. +type EventTriggerArgs struct { + Description pulumi.StringPtrInput + DomainName pulumi.StringInput + EventTriggerConditions EventTriggerConditionArrayInput + EventTriggerLimits EventTriggerLimitsPtrInput + EventTriggerName pulumi.StringPtrInput + ObjectTypeName pulumi.StringInput + SegmentFilter pulumi.StringPtrInput + Tags aws.TagArrayInput +} + +func (EventTriggerArgs) ElementType() reflect.Type { + return reflect.TypeOf((*eventTriggerArgs)(nil)).Elem() +} + +type EventTriggerInput interface { + pulumi.Input + + ToEventTriggerOutput() EventTriggerOutput + ToEventTriggerOutputWithContext(ctx context.Context) EventTriggerOutput +} + +func (*EventTrigger) ElementType() reflect.Type { + return reflect.TypeOf((**EventTrigger)(nil)).Elem() +} + +func (i *EventTrigger) ToEventTriggerOutput() EventTriggerOutput { + return i.ToEventTriggerOutputWithContext(context.Background()) +} + +func (i *EventTrigger) ToEventTriggerOutputWithContext(ctx context.Context) EventTriggerOutput { + return pulumi.ToOutputWithContext(ctx, i).(EventTriggerOutput) +} + +type EventTriggerOutput struct{ *pulumi.OutputState } + +func (EventTriggerOutput) ElementType() reflect.Type { + return reflect.TypeOf((**EventTrigger)(nil)).Elem() +} + +func (o EventTriggerOutput) ToEventTriggerOutput() EventTriggerOutput { + return o +} + +func (o EventTriggerOutput) ToEventTriggerOutputWithContext(ctx context.Context) EventTriggerOutput { + return o +} + +// The timestamp of when the event trigger was created. +func (o EventTriggerOutput) CreatedAt() pulumi.StringOutput { + return o.ApplyT(func(v *EventTrigger) pulumi.StringOutput { return v.CreatedAt }).(pulumi.StringOutput) +} + +func (o EventTriggerOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v *EventTrigger) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) +} + +func (o EventTriggerOutput) DomainName() pulumi.StringOutput { + return o.ApplyT(func(v *EventTrigger) pulumi.StringOutput { return v.DomainName }).(pulumi.StringOutput) +} + +func (o EventTriggerOutput) EventTriggerConditions() EventTriggerConditionArrayOutput { + return o.ApplyT(func(v *EventTrigger) EventTriggerConditionArrayOutput { return v.EventTriggerConditions }).(EventTriggerConditionArrayOutput) +} + +func (o EventTriggerOutput) EventTriggerLimits() EventTriggerLimitsPtrOutput { + return o.ApplyT(func(v *EventTrigger) EventTriggerLimitsPtrOutput { return v.EventTriggerLimits }).(EventTriggerLimitsPtrOutput) +} + +func (o EventTriggerOutput) EventTriggerName() pulumi.StringOutput { + return o.ApplyT(func(v *EventTrigger) pulumi.StringOutput { return v.EventTriggerName }).(pulumi.StringOutput) +} + +// The timestamp of when the event trigger was most recently updated. +func (o EventTriggerOutput) LastUpdatedAt() pulumi.StringOutput { + return o.ApplyT(func(v *EventTrigger) pulumi.StringOutput { return v.LastUpdatedAt }).(pulumi.StringOutput) +} + +func (o EventTriggerOutput) ObjectTypeName() pulumi.StringOutput { + return o.ApplyT(func(v *EventTrigger) pulumi.StringOutput { return v.ObjectTypeName }).(pulumi.StringOutput) +} + +func (o EventTriggerOutput) SegmentFilter() pulumi.StringPtrOutput { + return o.ApplyT(func(v *EventTrigger) pulumi.StringPtrOutput { return v.SegmentFilter }).(pulumi.StringPtrOutput) +} + +func (o EventTriggerOutput) Tags() aws.TagArrayOutput { + return o.ApplyT(func(v *EventTrigger) aws.TagArrayOutput { return v.Tags }).(aws.TagArrayOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerInput)(nil)).Elem(), &EventTrigger{}) + pulumi.RegisterOutputType(EventTriggerOutput{}) +} diff --git a/sdk/go/aws/customerprofiles/getEventTrigger.go b/sdk/go/aws/customerprofiles/getEventTrigger.go new file mode 100644 index 0000000000..f50a9a8ebb --- /dev/null +++ b/sdk/go/aws/customerprofiles/getEventTrigger.go @@ -0,0 +1,112 @@ +// Code generated by pulumi-language-go DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package customerprofiles + +import ( + "context" + "reflect" + + "github.com/pulumi/pulumi-aws-native/sdk/go/aws" + "github.com/pulumi/pulumi-aws-native/sdk/go/aws/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// An event trigger resource of Amazon Connect Customer Profiles +func LookupEventTrigger(ctx *pulumi.Context, args *LookupEventTriggerArgs, opts ...pulumi.InvokeOption) (*LookupEventTriggerResult, error) { + opts = internal.PkgInvokeDefaultOpts(opts) + var rv LookupEventTriggerResult + err := ctx.Invoke("aws-native:customerprofiles:getEventTrigger", args, &rv, opts...) + if err != nil { + return nil, err + } + return &rv, nil +} + +type LookupEventTriggerArgs struct { + DomainName string `pulumi:"domainName"` + EventTriggerName string `pulumi:"eventTriggerName"` +} + +type LookupEventTriggerResult struct { + // The timestamp of when the event trigger was created. + CreatedAt *string `pulumi:"createdAt"` + Description *string `pulumi:"description"` + EventTriggerConditions []EventTriggerCondition `pulumi:"eventTriggerConditions"` + EventTriggerLimits *EventTriggerLimits `pulumi:"eventTriggerLimits"` + // The timestamp of when the event trigger was most recently updated. + LastUpdatedAt *string `pulumi:"lastUpdatedAt"` + ObjectTypeName *string `pulumi:"objectTypeName"` + SegmentFilter *string `pulumi:"segmentFilter"` + Tags []aws.Tag `pulumi:"tags"` +} + +func LookupEventTriggerOutput(ctx *pulumi.Context, args LookupEventTriggerOutputArgs, opts ...pulumi.InvokeOption) LookupEventTriggerResultOutput { + return pulumi.ToOutputWithContext(ctx.Context(), args). + ApplyT(func(v interface{}) (LookupEventTriggerResultOutput, error) { + args := v.(LookupEventTriggerArgs) + options := pulumi.InvokeOutputOptions{InvokeOptions: internal.PkgInvokeDefaultOpts(opts)} + return ctx.InvokeOutput("aws-native:customerprofiles:getEventTrigger", args, LookupEventTriggerResultOutput{}, options).(LookupEventTriggerResultOutput), nil + }).(LookupEventTriggerResultOutput) +} + +type LookupEventTriggerOutputArgs struct { + DomainName pulumi.StringInput `pulumi:"domainName"` + EventTriggerName pulumi.StringInput `pulumi:"eventTriggerName"` +} + +func (LookupEventTriggerOutputArgs) ElementType() reflect.Type { + return reflect.TypeOf((*LookupEventTriggerArgs)(nil)).Elem() +} + +type LookupEventTriggerResultOutput struct{ *pulumi.OutputState } + +func (LookupEventTriggerResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*LookupEventTriggerResult)(nil)).Elem() +} + +func (o LookupEventTriggerResultOutput) ToLookupEventTriggerResultOutput() LookupEventTriggerResultOutput { + return o +} + +func (o LookupEventTriggerResultOutput) ToLookupEventTriggerResultOutputWithContext(ctx context.Context) LookupEventTriggerResultOutput { + return o +} + +// The timestamp of when the event trigger was created. +func (o LookupEventTriggerResultOutput) CreatedAt() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupEventTriggerResult) *string { return v.CreatedAt }).(pulumi.StringPtrOutput) +} + +func (o LookupEventTriggerResultOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupEventTriggerResult) *string { return v.Description }).(pulumi.StringPtrOutput) +} + +func (o LookupEventTriggerResultOutput) EventTriggerConditions() EventTriggerConditionArrayOutput { + return o.ApplyT(func(v LookupEventTriggerResult) []EventTriggerCondition { return v.EventTriggerConditions }).(EventTriggerConditionArrayOutput) +} + +func (o LookupEventTriggerResultOutput) EventTriggerLimits() EventTriggerLimitsPtrOutput { + return o.ApplyT(func(v LookupEventTriggerResult) *EventTriggerLimits { return v.EventTriggerLimits }).(EventTriggerLimitsPtrOutput) +} + +// The timestamp of when the event trigger was most recently updated. +func (o LookupEventTriggerResultOutput) LastUpdatedAt() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupEventTriggerResult) *string { return v.LastUpdatedAt }).(pulumi.StringPtrOutput) +} + +func (o LookupEventTriggerResultOutput) ObjectTypeName() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupEventTriggerResult) *string { return v.ObjectTypeName }).(pulumi.StringPtrOutput) +} + +func (o LookupEventTriggerResultOutput) SegmentFilter() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupEventTriggerResult) *string { return v.SegmentFilter }).(pulumi.StringPtrOutput) +} + +func (o LookupEventTriggerResultOutput) Tags() aws.TagArrayOutput { + return o.ApplyT(func(v LookupEventTriggerResult) []aws.Tag { return v.Tags }).(aws.TagArrayOutput) +} + +func init() { + pulumi.RegisterOutputType(LookupEventTriggerResultOutput{}) +} diff --git a/sdk/go/aws/customerprofiles/init.go b/sdk/go/aws/customerprofiles/init.go index 465d27c28c..430cc60110 100644 --- a/sdk/go/aws/customerprofiles/init.go +++ b/sdk/go/aws/customerprofiles/init.go @@ -27,6 +27,8 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &Domain{} case "aws-native:customerprofiles:EventStream": r = &EventStream{} + case "aws-native:customerprofiles:EventTrigger": + r = &EventTrigger{} case "aws-native:customerprofiles:Integration": r = &Integration{} case "aws-native:customerprofiles:ObjectType": diff --git a/sdk/go/aws/customerprofiles/pulumiEnums.go b/sdk/go/aws/customerprofiles/pulumiEnums.go index 76850e8d6a..c6be105d34 100644 --- a/sdk/go/aws/customerprofiles/pulumiEnums.go +++ b/sdk/go/aws/customerprofiles/pulumiEnums.go @@ -1380,6 +1380,536 @@ func (o EventStreamStatusPtrOutput) ToStringPtrOutputWithContext(ctx context.Con }).(pulumi.StringPtrOutput) } +// The operator used to combine multiple dimensions. +type EventTriggerLogicalOperator string + +const ( + EventTriggerLogicalOperatorAny = EventTriggerLogicalOperator("ANY") + EventTriggerLogicalOperatorAll = EventTriggerLogicalOperator("ALL") + EventTriggerLogicalOperatorNone = EventTriggerLogicalOperator("NONE") +) + +func (EventTriggerLogicalOperator) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerLogicalOperator)(nil)).Elem() +} + +func (e EventTriggerLogicalOperator) ToEventTriggerLogicalOperatorOutput() EventTriggerLogicalOperatorOutput { + return pulumi.ToOutput(e).(EventTriggerLogicalOperatorOutput) +} + +func (e EventTriggerLogicalOperator) ToEventTriggerLogicalOperatorOutputWithContext(ctx context.Context) EventTriggerLogicalOperatorOutput { + return pulumi.ToOutputWithContext(ctx, e).(EventTriggerLogicalOperatorOutput) +} + +func (e EventTriggerLogicalOperator) ToEventTriggerLogicalOperatorPtrOutput() EventTriggerLogicalOperatorPtrOutput { + return e.ToEventTriggerLogicalOperatorPtrOutputWithContext(context.Background()) +} + +func (e EventTriggerLogicalOperator) ToEventTriggerLogicalOperatorPtrOutputWithContext(ctx context.Context) EventTriggerLogicalOperatorPtrOutput { + return EventTriggerLogicalOperator(e).ToEventTriggerLogicalOperatorOutputWithContext(ctx).ToEventTriggerLogicalOperatorPtrOutputWithContext(ctx) +} + +func (e EventTriggerLogicalOperator) ToStringOutput() pulumi.StringOutput { + return pulumi.ToOutput(pulumi.String(e)).(pulumi.StringOutput) +} + +func (e EventTriggerLogicalOperator) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput { + return pulumi.ToOutputWithContext(ctx, pulumi.String(e)).(pulumi.StringOutput) +} + +func (e EventTriggerLogicalOperator) ToStringPtrOutput() pulumi.StringPtrOutput { + return pulumi.String(e).ToStringPtrOutputWithContext(context.Background()) +} + +func (e EventTriggerLogicalOperator) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return pulumi.String(e).ToStringOutputWithContext(ctx).ToStringPtrOutputWithContext(ctx) +} + +type EventTriggerLogicalOperatorOutput struct{ *pulumi.OutputState } + +func (EventTriggerLogicalOperatorOutput) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerLogicalOperator)(nil)).Elem() +} + +func (o EventTriggerLogicalOperatorOutput) ToEventTriggerLogicalOperatorOutput() EventTriggerLogicalOperatorOutput { + return o +} + +func (o EventTriggerLogicalOperatorOutput) ToEventTriggerLogicalOperatorOutputWithContext(ctx context.Context) EventTriggerLogicalOperatorOutput { + return o +} + +func (o EventTriggerLogicalOperatorOutput) ToEventTriggerLogicalOperatorPtrOutput() EventTriggerLogicalOperatorPtrOutput { + return o.ToEventTriggerLogicalOperatorPtrOutputWithContext(context.Background()) +} + +func (o EventTriggerLogicalOperatorOutput) ToEventTriggerLogicalOperatorPtrOutputWithContext(ctx context.Context) EventTriggerLogicalOperatorPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v EventTriggerLogicalOperator) *EventTriggerLogicalOperator { + return &v + }).(EventTriggerLogicalOperatorPtrOutput) +} + +func (o EventTriggerLogicalOperatorOutput) ToStringOutput() pulumi.StringOutput { + return o.ToStringOutputWithContext(context.Background()) +} + +func (o EventTriggerLogicalOperatorOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e EventTriggerLogicalOperator) string { + return string(e) + }).(pulumi.StringOutput) +} + +func (o EventTriggerLogicalOperatorOutput) ToStringPtrOutput() pulumi.StringPtrOutput { + return o.ToStringPtrOutputWithContext(context.Background()) +} + +func (o EventTriggerLogicalOperatorOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e EventTriggerLogicalOperator) *string { + v := string(e) + return &v + }).(pulumi.StringPtrOutput) +} + +type EventTriggerLogicalOperatorPtrOutput struct{ *pulumi.OutputState } + +func (EventTriggerLogicalOperatorPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**EventTriggerLogicalOperator)(nil)).Elem() +} + +func (o EventTriggerLogicalOperatorPtrOutput) ToEventTriggerLogicalOperatorPtrOutput() EventTriggerLogicalOperatorPtrOutput { + return o +} + +func (o EventTriggerLogicalOperatorPtrOutput) ToEventTriggerLogicalOperatorPtrOutputWithContext(ctx context.Context) EventTriggerLogicalOperatorPtrOutput { + return o +} + +func (o EventTriggerLogicalOperatorPtrOutput) Elem() EventTriggerLogicalOperatorOutput { + return o.ApplyT(func(v *EventTriggerLogicalOperator) EventTriggerLogicalOperator { + if v != nil { + return *v + } + var ret EventTriggerLogicalOperator + return ret + }).(EventTriggerLogicalOperatorOutput) +} + +func (o EventTriggerLogicalOperatorPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput { + return o.ToStringPtrOutputWithContext(context.Background()) +} + +func (o EventTriggerLogicalOperatorPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e *EventTriggerLogicalOperator) *string { + if e == nil { + return nil + } + v := string(*e) + return &v + }).(pulumi.StringPtrOutput) +} + +// EventTriggerLogicalOperatorInput is an input type that accepts values of the EventTriggerLogicalOperator enum +// A concrete instance of `EventTriggerLogicalOperatorInput` can be one of the following: +// +// EventTriggerLogicalOperatorAny +// EventTriggerLogicalOperatorAll +// EventTriggerLogicalOperatorNone +type EventTriggerLogicalOperatorInput interface { + pulumi.Input + + ToEventTriggerLogicalOperatorOutput() EventTriggerLogicalOperatorOutput + ToEventTriggerLogicalOperatorOutputWithContext(context.Context) EventTriggerLogicalOperatorOutput +} + +var eventTriggerLogicalOperatorPtrType = reflect.TypeOf((**EventTriggerLogicalOperator)(nil)).Elem() + +type EventTriggerLogicalOperatorPtrInput interface { + pulumi.Input + + ToEventTriggerLogicalOperatorPtrOutput() EventTriggerLogicalOperatorPtrOutput + ToEventTriggerLogicalOperatorPtrOutputWithContext(context.Context) EventTriggerLogicalOperatorPtrOutput +} + +type eventTriggerLogicalOperatorPtr string + +func EventTriggerLogicalOperatorPtr(v string) EventTriggerLogicalOperatorPtrInput { + return (*eventTriggerLogicalOperatorPtr)(&v) +} + +func (*eventTriggerLogicalOperatorPtr) ElementType() reflect.Type { + return eventTriggerLogicalOperatorPtrType +} + +func (in *eventTriggerLogicalOperatorPtr) ToEventTriggerLogicalOperatorPtrOutput() EventTriggerLogicalOperatorPtrOutput { + return pulumi.ToOutput(in).(EventTriggerLogicalOperatorPtrOutput) +} + +func (in *eventTriggerLogicalOperatorPtr) ToEventTriggerLogicalOperatorPtrOutputWithContext(ctx context.Context) EventTriggerLogicalOperatorPtrOutput { + return pulumi.ToOutputWithContext(ctx, in).(EventTriggerLogicalOperatorPtrOutput) +} + +// The operator used to compare an attribute against a list of values. +type EventTriggerObjectAttributeComparisonOperator string + +const ( + EventTriggerObjectAttributeComparisonOperatorInclusive = EventTriggerObjectAttributeComparisonOperator("INCLUSIVE") + EventTriggerObjectAttributeComparisonOperatorExclusive = EventTriggerObjectAttributeComparisonOperator("EXCLUSIVE") + EventTriggerObjectAttributeComparisonOperatorContains = EventTriggerObjectAttributeComparisonOperator("CONTAINS") + EventTriggerObjectAttributeComparisonOperatorBeginsWith = EventTriggerObjectAttributeComparisonOperator("BEGINS_WITH") + EventTriggerObjectAttributeComparisonOperatorEndsWith = EventTriggerObjectAttributeComparisonOperator("ENDS_WITH") + EventTriggerObjectAttributeComparisonOperatorGreaterThan = EventTriggerObjectAttributeComparisonOperator("GREATER_THAN") + EventTriggerObjectAttributeComparisonOperatorLessThan = EventTriggerObjectAttributeComparisonOperator("LESS_THAN") + EventTriggerObjectAttributeComparisonOperatorGreaterThanOrEqual = EventTriggerObjectAttributeComparisonOperator("GREATER_THAN_OR_EQUAL") + EventTriggerObjectAttributeComparisonOperatorLessThanOrEqual = EventTriggerObjectAttributeComparisonOperator("LESS_THAN_OR_EQUAL") + EventTriggerObjectAttributeComparisonOperatorEqual = EventTriggerObjectAttributeComparisonOperator("EQUAL") + EventTriggerObjectAttributeComparisonOperatorBefore = EventTriggerObjectAttributeComparisonOperator("BEFORE") + EventTriggerObjectAttributeComparisonOperatorAfter = EventTriggerObjectAttributeComparisonOperator("AFTER") + EventTriggerObjectAttributeComparisonOperatorOn = EventTriggerObjectAttributeComparisonOperator("ON") + EventTriggerObjectAttributeComparisonOperatorBetween = EventTriggerObjectAttributeComparisonOperator("BETWEEN") + EventTriggerObjectAttributeComparisonOperatorNotBetween = EventTriggerObjectAttributeComparisonOperator("NOT_BETWEEN") +) + +func (EventTriggerObjectAttributeComparisonOperator) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerObjectAttributeComparisonOperator)(nil)).Elem() +} + +func (e EventTriggerObjectAttributeComparisonOperator) ToEventTriggerObjectAttributeComparisonOperatorOutput() EventTriggerObjectAttributeComparisonOperatorOutput { + return pulumi.ToOutput(e).(EventTriggerObjectAttributeComparisonOperatorOutput) +} + +func (e EventTriggerObjectAttributeComparisonOperator) ToEventTriggerObjectAttributeComparisonOperatorOutputWithContext(ctx context.Context) EventTriggerObjectAttributeComparisonOperatorOutput { + return pulumi.ToOutputWithContext(ctx, e).(EventTriggerObjectAttributeComparisonOperatorOutput) +} + +func (e EventTriggerObjectAttributeComparisonOperator) ToEventTriggerObjectAttributeComparisonOperatorPtrOutput() EventTriggerObjectAttributeComparisonOperatorPtrOutput { + return e.ToEventTriggerObjectAttributeComparisonOperatorPtrOutputWithContext(context.Background()) +} + +func (e EventTriggerObjectAttributeComparisonOperator) ToEventTriggerObjectAttributeComparisonOperatorPtrOutputWithContext(ctx context.Context) EventTriggerObjectAttributeComparisonOperatorPtrOutput { + return EventTriggerObjectAttributeComparisonOperator(e).ToEventTriggerObjectAttributeComparisonOperatorOutputWithContext(ctx).ToEventTriggerObjectAttributeComparisonOperatorPtrOutputWithContext(ctx) +} + +func (e EventTriggerObjectAttributeComparisonOperator) ToStringOutput() pulumi.StringOutput { + return pulumi.ToOutput(pulumi.String(e)).(pulumi.StringOutput) +} + +func (e EventTriggerObjectAttributeComparisonOperator) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput { + return pulumi.ToOutputWithContext(ctx, pulumi.String(e)).(pulumi.StringOutput) +} + +func (e EventTriggerObjectAttributeComparisonOperator) ToStringPtrOutput() pulumi.StringPtrOutput { + return pulumi.String(e).ToStringPtrOutputWithContext(context.Background()) +} + +func (e EventTriggerObjectAttributeComparisonOperator) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return pulumi.String(e).ToStringOutputWithContext(ctx).ToStringPtrOutputWithContext(ctx) +} + +type EventTriggerObjectAttributeComparisonOperatorOutput struct{ *pulumi.OutputState } + +func (EventTriggerObjectAttributeComparisonOperatorOutput) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerObjectAttributeComparisonOperator)(nil)).Elem() +} + +func (o EventTriggerObjectAttributeComparisonOperatorOutput) ToEventTriggerObjectAttributeComparisonOperatorOutput() EventTriggerObjectAttributeComparisonOperatorOutput { + return o +} + +func (o EventTriggerObjectAttributeComparisonOperatorOutput) ToEventTriggerObjectAttributeComparisonOperatorOutputWithContext(ctx context.Context) EventTriggerObjectAttributeComparisonOperatorOutput { + return o +} + +func (o EventTriggerObjectAttributeComparisonOperatorOutput) ToEventTriggerObjectAttributeComparisonOperatorPtrOutput() EventTriggerObjectAttributeComparisonOperatorPtrOutput { + return o.ToEventTriggerObjectAttributeComparisonOperatorPtrOutputWithContext(context.Background()) +} + +func (o EventTriggerObjectAttributeComparisonOperatorOutput) ToEventTriggerObjectAttributeComparisonOperatorPtrOutputWithContext(ctx context.Context) EventTriggerObjectAttributeComparisonOperatorPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v EventTriggerObjectAttributeComparisonOperator) *EventTriggerObjectAttributeComparisonOperator { + return &v + }).(EventTriggerObjectAttributeComparisonOperatorPtrOutput) +} + +func (o EventTriggerObjectAttributeComparisonOperatorOutput) ToStringOutput() pulumi.StringOutput { + return o.ToStringOutputWithContext(context.Background()) +} + +func (o EventTriggerObjectAttributeComparisonOperatorOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e EventTriggerObjectAttributeComparisonOperator) string { + return string(e) + }).(pulumi.StringOutput) +} + +func (o EventTriggerObjectAttributeComparisonOperatorOutput) ToStringPtrOutput() pulumi.StringPtrOutput { + return o.ToStringPtrOutputWithContext(context.Background()) +} + +func (o EventTriggerObjectAttributeComparisonOperatorOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e EventTriggerObjectAttributeComparisonOperator) *string { + v := string(e) + return &v + }).(pulumi.StringPtrOutput) +} + +type EventTriggerObjectAttributeComparisonOperatorPtrOutput struct{ *pulumi.OutputState } + +func (EventTriggerObjectAttributeComparisonOperatorPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**EventTriggerObjectAttributeComparisonOperator)(nil)).Elem() +} + +func (o EventTriggerObjectAttributeComparisonOperatorPtrOutput) ToEventTriggerObjectAttributeComparisonOperatorPtrOutput() EventTriggerObjectAttributeComparisonOperatorPtrOutput { + return o +} + +func (o EventTriggerObjectAttributeComparisonOperatorPtrOutput) ToEventTriggerObjectAttributeComparisonOperatorPtrOutputWithContext(ctx context.Context) EventTriggerObjectAttributeComparisonOperatorPtrOutput { + return o +} + +func (o EventTriggerObjectAttributeComparisonOperatorPtrOutput) Elem() EventTriggerObjectAttributeComparisonOperatorOutput { + return o.ApplyT(func(v *EventTriggerObjectAttributeComparisonOperator) EventTriggerObjectAttributeComparisonOperator { + if v != nil { + return *v + } + var ret EventTriggerObjectAttributeComparisonOperator + return ret + }).(EventTriggerObjectAttributeComparisonOperatorOutput) +} + +func (o EventTriggerObjectAttributeComparisonOperatorPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput { + return o.ToStringPtrOutputWithContext(context.Background()) +} + +func (o EventTriggerObjectAttributeComparisonOperatorPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e *EventTriggerObjectAttributeComparisonOperator) *string { + if e == nil { + return nil + } + v := string(*e) + return &v + }).(pulumi.StringPtrOutput) +} + +// EventTriggerObjectAttributeComparisonOperatorInput is an input type that accepts values of the EventTriggerObjectAttributeComparisonOperator enum +// A concrete instance of `EventTriggerObjectAttributeComparisonOperatorInput` can be one of the following: +// +// EventTriggerObjectAttributeComparisonOperatorInclusive +// EventTriggerObjectAttributeComparisonOperatorExclusive +// EventTriggerObjectAttributeComparisonOperatorContains +// EventTriggerObjectAttributeComparisonOperatorBeginsWith +// EventTriggerObjectAttributeComparisonOperatorEndsWith +// EventTriggerObjectAttributeComparisonOperatorGreaterThan +// EventTriggerObjectAttributeComparisonOperatorLessThan +// EventTriggerObjectAttributeComparisonOperatorGreaterThanOrEqual +// EventTriggerObjectAttributeComparisonOperatorLessThanOrEqual +// EventTriggerObjectAttributeComparisonOperatorEqual +// EventTriggerObjectAttributeComparisonOperatorBefore +// EventTriggerObjectAttributeComparisonOperatorAfter +// EventTriggerObjectAttributeComparisonOperatorOn +// EventTriggerObjectAttributeComparisonOperatorBetween +// EventTriggerObjectAttributeComparisonOperatorNotBetween +type EventTriggerObjectAttributeComparisonOperatorInput interface { + pulumi.Input + + ToEventTriggerObjectAttributeComparisonOperatorOutput() EventTriggerObjectAttributeComparisonOperatorOutput + ToEventTriggerObjectAttributeComparisonOperatorOutputWithContext(context.Context) EventTriggerObjectAttributeComparisonOperatorOutput +} + +var eventTriggerObjectAttributeComparisonOperatorPtrType = reflect.TypeOf((**EventTriggerObjectAttributeComparisonOperator)(nil)).Elem() + +type EventTriggerObjectAttributeComparisonOperatorPtrInput interface { + pulumi.Input + + ToEventTriggerObjectAttributeComparisonOperatorPtrOutput() EventTriggerObjectAttributeComparisonOperatorPtrOutput + ToEventTriggerObjectAttributeComparisonOperatorPtrOutputWithContext(context.Context) EventTriggerObjectAttributeComparisonOperatorPtrOutput +} + +type eventTriggerObjectAttributeComparisonOperatorPtr string + +func EventTriggerObjectAttributeComparisonOperatorPtr(v string) EventTriggerObjectAttributeComparisonOperatorPtrInput { + return (*eventTriggerObjectAttributeComparisonOperatorPtr)(&v) +} + +func (*eventTriggerObjectAttributeComparisonOperatorPtr) ElementType() reflect.Type { + return eventTriggerObjectAttributeComparisonOperatorPtrType +} + +func (in *eventTriggerObjectAttributeComparisonOperatorPtr) ToEventTriggerObjectAttributeComparisonOperatorPtrOutput() EventTriggerObjectAttributeComparisonOperatorPtrOutput { + return pulumi.ToOutput(in).(EventTriggerObjectAttributeComparisonOperatorPtrOutput) +} + +func (in *eventTriggerObjectAttributeComparisonOperatorPtr) ToEventTriggerObjectAttributeComparisonOperatorPtrOutputWithContext(ctx context.Context) EventTriggerObjectAttributeComparisonOperatorPtrOutput { + return pulumi.ToOutputWithContext(ctx, in).(EventTriggerObjectAttributeComparisonOperatorPtrOutput) +} + +// The unit of time. +type EventTriggerPeriodUnit string + +const ( + EventTriggerPeriodUnitHours = EventTriggerPeriodUnit("HOURS") + EventTriggerPeriodUnitDays = EventTriggerPeriodUnit("DAYS") + EventTriggerPeriodUnitWeeks = EventTriggerPeriodUnit("WEEKS") + EventTriggerPeriodUnitMonths = EventTriggerPeriodUnit("MONTHS") +) + +func (EventTriggerPeriodUnit) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerPeriodUnit)(nil)).Elem() +} + +func (e EventTriggerPeriodUnit) ToEventTriggerPeriodUnitOutput() EventTriggerPeriodUnitOutput { + return pulumi.ToOutput(e).(EventTriggerPeriodUnitOutput) +} + +func (e EventTriggerPeriodUnit) ToEventTriggerPeriodUnitOutputWithContext(ctx context.Context) EventTriggerPeriodUnitOutput { + return pulumi.ToOutputWithContext(ctx, e).(EventTriggerPeriodUnitOutput) +} + +func (e EventTriggerPeriodUnit) ToEventTriggerPeriodUnitPtrOutput() EventTriggerPeriodUnitPtrOutput { + return e.ToEventTriggerPeriodUnitPtrOutputWithContext(context.Background()) +} + +func (e EventTriggerPeriodUnit) ToEventTriggerPeriodUnitPtrOutputWithContext(ctx context.Context) EventTriggerPeriodUnitPtrOutput { + return EventTriggerPeriodUnit(e).ToEventTriggerPeriodUnitOutputWithContext(ctx).ToEventTriggerPeriodUnitPtrOutputWithContext(ctx) +} + +func (e EventTriggerPeriodUnit) ToStringOutput() pulumi.StringOutput { + return pulumi.ToOutput(pulumi.String(e)).(pulumi.StringOutput) +} + +func (e EventTriggerPeriodUnit) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput { + return pulumi.ToOutputWithContext(ctx, pulumi.String(e)).(pulumi.StringOutput) +} + +func (e EventTriggerPeriodUnit) ToStringPtrOutput() pulumi.StringPtrOutput { + return pulumi.String(e).ToStringPtrOutputWithContext(context.Background()) +} + +func (e EventTriggerPeriodUnit) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return pulumi.String(e).ToStringOutputWithContext(ctx).ToStringPtrOutputWithContext(ctx) +} + +type EventTriggerPeriodUnitOutput struct{ *pulumi.OutputState } + +func (EventTriggerPeriodUnitOutput) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerPeriodUnit)(nil)).Elem() +} + +func (o EventTriggerPeriodUnitOutput) ToEventTriggerPeriodUnitOutput() EventTriggerPeriodUnitOutput { + return o +} + +func (o EventTriggerPeriodUnitOutput) ToEventTriggerPeriodUnitOutputWithContext(ctx context.Context) EventTriggerPeriodUnitOutput { + return o +} + +func (o EventTriggerPeriodUnitOutput) ToEventTriggerPeriodUnitPtrOutput() EventTriggerPeriodUnitPtrOutput { + return o.ToEventTriggerPeriodUnitPtrOutputWithContext(context.Background()) +} + +func (o EventTriggerPeriodUnitOutput) ToEventTriggerPeriodUnitPtrOutputWithContext(ctx context.Context) EventTriggerPeriodUnitPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v EventTriggerPeriodUnit) *EventTriggerPeriodUnit { + return &v + }).(EventTriggerPeriodUnitPtrOutput) +} + +func (o EventTriggerPeriodUnitOutput) ToStringOutput() pulumi.StringOutput { + return o.ToStringOutputWithContext(context.Background()) +} + +func (o EventTriggerPeriodUnitOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e EventTriggerPeriodUnit) string { + return string(e) + }).(pulumi.StringOutput) +} + +func (o EventTriggerPeriodUnitOutput) ToStringPtrOutput() pulumi.StringPtrOutput { + return o.ToStringPtrOutputWithContext(context.Background()) +} + +func (o EventTriggerPeriodUnitOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e EventTriggerPeriodUnit) *string { + v := string(e) + return &v + }).(pulumi.StringPtrOutput) +} + +type EventTriggerPeriodUnitPtrOutput struct{ *pulumi.OutputState } + +func (EventTriggerPeriodUnitPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**EventTriggerPeriodUnit)(nil)).Elem() +} + +func (o EventTriggerPeriodUnitPtrOutput) ToEventTriggerPeriodUnitPtrOutput() EventTriggerPeriodUnitPtrOutput { + return o +} + +func (o EventTriggerPeriodUnitPtrOutput) ToEventTriggerPeriodUnitPtrOutputWithContext(ctx context.Context) EventTriggerPeriodUnitPtrOutput { + return o +} + +func (o EventTriggerPeriodUnitPtrOutput) Elem() EventTriggerPeriodUnitOutput { + return o.ApplyT(func(v *EventTriggerPeriodUnit) EventTriggerPeriodUnit { + if v != nil { + return *v + } + var ret EventTriggerPeriodUnit + return ret + }).(EventTriggerPeriodUnitOutput) +} + +func (o EventTriggerPeriodUnitPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput { + return o.ToStringPtrOutputWithContext(context.Background()) +} + +func (o EventTriggerPeriodUnitPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e *EventTriggerPeriodUnit) *string { + if e == nil { + return nil + } + v := string(*e) + return &v + }).(pulumi.StringPtrOutput) +} + +// EventTriggerPeriodUnitInput is an input type that accepts values of the EventTriggerPeriodUnit enum +// A concrete instance of `EventTriggerPeriodUnitInput` can be one of the following: +// +// EventTriggerPeriodUnitHours +// EventTriggerPeriodUnitDays +// EventTriggerPeriodUnitWeeks +// EventTriggerPeriodUnitMonths +type EventTriggerPeriodUnitInput interface { + pulumi.Input + + ToEventTriggerPeriodUnitOutput() EventTriggerPeriodUnitOutput + ToEventTriggerPeriodUnitOutputWithContext(context.Context) EventTriggerPeriodUnitOutput +} + +var eventTriggerPeriodUnitPtrType = reflect.TypeOf((**EventTriggerPeriodUnit)(nil)).Elem() + +type EventTriggerPeriodUnitPtrInput interface { + pulumi.Input + + ToEventTriggerPeriodUnitPtrOutput() EventTriggerPeriodUnitPtrOutput + ToEventTriggerPeriodUnitPtrOutputWithContext(context.Context) EventTriggerPeriodUnitPtrOutput +} + +type eventTriggerPeriodUnitPtr string + +func EventTriggerPeriodUnitPtr(v string) EventTriggerPeriodUnitPtrInput { + return (*eventTriggerPeriodUnitPtr)(&v) +} + +func (*eventTriggerPeriodUnitPtr) ElementType() reflect.Type { + return eventTriggerPeriodUnitPtrType +} + +func (in *eventTriggerPeriodUnitPtr) ToEventTriggerPeriodUnitPtrOutput() EventTriggerPeriodUnitPtrOutput { + return pulumi.ToOutput(in).(EventTriggerPeriodUnitPtrOutput) +} + +func (in *eventTriggerPeriodUnitPtr) ToEventTriggerPeriodUnitPtrOutputWithContext(ctx context.Context) EventTriggerPeriodUnitPtrOutput { + return pulumi.ToOutputWithContext(ctx, in).(EventTriggerPeriodUnitPtrOutput) +} + type IntegrationConnectorType string const ( @@ -4514,6 +5044,12 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*DomainJobScheduleDayOfTheWeekPtrInput)(nil)).Elem(), DomainJobScheduleDayOfTheWeek("SUNDAY")) pulumi.RegisterInputType(reflect.TypeOf((*DomainRuleBasedMatchingStatusInput)(nil)).Elem(), DomainRuleBasedMatchingStatus("PENDING")) pulumi.RegisterInputType(reflect.TypeOf((*DomainRuleBasedMatchingStatusPtrInput)(nil)).Elem(), DomainRuleBasedMatchingStatus("PENDING")) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerLogicalOperatorInput)(nil)).Elem(), EventTriggerLogicalOperator("ANY")) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerLogicalOperatorPtrInput)(nil)).Elem(), EventTriggerLogicalOperator("ANY")) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerObjectAttributeComparisonOperatorInput)(nil)).Elem(), EventTriggerObjectAttributeComparisonOperator("INCLUSIVE")) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerObjectAttributeComparisonOperatorPtrInput)(nil)).Elem(), EventTriggerObjectAttributeComparisonOperator("INCLUSIVE")) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerPeriodUnitInput)(nil)).Elem(), EventTriggerPeriodUnit("HOURS")) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerPeriodUnitPtrInput)(nil)).Elem(), EventTriggerPeriodUnit("HOURS")) pulumi.RegisterInputType(reflect.TypeOf((*IntegrationConnectorTypeInput)(nil)).Elem(), IntegrationConnectorType("Salesforce")) pulumi.RegisterInputType(reflect.TypeOf((*IntegrationConnectorTypePtrInput)(nil)).Elem(), IntegrationConnectorType("Salesforce")) pulumi.RegisterInputType(reflect.TypeOf((*IntegrationMarketoConnectorOperatorInput)(nil)).Elem(), IntegrationMarketoConnectorOperator("PROJECTION")) @@ -4567,6 +5103,12 @@ func init() { pulumi.RegisterOutputType(EventStreamStateEnumPtrOutput{}) pulumi.RegisterOutputType(EventStreamStatusOutput{}) pulumi.RegisterOutputType(EventStreamStatusPtrOutput{}) + pulumi.RegisterOutputType(EventTriggerLogicalOperatorOutput{}) + pulumi.RegisterOutputType(EventTriggerLogicalOperatorPtrOutput{}) + pulumi.RegisterOutputType(EventTriggerObjectAttributeComparisonOperatorOutput{}) + pulumi.RegisterOutputType(EventTriggerObjectAttributeComparisonOperatorPtrOutput{}) + pulumi.RegisterOutputType(EventTriggerPeriodUnitOutput{}) + pulumi.RegisterOutputType(EventTriggerPeriodUnitPtrOutput{}) pulumi.RegisterOutputType(IntegrationConnectorTypeOutput{}) pulumi.RegisterOutputType(IntegrationConnectorTypePtrOutput{}) pulumi.RegisterOutputType(IntegrationMarketoConnectorOperatorOutput{}) diff --git a/sdk/go/aws/customerprofiles/pulumiTypes.go b/sdk/go/aws/customerprofiles/pulumiTypes.go index 067caeb55d..45003f257d 100644 --- a/sdk/go/aws/customerprofiles/pulumiTypes.go +++ b/sdk/go/aws/customerprofiles/pulumiTypes.go @@ -2652,6 +2652,621 @@ type EventStreamTag struct { Value string `pulumi:"value"` } +// Specifies the circumstances under which the event should trigger the destination. +type EventTriggerCondition struct { + EventTriggerDimensions []EventTriggerDimension `pulumi:"eventTriggerDimensions"` + LogicalOperator EventTriggerLogicalOperator `pulumi:"logicalOperator"` +} + +// EventTriggerConditionInput is an input type that accepts EventTriggerConditionArgs and EventTriggerConditionOutput values. +// You can construct a concrete instance of `EventTriggerConditionInput` via: +// +// EventTriggerConditionArgs{...} +type EventTriggerConditionInput interface { + pulumi.Input + + ToEventTriggerConditionOutput() EventTriggerConditionOutput + ToEventTriggerConditionOutputWithContext(context.Context) EventTriggerConditionOutput +} + +// Specifies the circumstances under which the event should trigger the destination. +type EventTriggerConditionArgs struct { + EventTriggerDimensions EventTriggerDimensionArrayInput `pulumi:"eventTriggerDimensions"` + LogicalOperator EventTriggerLogicalOperatorInput `pulumi:"logicalOperator"` +} + +func (EventTriggerConditionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerCondition)(nil)).Elem() +} + +func (i EventTriggerConditionArgs) ToEventTriggerConditionOutput() EventTriggerConditionOutput { + return i.ToEventTriggerConditionOutputWithContext(context.Background()) +} + +func (i EventTriggerConditionArgs) ToEventTriggerConditionOutputWithContext(ctx context.Context) EventTriggerConditionOutput { + return pulumi.ToOutputWithContext(ctx, i).(EventTriggerConditionOutput) +} + +// EventTriggerConditionArrayInput is an input type that accepts EventTriggerConditionArray and EventTriggerConditionArrayOutput values. +// You can construct a concrete instance of `EventTriggerConditionArrayInput` via: +// +// EventTriggerConditionArray{ EventTriggerConditionArgs{...} } +type EventTriggerConditionArrayInput interface { + pulumi.Input + + ToEventTriggerConditionArrayOutput() EventTriggerConditionArrayOutput + ToEventTriggerConditionArrayOutputWithContext(context.Context) EventTriggerConditionArrayOutput +} + +type EventTriggerConditionArray []EventTriggerConditionInput + +func (EventTriggerConditionArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]EventTriggerCondition)(nil)).Elem() +} + +func (i EventTriggerConditionArray) ToEventTriggerConditionArrayOutput() EventTriggerConditionArrayOutput { + return i.ToEventTriggerConditionArrayOutputWithContext(context.Background()) +} + +func (i EventTriggerConditionArray) ToEventTriggerConditionArrayOutputWithContext(ctx context.Context) EventTriggerConditionArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(EventTriggerConditionArrayOutput) +} + +// Specifies the circumstances under which the event should trigger the destination. +type EventTriggerConditionOutput struct{ *pulumi.OutputState } + +func (EventTriggerConditionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerCondition)(nil)).Elem() +} + +func (o EventTriggerConditionOutput) ToEventTriggerConditionOutput() EventTriggerConditionOutput { + return o +} + +func (o EventTriggerConditionOutput) ToEventTriggerConditionOutputWithContext(ctx context.Context) EventTriggerConditionOutput { + return o +} + +func (o EventTriggerConditionOutput) EventTriggerDimensions() EventTriggerDimensionArrayOutput { + return o.ApplyT(func(v EventTriggerCondition) []EventTriggerDimension { return v.EventTriggerDimensions }).(EventTriggerDimensionArrayOutput) +} + +func (o EventTriggerConditionOutput) LogicalOperator() EventTriggerLogicalOperatorOutput { + return o.ApplyT(func(v EventTriggerCondition) EventTriggerLogicalOperator { return v.LogicalOperator }).(EventTriggerLogicalOperatorOutput) +} + +type EventTriggerConditionArrayOutput struct{ *pulumi.OutputState } + +func (EventTriggerConditionArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]EventTriggerCondition)(nil)).Elem() +} + +func (o EventTriggerConditionArrayOutput) ToEventTriggerConditionArrayOutput() EventTriggerConditionArrayOutput { + return o +} + +func (o EventTriggerConditionArrayOutput) ToEventTriggerConditionArrayOutputWithContext(ctx context.Context) EventTriggerConditionArrayOutput { + return o +} + +func (o EventTriggerConditionArrayOutput) Index(i pulumi.IntInput) EventTriggerConditionOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) EventTriggerCondition { + return vs[0].([]EventTriggerCondition)[vs[1].(int)] + }).(EventTriggerConditionOutput) +} + +// A specific event dimension to be assessed. +type EventTriggerDimension struct { + ObjectAttributes []EventTriggerObjectAttribute `pulumi:"objectAttributes"` +} + +// EventTriggerDimensionInput is an input type that accepts EventTriggerDimensionArgs and EventTriggerDimensionOutput values. +// You can construct a concrete instance of `EventTriggerDimensionInput` via: +// +// EventTriggerDimensionArgs{...} +type EventTriggerDimensionInput interface { + pulumi.Input + + ToEventTriggerDimensionOutput() EventTriggerDimensionOutput + ToEventTriggerDimensionOutputWithContext(context.Context) EventTriggerDimensionOutput +} + +// A specific event dimension to be assessed. +type EventTriggerDimensionArgs struct { + ObjectAttributes EventTriggerObjectAttributeArrayInput `pulumi:"objectAttributes"` +} + +func (EventTriggerDimensionArgs) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerDimension)(nil)).Elem() +} + +func (i EventTriggerDimensionArgs) ToEventTriggerDimensionOutput() EventTriggerDimensionOutput { + return i.ToEventTriggerDimensionOutputWithContext(context.Background()) +} + +func (i EventTriggerDimensionArgs) ToEventTriggerDimensionOutputWithContext(ctx context.Context) EventTriggerDimensionOutput { + return pulumi.ToOutputWithContext(ctx, i).(EventTriggerDimensionOutput) +} + +// EventTriggerDimensionArrayInput is an input type that accepts EventTriggerDimensionArray and EventTriggerDimensionArrayOutput values. +// You can construct a concrete instance of `EventTriggerDimensionArrayInput` via: +// +// EventTriggerDimensionArray{ EventTriggerDimensionArgs{...} } +type EventTriggerDimensionArrayInput interface { + pulumi.Input + + ToEventTriggerDimensionArrayOutput() EventTriggerDimensionArrayOutput + ToEventTriggerDimensionArrayOutputWithContext(context.Context) EventTriggerDimensionArrayOutput +} + +type EventTriggerDimensionArray []EventTriggerDimensionInput + +func (EventTriggerDimensionArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]EventTriggerDimension)(nil)).Elem() +} + +func (i EventTriggerDimensionArray) ToEventTriggerDimensionArrayOutput() EventTriggerDimensionArrayOutput { + return i.ToEventTriggerDimensionArrayOutputWithContext(context.Background()) +} + +func (i EventTriggerDimensionArray) ToEventTriggerDimensionArrayOutputWithContext(ctx context.Context) EventTriggerDimensionArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(EventTriggerDimensionArrayOutput) +} + +// A specific event dimension to be assessed. +type EventTriggerDimensionOutput struct{ *pulumi.OutputState } + +func (EventTriggerDimensionOutput) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerDimension)(nil)).Elem() +} + +func (o EventTriggerDimensionOutput) ToEventTriggerDimensionOutput() EventTriggerDimensionOutput { + return o +} + +func (o EventTriggerDimensionOutput) ToEventTriggerDimensionOutputWithContext(ctx context.Context) EventTriggerDimensionOutput { + return o +} + +func (o EventTriggerDimensionOutput) ObjectAttributes() EventTriggerObjectAttributeArrayOutput { + return o.ApplyT(func(v EventTriggerDimension) []EventTriggerObjectAttribute { return v.ObjectAttributes }).(EventTriggerObjectAttributeArrayOutput) +} + +type EventTriggerDimensionArrayOutput struct{ *pulumi.OutputState } + +func (EventTriggerDimensionArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]EventTriggerDimension)(nil)).Elem() +} + +func (o EventTriggerDimensionArrayOutput) ToEventTriggerDimensionArrayOutput() EventTriggerDimensionArrayOutput { + return o +} + +func (o EventTriggerDimensionArrayOutput) ToEventTriggerDimensionArrayOutputWithContext(ctx context.Context) EventTriggerDimensionArrayOutput { + return o +} + +func (o EventTriggerDimensionArrayOutput) Index(i pulumi.IntInput) EventTriggerDimensionOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) EventTriggerDimension { + return vs[0].([]EventTriggerDimension)[vs[1].(int)] + }).(EventTriggerDimensionOutput) +} + +// Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods. +type EventTriggerLimits struct { + EventExpiration *int `pulumi:"eventExpiration"` + Periods []EventTriggerPeriod `pulumi:"periods"` +} + +// EventTriggerLimitsInput is an input type that accepts EventTriggerLimitsArgs and EventTriggerLimitsOutput values. +// You can construct a concrete instance of `EventTriggerLimitsInput` via: +// +// EventTriggerLimitsArgs{...} +type EventTriggerLimitsInput interface { + pulumi.Input + + ToEventTriggerLimitsOutput() EventTriggerLimitsOutput + ToEventTriggerLimitsOutputWithContext(context.Context) EventTriggerLimitsOutput +} + +// Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods. +type EventTriggerLimitsArgs struct { + EventExpiration pulumi.IntPtrInput `pulumi:"eventExpiration"` + Periods EventTriggerPeriodArrayInput `pulumi:"periods"` +} + +func (EventTriggerLimitsArgs) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerLimits)(nil)).Elem() +} + +func (i EventTriggerLimitsArgs) ToEventTriggerLimitsOutput() EventTriggerLimitsOutput { + return i.ToEventTriggerLimitsOutputWithContext(context.Background()) +} + +func (i EventTriggerLimitsArgs) ToEventTriggerLimitsOutputWithContext(ctx context.Context) EventTriggerLimitsOutput { + return pulumi.ToOutputWithContext(ctx, i).(EventTriggerLimitsOutput) +} + +func (i EventTriggerLimitsArgs) ToEventTriggerLimitsPtrOutput() EventTriggerLimitsPtrOutput { + return i.ToEventTriggerLimitsPtrOutputWithContext(context.Background()) +} + +func (i EventTriggerLimitsArgs) ToEventTriggerLimitsPtrOutputWithContext(ctx context.Context) EventTriggerLimitsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(EventTriggerLimitsOutput).ToEventTriggerLimitsPtrOutputWithContext(ctx) +} + +// EventTriggerLimitsPtrInput is an input type that accepts EventTriggerLimitsArgs, EventTriggerLimitsPtr and EventTriggerLimitsPtrOutput values. +// You can construct a concrete instance of `EventTriggerLimitsPtrInput` via: +// +// EventTriggerLimitsArgs{...} +// +// or: +// +// nil +type EventTriggerLimitsPtrInput interface { + pulumi.Input + + ToEventTriggerLimitsPtrOutput() EventTriggerLimitsPtrOutput + ToEventTriggerLimitsPtrOutputWithContext(context.Context) EventTriggerLimitsPtrOutput +} + +type eventTriggerLimitsPtrType EventTriggerLimitsArgs + +func EventTriggerLimitsPtr(v *EventTriggerLimitsArgs) EventTriggerLimitsPtrInput { + return (*eventTriggerLimitsPtrType)(v) +} + +func (*eventTriggerLimitsPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**EventTriggerLimits)(nil)).Elem() +} + +func (i *eventTriggerLimitsPtrType) ToEventTriggerLimitsPtrOutput() EventTriggerLimitsPtrOutput { + return i.ToEventTriggerLimitsPtrOutputWithContext(context.Background()) +} + +func (i *eventTriggerLimitsPtrType) ToEventTriggerLimitsPtrOutputWithContext(ctx context.Context) EventTriggerLimitsPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(EventTriggerLimitsPtrOutput) +} + +// Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods. +type EventTriggerLimitsOutput struct{ *pulumi.OutputState } + +func (EventTriggerLimitsOutput) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerLimits)(nil)).Elem() +} + +func (o EventTriggerLimitsOutput) ToEventTriggerLimitsOutput() EventTriggerLimitsOutput { + return o +} + +func (o EventTriggerLimitsOutput) ToEventTriggerLimitsOutputWithContext(ctx context.Context) EventTriggerLimitsOutput { + return o +} + +func (o EventTriggerLimitsOutput) ToEventTriggerLimitsPtrOutput() EventTriggerLimitsPtrOutput { + return o.ToEventTriggerLimitsPtrOutputWithContext(context.Background()) +} + +func (o EventTriggerLimitsOutput) ToEventTriggerLimitsPtrOutputWithContext(ctx context.Context) EventTriggerLimitsPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v EventTriggerLimits) *EventTriggerLimits { + return &v + }).(EventTriggerLimitsPtrOutput) +} + +func (o EventTriggerLimitsOutput) EventExpiration() pulumi.IntPtrOutput { + return o.ApplyT(func(v EventTriggerLimits) *int { return v.EventExpiration }).(pulumi.IntPtrOutput) +} + +func (o EventTriggerLimitsOutput) Periods() EventTriggerPeriodArrayOutput { + return o.ApplyT(func(v EventTriggerLimits) []EventTriggerPeriod { return v.Periods }).(EventTriggerPeriodArrayOutput) +} + +type EventTriggerLimitsPtrOutput struct{ *pulumi.OutputState } + +func (EventTriggerLimitsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**EventTriggerLimits)(nil)).Elem() +} + +func (o EventTriggerLimitsPtrOutput) ToEventTriggerLimitsPtrOutput() EventTriggerLimitsPtrOutput { + return o +} + +func (o EventTriggerLimitsPtrOutput) ToEventTriggerLimitsPtrOutputWithContext(ctx context.Context) EventTriggerLimitsPtrOutput { + return o +} + +func (o EventTriggerLimitsPtrOutput) Elem() EventTriggerLimitsOutput { + return o.ApplyT(func(v *EventTriggerLimits) EventTriggerLimits { + if v != nil { + return *v + } + var ret EventTriggerLimits + return ret + }).(EventTriggerLimitsOutput) +} + +func (o EventTriggerLimitsPtrOutput) EventExpiration() pulumi.IntPtrOutput { + return o.ApplyT(func(v *EventTriggerLimits) *int { + if v == nil { + return nil + } + return v.EventExpiration + }).(pulumi.IntPtrOutput) +} + +func (o EventTriggerLimitsPtrOutput) Periods() EventTriggerPeriodArrayOutput { + return o.ApplyT(func(v *EventTriggerLimits) []EventTriggerPeriod { + if v == nil { + return nil + } + return v.Periods + }).(EventTriggerPeriodArrayOutput) +} + +// The criteria that a specific object attribute must meet to trigger the destination. +type EventTriggerObjectAttribute struct { + // The operator used to compare an attribute against a list of values. + ComparisonOperator EventTriggerObjectAttributeComparisonOperator `pulumi:"comparisonOperator"` + // A field defined within an object type. + FieldName *string `pulumi:"fieldName"` + // An attribute contained within a source object. + Source *string `pulumi:"source"` + // A list of attribute values used for comparison. + Values []string `pulumi:"values"` +} + +// EventTriggerObjectAttributeInput is an input type that accepts EventTriggerObjectAttributeArgs and EventTriggerObjectAttributeOutput values. +// You can construct a concrete instance of `EventTriggerObjectAttributeInput` via: +// +// EventTriggerObjectAttributeArgs{...} +type EventTriggerObjectAttributeInput interface { + pulumi.Input + + ToEventTriggerObjectAttributeOutput() EventTriggerObjectAttributeOutput + ToEventTriggerObjectAttributeOutputWithContext(context.Context) EventTriggerObjectAttributeOutput +} + +// The criteria that a specific object attribute must meet to trigger the destination. +type EventTriggerObjectAttributeArgs struct { + // The operator used to compare an attribute against a list of values. + ComparisonOperator EventTriggerObjectAttributeComparisonOperatorInput `pulumi:"comparisonOperator"` + // A field defined within an object type. + FieldName pulumi.StringPtrInput `pulumi:"fieldName"` + // An attribute contained within a source object. + Source pulumi.StringPtrInput `pulumi:"source"` + // A list of attribute values used for comparison. + Values pulumi.StringArrayInput `pulumi:"values"` +} + +func (EventTriggerObjectAttributeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerObjectAttribute)(nil)).Elem() +} + +func (i EventTriggerObjectAttributeArgs) ToEventTriggerObjectAttributeOutput() EventTriggerObjectAttributeOutput { + return i.ToEventTriggerObjectAttributeOutputWithContext(context.Background()) +} + +func (i EventTriggerObjectAttributeArgs) ToEventTriggerObjectAttributeOutputWithContext(ctx context.Context) EventTriggerObjectAttributeOutput { + return pulumi.ToOutputWithContext(ctx, i).(EventTriggerObjectAttributeOutput) +} + +// EventTriggerObjectAttributeArrayInput is an input type that accepts EventTriggerObjectAttributeArray and EventTriggerObjectAttributeArrayOutput values. +// You can construct a concrete instance of `EventTriggerObjectAttributeArrayInput` via: +// +// EventTriggerObjectAttributeArray{ EventTriggerObjectAttributeArgs{...} } +type EventTriggerObjectAttributeArrayInput interface { + pulumi.Input + + ToEventTriggerObjectAttributeArrayOutput() EventTriggerObjectAttributeArrayOutput + ToEventTriggerObjectAttributeArrayOutputWithContext(context.Context) EventTriggerObjectAttributeArrayOutput +} + +type EventTriggerObjectAttributeArray []EventTriggerObjectAttributeInput + +func (EventTriggerObjectAttributeArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]EventTriggerObjectAttribute)(nil)).Elem() +} + +func (i EventTriggerObjectAttributeArray) ToEventTriggerObjectAttributeArrayOutput() EventTriggerObjectAttributeArrayOutput { + return i.ToEventTriggerObjectAttributeArrayOutputWithContext(context.Background()) +} + +func (i EventTriggerObjectAttributeArray) ToEventTriggerObjectAttributeArrayOutputWithContext(ctx context.Context) EventTriggerObjectAttributeArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(EventTriggerObjectAttributeArrayOutput) +} + +// The criteria that a specific object attribute must meet to trigger the destination. +type EventTriggerObjectAttributeOutput struct{ *pulumi.OutputState } + +func (EventTriggerObjectAttributeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerObjectAttribute)(nil)).Elem() +} + +func (o EventTriggerObjectAttributeOutput) ToEventTriggerObjectAttributeOutput() EventTriggerObjectAttributeOutput { + return o +} + +func (o EventTriggerObjectAttributeOutput) ToEventTriggerObjectAttributeOutputWithContext(ctx context.Context) EventTriggerObjectAttributeOutput { + return o +} + +// The operator used to compare an attribute against a list of values. +func (o EventTriggerObjectAttributeOutput) ComparisonOperator() EventTriggerObjectAttributeComparisonOperatorOutput { + return o.ApplyT(func(v EventTriggerObjectAttribute) EventTriggerObjectAttributeComparisonOperator { + return v.ComparisonOperator + }).(EventTriggerObjectAttributeComparisonOperatorOutput) +} + +// A field defined within an object type. +func (o EventTriggerObjectAttributeOutput) FieldName() pulumi.StringPtrOutput { + return o.ApplyT(func(v EventTriggerObjectAttribute) *string { return v.FieldName }).(pulumi.StringPtrOutput) +} + +// An attribute contained within a source object. +func (o EventTriggerObjectAttributeOutput) Source() pulumi.StringPtrOutput { + return o.ApplyT(func(v EventTriggerObjectAttribute) *string { return v.Source }).(pulumi.StringPtrOutput) +} + +// A list of attribute values used for comparison. +func (o EventTriggerObjectAttributeOutput) Values() pulumi.StringArrayOutput { + return o.ApplyT(func(v EventTriggerObjectAttribute) []string { return v.Values }).(pulumi.StringArrayOutput) +} + +type EventTriggerObjectAttributeArrayOutput struct{ *pulumi.OutputState } + +func (EventTriggerObjectAttributeArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]EventTriggerObjectAttribute)(nil)).Elem() +} + +func (o EventTriggerObjectAttributeArrayOutput) ToEventTriggerObjectAttributeArrayOutput() EventTriggerObjectAttributeArrayOutput { + return o +} + +func (o EventTriggerObjectAttributeArrayOutput) ToEventTriggerObjectAttributeArrayOutputWithContext(ctx context.Context) EventTriggerObjectAttributeArrayOutput { + return o +} + +func (o EventTriggerObjectAttributeArrayOutput) Index(i pulumi.IntInput) EventTriggerObjectAttributeOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) EventTriggerObjectAttribute { + return vs[0].([]EventTriggerObjectAttribute)[vs[1].(int)] + }).(EventTriggerObjectAttributeOutput) +} + +// Defines a limit and the time period during which it is enforced. +type EventTriggerPeriod struct { + // The maximum allowed number of destination invocations per profile. + MaxInvocationsPerProfile *int `pulumi:"maxInvocationsPerProfile"` + // The unit of time. + Unit EventTriggerPeriodUnit `pulumi:"unit"` + // If set to true, there is no limit on the number of destination invocations per profile. The default is false. + Unlimited *bool `pulumi:"unlimited"` + // The amount of time of the specified unit. + Value int `pulumi:"value"` +} + +// EventTriggerPeriodInput is an input type that accepts EventTriggerPeriodArgs and EventTriggerPeriodOutput values. +// You can construct a concrete instance of `EventTriggerPeriodInput` via: +// +// EventTriggerPeriodArgs{...} +type EventTriggerPeriodInput interface { + pulumi.Input + + ToEventTriggerPeriodOutput() EventTriggerPeriodOutput + ToEventTriggerPeriodOutputWithContext(context.Context) EventTriggerPeriodOutput +} + +// Defines a limit and the time period during which it is enforced. +type EventTriggerPeriodArgs struct { + // The maximum allowed number of destination invocations per profile. + MaxInvocationsPerProfile pulumi.IntPtrInput `pulumi:"maxInvocationsPerProfile"` + // The unit of time. + Unit EventTriggerPeriodUnitInput `pulumi:"unit"` + // If set to true, there is no limit on the number of destination invocations per profile. The default is false. + Unlimited pulumi.BoolPtrInput `pulumi:"unlimited"` + // The amount of time of the specified unit. + Value pulumi.IntInput `pulumi:"value"` +} + +func (EventTriggerPeriodArgs) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerPeriod)(nil)).Elem() +} + +func (i EventTriggerPeriodArgs) ToEventTriggerPeriodOutput() EventTriggerPeriodOutput { + return i.ToEventTriggerPeriodOutputWithContext(context.Background()) +} + +func (i EventTriggerPeriodArgs) ToEventTriggerPeriodOutputWithContext(ctx context.Context) EventTriggerPeriodOutput { + return pulumi.ToOutputWithContext(ctx, i).(EventTriggerPeriodOutput) +} + +// EventTriggerPeriodArrayInput is an input type that accepts EventTriggerPeriodArray and EventTriggerPeriodArrayOutput values. +// You can construct a concrete instance of `EventTriggerPeriodArrayInput` via: +// +// EventTriggerPeriodArray{ EventTriggerPeriodArgs{...} } +type EventTriggerPeriodArrayInput interface { + pulumi.Input + + ToEventTriggerPeriodArrayOutput() EventTriggerPeriodArrayOutput + ToEventTriggerPeriodArrayOutputWithContext(context.Context) EventTriggerPeriodArrayOutput +} + +type EventTriggerPeriodArray []EventTriggerPeriodInput + +func (EventTriggerPeriodArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]EventTriggerPeriod)(nil)).Elem() +} + +func (i EventTriggerPeriodArray) ToEventTriggerPeriodArrayOutput() EventTriggerPeriodArrayOutput { + return i.ToEventTriggerPeriodArrayOutputWithContext(context.Background()) +} + +func (i EventTriggerPeriodArray) ToEventTriggerPeriodArrayOutputWithContext(ctx context.Context) EventTriggerPeriodArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(EventTriggerPeriodArrayOutput) +} + +// Defines a limit and the time period during which it is enforced. +type EventTriggerPeriodOutput struct{ *pulumi.OutputState } + +func (EventTriggerPeriodOutput) ElementType() reflect.Type { + return reflect.TypeOf((*EventTriggerPeriod)(nil)).Elem() +} + +func (o EventTriggerPeriodOutput) ToEventTriggerPeriodOutput() EventTriggerPeriodOutput { + return o +} + +func (o EventTriggerPeriodOutput) ToEventTriggerPeriodOutputWithContext(ctx context.Context) EventTriggerPeriodOutput { + return o +} + +// The maximum allowed number of destination invocations per profile. +func (o EventTriggerPeriodOutput) MaxInvocationsPerProfile() pulumi.IntPtrOutput { + return o.ApplyT(func(v EventTriggerPeriod) *int { return v.MaxInvocationsPerProfile }).(pulumi.IntPtrOutput) +} + +// The unit of time. +func (o EventTriggerPeriodOutput) Unit() EventTriggerPeriodUnitOutput { + return o.ApplyT(func(v EventTriggerPeriod) EventTriggerPeriodUnit { return v.Unit }).(EventTriggerPeriodUnitOutput) +} + +// If set to true, there is no limit on the number of destination invocations per profile. The default is false. +func (o EventTriggerPeriodOutput) Unlimited() pulumi.BoolPtrOutput { + return o.ApplyT(func(v EventTriggerPeriod) *bool { return v.Unlimited }).(pulumi.BoolPtrOutput) +} + +// The amount of time of the specified unit. +func (o EventTriggerPeriodOutput) Value() pulumi.IntOutput { + return o.ApplyT(func(v EventTriggerPeriod) int { return v.Value }).(pulumi.IntOutput) +} + +type EventTriggerPeriodArrayOutput struct{ *pulumi.OutputState } + +func (EventTriggerPeriodArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]EventTriggerPeriod)(nil)).Elem() +} + +func (o EventTriggerPeriodArrayOutput) ToEventTriggerPeriodArrayOutput() EventTriggerPeriodArrayOutput { + return o +} + +func (o EventTriggerPeriodArrayOutput) ToEventTriggerPeriodArrayOutputWithContext(ctx context.Context) EventTriggerPeriodArrayOutput { + return o +} + +func (o EventTriggerPeriodArrayOutput) Index(i pulumi.IntInput) EventTriggerPeriodOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) EventTriggerPeriod { + return vs[0].([]EventTriggerPeriod)[vs[1].(int)] + }).(EventTriggerPeriodOutput) +} + +// A key-value pair to associate with a resource. +type EventTriggerTag struct { + // The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. + Key string `pulumi:"key"` + // The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. + Value string `pulumi:"value"` +} + type IntegrationConnectorOperator struct { // The operation to be performed on the provided Marketo source fields. Marketo *IntegrationMarketoConnectorOperator `pulumi:"marketo"` @@ -7613,6 +8228,16 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*DomainRuleBasedMatchingPtrInput)(nil)).Elem(), DomainRuleBasedMatchingArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*DomainS3ExportingConfigInput)(nil)).Elem(), DomainS3ExportingConfigArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*DomainS3ExportingConfigPtrInput)(nil)).Elem(), DomainS3ExportingConfigArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerConditionInput)(nil)).Elem(), EventTriggerConditionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerConditionArrayInput)(nil)).Elem(), EventTriggerConditionArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerDimensionInput)(nil)).Elem(), EventTriggerDimensionArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerDimensionArrayInput)(nil)).Elem(), EventTriggerDimensionArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerLimitsInput)(nil)).Elem(), EventTriggerLimitsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerLimitsPtrInput)(nil)).Elem(), EventTriggerLimitsArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerObjectAttributeInput)(nil)).Elem(), EventTriggerObjectAttributeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerObjectAttributeArrayInput)(nil)).Elem(), EventTriggerObjectAttributeArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerPeriodInput)(nil)).Elem(), EventTriggerPeriodArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*EventTriggerPeriodArrayInput)(nil)).Elem(), EventTriggerPeriodArray{}) pulumi.RegisterInputType(reflect.TypeOf((*IntegrationConnectorOperatorInput)(nil)).Elem(), IntegrationConnectorOperatorArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*IntegrationConnectorOperatorPtrInput)(nil)).Elem(), IntegrationConnectorOperatorArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*IntegrationFlowDefinitionInput)(nil)).Elem(), IntegrationFlowDefinitionArgs{}) @@ -7711,6 +8336,16 @@ func init() { pulumi.RegisterOutputType(DomainS3ExportingConfigPtrOutput{}) pulumi.RegisterOutputType(DomainStatsOutput{}) pulumi.RegisterOutputType(DomainStatsPtrOutput{}) + pulumi.RegisterOutputType(EventTriggerConditionOutput{}) + pulumi.RegisterOutputType(EventTriggerConditionArrayOutput{}) + pulumi.RegisterOutputType(EventTriggerDimensionOutput{}) + pulumi.RegisterOutputType(EventTriggerDimensionArrayOutput{}) + pulumi.RegisterOutputType(EventTriggerLimitsOutput{}) + pulumi.RegisterOutputType(EventTriggerLimitsPtrOutput{}) + pulumi.RegisterOutputType(EventTriggerObjectAttributeOutput{}) + pulumi.RegisterOutputType(EventTriggerObjectAttributeArrayOutput{}) + pulumi.RegisterOutputType(EventTriggerPeriodOutput{}) + pulumi.RegisterOutputType(EventTriggerPeriodArrayOutput{}) pulumi.RegisterOutputType(IntegrationConnectorOperatorOutput{}) pulumi.RegisterOutputType(IntegrationConnectorOperatorPtrOutput{}) pulumi.RegisterOutputType(IntegrationFlowDefinitionOutput{}) diff --git a/sdk/go/aws/efs/pulumiEnums.go b/sdk/go/aws/efs/pulumiEnums.go index f68adf51e2..768b10f963 100644 --- a/sdk/go/aws/efs/pulumiEnums.go +++ b/sdk/go/aws/efs/pulumiEnums.go @@ -184,7 +184,7 @@ func (in *fileSystemBackupPolicyStatusPtr) ToFileSystemBackupPolicyStatusPtrOutp // // - “DISABLED“ – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. // -// - “REPLICATING“ – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. +// - “REPLICATING“ – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. // // If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. type FileSystemProtectionReplicationOverwriteProtection string diff --git a/sdk/go/aws/efs/pulumiTypes.go b/sdk/go/aws/efs/pulumiTypes.go index c972037934..e8dc0416be 100644 --- a/sdk/go/aws/efs/pulumiTypes.go +++ b/sdk/go/aws/efs/pulumiTypes.go @@ -836,7 +836,7 @@ type FileSystemProtection struct { // The status of the file system's replication overwrite protection. // + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. // + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - // + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + // + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. // // If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. ReplicationOverwriteProtection *FileSystemProtectionReplicationOverwriteProtection `pulumi:"replicationOverwriteProtection"` @@ -858,7 +858,7 @@ type FileSystemProtectionArgs struct { // The status of the file system's replication overwrite protection. // + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. // + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - // + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + // + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. // // If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. ReplicationOverwriteProtection FileSystemProtectionReplicationOverwriteProtectionPtrInput `pulumi:"replicationOverwriteProtection"` @@ -948,7 +948,7 @@ func (o FileSystemProtectionOutput) ToFileSystemProtectionPtrOutputWithContext(c // // - “DISABLED“ – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. // -// - “REPLICATING“ – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. +// - “REPLICATING“ – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. // // If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. func (o FileSystemProtectionOutput) ReplicationOverwriteProtection() FileSystemProtectionReplicationOverwriteProtectionPtrOutput { @@ -987,7 +987,7 @@ func (o FileSystemProtectionPtrOutput) Elem() FileSystemProtectionOutput { // // - “DISABLED“ – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. // -// - “REPLICATING“ – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. +// - “REPLICATING“ – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. // // If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. func (o FileSystemProtectionPtrOutput) ReplicationOverwriteProtection() FileSystemProtectionReplicationOverwriteProtectionPtrOutput { @@ -1154,9 +1154,9 @@ type FileSystemReplicationDestination struct { Region *string `pulumi:"region"` // The Amazon Resource Name (ARN) of the current source file system in the replication configuration. RoleArn *string `pulumi:"roleArn"` - // Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + // Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. Status *string `pulumi:"status"` - // Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + // Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. StatusMessage *string `pulumi:"statusMessage"` } @@ -1186,9 +1186,9 @@ type FileSystemReplicationDestinationArgs struct { Region pulumi.StringPtrInput `pulumi:"region"` // The Amazon Resource Name (ARN) of the current source file system in the replication configuration. RoleArn pulumi.StringPtrInput `pulumi:"roleArn"` - // Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + // Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. Status pulumi.StringPtrInput `pulumi:"status"` - // Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + // Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. StatusMessage pulumi.StringPtrInput `pulumi:"statusMessage"` } @@ -1274,12 +1274,12 @@ func (o FileSystemReplicationDestinationOutput) RoleArn() pulumi.StringPtrOutput return o.ApplyT(func(v FileSystemReplicationDestination) *string { return v.RoleArn }).(pulumi.StringPtrOutput) } -// Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . +// Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. func (o FileSystemReplicationDestinationOutput) Status() pulumi.StringPtrOutput { return o.ApplyT(func(v FileSystemReplicationDestination) *string { return v.Status }).(pulumi.StringPtrOutput) } -// Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . +// Message that provides details about the “PAUSED“ or “ERRROR“ state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. func (o FileSystemReplicationDestinationOutput) StatusMessage() pulumi.StringPtrOutput { return o.ApplyT(func(v FileSystemReplicationDestination) *string { return v.StatusMessage }).(pulumi.StringPtrOutput) } diff --git a/sdk/go/aws/lex/bot.go b/sdk/go/aws/lex/bot.go index dde6f77d1e..9d3fc46546 100644 --- a/sdk/go/aws/lex/bot.go +++ b/sdk/go/aws/lex/bot.go @@ -35,7 +35,8 @@ type Bot struct { // IdleSessionTTLInSeconds of the resource IdleSessionTtlInSeconds pulumi.IntOutput `pulumi:"idleSessionTtlInSeconds"` // The name of the bot locale. - Name pulumi.StringOutput `pulumi:"name"` + Name pulumi.StringOutput `pulumi:"name"` + Replication BotReplicationPtrOutput `pulumi:"replication"` // The Amazon Resource Name (ARN) of the IAM role used to build and run the bot. RoleArn pulumi.StringOutput `pulumi:"roleArn"` // Specifies configuration settings for the alias used to test the bot. If the `TestBotAliasSettings` property is not specified, the settings are configured with default values. @@ -108,7 +109,8 @@ type botArgs struct { // IdleSessionTTLInSeconds of the resource IdleSessionTtlInSeconds int `pulumi:"idleSessionTtlInSeconds"` // The name of the bot locale. - Name *string `pulumi:"name"` + Name *string `pulumi:"name"` + Replication *BotReplication `pulumi:"replication"` // The Amazon Resource Name (ARN) of the IAM role used to build and run the bot. RoleArn string `pulumi:"roleArn"` // Specifies configuration settings for the alias used to test the bot. If the `TestBotAliasSettings` property is not specified, the settings are configured with default values. @@ -134,7 +136,8 @@ type BotArgs struct { // IdleSessionTTLInSeconds of the resource IdleSessionTtlInSeconds pulumi.IntInput // The name of the bot locale. - Name pulumi.StringPtrInput + Name pulumi.StringPtrInput + Replication BotReplicationPtrInput // The Amazon Resource Name (ARN) of the IAM role used to build and run the bot. RoleArn pulumi.StringInput // Specifies configuration settings for the alias used to test the bot. If the `TestBotAliasSettings` property is not specified, the settings are configured with default values. @@ -230,6 +233,10 @@ func (o BotOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *Bot) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } +func (o BotOutput) Replication() BotReplicationPtrOutput { + return o.ApplyT(func(v *Bot) BotReplicationPtrOutput { return v.Replication }).(BotReplicationPtrOutput) +} + // The Amazon Resource Name (ARN) of the IAM role used to build and run the bot. func (o BotOutput) RoleArn() pulumi.StringOutput { return o.ApplyT(func(v *Bot) pulumi.StringOutput { return v.RoleArn }).(pulumi.StringOutput) diff --git a/sdk/go/aws/lex/pulumiTypes.go b/sdk/go/aws/lex/pulumiTypes.go index 4c6acec928..271fb251d2 100644 --- a/sdk/go/aws/lex/pulumiTypes.go +++ b/sdk/go/aws/lex/pulumiTypes.go @@ -8899,6 +8899,146 @@ func (o BotPromptSpecificationPtrOutput) PromptAttemptsSpecification() BotPrompt }).(BotPromptAttemptSpecificationMapOutput) } +// Parameter used to create a replication of the source bot in the secondary region. +type BotReplication struct { + // List of secondary regions for bot replication. + ReplicaRegions []string `pulumi:"replicaRegions"` +} + +// BotReplicationInput is an input type that accepts BotReplicationArgs and BotReplicationOutput values. +// You can construct a concrete instance of `BotReplicationInput` via: +// +// BotReplicationArgs{...} +type BotReplicationInput interface { + pulumi.Input + + ToBotReplicationOutput() BotReplicationOutput + ToBotReplicationOutputWithContext(context.Context) BotReplicationOutput +} + +// Parameter used to create a replication of the source bot in the secondary region. +type BotReplicationArgs struct { + // List of secondary regions for bot replication. + ReplicaRegions pulumi.StringArrayInput `pulumi:"replicaRegions"` +} + +func (BotReplicationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*BotReplication)(nil)).Elem() +} + +func (i BotReplicationArgs) ToBotReplicationOutput() BotReplicationOutput { + return i.ToBotReplicationOutputWithContext(context.Background()) +} + +func (i BotReplicationArgs) ToBotReplicationOutputWithContext(ctx context.Context) BotReplicationOutput { + return pulumi.ToOutputWithContext(ctx, i).(BotReplicationOutput) +} + +func (i BotReplicationArgs) ToBotReplicationPtrOutput() BotReplicationPtrOutput { + return i.ToBotReplicationPtrOutputWithContext(context.Background()) +} + +func (i BotReplicationArgs) ToBotReplicationPtrOutputWithContext(ctx context.Context) BotReplicationPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(BotReplicationOutput).ToBotReplicationPtrOutputWithContext(ctx) +} + +// BotReplicationPtrInput is an input type that accepts BotReplicationArgs, BotReplicationPtr and BotReplicationPtrOutput values. +// You can construct a concrete instance of `BotReplicationPtrInput` via: +// +// BotReplicationArgs{...} +// +// or: +// +// nil +type BotReplicationPtrInput interface { + pulumi.Input + + ToBotReplicationPtrOutput() BotReplicationPtrOutput + ToBotReplicationPtrOutputWithContext(context.Context) BotReplicationPtrOutput +} + +type botReplicationPtrType BotReplicationArgs + +func BotReplicationPtr(v *BotReplicationArgs) BotReplicationPtrInput { + return (*botReplicationPtrType)(v) +} + +func (*botReplicationPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**BotReplication)(nil)).Elem() +} + +func (i *botReplicationPtrType) ToBotReplicationPtrOutput() BotReplicationPtrOutput { + return i.ToBotReplicationPtrOutputWithContext(context.Background()) +} + +func (i *botReplicationPtrType) ToBotReplicationPtrOutputWithContext(ctx context.Context) BotReplicationPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(BotReplicationPtrOutput) +} + +// Parameter used to create a replication of the source bot in the secondary region. +type BotReplicationOutput struct{ *pulumi.OutputState } + +func (BotReplicationOutput) ElementType() reflect.Type { + return reflect.TypeOf((*BotReplication)(nil)).Elem() +} + +func (o BotReplicationOutput) ToBotReplicationOutput() BotReplicationOutput { + return o +} + +func (o BotReplicationOutput) ToBotReplicationOutputWithContext(ctx context.Context) BotReplicationOutput { + return o +} + +func (o BotReplicationOutput) ToBotReplicationPtrOutput() BotReplicationPtrOutput { + return o.ToBotReplicationPtrOutputWithContext(context.Background()) +} + +func (o BotReplicationOutput) ToBotReplicationPtrOutputWithContext(ctx context.Context) BotReplicationPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v BotReplication) *BotReplication { + return &v + }).(BotReplicationPtrOutput) +} + +// List of secondary regions for bot replication. +func (o BotReplicationOutput) ReplicaRegions() pulumi.StringArrayOutput { + return o.ApplyT(func(v BotReplication) []string { return v.ReplicaRegions }).(pulumi.StringArrayOutput) +} + +type BotReplicationPtrOutput struct{ *pulumi.OutputState } + +func (BotReplicationPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**BotReplication)(nil)).Elem() +} + +func (o BotReplicationPtrOutput) ToBotReplicationPtrOutput() BotReplicationPtrOutput { + return o +} + +func (o BotReplicationPtrOutput) ToBotReplicationPtrOutputWithContext(ctx context.Context) BotReplicationPtrOutput { + return o +} + +func (o BotReplicationPtrOutput) Elem() BotReplicationOutput { + return o.ApplyT(func(v *BotReplication) BotReplication { + if v != nil { + return *v + } + var ret BotReplication + return ret + }).(BotReplicationOutput) +} + +// List of secondary regions for bot replication. +func (o BotReplicationPtrOutput) ReplicaRegions() pulumi.StringArrayOutput { + return o.ApplyT(func(v *BotReplication) []string { + if v == nil { + return nil + } + return v.ReplicaRegions + }).(pulumi.StringArrayOutput) +} + // A list of message groups that Amazon Lex uses to respond the user input. type BotResponseSpecification struct { // Indicates whether the user can interrupt a speech prompt from the bot. @@ -13580,6 +13720,8 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*BotPromptAttemptSpecificationMapInput)(nil)).Elem(), BotPromptAttemptSpecificationMap{}) pulumi.RegisterInputType(reflect.TypeOf((*BotPromptSpecificationInput)(nil)).Elem(), BotPromptSpecificationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*BotPromptSpecificationPtrInput)(nil)).Elem(), BotPromptSpecificationArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*BotReplicationInput)(nil)).Elem(), BotReplicationArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*BotReplicationPtrInput)(nil)).Elem(), BotReplicationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*BotResponseSpecificationInput)(nil)).Elem(), BotResponseSpecificationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*BotResponseSpecificationPtrInput)(nil)).Elem(), BotResponseSpecificationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*BotS3BucketLogDestinationInput)(nil)).Elem(), BotS3BucketLogDestinationArgs{}) @@ -13754,6 +13896,8 @@ func init() { pulumi.RegisterOutputType(BotPromptAttemptSpecificationMapOutput{}) pulumi.RegisterOutputType(BotPromptSpecificationOutput{}) pulumi.RegisterOutputType(BotPromptSpecificationPtrOutput{}) + pulumi.RegisterOutputType(BotReplicationOutput{}) + pulumi.RegisterOutputType(BotReplicationPtrOutput{}) pulumi.RegisterOutputType(BotResponseSpecificationOutput{}) pulumi.RegisterOutputType(BotResponseSpecificationPtrOutput{}) pulumi.RegisterOutputType(BotS3BucketLogDestinationOutput{}) diff --git a/sdk/go/aws/resiliencehub/app.go b/sdk/go/aws/resiliencehub/app.go index 0839929cc6..898c8e97ba 100644 --- a/sdk/go/aws/resiliencehub/app.go +++ b/sdk/go/aws/resiliencehub/app.go @@ -32,6 +32,8 @@ type App struct { Name pulumi.StringOutput `pulumi:"name"` // Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment. PermissionModel AppPermissionModelPtrOutput `pulumi:"permissionModel"` + // Amazon Resource Name (ARN) of the Regulatory Policy. + RegulatoryPolicyArn pulumi.StringPtrOutput `pulumi:"regulatoryPolicyArn"` // Amazon Resource Name (ARN) of the Resiliency Policy. ResiliencyPolicyArn pulumi.StringPtrOutput `pulumi:"resiliencyPolicyArn"` // An array of ResourceMapping objects. @@ -102,6 +104,8 @@ type appArgs struct { Name *string `pulumi:"name"` // Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment. PermissionModel *AppPermissionModel `pulumi:"permissionModel"` + // Amazon Resource Name (ARN) of the Regulatory Policy. + RegulatoryPolicyArn *string `pulumi:"regulatoryPolicyArn"` // Amazon Resource Name (ARN) of the Resiliency Policy. ResiliencyPolicyArn *string `pulumi:"resiliencyPolicyArn"` // An array of ResourceMapping objects. @@ -124,6 +128,8 @@ type AppArgs struct { Name pulumi.StringPtrInput // Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment. PermissionModel AppPermissionModelPtrInput + // Amazon Resource Name (ARN) of the Regulatory Policy. + RegulatoryPolicyArn pulumi.StringPtrInput // Amazon Resource Name (ARN) of the Resiliency Policy. ResiliencyPolicyArn pulumi.StringPtrInput // An array of ResourceMapping objects. @@ -209,6 +215,11 @@ func (o AppOutput) PermissionModel() AppPermissionModelPtrOutput { return o.ApplyT(func(v *App) AppPermissionModelPtrOutput { return v.PermissionModel }).(AppPermissionModelPtrOutput) } +// Amazon Resource Name (ARN) of the Regulatory Policy. +func (o AppOutput) RegulatoryPolicyArn() pulumi.StringPtrOutput { + return o.ApplyT(func(v *App) pulumi.StringPtrOutput { return v.RegulatoryPolicyArn }).(pulumi.StringPtrOutput) +} + // Amazon Resource Name (ARN) of the Resiliency Policy. func (o AppOutput) ResiliencyPolicyArn() pulumi.StringPtrOutput { return o.ApplyT(func(v *App) pulumi.StringPtrOutput { return v.ResiliencyPolicyArn }).(pulumi.StringPtrOutput) diff --git a/sdk/go/aws/resiliencehub/getApp.go b/sdk/go/aws/resiliencehub/getApp.go index 5d8b0b6b78..d9802dce7c 100644 --- a/sdk/go/aws/resiliencehub/getApp.go +++ b/sdk/go/aws/resiliencehub/getApp.go @@ -42,6 +42,8 @@ type LookupAppResult struct { EventSubscriptions []AppEventSubscription `pulumi:"eventSubscriptions"` // Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment. PermissionModel *AppPermissionModel `pulumi:"permissionModel"` + // Amazon Resource Name (ARN) of the Regulatory Policy. + RegulatoryPolicyArn *string `pulumi:"regulatoryPolicyArn"` // Amazon Resource Name (ARN) of the Resiliency Policy. ResiliencyPolicyArn *string `pulumi:"resiliencyPolicyArn"` // An array of ResourceMapping objects. @@ -117,6 +119,11 @@ func (o LookupAppResultOutput) PermissionModel() AppPermissionModelPtrOutput { return o.ApplyT(func(v LookupAppResult) *AppPermissionModel { return v.PermissionModel }).(AppPermissionModelPtrOutput) } +// Amazon Resource Name (ARN) of the Regulatory Policy. +func (o LookupAppResultOutput) RegulatoryPolicyArn() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupAppResult) *string { return v.RegulatoryPolicyArn }).(pulumi.StringPtrOutput) +} + // Amazon Resource Name (ARN) of the Resiliency Policy. func (o LookupAppResultOutput) ResiliencyPolicyArn() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupAppResult) *string { return v.ResiliencyPolicyArn }).(pulumi.StringPtrOutput) diff --git a/sdk/go/aws/rolesanywhere/getProfile.go b/sdk/go/aws/rolesanywhere/getProfile.go index 6b7c384913..2fa19b016f 100644 --- a/sdk/go/aws/rolesanywhere/getProfile.go +++ b/sdk/go/aws/rolesanywhere/getProfile.go @@ -45,8 +45,6 @@ type LookupProfileResult struct { ProfileArn *string `pulumi:"profileArn"` // The unique primary identifier of the Profile ProfileId *string `pulumi:"profileId"` - // Specifies whether instance properties are required in CreateSession requests with this profile. - RequireInstanceProperties *bool `pulumi:"requireInstanceProperties"` // A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request. RoleArns []string `pulumi:"roleArns"` // A session policy that will applied to the trust boundary of the vended session credentials. @@ -127,11 +125,6 @@ func (o LookupProfileResultOutput) ProfileId() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupProfileResult) *string { return v.ProfileId }).(pulumi.StringPtrOutput) } -// Specifies whether instance properties are required in CreateSession requests with this profile. -func (o LookupProfileResultOutput) RequireInstanceProperties() pulumi.BoolPtrOutput { - return o.ApplyT(func(v LookupProfileResult) *bool { return v.RequireInstanceProperties }).(pulumi.BoolPtrOutput) -} - // A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request. func (o LookupProfileResultOutput) RoleArns() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupProfileResult) []string { return v.RoleArns }).(pulumi.StringArrayOutput) diff --git a/sdk/go/aws/rolesanywhere/profile.go b/sdk/go/aws/rolesanywhere/profile.go index efb772507f..114abe848a 100644 --- a/sdk/go/aws/rolesanywhere/profile.go +++ b/sdk/go/aws/rolesanywhere/profile.go @@ -53,6 +53,10 @@ func NewProfile(ctx *pulumi.Context, if args.RoleArns == nil { return nil, errors.New("invalid value for required argument 'RoleArns'") } + replaceOnChanges := pulumi.ReplaceOnChanges([]string{ + "requireInstanceProperties", + }) + opts = append(opts, replaceOnChanges) opts = internal.PkgResourceDefaultOpts(opts) var resource Profile err := ctx.RegisterResource("aws-native:rolesanywhere:Profile", name, args, &resource, opts...) diff --git a/sdk/go/aws/ses/pulumiTypes.go b/sdk/go/aws/ses/pulumiTypes.go index cbb02910f5..60436419f3 100644 --- a/sdk/go/aws/ses/pulumiTypes.go +++ b/sdk/go/aws/ses/pulumiTypes.go @@ -1810,6 +1810,8 @@ func (o ConfigurationSetSuppressionOptionsPtrOutput) SuppressedReasons() pulumi. type ConfigurationSetTrackingOptions struct { // The domain to use for tracking open and click events. CustomRedirectDomain *string `pulumi:"customRedirectDomain"` + // The https policy to use for tracking open and click events. + HttpsPolicy *string `pulumi:"httpsPolicy"` } // ConfigurationSetTrackingOptionsInput is an input type that accepts ConfigurationSetTrackingOptionsArgs and ConfigurationSetTrackingOptionsOutput values. @@ -1827,6 +1829,8 @@ type ConfigurationSetTrackingOptionsInput interface { type ConfigurationSetTrackingOptionsArgs struct { // The domain to use for tracking open and click events. CustomRedirectDomain pulumi.StringPtrInput `pulumi:"customRedirectDomain"` + // The https policy to use for tracking open and click events. + HttpsPolicy pulumi.StringPtrInput `pulumi:"httpsPolicy"` } func (ConfigurationSetTrackingOptionsArgs) ElementType() reflect.Type { @@ -1912,6 +1916,11 @@ func (o ConfigurationSetTrackingOptionsOutput) CustomRedirectDomain() pulumi.Str return o.ApplyT(func(v ConfigurationSetTrackingOptions) *string { return v.CustomRedirectDomain }).(pulumi.StringPtrOutput) } +// The https policy to use for tracking open and click events. +func (o ConfigurationSetTrackingOptionsOutput) HttpsPolicy() pulumi.StringPtrOutput { + return o.ApplyT(func(v ConfigurationSetTrackingOptions) *string { return v.HttpsPolicy }).(pulumi.StringPtrOutput) +} + type ConfigurationSetTrackingOptionsPtrOutput struct{ *pulumi.OutputState } func (ConfigurationSetTrackingOptionsPtrOutput) ElementType() reflect.Type { @@ -1946,6 +1955,16 @@ func (o ConfigurationSetTrackingOptionsPtrOutput) CustomRedirectDomain() pulumi. }).(pulumi.StringPtrOutput) } +// The https policy to use for tracking open and click events. +func (o ConfigurationSetTrackingOptionsPtrOutput) HttpsPolicy() pulumi.StringPtrOutput { + return o.ApplyT(func(v *ConfigurationSetTrackingOptions) *string { + if v == nil { + return nil + } + return v.HttpsPolicy + }).(pulumi.StringPtrOutput) +} + // An object that contains Virtual Deliverability Manager (VDM) settings for this configuration set. type ConfigurationSetVdmOptions struct { // Specifies additional settings for your VDM configuration as applicable to the Dashboard. diff --git a/sdk/go/aws/sso/getPermissionSet.go b/sdk/go/aws/sso/getPermissionSet.go index 8acf4bdf8d..cb63279c7d 100644 --- a/sdk/go/aws/sso/getPermissionSet.go +++ b/sdk/go/aws/sso/getPermissionSet.go @@ -39,7 +39,7 @@ type LookupPermissionSetResult struct { // // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SSO::PermissionSet` for more information about the expected schema for this property. InlinePolicy interface{} `pulumi:"inlinePolicy"` - // A structure that stores the details of the AWS managed policy. + // A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. ManagedPolicies []string `pulumi:"managedPolicies"` // The permission set that the policy will be attached to PermissionSetArn *string `pulumi:"permissionSetArn"` @@ -108,7 +108,7 @@ func (o LookupPermissionSetResultOutput) InlinePolicy() pulumi.AnyOutput { return o.ApplyT(func(v LookupPermissionSetResult) interface{} { return v.InlinePolicy }).(pulumi.AnyOutput) } -// A structure that stores the details of the AWS managed policy. +// A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. func (o LookupPermissionSetResultOutput) ManagedPolicies() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupPermissionSetResult) []string { return v.ManagedPolicies }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/aws/sso/permissionSet.go b/sdk/go/aws/sso/permissionSet.go index 1c4556965b..b1cd21ca07 100644 --- a/sdk/go/aws/sso/permissionSet.go +++ b/sdk/go/aws/sso/permissionSet.go @@ -27,7 +27,7 @@ type PermissionSet struct { InlinePolicy pulumi.AnyOutput `pulumi:"inlinePolicy"` // The sso instance arn that the permission set is owned. InstanceArn pulumi.StringOutput `pulumi:"instanceArn"` - // A structure that stores the details of the AWS managed policy. + // A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. ManagedPolicies pulumi.StringArrayOutput `pulumi:"managedPolicies"` // The name you want to assign to this permission set. Name pulumi.StringOutput `pulumi:"name"` @@ -103,7 +103,7 @@ type permissionSetArgs struct { InlinePolicy interface{} `pulumi:"inlinePolicy"` // The sso instance arn that the permission set is owned. InstanceArn string `pulumi:"instanceArn"` - // A structure that stores the details of the AWS managed policy. + // A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. ManagedPolicies []string `pulumi:"managedPolicies"` // The name you want to assign to this permission set. Name *string `pulumi:"name"` @@ -131,7 +131,7 @@ type PermissionSetArgs struct { InlinePolicy pulumi.Input // The sso instance arn that the permission set is owned. InstanceArn pulumi.StringInput - // A structure that stores the details of the AWS managed policy. + // A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. ManagedPolicies pulumi.StringArrayInput // The name you want to assign to this permission set. Name pulumi.StringPtrInput @@ -208,7 +208,7 @@ func (o PermissionSetOutput) InstanceArn() pulumi.StringOutput { return o.ApplyT(func(v *PermissionSet) pulumi.StringOutput { return v.InstanceArn }).(pulumi.StringOutput) } -// A structure that stores the details of the AWS managed policy. +// A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. func (o PermissionSetOutput) ManagedPolicies() pulumi.StringArrayOutput { return o.ApplyT(func(v *PermissionSet) pulumi.StringArrayOutput { return v.ManagedPolicies }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/aws/voiceid/getDomain.go b/sdk/go/aws/voiceid/getDomain.go index a1e07ad820..9c44333963 100644 --- a/sdk/go/aws/voiceid/getDomain.go +++ b/sdk/go/aws/voiceid/getDomain.go @@ -29,8 +29,14 @@ type LookupDomainArgs struct { } type LookupDomainResult struct { + // The description of the domain. + Description *string `pulumi:"description"` // The identifier of the domain. DomainId *string `pulumi:"domainId"` + // The name for the domain. + Name *string `pulumi:"name"` + // The server-side encryption configuration containing the KMS key identifier you want Voice ID to use to encrypt your data. + ServerSideEncryptionConfiguration *DomainServerSideEncryptionConfiguration `pulumi:"serverSideEncryptionConfiguration"` // The tags used to organize, track, or control access for this resource. Tags []aws.Tag `pulumi:"tags"` } @@ -67,11 +73,28 @@ func (o LookupDomainResultOutput) ToLookupDomainResultOutputWithContext(ctx cont return o } +// The description of the domain. +func (o LookupDomainResultOutput) Description() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupDomainResult) *string { return v.Description }).(pulumi.StringPtrOutput) +} + // The identifier of the domain. func (o LookupDomainResultOutput) DomainId() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupDomainResult) *string { return v.DomainId }).(pulumi.StringPtrOutput) } +// The name for the domain. +func (o LookupDomainResultOutput) Name() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupDomainResult) *string { return v.Name }).(pulumi.StringPtrOutput) +} + +// The server-side encryption configuration containing the KMS key identifier you want Voice ID to use to encrypt your data. +func (o LookupDomainResultOutput) ServerSideEncryptionConfiguration() DomainServerSideEncryptionConfigurationPtrOutput { + return o.ApplyT(func(v LookupDomainResult) *DomainServerSideEncryptionConfiguration { + return v.ServerSideEncryptionConfiguration + }).(DomainServerSideEncryptionConfigurationPtrOutput) +} + // The tags used to organize, track, or control access for this resource. func (o LookupDomainResultOutput) Tags() aws.TagArrayOutput { return o.ApplyT(func(v LookupDomainResult) []aws.Tag { return v.Tags }).(aws.TagArrayOutput) diff --git a/sdk/go/aws/voiceid/pulumiTypes.go b/sdk/go/aws/voiceid/pulumiTypes.go index 603d9ab570..e3bdd3f28e 100644 --- a/sdk/go/aws/voiceid/pulumiTypes.go +++ b/sdk/go/aws/voiceid/pulumiTypes.go @@ -65,6 +65,40 @@ func (o DomainServerSideEncryptionConfigurationOutput) KmsKeyId() pulumi.StringO return o.ApplyT(func(v DomainServerSideEncryptionConfiguration) string { return v.KmsKeyId }).(pulumi.StringOutput) } +type DomainServerSideEncryptionConfigurationPtrOutput struct{ *pulumi.OutputState } + +func (DomainServerSideEncryptionConfigurationPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**DomainServerSideEncryptionConfiguration)(nil)).Elem() +} + +func (o DomainServerSideEncryptionConfigurationPtrOutput) ToDomainServerSideEncryptionConfigurationPtrOutput() DomainServerSideEncryptionConfigurationPtrOutput { + return o +} + +func (o DomainServerSideEncryptionConfigurationPtrOutput) ToDomainServerSideEncryptionConfigurationPtrOutputWithContext(ctx context.Context) DomainServerSideEncryptionConfigurationPtrOutput { + return o +} + +func (o DomainServerSideEncryptionConfigurationPtrOutput) Elem() DomainServerSideEncryptionConfigurationOutput { + return o.ApplyT(func(v *DomainServerSideEncryptionConfiguration) DomainServerSideEncryptionConfiguration { + if v != nil { + return *v + } + var ret DomainServerSideEncryptionConfiguration + return ret + }).(DomainServerSideEncryptionConfigurationOutput) +} + +// The identifier of the KMS key to use to encrypt data stored by Voice ID. Voice ID doesn't support asymmetric customer managed keys. +func (o DomainServerSideEncryptionConfigurationPtrOutput) KmsKeyId() pulumi.StringPtrOutput { + return o.ApplyT(func(v *DomainServerSideEncryptionConfiguration) *string { + if v == nil { + return nil + } + return &v.KmsKeyId + }).(pulumi.StringPtrOutput) +} + type DomainTag struct { // The first part of a key:value pair that forms a tag associated with a given resource. For example, in the tag 'Department':'Sales', the key is 'Department'. Key string `pulumi:"key"` @@ -75,4 +109,5 @@ type DomainTag struct { func init() { pulumi.RegisterInputType(reflect.TypeOf((*DomainServerSideEncryptionConfigurationInput)(nil)).Elem(), DomainServerSideEncryptionConfigurationArgs{}) pulumi.RegisterOutputType(DomainServerSideEncryptionConfigurationOutput{}) + pulumi.RegisterOutputType(DomainServerSideEncryptionConfigurationPtrOutput{}) } diff --git a/sdk/nodejs/backup/logicallyAirGappedBackupVault.ts b/sdk/nodejs/backup/logicallyAirGappedBackupVault.ts index d046a0c58c..5dff5b5983 100644 --- a/sdk/nodejs/backup/logicallyAirGappedBackupVault.ts +++ b/sdk/nodejs/backup/logicallyAirGappedBackupVault.ts @@ -70,11 +70,11 @@ export class LogicallyAirGappedBackupVault extends pulumi.CustomResource { /** * The current state of the vault. */ - public readonly vaultState!: pulumi.Output; + public /*out*/ readonly vaultState!: pulumi.Output; /** * The type of vault described. */ - public readonly vaultType!: pulumi.Output; + public /*out*/ readonly vaultType!: pulumi.Output; /** * Create a LogicallyAirGappedBackupVault resource with the given unique name, arguments, and options. @@ -99,10 +99,10 @@ export class LogicallyAirGappedBackupVault extends pulumi.CustomResource { resourceInputs["maxRetentionDays"] = args ? args.maxRetentionDays : undefined; resourceInputs["minRetentionDays"] = args ? args.minRetentionDays : undefined; resourceInputs["notifications"] = args ? args.notifications : undefined; - resourceInputs["vaultState"] = args ? args.vaultState : undefined; - resourceInputs["vaultType"] = args ? args.vaultType : undefined; resourceInputs["backupVaultArn"] = undefined /*out*/; resourceInputs["encryptionKeyArn"] = undefined /*out*/; + resourceInputs["vaultState"] = undefined /*out*/; + resourceInputs["vaultType"] = undefined /*out*/; } else { resourceInputs["accessPolicy"] = undefined /*out*/; resourceInputs["backupVaultArn"] = undefined /*out*/; @@ -154,12 +154,4 @@ export interface LogicallyAirGappedBackupVaultArgs { * Returns event notifications for the specified backup vault. */ notifications?: pulumi.Input; - /** - * The current state of the vault. - */ - vaultState?: pulumi.Input; - /** - * The type of vault described. - */ - vaultType?: pulumi.Input; } diff --git a/sdk/nodejs/cleanrooms/collaboration.ts b/sdk/nodejs/cleanrooms/collaboration.ts index be256af0a3..8e4c2a59c8 100644 --- a/sdk/nodejs/cleanrooms/collaboration.ts +++ b/sdk/nodejs/cleanrooms/collaboration.ts @@ -63,6 +63,10 @@ export class Collaboration extends pulumi.CustomResource { * *Allowed values* `CAN_QUERY` | `CAN_RECEIVE_RESULTS` */ public readonly creatorMemberAbilities!: pulumi.Output; + /** + * The ML member abilities for a collaboration member. + */ + public readonly creatorMlMemberAbilities!: pulumi.Output; /** * An object representing the collaboration member's payment responsibilities set by the collaboration creator. */ @@ -121,6 +125,7 @@ export class Collaboration extends pulumi.CustomResource { resourceInputs["analyticsEngine"] = args ? args.analyticsEngine : undefined; resourceInputs["creatorDisplayName"] = args ? args.creatorDisplayName : undefined; resourceInputs["creatorMemberAbilities"] = args ? args.creatorMemberAbilities : undefined; + resourceInputs["creatorMlMemberAbilities"] = args ? args.creatorMlMemberAbilities : undefined; resourceInputs["creatorPaymentConfiguration"] = args ? args.creatorPaymentConfiguration : undefined; resourceInputs["dataEncryptionMetadata"] = args ? args.dataEncryptionMetadata : undefined; resourceInputs["description"] = args ? args.description : undefined; @@ -136,6 +141,7 @@ export class Collaboration extends pulumi.CustomResource { resourceInputs["collaborationIdentifier"] = undefined /*out*/; resourceInputs["creatorDisplayName"] = undefined /*out*/; resourceInputs["creatorMemberAbilities"] = undefined /*out*/; + resourceInputs["creatorMlMemberAbilities"] = undefined /*out*/; resourceInputs["creatorPaymentConfiguration"] = undefined /*out*/; resourceInputs["dataEncryptionMetadata"] = undefined /*out*/; resourceInputs["description"] = undefined /*out*/; @@ -145,7 +151,7 @@ export class Collaboration extends pulumi.CustomResource { resourceInputs["tags"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); - const replaceOnChanges = { replaceOnChanges: ["analyticsEngine", "creatorDisplayName", "creatorMemberAbilities[*]", "creatorPaymentConfiguration", "dataEncryptionMetadata", "members[*]", "queryLogStatus"] }; + const replaceOnChanges = { replaceOnChanges: ["analyticsEngine", "creatorDisplayName", "creatorMemberAbilities[*]", "creatorMlMemberAbilities", "creatorPaymentConfiguration", "dataEncryptionMetadata", "members[*]", "queryLogStatus"] }; opts = pulumi.mergeOptions(opts, replaceOnChanges); super(Collaboration.__pulumiType, name, resourceInputs, opts); } @@ -169,6 +175,10 @@ export interface CollaborationArgs { * *Allowed values* `CAN_QUERY` | `CAN_RECEIVE_RESULTS` */ creatorMemberAbilities: pulumi.Input[]>; + /** + * The ML member abilities for a collaboration member. + */ + creatorMlMemberAbilities?: pulumi.Input; /** * An object representing the collaboration member's payment responsibilities set by the collaboration creator. */ diff --git a/sdk/nodejs/cognito/getUserPool.ts b/sdk/nodejs/cognito/getUserPool.ts index 7a99224d04..473b674056 100644 --- a/sdk/nodejs/cognito/getUserPool.ts +++ b/sdk/nodejs/cognito/getUserPool.ts @@ -32,11 +32,11 @@ export interface GetUserPoolResult { /** * The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. * - * This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + * This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . */ readonly adminCreateUserConfig?: outputs.cognito.UserPoolAdminCreateUserConfig; /** - * Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + * Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . */ readonly aliasAttributes?: string[]; /** @@ -44,7 +44,7 @@ export interface GetUserPoolResult { */ readonly arn?: string; /** - * The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + * The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . */ readonly autoVerifiedAttributes?: string[]; /** @@ -80,17 +80,15 @@ export interface GetUserPoolResult { */ readonly lambdaConfig?: outputs.cognito.UserPoolLambdaConfig; /** - * The multi-factor authentication (MFA) configuration. Valid values include: + * Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . * - * - `OFF` MFA won't be used for any users. - * - `ON` MFA is required for all users to sign in. - * - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + * When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. */ readonly mfaConfiguration?: string; /** * A list of user pool policies. Contains the policy that sets password-complexity requirements. * - * This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + * This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . */ readonly policies?: outputs.cognito.UserPoolPolicies; /** @@ -110,7 +108,7 @@ export interface GetUserPoolResult { */ readonly smsAuthenticationMessage?: string; /** - * The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + * The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . */ readonly smsConfiguration?: outputs.cognito.UserPoolSmsConfiguration; /** @@ -124,7 +122,7 @@ export interface GetUserPoolResult { */ readonly userAttributeUpdateSettings?: outputs.cognito.UserPoolUserAttributeUpdateSettings; /** - * User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + * Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . * * For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . */ @@ -134,7 +132,7 @@ export interface GetUserPoolResult { */ readonly userPoolId?: string; /** - * A friendlhy name for your user pool. + * A friendly name for your user pool. */ readonly userPoolName?: string; /** diff --git a/sdk/nodejs/cognito/getUserPoolClient.ts b/sdk/nodejs/cognito/getUserPoolClient.ts index 3470ecbe87..a10d57e0cb 100644 --- a/sdk/nodejs/cognito/getUserPoolClient.ts +++ b/sdk/nodejs/cognito/getUserPoolClient.ts @@ -43,28 +43,28 @@ export interface GetUserPoolClientResult { */ readonly accessTokenValidity?: number; /** - * The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + * The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. * * - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - * - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - * - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. + * - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + * - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. */ readonly allowedOAuthFlows?: string[]; /** - * Set to `true` to use OAuth 2.0 features in your user pool app client. + * Set to `true` to use OAuth 2.0 authorization server features in your app client. * - * `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + * This parameter must have a value of `true` before you can configure the following features in your app client. * * - `CallBackURLs` : Callback URLs. * - `LogoutURLs` : Sign-out redirect URLs. * - `AllowedOAuthScopes` : OAuth 2.0 scopes. * - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. * - * To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . + * To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. */ readonly allowedOAuthFlowsUserPoolClient?: boolean; /** - * The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + * The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. */ readonly allowedOAuthScopes?: string[]; /** @@ -78,9 +78,9 @@ export interface GetUserPoolClientResult { */ readonly authSessionValidity?: number; /** - * A list of allowed redirect (callback) URLs for the IdPs. + * A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. * - * A redirect URI must: + * A redirect URI must meet the following requirements: * * - Be an absolute URI. * - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -107,21 +107,23 @@ export interface GetUserPoolClientResult { */ readonly defaultRedirectUri?: string; /** - * Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + * When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. */ readonly enablePropagateAdditionalUserContextData?: boolean; /** - * Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + * Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + * + * Revoke tokens with `API_RevokeToken` . * * If you don't include this parameter, token revocation is automatically activated for the new user pool client. */ readonly enableTokenRevocation?: boolean; /** - * The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + * The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. * - * > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + * > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . * - * Valid values include: + * The values for authentication flow options include the following. * * - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . * @@ -148,7 +150,7 @@ export interface GetUserPoolClientResult { */ readonly idTokenValidity?: number; /** - * A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + * A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . */ readonly logoutUrls?: string[]; readonly name?: string; @@ -164,9 +166,11 @@ export interface GetUserPoolClientResult { */ readonly preventUserExistenceErrors?: string; /** - * The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + * The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. * - * When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + * An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + * + * When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. */ readonly readAttributes?: string[]; /** @@ -184,7 +188,7 @@ export interface GetUserPoolClientResult { /** * A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . * - * This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + * This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . */ readonly supportedIdentityProviders?: string[]; /** @@ -192,7 +196,9 @@ export interface GetUserPoolClientResult { */ readonly tokenValidityUnits?: outputs.cognito.UserPoolClientTokenValidityUnits; /** - * The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + * The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + * + * An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. * * When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. * diff --git a/sdk/nodejs/cognito/getUserPoolDomain.ts b/sdk/nodejs/cognito/getUserPoolDomain.ts index 1c2fb47151..f614941076 100644 --- a/sdk/nodejs/cognito/getUserPoolDomain.ts +++ b/sdk/nodejs/cognito/getUserPoolDomain.ts @@ -30,9 +30,11 @@ export interface GetUserPoolDomainResult { */ readonly cloudFrontDistribution?: string; /** - * The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + * The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . * - * When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. + * When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. + * + * Update the RP ID in a `API_SetUserPoolMfaConfig` request. */ readonly customDomainConfig?: outputs.cognito.UserPoolDomainCustomDomainConfigType; /** diff --git a/sdk/nodejs/cognito/getUserPoolRiskConfigurationAttachment.ts b/sdk/nodejs/cognito/getUserPoolRiskConfigurationAttachment.ts index d8cf4a0f69..2d04f0821a 100644 --- a/sdk/nodejs/cognito/getUserPoolRiskConfigurationAttachment.ts +++ b/sdk/nodejs/cognito/getUserPoolRiskConfigurationAttachment.ts @@ -31,11 +31,11 @@ export interface GetUserPoolRiskConfigurationAttachmentArgs { export interface GetUserPoolRiskConfigurationAttachmentResult { /** - * The settings for automated responses and notification templates for adaptive authentication with advanced security features. + * The settings for automated responses and notification templates for adaptive authentication with threat protection. */ readonly accountTakeoverRiskConfiguration?: outputs.cognito.UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType; /** - * Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + * Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. */ readonly compromisedCredentialsRiskConfiguration?: outputs.cognito.UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType; /** diff --git a/sdk/nodejs/cognito/getUserPoolUiCustomizationAttachment.ts b/sdk/nodejs/cognito/getUserPoolUiCustomizationAttachment.ts index 327b91f477..089fc688f6 100644 --- a/sdk/nodejs/cognito/getUserPoolUiCustomizationAttachment.ts +++ b/sdk/nodejs/cognito/getUserPoolUiCustomizationAttachment.ts @@ -21,14 +21,14 @@ export interface GetUserPoolUiCustomizationAttachmentArgs { */ clientId: string; /** - * The ID of the user pool. + * The ID of the user pool where you want to apply branding to the classic hosted UI. */ userPoolId: string; } export interface GetUserPoolUiCustomizationAttachmentResult { /** - * The CSS values in the UI customization. + * A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . */ readonly css?: string; } @@ -49,7 +49,7 @@ export interface GetUserPoolUiCustomizationAttachmentOutputArgs { */ clientId: pulumi.Input; /** - * The ID of the user pool. + * The ID of the user pool where you want to apply branding to the classic hosted UI. */ userPoolId: pulumi.Input; } diff --git a/sdk/nodejs/cognito/userPool.ts b/sdk/nodejs/cognito/userPool.ts index 81ec0a8a88..82ca97c23e 100644 --- a/sdk/nodejs/cognito/userPool.ts +++ b/sdk/nodejs/cognito/userPool.ts @@ -44,11 +44,11 @@ export class UserPool extends pulumi.CustomResource { /** * The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. * - * This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + * This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . */ public readonly adminCreateUserConfig!: pulumi.Output; /** - * Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + * Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . */ public readonly aliasAttributes!: pulumi.Output; /** @@ -56,7 +56,7 @@ export class UserPool extends pulumi.CustomResource { */ public /*out*/ readonly arn!: pulumi.Output; /** - * The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + * The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . */ public readonly autoVerifiedAttributes!: pulumi.Output; /** @@ -102,17 +102,15 @@ export class UserPool extends pulumi.CustomResource { */ public readonly lambdaConfig!: pulumi.Output; /** - * The multi-factor authentication (MFA) configuration. Valid values include: + * Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . * - * - `OFF` MFA won't be used for any users. - * - `ON` MFA is required for all users to sign in. - * - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + * When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. */ public readonly mfaConfiguration!: pulumi.Output; /** * A list of user pool policies. Contains the policy that sets password-complexity requirements. * - * This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + * This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . */ public readonly policies!: pulumi.Output; /** @@ -132,7 +130,7 @@ export class UserPool extends pulumi.CustomResource { */ public readonly smsAuthenticationMessage!: pulumi.Output; /** - * The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + * The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . */ public readonly smsConfiguration!: pulumi.Output; /** @@ -146,7 +144,7 @@ export class UserPool extends pulumi.CustomResource { */ public readonly userAttributeUpdateSettings!: pulumi.Output; /** - * User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + * Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . * * For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . */ @@ -156,7 +154,7 @@ export class UserPool extends pulumi.CustomResource { */ public /*out*/ readonly userPoolId!: pulumi.Output; /** - * A friendlhy name for your user pool. + * A friendly name for your user pool. */ public readonly userPoolName!: pulumi.Output; /** @@ -295,15 +293,15 @@ export interface UserPoolArgs { /** * The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. * - * This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + * This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . */ adminCreateUserConfig?: pulumi.Input; /** - * Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + * Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . */ aliasAttributes?: pulumi.Input[]>; /** - * The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + * The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . */ autoVerifiedAttributes?: pulumi.Input[]>; /** @@ -349,17 +347,15 @@ export interface UserPoolArgs { */ lambdaConfig?: pulumi.Input; /** - * The multi-factor authentication (MFA) configuration. Valid values include: + * Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . * - * - `OFF` MFA won't be used for any users. - * - `ON` MFA is required for all users to sign in. - * - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + * When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. */ mfaConfiguration?: pulumi.Input; /** * A list of user pool policies. Contains the policy that sets password-complexity requirements. * - * This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + * This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . */ policies?: pulumi.Input; /** @@ -371,7 +367,7 @@ export interface UserPoolArgs { */ smsAuthenticationMessage?: pulumi.Input; /** - * The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + * The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . */ smsConfiguration?: pulumi.Input; /** @@ -385,13 +381,13 @@ export interface UserPoolArgs { */ userAttributeUpdateSettings?: pulumi.Input; /** - * User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + * Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . * * For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . */ userPoolAddOns?: pulumi.Input; /** - * A friendlhy name for your user pool. + * A friendly name for your user pool. */ userPoolName?: pulumi.Input; /** diff --git a/sdk/nodejs/cognito/userPoolClient.ts b/sdk/nodejs/cognito/userPoolClient.ts index f6a0f012f8..cc85f25544 100644 --- a/sdk/nodejs/cognito/userPoolClient.ts +++ b/sdk/nodejs/cognito/userPoolClient.ts @@ -50,28 +50,28 @@ export class UserPoolClient extends pulumi.CustomResource { */ public readonly accessTokenValidity!: pulumi.Output; /** - * The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + * The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. * * - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - * - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - * - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. + * - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + * - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. */ public readonly allowedOAuthFlows!: pulumi.Output; /** - * Set to `true` to use OAuth 2.0 features in your user pool app client. + * Set to `true` to use OAuth 2.0 authorization server features in your app client. * - * `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + * This parameter must have a value of `true` before you can configure the following features in your app client. * * - `CallBackURLs` : Callback URLs. * - `LogoutURLs` : Sign-out redirect URLs. * - `AllowedOAuthScopes` : OAuth 2.0 scopes. * - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. * - * To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . + * To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. */ public readonly allowedOAuthFlowsUserPoolClient!: pulumi.Output; /** - * The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + * The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. */ public readonly allowedOAuthScopes!: pulumi.Output; /** @@ -85,9 +85,9 @@ export class UserPoolClient extends pulumi.CustomResource { */ public readonly authSessionValidity!: pulumi.Output; /** - * A list of allowed redirect (callback) URLs for the IdPs. + * A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. * - * A redirect URI must: + * A redirect URI must meet the following requirements: * * - Be an absolute URI. * - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -114,21 +114,23 @@ export class UserPoolClient extends pulumi.CustomResource { */ public readonly defaultRedirectUri!: pulumi.Output; /** - * Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + * When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. */ public readonly enablePropagateAdditionalUserContextData!: pulumi.Output; /** - * Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + * Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + * + * Revoke tokens with `API_RevokeToken` . * * If you don't include this parameter, token revocation is automatically activated for the new user pool client. */ public readonly enableTokenRevocation!: pulumi.Output; /** - * The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + * The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. * - * > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + * > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . * - * Valid values include: + * The values for authentication flow options include the following. * * - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . * @@ -144,7 +146,7 @@ export class UserPoolClient extends pulumi.CustomResource { */ public readonly explicitAuthFlows!: pulumi.Output; /** - * When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . + * When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . */ public readonly generateSecret!: pulumi.Output; /** @@ -159,7 +161,7 @@ export class UserPoolClient extends pulumi.CustomResource { */ public readonly idTokenValidity!: pulumi.Output; /** - * A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + * A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . */ public readonly logoutUrls!: pulumi.Output; public /*out*/ readonly name!: pulumi.Output; @@ -175,9 +177,11 @@ export class UserPoolClient extends pulumi.CustomResource { */ public readonly preventUserExistenceErrors!: pulumi.Output; /** - * The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + * The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. * - * When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + * An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + * + * When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. */ public readonly readAttributes!: pulumi.Output; /** @@ -195,7 +199,7 @@ export class UserPoolClient extends pulumi.CustomResource { /** * A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . * - * This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + * This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . */ public readonly supportedIdentityProviders!: pulumi.Output; /** @@ -207,7 +211,9 @@ export class UserPoolClient extends pulumi.CustomResource { */ public readonly userPoolId!: pulumi.Output; /** - * The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + * The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + * + * An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. * * When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. * @@ -305,28 +311,28 @@ export interface UserPoolClientArgs { */ accessTokenValidity?: pulumi.Input; /** - * The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + * The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. * * - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - * - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - * - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. + * - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + * - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. */ allowedOAuthFlows?: pulumi.Input[]>; /** - * Set to `true` to use OAuth 2.0 features in your user pool app client. + * Set to `true` to use OAuth 2.0 authorization server features in your app client. * - * `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + * This parameter must have a value of `true` before you can configure the following features in your app client. * * - `CallBackURLs` : Callback URLs. * - `LogoutURLs` : Sign-out redirect URLs. * - `AllowedOAuthScopes` : OAuth 2.0 scopes. * - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. * - * To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . + * To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. */ allowedOAuthFlowsUserPoolClient?: pulumi.Input; /** - * The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + * The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. */ allowedOAuthScopes?: pulumi.Input[]>; /** @@ -340,9 +346,9 @@ export interface UserPoolClientArgs { */ authSessionValidity?: pulumi.Input; /** - * A list of allowed redirect (callback) URLs for the IdPs. + * A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. * - * A redirect URI must: + * A redirect URI must meet the following requirements: * * - Be an absolute URI. * - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -364,21 +370,23 @@ export interface UserPoolClientArgs { */ defaultRedirectUri?: pulumi.Input; /** - * Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + * When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. */ enablePropagateAdditionalUserContextData?: pulumi.Input; /** - * Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + * Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + * + * Revoke tokens with `API_RevokeToken` . * * If you don't include this parameter, token revocation is automatically activated for the new user pool client. */ enableTokenRevocation?: pulumi.Input; /** - * The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + * The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. * - * > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + * > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . * - * Valid values include: + * The values for authentication flow options include the following. * * - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . * @@ -394,7 +402,7 @@ export interface UserPoolClientArgs { */ explicitAuthFlows?: pulumi.Input[]>; /** - * When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . + * When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . */ generateSecret?: pulumi.Input; /** @@ -409,7 +417,7 @@ export interface UserPoolClientArgs { */ idTokenValidity?: pulumi.Input; /** - * A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + * A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . */ logoutUrls?: pulumi.Input[]>; /** @@ -424,9 +432,11 @@ export interface UserPoolClientArgs { */ preventUserExistenceErrors?: pulumi.Input; /** - * The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + * The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. * - * When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + * An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + * + * When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. */ readAttributes?: pulumi.Input[]>; /** @@ -444,7 +454,7 @@ export interface UserPoolClientArgs { /** * A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . * - * This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + * This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . */ supportedIdentityProviders?: pulumi.Input[]>; /** @@ -456,7 +466,9 @@ export interface UserPoolClientArgs { */ userPoolId: pulumi.Input; /** - * The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + * The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + * + * An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. * * When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. * diff --git a/sdk/nodejs/cognito/userPoolDomain.ts b/sdk/nodejs/cognito/userPoolDomain.ts index a8756e9ff6..6df5b8ade1 100644 --- a/sdk/nodejs/cognito/userPoolDomain.ts +++ b/sdk/nodejs/cognito/userPoolDomain.ts @@ -46,15 +46,15 @@ export class UserPoolDomain extends pulumi.CustomResource { */ public /*out*/ readonly cloudFrontDistribution!: pulumi.Output; /** - * The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + * The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . * - * When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. + * When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. + * + * Update the RP ID in a `API_SetUserPoolMfaConfig` request. */ public readonly customDomainConfig!: pulumi.Output; /** - * The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` . - * - * This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names. + * The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` . */ public readonly domain!: pulumi.Output; /** @@ -62,7 +62,7 @@ export class UserPoolDomain extends pulumi.CustomResource { */ public readonly managedLoginVersion!: pulumi.Output; /** - * The ID of the user pool that is associated with the custom domain whose certificate you're updating. + * The ID of the user pool that is associated with the domain you're updating. */ public readonly userPoolId!: pulumi.Output; @@ -109,15 +109,15 @@ export class UserPoolDomain extends pulumi.CustomResource { */ export interface UserPoolDomainArgs { /** - * The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + * The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . * - * When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. + * When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. + * + * Update the RP ID in a `API_SetUserPoolMfaConfig` request. */ customDomainConfig?: pulumi.Input; /** - * The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` . - * - * This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names. + * The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` . */ domain: pulumi.Input; /** @@ -125,7 +125,7 @@ export interface UserPoolDomainArgs { */ managedLoginVersion?: pulumi.Input; /** - * The ID of the user pool that is associated with the custom domain whose certificate you're updating. + * The ID of the user pool that is associated with the domain you're updating. */ userPoolId: pulumi.Input; } diff --git a/sdk/nodejs/cognito/userPoolRiskConfigurationAttachment.ts b/sdk/nodejs/cognito/userPoolRiskConfigurationAttachment.ts index 20b059f732..a35b868712 100644 --- a/sdk/nodejs/cognito/userPoolRiskConfigurationAttachment.ts +++ b/sdk/nodejs/cognito/userPoolRiskConfigurationAttachment.ts @@ -38,7 +38,7 @@ export class UserPoolRiskConfigurationAttachment extends pulumi.CustomResource { } /** - * The settings for automated responses and notification templates for adaptive authentication with advanced security features. + * The settings for automated responses and notification templates for adaptive authentication with threat protection. */ public readonly accountTakeoverRiskConfiguration!: pulumi.Output; /** @@ -46,7 +46,7 @@ export class UserPoolRiskConfigurationAttachment extends pulumi.CustomResource { */ public readonly clientId!: pulumi.Output; /** - * Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + * Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. */ public readonly compromisedCredentialsRiskConfiguration!: pulumi.Output; /** @@ -99,7 +99,7 @@ export class UserPoolRiskConfigurationAttachment extends pulumi.CustomResource { */ export interface UserPoolRiskConfigurationAttachmentArgs { /** - * The settings for automated responses and notification templates for adaptive authentication with advanced security features. + * The settings for automated responses and notification templates for adaptive authentication with threat protection. */ accountTakeoverRiskConfiguration?: pulumi.Input; /** @@ -107,7 +107,7 @@ export interface UserPoolRiskConfigurationAttachmentArgs { */ clientId: pulumi.Input; /** - * Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + * Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. */ compromisedCredentialsRiskConfiguration?: pulumi.Input; /** diff --git a/sdk/nodejs/cognito/userPoolUiCustomizationAttachment.ts b/sdk/nodejs/cognito/userPoolUiCustomizationAttachment.ts index ee2ee5fb92..274af3defc 100644 --- a/sdk/nodejs/cognito/userPoolUiCustomizationAttachment.ts +++ b/sdk/nodejs/cognito/userPoolUiCustomizationAttachment.ts @@ -39,11 +39,11 @@ export class UserPoolUiCustomizationAttachment extends pulumi.CustomResource { */ public readonly clientId!: pulumi.Output; /** - * The CSS values in the UI customization. + * A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . */ public readonly css!: pulumi.Output; /** - * The ID of the user pool. + * The ID of the user pool where you want to apply branding to the classic hosted UI. */ public readonly userPoolId!: pulumi.Output; @@ -88,11 +88,11 @@ export interface UserPoolUiCustomizationAttachmentArgs { */ clientId: pulumi.Input; /** - * The CSS values in the UI customization. + * A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . */ css?: pulumi.Input; /** - * The ID of the user pool. + * The ID of the user pool where you want to apply branding to the classic hosted UI. */ userPoolId: pulumi.Input; } diff --git a/sdk/nodejs/cognito/userPoolUser.ts b/sdk/nodejs/cognito/userPoolUser.ts index e71c48ab06..9b4ee58e20 100644 --- a/sdk/nodejs/cognito/userPoolUser.ts +++ b/sdk/nodejs/cognito/userPoolUser.ts @@ -76,10 +76,12 @@ export class UserPoolUser extends pulumi.CustomResource { * * You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` . * - * In your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) . + * In your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply: * - * - *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `"EMAIL"` is specified in the `DesiredDeliveryMediums` parameter. - * - *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `"SMS"` is specified in the `DesiredDeliveryMediums` parameter. + * - **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter. + * - **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter. + * + * You can also set attributes verified with `API_AdminUpdateUserAttributes` . */ public readonly userAttributes!: pulumi.Output; /** @@ -97,7 +99,7 @@ export class UserPoolUser extends pulumi.CustomResource { /** * Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. * - * Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. + * Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. * * For more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) . */ @@ -185,10 +187,12 @@ export interface UserPoolUserArgs { * * You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` . * - * In your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) . + * In your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply: + * + * - **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter. + * - **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter. * - * - *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `"EMAIL"` is specified in the `DesiredDeliveryMediums` parameter. - * - *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `"SMS"` is specified in the `DesiredDeliveryMediums` parameter. + * You can also set attributes verified with `API_AdminUpdateUserAttributes` . */ userAttributes?: pulumi.Input[]>; /** @@ -206,7 +210,7 @@ export interface UserPoolUserArgs { /** * Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. * - * Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. + * Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. * * For more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) . */ diff --git a/sdk/nodejs/customerprofiles/eventTrigger.ts b/sdk/nodejs/customerprofiles/eventTrigger.ts new file mode 100644 index 0000000000..00d3651ccf --- /dev/null +++ b/sdk/nodejs/customerprofiles/eventTrigger.ts @@ -0,0 +1,118 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as enums from "../types/enums"; +import * as utilities from "../utilities"; + +/** + * An event trigger resource of Amazon Connect Customer Profiles + */ +export class EventTrigger extends pulumi.CustomResource { + /** + * Get an existing EventTrigger resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): EventTrigger { + return new EventTrigger(name, undefined as any, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'aws-native:customerprofiles:EventTrigger'; + + /** + * Returns true if the given object is an instance of EventTrigger. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is EventTrigger { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === EventTrigger.__pulumiType; + } + + /** + * The timestamp of when the event trigger was created. + */ + public /*out*/ readonly createdAt!: pulumi.Output; + public readonly description!: pulumi.Output; + public readonly domainName!: pulumi.Output; + public readonly eventTriggerConditions!: pulumi.Output; + public readonly eventTriggerLimits!: pulumi.Output; + public readonly eventTriggerName!: pulumi.Output; + /** + * The timestamp of when the event trigger was most recently updated. + */ + public /*out*/ readonly lastUpdatedAt!: pulumi.Output; + public readonly objectTypeName!: pulumi.Output; + public readonly segmentFilter!: pulumi.Output; + public readonly tags!: pulumi.Output; + + /** + * Create a EventTrigger resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: EventTriggerArgs, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (!opts.id) { + if ((!args || args.domainName === undefined) && !opts.urn) { + throw new Error("Missing required property 'domainName'"); + } + if ((!args || args.eventTriggerConditions === undefined) && !opts.urn) { + throw new Error("Missing required property 'eventTriggerConditions'"); + } + if ((!args || args.objectTypeName === undefined) && !opts.urn) { + throw new Error("Missing required property 'objectTypeName'"); + } + resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["domainName"] = args ? args.domainName : undefined; + resourceInputs["eventTriggerConditions"] = args ? args.eventTriggerConditions : undefined; + resourceInputs["eventTriggerLimits"] = args ? args.eventTriggerLimits : undefined; + resourceInputs["eventTriggerName"] = args ? args.eventTriggerName : undefined; + resourceInputs["objectTypeName"] = args ? args.objectTypeName : undefined; + resourceInputs["segmentFilter"] = args ? args.segmentFilter : undefined; + resourceInputs["tags"] = args ? args.tags : undefined; + resourceInputs["createdAt"] = undefined /*out*/; + resourceInputs["lastUpdatedAt"] = undefined /*out*/; + } else { + resourceInputs["createdAt"] = undefined /*out*/; + resourceInputs["description"] = undefined /*out*/; + resourceInputs["domainName"] = undefined /*out*/; + resourceInputs["eventTriggerConditions"] = undefined /*out*/; + resourceInputs["eventTriggerLimits"] = undefined /*out*/; + resourceInputs["eventTriggerName"] = undefined /*out*/; + resourceInputs["lastUpdatedAt"] = undefined /*out*/; + resourceInputs["objectTypeName"] = undefined /*out*/; + resourceInputs["segmentFilter"] = undefined /*out*/; + resourceInputs["tags"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const replaceOnChanges = { replaceOnChanges: ["domainName", "eventTriggerName"] }; + opts = pulumi.mergeOptions(opts, replaceOnChanges); + super(EventTrigger.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * The set of arguments for constructing a EventTrigger resource. + */ +export interface EventTriggerArgs { + description?: pulumi.Input; + domainName: pulumi.Input; + eventTriggerConditions: pulumi.Input[]>; + eventTriggerLimits?: pulumi.Input; + eventTriggerName?: pulumi.Input; + objectTypeName: pulumi.Input; + segmentFilter?: pulumi.Input; + tags?: pulumi.Input[]>; +} diff --git a/sdk/nodejs/customerprofiles/getEventTrigger.ts b/sdk/nodejs/customerprofiles/getEventTrigger.ts new file mode 100644 index 0000000000..575292c891 --- /dev/null +++ b/sdk/nodejs/customerprofiles/getEventTrigger.ts @@ -0,0 +1,56 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as enums from "../types/enums"; +import * as utilities from "../utilities"; + +/** + * An event trigger resource of Amazon Connect Customer Profiles + */ +export function getEventTrigger(args: GetEventTriggerArgs, opts?: pulumi.InvokeOptions): Promise { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invoke("aws-native:customerprofiles:getEventTrigger", { + "domainName": args.domainName, + "eventTriggerName": args.eventTriggerName, + }, opts); +} + +export interface GetEventTriggerArgs { + domainName: string; + eventTriggerName: string; +} + +export interface GetEventTriggerResult { + /** + * The timestamp of when the event trigger was created. + */ + readonly createdAt?: string; + readonly description?: string; + readonly eventTriggerConditions?: outputs.customerprofiles.EventTriggerCondition[]; + readonly eventTriggerLimits?: outputs.customerprofiles.EventTriggerLimits; + /** + * The timestamp of when the event trigger was most recently updated. + */ + readonly lastUpdatedAt?: string; + readonly objectTypeName?: string; + readonly segmentFilter?: string; + readonly tags?: outputs.Tag[]; +} +/** + * An event trigger resource of Amazon Connect Customer Profiles + */ +export function getEventTriggerOutput(args: GetEventTriggerOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invokeOutput("aws-native:customerprofiles:getEventTrigger", { + "domainName": args.domainName, + "eventTriggerName": args.eventTriggerName, + }, opts); +} + +export interface GetEventTriggerOutputArgs { + domainName: pulumi.Input; + eventTriggerName: pulumi.Input; +} diff --git a/sdk/nodejs/customerprofiles/index.ts b/sdk/nodejs/customerprofiles/index.ts index 8931d61584..1679ad28cc 100644 --- a/sdk/nodejs/customerprofiles/index.ts +++ b/sdk/nodejs/customerprofiles/index.ts @@ -20,6 +20,11 @@ export type EventStream = import("./eventStream").EventStream; export const EventStream: typeof import("./eventStream").EventStream = null as any; utilities.lazyLoad(exports, ["EventStream"], () => require("./eventStream")); +export { EventTriggerArgs } from "./eventTrigger"; +export type EventTrigger = import("./eventTrigger").EventTrigger; +export const EventTrigger: typeof import("./eventTrigger").EventTrigger = null as any; +utilities.lazyLoad(exports, ["EventTrigger"], () => require("./eventTrigger")); + export { GetCalculatedAttributeDefinitionArgs, GetCalculatedAttributeDefinitionResult, GetCalculatedAttributeDefinitionOutputArgs } from "./getCalculatedAttributeDefinition"; export const getCalculatedAttributeDefinition: typeof import("./getCalculatedAttributeDefinition").getCalculatedAttributeDefinition = null as any; export const getCalculatedAttributeDefinitionOutput: typeof import("./getCalculatedAttributeDefinition").getCalculatedAttributeDefinitionOutput = null as any; @@ -35,6 +40,11 @@ export const getEventStream: typeof import("./getEventStream").getEventStream = export const getEventStreamOutput: typeof import("./getEventStream").getEventStreamOutput = null as any; utilities.lazyLoad(exports, ["getEventStream","getEventStreamOutput"], () => require("./getEventStream")); +export { GetEventTriggerArgs, GetEventTriggerResult, GetEventTriggerOutputArgs } from "./getEventTrigger"; +export const getEventTrigger: typeof import("./getEventTrigger").getEventTrigger = null as any; +export const getEventTriggerOutput: typeof import("./getEventTrigger").getEventTriggerOutput = null as any; +utilities.lazyLoad(exports, ["getEventTrigger","getEventTriggerOutput"], () => require("./getEventTrigger")); + export { GetIntegrationArgs, GetIntegrationResult, GetIntegrationOutputArgs } from "./getIntegration"; export const getIntegration: typeof import("./getIntegration").getIntegration = null as any; export const getIntegrationOutput: typeof import("./getIntegration").getIntegrationOutput = null as any; @@ -79,6 +89,8 @@ const _module = { return new Domain(name, undefined, { urn }) case "aws-native:customerprofiles:EventStream": return new EventStream(name, undefined, { urn }) + case "aws-native:customerprofiles:EventTrigger": + return new EventTrigger(name, undefined, { urn }) case "aws-native:customerprofiles:Integration": return new Integration(name, undefined, { urn }) case "aws-native:customerprofiles:ObjectType": diff --git a/sdk/nodejs/lex/bot.ts b/sdk/nodejs/lex/bot.ts index 8195778772..0229bd1270 100644 --- a/sdk/nodejs/lex/bot.ts +++ b/sdk/nodejs/lex/bot.ts @@ -77,6 +77,7 @@ export class Bot extends pulumi.CustomResource { * The name of the bot locale. */ public readonly name!: pulumi.Output; + public readonly replication!: pulumi.Output; /** * The Amazon Resource Name (ARN) of the IAM role used to build and run the bot. */ @@ -118,6 +119,7 @@ export class Bot extends pulumi.CustomResource { resourceInputs["description"] = args ? args.description : undefined; resourceInputs["idleSessionTtlInSeconds"] = args ? args.idleSessionTtlInSeconds : undefined; resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["replication"] = args ? args.replication : undefined; resourceInputs["roleArn"] = args ? args.roleArn : undefined; resourceInputs["testBotAliasSettings"] = args ? args.testBotAliasSettings : undefined; resourceInputs["testBotAliasTags"] = args ? args.testBotAliasTags : undefined; @@ -134,6 +136,7 @@ export class Bot extends pulumi.CustomResource { resourceInputs["description"] = undefined /*out*/; resourceInputs["idleSessionTtlInSeconds"] = undefined /*out*/; resourceInputs["name"] = undefined /*out*/; + resourceInputs["replication"] = undefined /*out*/; resourceInputs["roleArn"] = undefined /*out*/; resourceInputs["testBotAliasSettings"] = undefined /*out*/; resourceInputs["testBotAliasTags"] = undefined /*out*/; @@ -179,6 +182,7 @@ export interface BotArgs { * The name of the bot locale. */ name?: pulumi.Input; + replication?: pulumi.Input; /** * The Amazon Resource Name (ARN) of the IAM role used to build and run the bot. */ diff --git a/sdk/nodejs/resiliencehub/app.ts b/sdk/nodejs/resiliencehub/app.ts index 79a3926bc5..af537fa5fb 100644 --- a/sdk/nodejs/resiliencehub/app.ts +++ b/sdk/nodejs/resiliencehub/app.ts @@ -69,6 +69,10 @@ export class App extends pulumi.CustomResource { * Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment. */ public readonly permissionModel!: pulumi.Output; + /** + * Amazon Resource Name (ARN) of the Regulatory Policy. + */ + public readonly regulatoryPolicyArn!: pulumi.Output; /** * Amazon Resource Name (ARN) of the Resiliency Policy. */ @@ -105,6 +109,7 @@ export class App extends pulumi.CustomResource { resourceInputs["eventSubscriptions"] = args ? args.eventSubscriptions : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["permissionModel"] = args ? args.permissionModel : undefined; + resourceInputs["regulatoryPolicyArn"] = args ? args.regulatoryPolicyArn : undefined; resourceInputs["resiliencyPolicyArn"] = args ? args.resiliencyPolicyArn : undefined; resourceInputs["resourceMappings"] = args ? args.resourceMappings : undefined; resourceInputs["tags"] = args ? args.tags : undefined; @@ -119,6 +124,7 @@ export class App extends pulumi.CustomResource { resourceInputs["eventSubscriptions"] = undefined /*out*/; resourceInputs["name"] = undefined /*out*/; resourceInputs["permissionModel"] = undefined /*out*/; + resourceInputs["regulatoryPolicyArn"] = undefined /*out*/; resourceInputs["resiliencyPolicyArn"] = undefined /*out*/; resourceInputs["resourceMappings"] = undefined /*out*/; resourceInputs["tags"] = undefined /*out*/; @@ -158,6 +164,10 @@ export interface AppArgs { * Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment. */ permissionModel?: pulumi.Input; + /** + * Amazon Resource Name (ARN) of the Regulatory Policy. + */ + regulatoryPolicyArn?: pulumi.Input; /** * Amazon Resource Name (ARN) of the Resiliency Policy. */ diff --git a/sdk/nodejs/resiliencehub/getApp.ts b/sdk/nodejs/resiliencehub/getApp.ts index 8dadac16dd..c48cece12b 100644 --- a/sdk/nodejs/resiliencehub/getApp.ts +++ b/sdk/nodejs/resiliencehub/getApp.ts @@ -53,6 +53,10 @@ export interface GetAppResult { * Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment. */ readonly permissionModel?: outputs.resiliencehub.AppPermissionModel; + /** + * Amazon Resource Name (ARN) of the Regulatory Policy. + */ + readonly regulatoryPolicyArn?: string; /** * Amazon Resource Name (ARN) of the Resiliency Policy. */ diff --git a/sdk/nodejs/rolesanywhere/getProfile.ts b/sdk/nodejs/rolesanywhere/getProfile.ts index 3ff0587b03..3d6e32839e 100644 --- a/sdk/nodejs/rolesanywhere/getProfile.ts +++ b/sdk/nodejs/rolesanywhere/getProfile.ts @@ -57,10 +57,6 @@ export interface GetProfileResult { * The unique primary identifier of the Profile */ readonly profileId?: string; - /** - * Specifies whether instance properties are required in CreateSession requests with this profile. - */ - readonly requireInstanceProperties?: boolean; /** * A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request. */ diff --git a/sdk/nodejs/rolesanywhere/profile.ts b/sdk/nodejs/rolesanywhere/profile.ts index 1a6b8084e2..9e184240af 100644 --- a/sdk/nodejs/rolesanywhere/profile.ts +++ b/sdk/nodejs/rolesanywhere/profile.ts @@ -127,6 +127,8 @@ export class Profile extends pulumi.CustomResource { resourceInputs["tags"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const replaceOnChanges = { replaceOnChanges: ["requireInstanceProperties"] }; + opts = pulumi.mergeOptions(opts, replaceOnChanges); super(Profile.__pulumiType, name, resourceInputs, opts); } } diff --git a/sdk/nodejs/sso/getPermissionSet.ts b/sdk/nodejs/sso/getPermissionSet.ts index ff21c1229d..40ca4aaa53 100644 --- a/sdk/nodejs/sso/getPermissionSet.ts +++ b/sdk/nodejs/sso/getPermissionSet.ts @@ -45,7 +45,7 @@ export interface GetPermissionSetResult { */ readonly inlinePolicy?: any; /** - * A structure that stores the details of the AWS managed policy. + * A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. */ readonly managedPolicies?: string[]; /** diff --git a/sdk/nodejs/sso/permissionSet.ts b/sdk/nodejs/sso/permissionSet.ts index 47670a1b3c..00327b33a1 100644 --- a/sdk/nodejs/sso/permissionSet.ts +++ b/sdk/nodejs/sso/permissionSet.ts @@ -56,7 +56,7 @@ export class PermissionSet extends pulumi.CustomResource { */ public readonly instanceArn!: pulumi.Output; /** - * A structure that stores the details of the AWS managed policy. + * A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. */ public readonly managedPolicies!: pulumi.Output; /** @@ -154,7 +154,7 @@ export interface PermissionSetArgs { */ instanceArn: pulumi.Input; /** - * A structure that stores the details of the AWS managed policy. + * A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. */ managedPolicies?: pulumi.Input[]>; /** diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json index 91956591c3..67e435ca5f 100644 --- a/sdk/nodejs/tsconfig.json +++ b/sdk/nodejs/tsconfig.json @@ -576,9 +576,11 @@ "customerprofiles/calculatedAttributeDefinition.ts", "customerprofiles/domain.ts", "customerprofiles/eventStream.ts", + "customerprofiles/eventTrigger.ts", "customerprofiles/getCalculatedAttributeDefinition.ts", "customerprofiles/getDomain.ts", "customerprofiles/getEventStream.ts", + "customerprofiles/getEventTrigger.ts", "customerprofiles/getIntegration.ts", "customerprofiles/getObjectType.ts", "customerprofiles/getSegmentDefinition.ts", diff --git a/sdk/nodejs/types/enums/cleanrooms/index.ts b/sdk/nodejs/types/enums/cleanrooms/index.ts index 3b4cf7fb3f..081dd4faf9 100644 --- a/sdk/nodejs/types/enums/cleanrooms/index.ts +++ b/sdk/nodejs/types/enums/cleanrooms/index.ts @@ -54,6 +54,13 @@ export const CollaborationAnalyticsEngine = { export type CollaborationAnalyticsEngine = (typeof CollaborationAnalyticsEngine)[keyof typeof CollaborationAnalyticsEngine]; +export const CollaborationCustomMlMemberAbility = { + CanReceiveModelOutput: "CAN_RECEIVE_MODEL_OUTPUT", + CanReceiveInferenceOutput: "CAN_RECEIVE_INFERENCE_OUTPUT", +} as const; + +export type CollaborationCustomMlMemberAbility = (typeof CollaborationCustomMlMemberAbility)[keyof typeof CollaborationCustomMlMemberAbility]; + export const CollaborationMemberAbility = { CanQuery: "CAN_QUERY", CanReceiveResults: "CAN_RECEIVE_RESULTS", diff --git a/sdk/nodejs/types/enums/customerprofiles/index.ts b/sdk/nodejs/types/enums/customerprofiles/index.ts index 77a5981e54..fe62f10525 100644 --- a/sdk/nodejs/types/enums/customerprofiles/index.ts +++ b/sdk/nodejs/types/enums/customerprofiles/index.ts @@ -105,6 +105,52 @@ export const EventStreamStatus = { */ export type EventStreamStatus = (typeof EventStreamStatus)[keyof typeof EventStreamStatus]; +export const EventTriggerLogicalOperator = { + Any: "ANY", + All: "ALL", + None: "NONE", +} as const; + +/** + * The operator used to combine multiple dimensions. + */ +export type EventTriggerLogicalOperator = (typeof EventTriggerLogicalOperator)[keyof typeof EventTriggerLogicalOperator]; + +export const EventTriggerObjectAttributeComparisonOperator = { + Inclusive: "INCLUSIVE", + Exclusive: "EXCLUSIVE", + Contains: "CONTAINS", + BeginsWith: "BEGINS_WITH", + EndsWith: "ENDS_WITH", + GreaterThan: "GREATER_THAN", + LessThan: "LESS_THAN", + GreaterThanOrEqual: "GREATER_THAN_OR_EQUAL", + LessThanOrEqual: "LESS_THAN_OR_EQUAL", + Equal: "EQUAL", + Before: "BEFORE", + After: "AFTER", + On: "ON", + Between: "BETWEEN", + NotBetween: "NOT_BETWEEN", +} as const; + +/** + * The operator used to compare an attribute against a list of values. + */ +export type EventTriggerObjectAttributeComparisonOperator = (typeof EventTriggerObjectAttributeComparisonOperator)[keyof typeof EventTriggerObjectAttributeComparisonOperator]; + +export const EventTriggerPeriodUnit = { + Hours: "HOURS", + Days: "DAYS", + Weeks: "WEEKS", + Months: "MONTHS", +} as const; + +/** + * The unit of time. + */ +export type EventTriggerPeriodUnit = (typeof EventTriggerPeriodUnit)[keyof typeof EventTriggerPeriodUnit]; + export const IntegrationConnectorType = { Salesforce: "Salesforce", Marketo: "Marketo", diff --git a/sdk/nodejs/types/enums/efs/index.ts b/sdk/nodejs/types/enums/efs/index.ts index 5403d09c56..25b87c7ca9 100644 --- a/sdk/nodejs/types/enums/efs/index.ts +++ b/sdk/nodejs/types/enums/efs/index.ts @@ -23,7 +23,7 @@ export const FileSystemProtectionReplicationOverwriteProtection = { * The status of the file system's replication overwrite protection. * + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. * + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - * + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + * + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. * * If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. */ diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index a1b2f03a80..de0bd1fe70 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -12278,6 +12278,10 @@ export namespace cleanrooms { * *Allowed Values* : `CAN_QUERY` | `CAN_RECEIVE_RESULTS` */ memberAbilities: pulumi.Input[]>; + /** + * The ML abilities granted to the collaboration member. + */ + mlMemberAbilities?: pulumi.Input; /** * The collaboration member's payment responsibilities set by the collaboration creator. * @@ -12286,7 +12290,51 @@ export namespace cleanrooms { paymentConfiguration?: pulumi.Input; } + export interface CollaborationMlMemberAbilitiesArgs { + /** + * The custom ML member abilities for a collaboration member. + */ + customMlMemberAbilities: pulumi.Input[]>; + } + + export interface CollaborationMlPaymentConfigArgs { + /** + * The payment responsibilities accepted by the member for model inference. + */ + modelInference?: pulumi.Input; + /** + * The payment responsibilities accepted by the member for model training. + */ + modelTraining?: pulumi.Input; + } + + export interface CollaborationModelInferencePaymentConfigArgs { + /** + * Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ). + * + * Exactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + * + * If the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + */ + isResponsible: pulumi.Input; + } + + export interface CollaborationModelTrainingPaymentConfigArgs { + /** + * Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ). + * + * Exactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + * + * If the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + */ + isResponsible: pulumi.Input; + } + export interface CollaborationPaymentConfigurationArgs { + /** + * An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. + */ + machineLearning?: pulumi.Input; /** * The collaboration member's payment responsibilities set by the collaboration creator for query compute costs. */ @@ -12501,7 +12549,21 @@ export namespace cleanrooms { manageResourcePolicies: pulumi.Input; } + export interface MembershipMlPaymentConfigArgs { + modelInference?: pulumi.Input; + modelTraining?: pulumi.Input; + } + + export interface MembershipModelInferencePaymentConfigArgs { + isResponsible: pulumi.Input; + } + + export interface MembershipModelTrainingPaymentConfigArgs { + isResponsible: pulumi.Input; + } + export interface MembershipPaymentConfigurationArgs { + machineLearning?: pulumi.Input; /** * The payment responsibilities accepted by the collaboration member for query compute costs. */ @@ -15923,18 +15985,18 @@ export namespace cognito { export interface UserPoolAddOnsArgs { /** - * Advanced security configuration options for additional authentication types in your user pool, including custom authentication. + * Threat protection configuration options for additional authentication types in your user pool, including custom authentication. */ advancedSecurityAdditionalFlows?: pulumi.Input; /** - * The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. + * The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. */ advancedSecurityMode?: pulumi.Input; } export interface UserPoolAdminCreateUserConfigArgs { /** - * The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation. + * The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation. */ allowAdminCreateUserOnly?: pulumi.Input; /** @@ -15944,7 +16006,9 @@ export namespace cognito { */ inviteMessageTemplate?: pulumi.Input; /** - * This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . + * This parameter is no longer in use. + * + * Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . * * The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter. * @@ -15955,7 +16019,7 @@ export namespace cognito { export interface UserPoolAdvancedSecurityAdditionalFlowsArgs { /** - * The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . + * The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . */ customAuthMode?: pulumi.Input; } @@ -16032,7 +16096,7 @@ export namespace cognito { */ challengeRequiredOnNewDevice?: pulumi.Input; /** - * When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request. + * When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request. * * When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request. */ @@ -16183,7 +16247,7 @@ export namespace cognito { /** * The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` . * - * Password history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. + * Password history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. */ passwordHistorySize?: pulumi.Input; /** @@ -16218,7 +16282,7 @@ export namespace cognito { /** * The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. * - * This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + * This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . */ signInPolicy?: pulumi.Input; } @@ -16276,26 +16340,26 @@ export namespace cognito { export interface UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgs { /** - * The action that you assign to a high-risk assessment by advanced security features. + * The action that you assign to a high-risk assessment by threat protection. */ highAction?: pulumi.Input; /** - * The action that you assign to a low-risk assessment by advanced security features. + * The action that you assign to a low-risk assessment by threat protection. */ lowAction?: pulumi.Input; /** - * The action that you assign to a medium-risk assessment by advanced security features. + * The action that you assign to a medium-risk assessment by threat protection. */ mediumAction?: pulumi.Input; } export interface UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgs { /** - * A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. + * A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. */ actions: pulumi.Input; /** - * The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. + * The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. */ notifyConfiguration?: pulumi.Input; } @@ -16460,7 +16524,7 @@ export namespace cognito { /** * Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. * - * You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true. + * You can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true. * * When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute. */ @@ -18722,6 +18786,73 @@ export namespace customerprofiles { s3KeyName?: pulumi.Input; } + /** + * Specifies the circumstances under which the event should trigger the destination. + */ + export interface EventTriggerConditionArgs { + eventTriggerDimensions: pulumi.Input[]>; + logicalOperator: pulumi.Input; + } + + /** + * A specific event dimension to be assessed. + */ + export interface EventTriggerDimensionArgs { + objectAttributes: pulumi.Input[]>; + } + + /** + * Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods. + */ + export interface EventTriggerLimitsArgs { + eventExpiration?: pulumi.Input; + periods?: pulumi.Input[]>; + } + + /** + * The criteria that a specific object attribute must meet to trigger the destination. + */ + export interface EventTriggerObjectAttributeArgs { + /** + * The operator used to compare an attribute against a list of values. + */ + comparisonOperator: pulumi.Input; + /** + * A field defined within an object type. + */ + fieldName?: pulumi.Input; + /** + * An attribute contained within a source object. + */ + source?: pulumi.Input; + /** + * A list of attribute values used for comparison. + */ + values: pulumi.Input[]>; + } + + /** + * Defines a limit and the time period during which it is enforced. + */ + export interface EventTriggerPeriodArgs { + /** + * The maximum allowed number of destination invocations per profile. + */ + maxInvocationsPerProfile?: pulumi.Input; + /** + * The unit of time. + */ + unit: pulumi.Input; + /** + * If set to true, there is no limit on the number of destination invocations per profile. The default is false. + */ + unlimited?: pulumi.Input; + /** + * The amount of time of the specified unit. + */ + value: pulumi.Input; + } + export interface IntegrationConnectorOperatorArgs { /** * The operation to be performed on the provided Marketo source fields. @@ -28181,7 +28312,7 @@ export namespace efs { * The status of the file system's replication overwrite protection. * + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. * + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - * + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + * + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. * * If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. */ @@ -28226,11 +28357,11 @@ export namespace efs { */ roleArn?: pulumi.Input; /** - * Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + * Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. */ status?: pulumi.Input; /** - * Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + * Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. */ statusMessage?: pulumi.Input; } @@ -45570,6 +45701,16 @@ export namespace lex { promptAttemptsSpecification?: pulumi.Input<{[key: string]: pulumi.Input}>; } + /** + * Parameter used to create a replication of the source bot in the secondary region. + */ + export interface BotReplicationArgs { + /** + * List of secondary regions for bot replication. + */ + replicaRegions: pulumi.Input[]>; + } + /** * A list of message groups that Amazon Lex uses to respond the user input. */ @@ -93903,6 +94044,10 @@ export namespace ses { * The domain to use for tracking open and click events. */ customRedirectDomain?: pulumi.Input; + /** + * The https policy to use for tracking open and click events. + */ + httpsPolicy?: pulumi.Input; } /** diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index 8030a0ffdd..f1a9fd8133 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -12819,6 +12819,10 @@ export namespace cleanrooms { * *Allowed Values* : `CAN_QUERY` | `CAN_RECEIVE_RESULTS` */ memberAbilities: enums.cleanrooms.CollaborationMemberAbility[]; + /** + * The ML abilities granted to the collaboration member. + */ + mlMemberAbilities?: outputs.cleanrooms.CollaborationMlMemberAbilities; /** * The collaboration member's payment responsibilities set by the collaboration creator. * @@ -12827,7 +12831,51 @@ export namespace cleanrooms { paymentConfiguration?: outputs.cleanrooms.CollaborationPaymentConfiguration; } + export interface CollaborationMlMemberAbilities { + /** + * The custom ML member abilities for a collaboration member. + */ + customMlMemberAbilities: enums.cleanrooms.CollaborationCustomMlMemberAbility[]; + } + + export interface CollaborationMlPaymentConfig { + /** + * The payment responsibilities accepted by the member for model inference. + */ + modelInference?: outputs.cleanrooms.CollaborationModelInferencePaymentConfig; + /** + * The payment responsibilities accepted by the member for model training. + */ + modelTraining?: outputs.cleanrooms.CollaborationModelTrainingPaymentConfig; + } + + export interface CollaborationModelInferencePaymentConfig { + /** + * Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ). + * + * Exactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + * + * If the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + */ + isResponsible: boolean; + } + + export interface CollaborationModelTrainingPaymentConfig { + /** + * Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ). + * + * Exactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + * + * If the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + */ + isResponsible: boolean; + } + export interface CollaborationPaymentConfiguration { + /** + * An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. + */ + machineLearning?: outputs.cleanrooms.CollaborationMlPaymentConfig; /** * The collaboration member's payment responsibilities set by the collaboration creator for query compute costs. */ @@ -13074,7 +13122,21 @@ export namespace cleanrooms { idNamespaceType?: enums.cleanrooms.IdNamespaceAssociationInputReferencePropertiesIdNamespaceType; } + export interface MembershipMlPaymentConfig { + modelInference?: outputs.cleanrooms.MembershipModelInferencePaymentConfig; + modelTraining?: outputs.cleanrooms.MembershipModelTrainingPaymentConfig; + } + + export interface MembershipModelInferencePaymentConfig { + isResponsible: boolean; + } + + export interface MembershipModelTrainingPaymentConfig { + isResponsible: boolean; + } + export interface MembershipPaymentConfiguration { + machineLearning?: outputs.cleanrooms.MembershipMlPaymentConfig; /** * The payment responsibilities accepted by the collaboration member for query compute costs. */ @@ -16521,18 +16583,18 @@ export namespace cognito { export interface UserPoolAddOns { /** - * Advanced security configuration options for additional authentication types in your user pool, including custom authentication. + * Threat protection configuration options for additional authentication types in your user pool, including custom authentication. */ advancedSecurityAdditionalFlows?: outputs.cognito.UserPoolAdvancedSecurityAdditionalFlows; /** - * The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. + * The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. */ advancedSecurityMode?: string; } export interface UserPoolAdminCreateUserConfig { /** - * The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation. + * The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation. */ allowAdminCreateUserOnly?: boolean; /** @@ -16542,7 +16604,9 @@ export namespace cognito { */ inviteMessageTemplate?: outputs.cognito.UserPoolInviteMessageTemplate; /** - * This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . + * This parameter is no longer in use. + * + * Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . * * The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter. * @@ -16553,7 +16617,7 @@ export namespace cognito { export interface UserPoolAdvancedSecurityAdditionalFlows { /** - * The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . + * The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . */ customAuthMode?: string; } @@ -16630,7 +16694,7 @@ export namespace cognito { */ challengeRequiredOnNewDevice?: boolean; /** - * When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request. + * When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request. * * When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request. */ @@ -16781,7 +16845,7 @@ export namespace cognito { /** * The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` . * - * Password history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. + * Password history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. */ passwordHistorySize?: number; /** @@ -16816,7 +16880,7 @@ export namespace cognito { /** * The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. * - * This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + * This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . */ signInPolicy?: outputs.cognito.UserPoolSignInPolicy; } @@ -16874,26 +16938,26 @@ export namespace cognito { export interface UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType { /** - * The action that you assign to a high-risk assessment by advanced security features. + * The action that you assign to a high-risk assessment by threat protection. */ highAction?: outputs.cognito.UserPoolRiskConfigurationAttachmentAccountTakeoverActionType; /** - * The action that you assign to a low-risk assessment by advanced security features. + * The action that you assign to a low-risk assessment by threat protection. */ lowAction?: outputs.cognito.UserPoolRiskConfigurationAttachmentAccountTakeoverActionType; /** - * The action that you assign to a medium-risk assessment by advanced security features. + * The action that you assign to a medium-risk assessment by threat protection. */ mediumAction?: outputs.cognito.UserPoolRiskConfigurationAttachmentAccountTakeoverActionType; } export interface UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType { /** - * A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. + * A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. */ actions: outputs.cognito.UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType; /** - * The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. + * The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. */ notifyConfiguration?: outputs.cognito.UserPoolRiskConfigurationAttachmentNotifyConfigurationType; } @@ -17058,7 +17122,7 @@ export namespace cognito { /** * Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. * - * You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true. + * You can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true. * * When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute. */ @@ -19471,6 +19535,73 @@ export namespace customerprofiles { totalSize?: number; } + /** + * Specifies the circumstances under which the event should trigger the destination. + */ + export interface EventTriggerCondition { + eventTriggerDimensions: outputs.customerprofiles.EventTriggerDimension[]; + logicalOperator: enums.customerprofiles.EventTriggerLogicalOperator; + } + + /** + * A specific event dimension to be assessed. + */ + export interface EventTriggerDimension { + objectAttributes: outputs.customerprofiles.EventTriggerObjectAttribute[]; + } + + /** + * Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods. + */ + export interface EventTriggerLimits { + eventExpiration?: number; + periods?: outputs.customerprofiles.EventTriggerPeriod[]; + } + + /** + * The criteria that a specific object attribute must meet to trigger the destination. + */ + export interface EventTriggerObjectAttribute { + /** + * The operator used to compare an attribute against a list of values. + */ + comparisonOperator: enums.customerprofiles.EventTriggerObjectAttributeComparisonOperator; + /** + * A field defined within an object type. + */ + fieldName?: string; + /** + * An attribute contained within a source object. + */ + source?: string; + /** + * A list of attribute values used for comparison. + */ + values: string[]; + } + + /** + * Defines a limit and the time period during which it is enforced. + */ + export interface EventTriggerPeriod { + /** + * The maximum allowed number of destination invocations per profile. + */ + maxInvocationsPerProfile?: number; + /** + * The unit of time. + */ + unit: enums.customerprofiles.EventTriggerPeriodUnit; + /** + * If set to true, there is no limit on the number of destination invocations per profile. The default is false. + */ + unlimited?: boolean; + /** + * The amount of time of the specified unit. + */ + value: number; + } + export interface IntegrationConnectorOperator { /** * The operation to be performed on the provided Marketo source fields. @@ -29538,7 +29669,7 @@ export namespace efs { * The status of the file system's replication overwrite protection. * + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. * + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - * + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + * + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. * * If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. */ @@ -29583,11 +29714,11 @@ export namespace efs { */ roleArn?: string; /** - * Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + * Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. */ status?: string; /** - * Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + * Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. */ statusMessage?: string; } @@ -47064,6 +47195,16 @@ export namespace lex { promptAttemptsSpecification?: {[key: string]: outputs.lex.BotPromptAttemptSpecification}; } + /** + * Parameter used to create a replication of the source bot in the secondary region. + */ + export interface BotReplication { + /** + * List of secondary regions for bot replication. + */ + replicaRegions: string[]; + } + /** * A list of message groups that Amazon Lex uses to respond the user input. */ @@ -96398,6 +96539,10 @@ export namespace ses { * The domain to use for tracking open and click events. */ customRedirectDomain?: string; + /** + * The https policy to use for tracking open and click events. + */ + httpsPolicy?: string; } /** diff --git a/sdk/nodejs/voiceid/getDomain.ts b/sdk/nodejs/voiceid/getDomain.ts index 2521c4a240..5cb50d1f66 100644 --- a/sdk/nodejs/voiceid/getDomain.ts +++ b/sdk/nodejs/voiceid/getDomain.ts @@ -25,10 +25,22 @@ export interface GetDomainArgs { } export interface GetDomainResult { + /** + * The description of the domain. + */ + readonly description?: string; /** * The identifier of the domain. */ readonly domainId?: string; + /** + * The name for the domain. + */ + readonly name?: string; + /** + * The server-side encryption configuration containing the KMS key identifier you want Voice ID to use to encrypt your data. + */ + readonly serverSideEncryptionConfiguration?: outputs.voiceid.DomainServerSideEncryptionConfiguration; /** * The tags used to organize, track, or control access for this resource. */ diff --git a/sdk/python/pulumi_aws_native/__init__.py b/sdk/python/pulumi_aws_native/__init__.py index 8b2bc2b36c..7c1eaaff20 100644 --- a/sdk/python/pulumi_aws_native/__init__.py +++ b/sdk/python/pulumi_aws_native/__init__.py @@ -1329,6 +1329,7 @@ "aws-native:customerprofiles:CalculatedAttributeDefinition": "CalculatedAttributeDefinition", "aws-native:customerprofiles:Domain": "Domain", "aws-native:customerprofiles:EventStream": "EventStream", + "aws-native:customerprofiles:EventTrigger": "EventTrigger", "aws-native:customerprofiles:Integration": "Integration", "aws-native:customerprofiles:ObjectType": "ObjectType", "aws-native:customerprofiles:SegmentDefinition": "SegmentDefinition" diff --git a/sdk/python/pulumi_aws_native/backup/logically_air_gapped_backup_vault.py b/sdk/python/pulumi_aws_native/backup/logically_air_gapped_backup_vault.py index e809d8b9ce..58cd025cae 100644 --- a/sdk/python/pulumi_aws_native/backup/logically_air_gapped_backup_vault.py +++ b/sdk/python/pulumi_aws_native/backup/logically_air_gapped_backup_vault.py @@ -26,9 +26,7 @@ def __init__(__self__, *, access_policy: Optional[Any] = None, backup_vault_name: Optional[pulumi.Input[str]] = None, backup_vault_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, - notifications: Optional[pulumi.Input['LogicallyAirGappedBackupVaultNotificationObjectTypeArgs']] = None, - vault_state: Optional[pulumi.Input[str]] = None, - vault_type: Optional[pulumi.Input[str]] = None): + notifications: Optional[pulumi.Input['LogicallyAirGappedBackupVaultNotificationObjectTypeArgs']] = None): """ The set of arguments for constructing a LogicallyAirGappedBackupVault resource. :param pulumi.Input[int] max_retention_days: The maximum retention period that the vault retains its recovery points. @@ -41,8 +39,6 @@ def __init__(__self__, *, :param pulumi.Input[str] backup_vault_name: The name of a logical container where backups are stored. Logically air-gapped backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] backup_vault_tags: The tags to assign to the vault. :param pulumi.Input['LogicallyAirGappedBackupVaultNotificationObjectTypeArgs'] notifications: Returns event notifications for the specified backup vault. - :param pulumi.Input[str] vault_state: The current state of the vault. - :param pulumi.Input[str] vault_type: The type of vault described. """ pulumi.set(__self__, "max_retention_days", max_retention_days) pulumi.set(__self__, "min_retention_days", min_retention_days) @@ -54,10 +50,6 @@ def __init__(__self__, *, pulumi.set(__self__, "backup_vault_tags", backup_vault_tags) if notifications is not None: pulumi.set(__self__, "notifications", notifications) - if vault_state is not None: - pulumi.set(__self__, "vault_state", vault_state) - if vault_type is not None: - pulumi.set(__self__, "vault_type", vault_type) @property @pulumi.getter(name="maxRetentionDays") @@ -135,30 +127,6 @@ def notifications(self) -> Optional[pulumi.Input['LogicallyAirGappedBackupVaultN def notifications(self, value: Optional[pulumi.Input['LogicallyAirGappedBackupVaultNotificationObjectTypeArgs']]): pulumi.set(self, "notifications", value) - @property - @pulumi.getter(name="vaultState") - def vault_state(self) -> Optional[pulumi.Input[str]]: - """ - The current state of the vault. - """ - return pulumi.get(self, "vault_state") - - @vault_state.setter - def vault_state(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "vault_state", value) - - @property - @pulumi.getter(name="vaultType") - def vault_type(self) -> Optional[pulumi.Input[str]]: - """ - The type of vault described. - """ - return pulumi.get(self, "vault_type") - - @vault_type.setter - def vault_type(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "vault_type", value) - class LogicallyAirGappedBackupVault(pulumi.CustomResource): @overload @@ -171,8 +139,6 @@ def __init__(__self__, max_retention_days: Optional[pulumi.Input[int]] = None, min_retention_days: Optional[pulumi.Input[int]] = None, notifications: Optional[pulumi.Input[Union['LogicallyAirGappedBackupVaultNotificationObjectTypeArgs', 'LogicallyAirGappedBackupVaultNotificationObjectTypeArgsDict']]] = None, - vault_state: Optional[pulumi.Input[str]] = None, - vault_type: Optional[pulumi.Input[str]] = None, __props__=None): """ Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault @@ -189,8 +155,6 @@ def __init__(__self__, The minimum value accepted is 7 days. :param pulumi.Input[Union['LogicallyAirGappedBackupVaultNotificationObjectTypeArgs', 'LogicallyAirGappedBackupVaultNotificationObjectTypeArgsDict']] notifications: Returns event notifications for the specified backup vault. - :param pulumi.Input[str] vault_state: The current state of the vault. - :param pulumi.Input[str] vault_type: The type of vault described. """ ... @overload @@ -222,8 +186,6 @@ def _internal_init(__self__, max_retention_days: Optional[pulumi.Input[int]] = None, min_retention_days: Optional[pulumi.Input[int]] = None, notifications: Optional[pulumi.Input[Union['LogicallyAirGappedBackupVaultNotificationObjectTypeArgs', 'LogicallyAirGappedBackupVaultNotificationObjectTypeArgsDict']]] = None, - vault_state: Optional[pulumi.Input[str]] = None, - vault_type: Optional[pulumi.Input[str]] = None, __props__=None): opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) if not isinstance(opts, pulumi.ResourceOptions): @@ -243,10 +205,10 @@ def _internal_init(__self__, raise TypeError("Missing required property 'min_retention_days'") __props__.__dict__["min_retention_days"] = min_retention_days __props__.__dict__["notifications"] = notifications - __props__.__dict__["vault_state"] = vault_state - __props__.__dict__["vault_type"] = vault_type __props__.__dict__["backup_vault_arn"] = None __props__.__dict__["encryption_key_arn"] = None + __props__.__dict__["vault_state"] = None + __props__.__dict__["vault_type"] = None replace_on_changes = pulumi.ResourceOptions(replace_on_changes=["backupVaultName", "maxRetentionDays", "minRetentionDays"]) opts = pulumi.ResourceOptions.merge(opts, replace_on_changes) super(LogicallyAirGappedBackupVault, __self__).__init__( @@ -347,7 +309,7 @@ def notifications(self) -> pulumi.Output[Optional['outputs.LogicallyAirGappedBac @property @pulumi.getter(name="vaultState") - def vault_state(self) -> pulumi.Output[Optional[str]]: + def vault_state(self) -> pulumi.Output[str]: """ The current state of the vault. """ @@ -355,7 +317,7 @@ def vault_state(self) -> pulumi.Output[Optional[str]]: @property @pulumi.getter(name="vaultType") - def vault_type(self) -> pulumi.Output[Optional[str]]: + def vault_type(self) -> pulumi.Output[str]: """ The type of vault described. """ diff --git a/sdk/python/pulumi_aws_native/cleanrooms/_enums.py b/sdk/python/pulumi_aws_native/cleanrooms/_enums.py index 170f83716e..1d391e16ed 100644 --- a/sdk/python/pulumi_aws_native/cleanrooms/_enums.py +++ b/sdk/python/pulumi_aws_native/cleanrooms/_enums.py @@ -8,6 +8,7 @@ 'AnalysisTemplateAnalysisParameterType', 'AnalysisTemplateFormat', 'CollaborationAnalyticsEngine', + 'CollaborationCustomMlMemberAbility', 'CollaborationMemberAbility', 'CollaborationQueryLogStatus', 'ConfiguredTableAdditionalAnalyses', @@ -74,6 +75,11 @@ class CollaborationAnalyticsEngine(str, Enum): SPARK = "SPARK" +class CollaborationCustomMlMemberAbility(str, Enum): + CAN_RECEIVE_MODEL_OUTPUT = "CAN_RECEIVE_MODEL_OUTPUT" + CAN_RECEIVE_INFERENCE_OUTPUT = "CAN_RECEIVE_INFERENCE_OUTPUT" + + class CollaborationMemberAbility(str, Enum): CAN_QUERY = "CAN_QUERY" CAN_RECEIVE_RESULTS = "CAN_RECEIVE_RESULTS" diff --git a/sdk/python/pulumi_aws_native/cleanrooms/_inputs.py b/sdk/python/pulumi_aws_native/cleanrooms/_inputs.py index 8887c94491..e0d43ad6ee 100644 --- a/sdk/python/pulumi_aws_native/cleanrooms/_inputs.py +++ b/sdk/python/pulumi_aws_native/cleanrooms/_inputs.py @@ -24,6 +24,14 @@ 'CollaborationDataEncryptionMetadataArgsDict', 'CollaborationMemberSpecificationArgs', 'CollaborationMemberSpecificationArgsDict', + 'CollaborationMlMemberAbilitiesArgs', + 'CollaborationMlMemberAbilitiesArgsDict', + 'CollaborationMlPaymentConfigArgs', + 'CollaborationMlPaymentConfigArgsDict', + 'CollaborationModelInferencePaymentConfigArgs', + 'CollaborationModelInferencePaymentConfigArgsDict', + 'CollaborationModelTrainingPaymentConfigArgs', + 'CollaborationModelTrainingPaymentConfigArgsDict', 'CollaborationPaymentConfigurationArgs', 'CollaborationPaymentConfigurationArgsDict', 'CollaborationQueryComputePaymentConfigArgs', @@ -90,6 +98,12 @@ 'IdNamespaceAssociationIdMappingConfigArgsDict', 'IdNamespaceAssociationInputReferenceConfigArgs', 'IdNamespaceAssociationInputReferenceConfigArgsDict', + 'MembershipMlPaymentConfigArgs', + 'MembershipMlPaymentConfigArgsDict', + 'MembershipModelInferencePaymentConfigArgs', + 'MembershipModelInferencePaymentConfigArgsDict', + 'MembershipModelTrainingPaymentConfigArgs', + 'MembershipModelTrainingPaymentConfigArgsDict', 'MembershipPaymentConfigurationArgs', 'MembershipPaymentConfigurationArgsDict', 'MembershipProtectedQueryOutputConfigurationArgs', @@ -311,6 +325,10 @@ class CollaborationMemberSpecificationArgsDict(TypedDict): *Allowed Values* : `CAN_QUERY` | `CAN_RECEIVE_RESULTS` """ + ml_member_abilities: NotRequired[pulumi.Input['CollaborationMlMemberAbilitiesArgsDict']] + """ + The ML abilities granted to the collaboration member. + """ payment_configuration: NotRequired[pulumi.Input['CollaborationPaymentConfigurationArgsDict']] """ The collaboration member's payment responsibilities set by the collaboration creator. @@ -326,6 +344,7 @@ def __init__(__self__, *, account_id: pulumi.Input[str], display_name: pulumi.Input[str], member_abilities: pulumi.Input[Sequence[pulumi.Input['CollaborationMemberAbility']]], + ml_member_abilities: Optional[pulumi.Input['CollaborationMlMemberAbilitiesArgs']] = None, payment_configuration: Optional[pulumi.Input['CollaborationPaymentConfigurationArgs']] = None): """ :param pulumi.Input[str] account_id: The identifier used to reference members of the collaboration. Currently only supports AWS account ID. @@ -333,6 +352,7 @@ def __init__(__self__, *, :param pulumi.Input[Sequence[pulumi.Input['CollaborationMemberAbility']]] member_abilities: The abilities granted to the collaboration member. *Allowed Values* : `CAN_QUERY` | `CAN_RECEIVE_RESULTS` + :param pulumi.Input['CollaborationMlMemberAbilitiesArgs'] ml_member_abilities: The ML abilities granted to the collaboration member. :param pulumi.Input['CollaborationPaymentConfigurationArgs'] payment_configuration: The collaboration member's payment responsibilities set by the collaboration creator. If the collaboration creator hasn't specified anyone as the member paying for query compute costs, then the member who can query is the default payer. @@ -340,6 +360,8 @@ def __init__(__self__, *, pulumi.set(__self__, "account_id", account_id) pulumi.set(__self__, "display_name", display_name) pulumi.set(__self__, "member_abilities", member_abilities) + if ml_member_abilities is not None: + pulumi.set(__self__, "ml_member_abilities", ml_member_abilities) if payment_configuration is not None: pulumi.set(__self__, "payment_configuration", payment_configuration) @@ -381,6 +403,18 @@ def member_abilities(self) -> pulumi.Input[Sequence[pulumi.Input['CollaborationM def member_abilities(self, value: pulumi.Input[Sequence[pulumi.Input['CollaborationMemberAbility']]]): pulumi.set(self, "member_abilities", value) + @property + @pulumi.getter(name="mlMemberAbilities") + def ml_member_abilities(self) -> Optional[pulumi.Input['CollaborationMlMemberAbilitiesArgs']]: + """ + The ML abilities granted to the collaboration member. + """ + return pulumi.get(self, "ml_member_abilities") + + @ml_member_abilities.setter + def ml_member_abilities(self, value: Optional[pulumi.Input['CollaborationMlMemberAbilitiesArgs']]): + pulumi.set(self, "ml_member_abilities", value) + @property @pulumi.getter(name="paymentConfiguration") def payment_configuration(self) -> Optional[pulumi.Input['CollaborationPaymentConfigurationArgs']]: @@ -396,23 +430,200 @@ def payment_configuration(self, value: Optional[pulumi.Input['CollaborationPayme pulumi.set(self, "payment_configuration", value) +if not MYPY: + class CollaborationMlMemberAbilitiesArgsDict(TypedDict): + custom_ml_member_abilities: pulumi.Input[Sequence[pulumi.Input['CollaborationCustomMlMemberAbility']]] + """ + The custom ML member abilities for a collaboration member. + """ +elif False: + CollaborationMlMemberAbilitiesArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class CollaborationMlMemberAbilitiesArgs: + def __init__(__self__, *, + custom_ml_member_abilities: pulumi.Input[Sequence[pulumi.Input['CollaborationCustomMlMemberAbility']]]): + """ + :param pulumi.Input[Sequence[pulumi.Input['CollaborationCustomMlMemberAbility']]] custom_ml_member_abilities: The custom ML member abilities for a collaboration member. + """ + pulumi.set(__self__, "custom_ml_member_abilities", custom_ml_member_abilities) + + @property + @pulumi.getter(name="customMlMemberAbilities") + def custom_ml_member_abilities(self) -> pulumi.Input[Sequence[pulumi.Input['CollaborationCustomMlMemberAbility']]]: + """ + The custom ML member abilities for a collaboration member. + """ + return pulumi.get(self, "custom_ml_member_abilities") + + @custom_ml_member_abilities.setter + def custom_ml_member_abilities(self, value: pulumi.Input[Sequence[pulumi.Input['CollaborationCustomMlMemberAbility']]]): + pulumi.set(self, "custom_ml_member_abilities", value) + + +if not MYPY: + class CollaborationMlPaymentConfigArgsDict(TypedDict): + model_inference: NotRequired[pulumi.Input['CollaborationModelInferencePaymentConfigArgsDict']] + """ + The payment responsibilities accepted by the member for model inference. + """ + model_training: NotRequired[pulumi.Input['CollaborationModelTrainingPaymentConfigArgsDict']] + """ + The payment responsibilities accepted by the member for model training. + """ +elif False: + CollaborationMlPaymentConfigArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class CollaborationMlPaymentConfigArgs: + def __init__(__self__, *, + model_inference: Optional[pulumi.Input['CollaborationModelInferencePaymentConfigArgs']] = None, + model_training: Optional[pulumi.Input['CollaborationModelTrainingPaymentConfigArgs']] = None): + """ + :param pulumi.Input['CollaborationModelInferencePaymentConfigArgs'] model_inference: The payment responsibilities accepted by the member for model inference. + :param pulumi.Input['CollaborationModelTrainingPaymentConfigArgs'] model_training: The payment responsibilities accepted by the member for model training. + """ + if model_inference is not None: + pulumi.set(__self__, "model_inference", model_inference) + if model_training is not None: + pulumi.set(__self__, "model_training", model_training) + + @property + @pulumi.getter(name="modelInference") + def model_inference(self) -> Optional[pulumi.Input['CollaborationModelInferencePaymentConfigArgs']]: + """ + The payment responsibilities accepted by the member for model inference. + """ + return pulumi.get(self, "model_inference") + + @model_inference.setter + def model_inference(self, value: Optional[pulumi.Input['CollaborationModelInferencePaymentConfigArgs']]): + pulumi.set(self, "model_inference", value) + + @property + @pulumi.getter(name="modelTraining") + def model_training(self) -> Optional[pulumi.Input['CollaborationModelTrainingPaymentConfigArgs']]: + """ + The payment responsibilities accepted by the member for model training. + """ + return pulumi.get(self, "model_training") + + @model_training.setter + def model_training(self, value: Optional[pulumi.Input['CollaborationModelTrainingPaymentConfigArgs']]): + pulumi.set(self, "model_training", value) + + +if not MYPY: + class CollaborationModelInferencePaymentConfigArgsDict(TypedDict): + is_responsible: pulumi.Input[bool] + """ + Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ). + + Exactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + + If the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + """ +elif False: + CollaborationModelInferencePaymentConfigArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class CollaborationModelInferencePaymentConfigArgs: + def __init__(__self__, *, + is_responsible: pulumi.Input[bool]): + """ + :param pulumi.Input[bool] is_responsible: Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ). + + Exactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + + If the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + """ + pulumi.set(__self__, "is_responsible", is_responsible) + + @property + @pulumi.getter(name="isResponsible") + def is_responsible(self) -> pulumi.Input[bool]: + """ + Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ). + + Exactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + + If the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + """ + return pulumi.get(self, "is_responsible") + + @is_responsible.setter + def is_responsible(self, value: pulumi.Input[bool]): + pulumi.set(self, "is_responsible", value) + + +if not MYPY: + class CollaborationModelTrainingPaymentConfigArgsDict(TypedDict): + is_responsible: pulumi.Input[bool] + """ + Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ). + + Exactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + + If the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + """ +elif False: + CollaborationModelTrainingPaymentConfigArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class CollaborationModelTrainingPaymentConfigArgs: + def __init__(__self__, *, + is_responsible: pulumi.Input[bool]): + """ + :param pulumi.Input[bool] is_responsible: Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ). + + Exactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + + If the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + """ + pulumi.set(__self__, "is_responsible", is_responsible) + + @property + @pulumi.getter(name="isResponsible") + def is_responsible(self) -> pulumi.Input[bool]: + """ + Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ). + + Exactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + + If the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + """ + return pulumi.get(self, "is_responsible") + + @is_responsible.setter + def is_responsible(self, value: pulumi.Input[bool]): + pulumi.set(self, "is_responsible", value) + + if not MYPY: class CollaborationPaymentConfigurationArgsDict(TypedDict): query_compute: pulumi.Input['CollaborationQueryComputePaymentConfigArgsDict'] """ The collaboration member's payment responsibilities set by the collaboration creator for query compute costs. """ + machine_learning: NotRequired[pulumi.Input['CollaborationMlPaymentConfigArgsDict']] + """ + An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. + """ elif False: CollaborationPaymentConfigurationArgsDict: TypeAlias = Mapping[str, Any] @pulumi.input_type class CollaborationPaymentConfigurationArgs: def __init__(__self__, *, - query_compute: pulumi.Input['CollaborationQueryComputePaymentConfigArgs']): + query_compute: pulumi.Input['CollaborationQueryComputePaymentConfigArgs'], + machine_learning: Optional[pulumi.Input['CollaborationMlPaymentConfigArgs']] = None): """ :param pulumi.Input['CollaborationQueryComputePaymentConfigArgs'] query_compute: The collaboration member's payment responsibilities set by the collaboration creator for query compute costs. + :param pulumi.Input['CollaborationMlPaymentConfigArgs'] machine_learning: An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. """ pulumi.set(__self__, "query_compute", query_compute) + if machine_learning is not None: + pulumi.set(__self__, "machine_learning", machine_learning) @property @pulumi.getter(name="queryCompute") @@ -426,6 +637,18 @@ def query_compute(self) -> pulumi.Input['CollaborationQueryComputePaymentConfigA def query_compute(self, value: pulumi.Input['CollaborationQueryComputePaymentConfigArgs']): pulumi.set(self, "query_compute", value) + @property + @pulumi.getter(name="machineLearning") + def machine_learning(self) -> Optional[pulumi.Input['CollaborationMlPaymentConfigArgs']]: + """ + An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. + """ + return pulumi.get(self, "machine_learning") + + @machine_learning.setter + def machine_learning(self, value: Optional[pulumi.Input['CollaborationMlPaymentConfigArgs']]): + pulumi.set(self, "machine_learning", value) + if not MYPY: class CollaborationQueryComputePaymentConfigArgsDict(TypedDict): @@ -1685,23 +1908,107 @@ def manage_resource_policies(self, value: pulumi.Input[bool]): pulumi.set(self, "manage_resource_policies", value) +if not MYPY: + class MembershipMlPaymentConfigArgsDict(TypedDict): + model_inference: NotRequired[pulumi.Input['MembershipModelInferencePaymentConfigArgsDict']] + model_training: NotRequired[pulumi.Input['MembershipModelTrainingPaymentConfigArgsDict']] +elif False: + MembershipMlPaymentConfigArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class MembershipMlPaymentConfigArgs: + def __init__(__self__, *, + model_inference: Optional[pulumi.Input['MembershipModelInferencePaymentConfigArgs']] = None, + model_training: Optional[pulumi.Input['MembershipModelTrainingPaymentConfigArgs']] = None): + if model_inference is not None: + pulumi.set(__self__, "model_inference", model_inference) + if model_training is not None: + pulumi.set(__self__, "model_training", model_training) + + @property + @pulumi.getter(name="modelInference") + def model_inference(self) -> Optional[pulumi.Input['MembershipModelInferencePaymentConfigArgs']]: + return pulumi.get(self, "model_inference") + + @model_inference.setter + def model_inference(self, value: Optional[pulumi.Input['MembershipModelInferencePaymentConfigArgs']]): + pulumi.set(self, "model_inference", value) + + @property + @pulumi.getter(name="modelTraining") + def model_training(self) -> Optional[pulumi.Input['MembershipModelTrainingPaymentConfigArgs']]: + return pulumi.get(self, "model_training") + + @model_training.setter + def model_training(self, value: Optional[pulumi.Input['MembershipModelTrainingPaymentConfigArgs']]): + pulumi.set(self, "model_training", value) + + +if not MYPY: + class MembershipModelInferencePaymentConfigArgsDict(TypedDict): + is_responsible: pulumi.Input[bool] +elif False: + MembershipModelInferencePaymentConfigArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class MembershipModelInferencePaymentConfigArgs: + def __init__(__self__, *, + is_responsible: pulumi.Input[bool]): + pulumi.set(__self__, "is_responsible", is_responsible) + + @property + @pulumi.getter(name="isResponsible") + def is_responsible(self) -> pulumi.Input[bool]: + return pulumi.get(self, "is_responsible") + + @is_responsible.setter + def is_responsible(self, value: pulumi.Input[bool]): + pulumi.set(self, "is_responsible", value) + + +if not MYPY: + class MembershipModelTrainingPaymentConfigArgsDict(TypedDict): + is_responsible: pulumi.Input[bool] +elif False: + MembershipModelTrainingPaymentConfigArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class MembershipModelTrainingPaymentConfigArgs: + def __init__(__self__, *, + is_responsible: pulumi.Input[bool]): + pulumi.set(__self__, "is_responsible", is_responsible) + + @property + @pulumi.getter(name="isResponsible") + def is_responsible(self) -> pulumi.Input[bool]: + return pulumi.get(self, "is_responsible") + + @is_responsible.setter + def is_responsible(self, value: pulumi.Input[bool]): + pulumi.set(self, "is_responsible", value) + + if not MYPY: class MembershipPaymentConfigurationArgsDict(TypedDict): query_compute: pulumi.Input['MembershipQueryComputePaymentConfigArgsDict'] """ The payment responsibilities accepted by the collaboration member for query compute costs. """ + machine_learning: NotRequired[pulumi.Input['MembershipMlPaymentConfigArgsDict']] elif False: MembershipPaymentConfigurationArgsDict: TypeAlias = Mapping[str, Any] @pulumi.input_type class MembershipPaymentConfigurationArgs: def __init__(__self__, *, - query_compute: pulumi.Input['MembershipQueryComputePaymentConfigArgs']): + query_compute: pulumi.Input['MembershipQueryComputePaymentConfigArgs'], + machine_learning: Optional[pulumi.Input['MembershipMlPaymentConfigArgs']] = None): """ :param pulumi.Input['MembershipQueryComputePaymentConfigArgs'] query_compute: The payment responsibilities accepted by the collaboration member for query compute costs. """ pulumi.set(__self__, "query_compute", query_compute) + if machine_learning is not None: + pulumi.set(__self__, "machine_learning", machine_learning) @property @pulumi.getter(name="queryCompute") @@ -1715,6 +2022,15 @@ def query_compute(self) -> pulumi.Input['MembershipQueryComputePaymentConfigArgs def query_compute(self, value: pulumi.Input['MembershipQueryComputePaymentConfigArgs']): pulumi.set(self, "query_compute", value) + @property + @pulumi.getter(name="machineLearning") + def machine_learning(self) -> Optional[pulumi.Input['MembershipMlPaymentConfigArgs']]: + return pulumi.get(self, "machine_learning") + + @machine_learning.setter + def machine_learning(self, value: Optional[pulumi.Input['MembershipMlPaymentConfigArgs']]): + pulumi.set(self, "machine_learning", value) + if not MYPY: class MembershipProtectedQueryOutputConfigurationArgsDict(TypedDict): diff --git a/sdk/python/pulumi_aws_native/cleanrooms/collaboration.py b/sdk/python/pulumi_aws_native/cleanrooms/collaboration.py index 0985058eb5..e96603cdeb 100644 --- a/sdk/python/pulumi_aws_native/cleanrooms/collaboration.py +++ b/sdk/python/pulumi_aws_native/cleanrooms/collaboration.py @@ -30,6 +30,7 @@ def __init__(__self__, *, members: pulumi.Input[Sequence[pulumi.Input['CollaborationMemberSpecificationArgs']]], query_log_status: pulumi.Input['CollaborationQueryLogStatus'], analytics_engine: Optional[pulumi.Input['CollaborationAnalyticsEngine']] = None, + creator_ml_member_abilities: Optional[pulumi.Input['CollaborationMlMemberAbilitiesArgs']] = None, creator_payment_configuration: Optional[pulumi.Input['CollaborationPaymentConfigurationArgs']] = None, data_encryption_metadata: Optional[pulumi.Input['CollaborationDataEncryptionMetadataArgs']] = None, name: Optional[pulumi.Input[str]] = None, @@ -44,6 +45,7 @@ def __init__(__self__, *, :param pulumi.Input[Sequence[pulumi.Input['CollaborationMemberSpecificationArgs']]] members: A list of initial members, not including the creator. This list is immutable. :param pulumi.Input['CollaborationQueryLogStatus'] query_log_status: An indicator as to whether query logging has been enabled or disabled for the collaboration. :param pulumi.Input['CollaborationAnalyticsEngine'] analytics_engine: The analytics engine for the collaboration. + :param pulumi.Input['CollaborationMlMemberAbilitiesArgs'] creator_ml_member_abilities: The ML member abilities for a collaboration member. :param pulumi.Input['CollaborationPaymentConfigurationArgs'] creator_payment_configuration: An object representing the collaboration member's payment responsibilities set by the collaboration creator. :param pulumi.Input['CollaborationDataEncryptionMetadataArgs'] data_encryption_metadata: The settings for client-side encryption for cryptographic computing. :param pulumi.Input[str] name: A human-readable identifier provided by the collaboration owner. Display names are not unique. @@ -56,6 +58,8 @@ def __init__(__self__, *, pulumi.set(__self__, "query_log_status", query_log_status) if analytics_engine is not None: pulumi.set(__self__, "analytics_engine", analytics_engine) + if creator_ml_member_abilities is not None: + pulumi.set(__self__, "creator_ml_member_abilities", creator_ml_member_abilities) if creator_payment_configuration is not None: pulumi.set(__self__, "creator_payment_configuration", creator_payment_configuration) if data_encryption_metadata is not None: @@ -139,6 +143,18 @@ def analytics_engine(self) -> Optional[pulumi.Input['CollaborationAnalyticsEngin def analytics_engine(self, value: Optional[pulumi.Input['CollaborationAnalyticsEngine']]): pulumi.set(self, "analytics_engine", value) + @property + @pulumi.getter(name="creatorMlMemberAbilities") + def creator_ml_member_abilities(self) -> Optional[pulumi.Input['CollaborationMlMemberAbilitiesArgs']]: + """ + The ML member abilities for a collaboration member. + """ + return pulumi.get(self, "creator_ml_member_abilities") + + @creator_ml_member_abilities.setter + def creator_ml_member_abilities(self, value: Optional[pulumi.Input['CollaborationMlMemberAbilitiesArgs']]): + pulumi.set(self, "creator_ml_member_abilities", value) + @property @pulumi.getter(name="creatorPaymentConfiguration") def creator_payment_configuration(self) -> Optional[pulumi.Input['CollaborationPaymentConfigurationArgs']]: @@ -196,6 +212,7 @@ def __init__(__self__, analytics_engine: Optional[pulumi.Input['CollaborationAnalyticsEngine']] = None, creator_display_name: Optional[pulumi.Input[str]] = None, creator_member_abilities: Optional[pulumi.Input[Sequence[pulumi.Input['CollaborationMemberAbility']]]] = None, + creator_ml_member_abilities: Optional[pulumi.Input[Union['CollaborationMlMemberAbilitiesArgs', 'CollaborationMlMemberAbilitiesArgsDict']]] = None, creator_payment_configuration: Optional[pulumi.Input[Union['CollaborationPaymentConfigurationArgs', 'CollaborationPaymentConfigurationArgsDict']]] = None, data_encryption_metadata: Optional[pulumi.Input[Union['CollaborationDataEncryptionMetadataArgs', 'CollaborationDataEncryptionMetadataArgsDict']]] = None, description: Optional[pulumi.Input[str]] = None, @@ -214,6 +231,7 @@ def __init__(__self__, :param pulumi.Input[Sequence[pulumi.Input['CollaborationMemberAbility']]] creator_member_abilities: The abilities granted to the collaboration creator. *Allowed values* `CAN_QUERY` | `CAN_RECEIVE_RESULTS` + :param pulumi.Input[Union['CollaborationMlMemberAbilitiesArgs', 'CollaborationMlMemberAbilitiesArgsDict']] creator_ml_member_abilities: The ML member abilities for a collaboration member. :param pulumi.Input[Union['CollaborationPaymentConfigurationArgs', 'CollaborationPaymentConfigurationArgsDict']] creator_payment_configuration: An object representing the collaboration member's payment responsibilities set by the collaboration creator. :param pulumi.Input[Union['CollaborationDataEncryptionMetadataArgs', 'CollaborationDataEncryptionMetadataArgsDict']] data_encryption_metadata: The settings for client-side encryption for cryptographic computing. :param pulumi.Input[str] description: A description of the collaboration provided by the collaboration owner. @@ -249,6 +267,7 @@ def _internal_init(__self__, analytics_engine: Optional[pulumi.Input['CollaborationAnalyticsEngine']] = None, creator_display_name: Optional[pulumi.Input[str]] = None, creator_member_abilities: Optional[pulumi.Input[Sequence[pulumi.Input['CollaborationMemberAbility']]]] = None, + creator_ml_member_abilities: Optional[pulumi.Input[Union['CollaborationMlMemberAbilitiesArgs', 'CollaborationMlMemberAbilitiesArgsDict']]] = None, creator_payment_configuration: Optional[pulumi.Input[Union['CollaborationPaymentConfigurationArgs', 'CollaborationPaymentConfigurationArgsDict']]] = None, data_encryption_metadata: Optional[pulumi.Input[Union['CollaborationDataEncryptionMetadataArgs', 'CollaborationDataEncryptionMetadataArgsDict']]] = None, description: Optional[pulumi.Input[str]] = None, @@ -272,6 +291,7 @@ def _internal_init(__self__, if creator_member_abilities is None and not opts.urn: raise TypeError("Missing required property 'creator_member_abilities'") __props__.__dict__["creator_member_abilities"] = creator_member_abilities + __props__.__dict__["creator_ml_member_abilities"] = creator_ml_member_abilities __props__.__dict__["creator_payment_configuration"] = creator_payment_configuration __props__.__dict__["data_encryption_metadata"] = data_encryption_metadata if description is None and not opts.urn: @@ -287,7 +307,7 @@ def _internal_init(__self__, __props__.__dict__["tags"] = tags __props__.__dict__["arn"] = None __props__.__dict__["collaboration_identifier"] = None - replace_on_changes = pulumi.ResourceOptions(replace_on_changes=["analyticsEngine", "creatorDisplayName", "creatorMemberAbilities[*]", "creatorPaymentConfiguration", "dataEncryptionMetadata", "members[*]", "queryLogStatus"]) + replace_on_changes = pulumi.ResourceOptions(replace_on_changes=["analyticsEngine", "creatorDisplayName", "creatorMemberAbilities[*]", "creatorMlMemberAbilities", "creatorPaymentConfiguration", "dataEncryptionMetadata", "members[*]", "queryLogStatus"]) opts = pulumi.ResourceOptions.merge(opts, replace_on_changes) super(Collaboration, __self__).__init__( 'aws-native:cleanrooms:Collaboration', @@ -316,6 +336,7 @@ def get(resource_name: str, __props__.__dict__["collaboration_identifier"] = None __props__.__dict__["creator_display_name"] = None __props__.__dict__["creator_member_abilities"] = None + __props__.__dict__["creator_ml_member_abilities"] = None __props__.__dict__["creator_payment_configuration"] = None __props__.__dict__["data_encryption_metadata"] = None __props__.__dict__["description"] = None @@ -371,6 +392,14 @@ def creator_member_abilities(self) -> pulumi.Output[Sequence['CollaborationMembe """ return pulumi.get(self, "creator_member_abilities") + @property + @pulumi.getter(name="creatorMlMemberAbilities") + def creator_ml_member_abilities(self) -> pulumi.Output[Optional['outputs.CollaborationMlMemberAbilities']]: + """ + The ML member abilities for a collaboration member. + """ + return pulumi.get(self, "creator_ml_member_abilities") + @property @pulumi.getter(name="creatorPaymentConfiguration") def creator_payment_configuration(self) -> pulumi.Output[Optional['outputs.CollaborationPaymentConfiguration']]: diff --git a/sdk/python/pulumi_aws_native/cleanrooms/outputs.py b/sdk/python/pulumi_aws_native/cleanrooms/outputs.py index ede2b596d5..3e61340035 100644 --- a/sdk/python/pulumi_aws_native/cleanrooms/outputs.py +++ b/sdk/python/pulumi_aws_native/cleanrooms/outputs.py @@ -22,6 +22,10 @@ 'AnalysisTemplateAnalysisSource', 'CollaborationDataEncryptionMetadata', 'CollaborationMemberSpecification', + 'CollaborationMlMemberAbilities', + 'CollaborationMlPaymentConfig', + 'CollaborationModelInferencePaymentConfig', + 'CollaborationModelTrainingPaymentConfig', 'CollaborationPaymentConfiguration', 'CollaborationQueryComputePaymentConfig', 'ConfiguredTableAggregateColumn', @@ -59,6 +63,9 @@ 'IdNamespaceAssociationIdMappingConfig', 'IdNamespaceAssociationInputReferenceConfig', 'IdNamespaceAssociationInputReferenceProperties', + 'MembershipMlPaymentConfig', + 'MembershipModelInferencePaymentConfig', + 'MembershipModelTrainingPaymentConfig', 'MembershipPaymentConfiguration', 'MembershipProtectedQueryOutputConfiguration', 'MembershipProtectedQueryResultConfiguration', @@ -263,6 +270,8 @@ def __key_warning(key: str): suggest = "display_name" elif key == "memberAbilities": suggest = "member_abilities" + elif key == "mlMemberAbilities": + suggest = "ml_member_abilities" elif key == "paymentConfiguration": suggest = "payment_configuration" @@ -281,6 +290,7 @@ def __init__(__self__, *, account_id: str, display_name: str, member_abilities: Sequence['CollaborationMemberAbility'], + ml_member_abilities: Optional['outputs.CollaborationMlMemberAbilities'] = None, payment_configuration: Optional['outputs.CollaborationPaymentConfiguration'] = None): """ :param str account_id: The identifier used to reference members of the collaboration. Currently only supports AWS account ID. @@ -288,6 +298,7 @@ def __init__(__self__, *, :param Sequence['CollaborationMemberAbility'] member_abilities: The abilities granted to the collaboration member. *Allowed Values* : `CAN_QUERY` | `CAN_RECEIVE_RESULTS` + :param 'CollaborationMlMemberAbilities' ml_member_abilities: The ML abilities granted to the collaboration member. :param 'CollaborationPaymentConfiguration' payment_configuration: The collaboration member's payment responsibilities set by the collaboration creator. If the collaboration creator hasn't specified anyone as the member paying for query compute costs, then the member who can query is the default payer. @@ -295,6 +306,8 @@ def __init__(__self__, *, pulumi.set(__self__, "account_id", account_id) pulumi.set(__self__, "display_name", display_name) pulumi.set(__self__, "member_abilities", member_abilities) + if ml_member_abilities is not None: + pulumi.set(__self__, "ml_member_abilities", ml_member_abilities) if payment_configuration is not None: pulumi.set(__self__, "payment_configuration", payment_configuration) @@ -324,6 +337,14 @@ def member_abilities(self) -> Sequence['CollaborationMemberAbility']: """ return pulumi.get(self, "member_abilities") + @property + @pulumi.getter(name="mlMemberAbilities") + def ml_member_abilities(self) -> Optional['outputs.CollaborationMlMemberAbilities']: + """ + The ML abilities granted to the collaboration member. + """ + return pulumi.get(self, "ml_member_abilities") + @property @pulumi.getter(name="paymentConfiguration") def payment_configuration(self) -> Optional['outputs.CollaborationPaymentConfiguration']: @@ -335,6 +356,177 @@ def payment_configuration(self) -> Optional['outputs.CollaborationPaymentConfigu return pulumi.get(self, "payment_configuration") +@pulumi.output_type +class CollaborationMlMemberAbilities(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "customMlMemberAbilities": + suggest = "custom_ml_member_abilities" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CollaborationMlMemberAbilities. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CollaborationMlMemberAbilities.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CollaborationMlMemberAbilities.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + custom_ml_member_abilities: Sequence['CollaborationCustomMlMemberAbility']): + """ + :param Sequence['CollaborationCustomMlMemberAbility'] custom_ml_member_abilities: The custom ML member abilities for a collaboration member. + """ + pulumi.set(__self__, "custom_ml_member_abilities", custom_ml_member_abilities) + + @property + @pulumi.getter(name="customMlMemberAbilities") + def custom_ml_member_abilities(self) -> Sequence['CollaborationCustomMlMemberAbility']: + """ + The custom ML member abilities for a collaboration member. + """ + return pulumi.get(self, "custom_ml_member_abilities") + + +@pulumi.output_type +class CollaborationMlPaymentConfig(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "modelInference": + suggest = "model_inference" + elif key == "modelTraining": + suggest = "model_training" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CollaborationMlPaymentConfig. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CollaborationMlPaymentConfig.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CollaborationMlPaymentConfig.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + model_inference: Optional['outputs.CollaborationModelInferencePaymentConfig'] = None, + model_training: Optional['outputs.CollaborationModelTrainingPaymentConfig'] = None): + """ + :param 'CollaborationModelInferencePaymentConfig' model_inference: The payment responsibilities accepted by the member for model inference. + :param 'CollaborationModelTrainingPaymentConfig' model_training: The payment responsibilities accepted by the member for model training. + """ + if model_inference is not None: + pulumi.set(__self__, "model_inference", model_inference) + if model_training is not None: + pulumi.set(__self__, "model_training", model_training) + + @property + @pulumi.getter(name="modelInference") + def model_inference(self) -> Optional['outputs.CollaborationModelInferencePaymentConfig']: + """ + The payment responsibilities accepted by the member for model inference. + """ + return pulumi.get(self, "model_inference") + + @property + @pulumi.getter(name="modelTraining") + def model_training(self) -> Optional['outputs.CollaborationModelTrainingPaymentConfig']: + """ + The payment responsibilities accepted by the member for model training. + """ + return pulumi.get(self, "model_training") + + +@pulumi.output_type +class CollaborationModelInferencePaymentConfig(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "isResponsible": + suggest = "is_responsible" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CollaborationModelInferencePaymentConfig. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CollaborationModelInferencePaymentConfig.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CollaborationModelInferencePaymentConfig.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + is_responsible: bool): + """ + :param bool is_responsible: Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ). + + Exactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + + If the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + """ + pulumi.set(__self__, "is_responsible", is_responsible) + + @property + @pulumi.getter(name="isResponsible") + def is_responsible(self) -> bool: + """ + Indicates whether the collaboration creator has configured the collaboration member to pay for model inference costs ( `TRUE` ) or has not configured the collaboration member to pay for model inference costs ( `FALSE` ). + + Exactly one member can be configured to pay for model inference costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + + If the collaboration creator hasn't specified anyone as the member paying for model inference costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + """ + return pulumi.get(self, "is_responsible") + + +@pulumi.output_type +class CollaborationModelTrainingPaymentConfig(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "isResponsible": + suggest = "is_responsible" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in CollaborationModelTrainingPaymentConfig. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + CollaborationModelTrainingPaymentConfig.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + CollaborationModelTrainingPaymentConfig.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + is_responsible: bool): + """ + :param bool is_responsible: Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ). + + Exactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + + If the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + """ + pulumi.set(__self__, "is_responsible", is_responsible) + + @property + @pulumi.getter(name="isResponsible") + def is_responsible(self) -> bool: + """ + Indicates whether the collaboration creator has configured the collaboration member to pay for model training costs ( `TRUE` ) or has not configured the collaboration member to pay for model training costs ( `FALSE` ). + + Exactly one member can be configured to pay for model training costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration. + + If the collaboration creator hasn't specified anyone as the member paying for model training costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query. + """ + return pulumi.get(self, "is_responsible") + + @pulumi.output_type class CollaborationPaymentConfiguration(dict): @staticmethod @@ -342,6 +534,8 @@ def __key_warning(key: str): suggest = None if key == "queryCompute": suggest = "query_compute" + elif key == "machineLearning": + suggest = "machine_learning" if suggest: pulumi.log.warn(f"Key '{key}' not found in CollaborationPaymentConfiguration. Access the value via the '{suggest}' property getter instead.") @@ -355,11 +549,15 @@ def get(self, key: str, default = None) -> Any: return super().get(key, default) def __init__(__self__, *, - query_compute: 'outputs.CollaborationQueryComputePaymentConfig'): + query_compute: 'outputs.CollaborationQueryComputePaymentConfig', + machine_learning: Optional['outputs.CollaborationMlPaymentConfig'] = None): """ :param 'CollaborationQueryComputePaymentConfig' query_compute: The collaboration member's payment responsibilities set by the collaboration creator for query compute costs. + :param 'CollaborationMlPaymentConfig' machine_learning: An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. """ pulumi.set(__self__, "query_compute", query_compute) + if machine_learning is not None: + pulumi.set(__self__, "machine_learning", machine_learning) @property @pulumi.getter(name="queryCompute") @@ -369,6 +567,14 @@ def query_compute(self) -> 'outputs.CollaborationQueryComputePaymentConfig': """ return pulumi.get(self, "query_compute") + @property + @pulumi.getter(name="machineLearning") + def machine_learning(self) -> Optional['outputs.CollaborationMlPaymentConfig']: + """ + An object representing the collaboration member's machine learning payment responsibilities set by the collaboration creator. + """ + return pulumi.get(self, "machine_learning") + @pulumi.output_type class CollaborationQueryComputePaymentConfig(dict): @@ -1559,6 +1765,104 @@ def id_namespace_type(self) -> Optional['IdNamespaceAssociationInputReferencePro return pulumi.get(self, "id_namespace_type") +@pulumi.output_type +class MembershipMlPaymentConfig(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "modelInference": + suggest = "model_inference" + elif key == "modelTraining": + suggest = "model_training" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in MembershipMlPaymentConfig. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + MembershipMlPaymentConfig.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + MembershipMlPaymentConfig.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + model_inference: Optional['outputs.MembershipModelInferencePaymentConfig'] = None, + model_training: Optional['outputs.MembershipModelTrainingPaymentConfig'] = None): + if model_inference is not None: + pulumi.set(__self__, "model_inference", model_inference) + if model_training is not None: + pulumi.set(__self__, "model_training", model_training) + + @property + @pulumi.getter(name="modelInference") + def model_inference(self) -> Optional['outputs.MembershipModelInferencePaymentConfig']: + return pulumi.get(self, "model_inference") + + @property + @pulumi.getter(name="modelTraining") + def model_training(self) -> Optional['outputs.MembershipModelTrainingPaymentConfig']: + return pulumi.get(self, "model_training") + + +@pulumi.output_type +class MembershipModelInferencePaymentConfig(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "isResponsible": + suggest = "is_responsible" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in MembershipModelInferencePaymentConfig. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + MembershipModelInferencePaymentConfig.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + MembershipModelInferencePaymentConfig.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + is_responsible: bool): + pulumi.set(__self__, "is_responsible", is_responsible) + + @property + @pulumi.getter(name="isResponsible") + def is_responsible(self) -> bool: + return pulumi.get(self, "is_responsible") + + +@pulumi.output_type +class MembershipModelTrainingPaymentConfig(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "isResponsible": + suggest = "is_responsible" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in MembershipModelTrainingPaymentConfig. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + MembershipModelTrainingPaymentConfig.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + MembershipModelTrainingPaymentConfig.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + is_responsible: bool): + pulumi.set(__self__, "is_responsible", is_responsible) + + @property + @pulumi.getter(name="isResponsible") + def is_responsible(self) -> bool: + return pulumi.get(self, "is_responsible") + + @pulumi.output_type class MembershipPaymentConfiguration(dict): @staticmethod @@ -1566,6 +1870,8 @@ def __key_warning(key: str): suggest = None if key == "queryCompute": suggest = "query_compute" + elif key == "machineLearning": + suggest = "machine_learning" if suggest: pulumi.log.warn(f"Key '{key}' not found in MembershipPaymentConfiguration. Access the value via the '{suggest}' property getter instead.") @@ -1579,11 +1885,14 @@ def get(self, key: str, default = None) -> Any: return super().get(key, default) def __init__(__self__, *, - query_compute: 'outputs.MembershipQueryComputePaymentConfig'): + query_compute: 'outputs.MembershipQueryComputePaymentConfig', + machine_learning: Optional['outputs.MembershipMlPaymentConfig'] = None): """ :param 'MembershipQueryComputePaymentConfig' query_compute: The payment responsibilities accepted by the collaboration member for query compute costs. """ pulumi.set(__self__, "query_compute", query_compute) + if machine_learning is not None: + pulumi.set(__self__, "machine_learning", machine_learning) @property @pulumi.getter(name="queryCompute") @@ -1593,6 +1902,11 @@ def query_compute(self) -> 'outputs.MembershipQueryComputePaymentConfig': """ return pulumi.get(self, "query_compute") + @property + @pulumi.getter(name="machineLearning") + def machine_learning(self) -> Optional['outputs.MembershipMlPaymentConfig']: + return pulumi.get(self, "machine_learning") + @pulumi.output_type class MembershipProtectedQueryOutputConfiguration(dict): diff --git a/sdk/python/pulumi_aws_native/cognito/_inputs.py b/sdk/python/pulumi_aws_native/cognito/_inputs.py index 67d4bfeabc..0745c8c8b2 100644 --- a/sdk/python/pulumi_aws_native/cognito/_inputs.py +++ b/sdk/python/pulumi_aws_native/cognito/_inputs.py @@ -711,11 +711,11 @@ def recovery_mechanisms(self, value: Optional[pulumi.Input[Sequence[pulumi.Input class UserPoolAddOnsArgsDict(TypedDict): advanced_security_additional_flows: NotRequired[pulumi.Input['UserPoolAdvancedSecurityAdditionalFlowsArgsDict']] """ - Advanced security configuration options for additional authentication types in your user pool, including custom authentication. + Threat protection configuration options for additional authentication types in your user pool, including custom authentication. """ advanced_security_mode: NotRequired[pulumi.Input[str]] """ - The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. + The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. """ elif False: UserPoolAddOnsArgsDict: TypeAlias = Mapping[str, Any] @@ -726,8 +726,8 @@ def __init__(__self__, *, advanced_security_additional_flows: Optional[pulumi.Input['UserPoolAdvancedSecurityAdditionalFlowsArgs']] = None, advanced_security_mode: Optional[pulumi.Input[str]] = None): """ - :param pulumi.Input['UserPoolAdvancedSecurityAdditionalFlowsArgs'] advanced_security_additional_flows: Advanced security configuration options for additional authentication types in your user pool, including custom authentication. - :param pulumi.Input[str] advanced_security_mode: The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. + :param pulumi.Input['UserPoolAdvancedSecurityAdditionalFlowsArgs'] advanced_security_additional_flows: Threat protection configuration options for additional authentication types in your user pool, including custom authentication. + :param pulumi.Input[str] advanced_security_mode: The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. """ if advanced_security_additional_flows is not None: pulumi.set(__self__, "advanced_security_additional_flows", advanced_security_additional_flows) @@ -738,7 +738,7 @@ def __init__(__self__, *, @pulumi.getter(name="advancedSecurityAdditionalFlows") def advanced_security_additional_flows(self) -> Optional[pulumi.Input['UserPoolAdvancedSecurityAdditionalFlowsArgs']]: """ - Advanced security configuration options for additional authentication types in your user pool, including custom authentication. + Threat protection configuration options for additional authentication types in your user pool, including custom authentication. """ return pulumi.get(self, "advanced_security_additional_flows") @@ -750,7 +750,7 @@ def advanced_security_additional_flows(self, value: Optional[pulumi.Input['UserP @pulumi.getter(name="advancedSecurityMode") def advanced_security_mode(self) -> Optional[pulumi.Input[str]]: """ - The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. + The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. """ return pulumi.get(self, "advanced_security_mode") @@ -763,7 +763,7 @@ def advanced_security_mode(self, value: Optional[pulumi.Input[str]]): class UserPoolAdminCreateUserConfigArgsDict(TypedDict): allow_admin_create_user_only: NotRequired[pulumi.Input[bool]] """ - The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation. + The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation. """ invite_message_template: NotRequired[pulumi.Input['UserPoolInviteMessageTemplateArgsDict']] """ @@ -773,7 +773,9 @@ class UserPoolAdminCreateUserConfigArgsDict(TypedDict): """ unused_account_validity_days: NotRequired[pulumi.Input[int]] """ - This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . + This parameter is no longer in use. + + Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter. @@ -789,11 +791,13 @@ def __init__(__self__, *, invite_message_template: Optional[pulumi.Input['UserPoolInviteMessageTemplateArgs']] = None, unused_account_validity_days: Optional[pulumi.Input[int]] = None): """ - :param pulumi.Input[bool] allow_admin_create_user_only: The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation. + :param pulumi.Input[bool] allow_admin_create_user_only: The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation. :param pulumi.Input['UserPoolInviteMessageTemplateArgs'] invite_message_template: The template for the welcome message to new users. This template must include the `{####}` temporary password placeholder if you are creating users with passwords. If your users don't have passwords, you can omit the placeholder. See also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) . - :param pulumi.Input[int] unused_account_validity_days: This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . + :param pulumi.Input[int] unused_account_validity_days: This parameter is no longer in use. + + Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter. @@ -810,7 +814,7 @@ def __init__(__self__, *, @pulumi.getter(name="allowAdminCreateUserOnly") def allow_admin_create_user_only(self) -> Optional[pulumi.Input[bool]]: """ - The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation. + The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation. """ return pulumi.get(self, "allow_admin_create_user_only") @@ -836,7 +840,9 @@ def invite_message_template(self, value: Optional[pulumi.Input['UserPoolInviteMe @pulumi.getter(name="unusedAccountValidityDays") def unused_account_validity_days(self) -> Optional[pulumi.Input[int]]: """ - This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . + This parameter is no longer in use. + + Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter. @@ -853,7 +859,7 @@ def unused_account_validity_days(self, value: Optional[pulumi.Input[int]]): class UserPoolAdvancedSecurityAdditionalFlowsArgsDict(TypedDict): custom_auth_mode: NotRequired[pulumi.Input[str]] """ - The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . + The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . """ elif False: UserPoolAdvancedSecurityAdditionalFlowsArgsDict: TypeAlias = Mapping[str, Any] @@ -863,7 +869,7 @@ class UserPoolAdvancedSecurityAdditionalFlowsArgs: def __init__(__self__, *, custom_auth_mode: Optional[pulumi.Input[str]] = None): """ - :param pulumi.Input[str] custom_auth_mode: The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . + :param pulumi.Input[str] custom_auth_mode: The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . """ if custom_auth_mode is not None: pulumi.set(__self__, "custom_auth_mode", custom_auth_mode) @@ -872,7 +878,7 @@ def __init__(__self__, *, @pulumi.getter(name="customAuthMode") def custom_auth_mode(self) -> Optional[pulumi.Input[str]]: """ - The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . + The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . """ return pulumi.get(self, "custom_auth_mode") @@ -1191,7 +1197,7 @@ class UserPoolDeviceConfigurationArgsDict(TypedDict): """ device_only_remembered_on_user_prompt: NotRequired[pulumi.Input[bool]] """ - When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request. + When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request. When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request. """ @@ -1207,7 +1213,7 @@ def __init__(__self__, *, :param pulumi.Input[bool] challenge_required_on_new_device: When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA). > Whether or not `ChallengeRequiredOnNewDevice` is true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA. - :param pulumi.Input[bool] device_only_remembered_on_user_prompt: When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request. + :param pulumi.Input[bool] device_only_remembered_on_user_prompt: When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request. When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request. """ @@ -1234,7 +1240,7 @@ def challenge_required_on_new_device(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="deviceOnlyRememberedOnUserPrompt") def device_only_remembered_on_user_prompt(self) -> Optional[pulumi.Input[bool]]: """ - When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request. + When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request. When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request. """ @@ -1878,7 +1884,7 @@ class UserPoolPasswordPolicyArgsDict(TypedDict): """ The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` . - Password history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. + Password history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. """ require_lowercase: NotRequired[pulumi.Input[bool]] """ @@ -1919,7 +1925,7 @@ def __init__(__self__, *, :param pulumi.Input[int] minimum_length: The minimum length of the password in the policy that you have set. This value can't be less than 6. :param pulumi.Input[int] password_history_size: The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` . - Password history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. + Password history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. :param pulumi.Input[bool] require_lowercase: The requirement in a password policy that users must include at least one lowercase letter in their password. :param pulumi.Input[bool] require_numbers: The requirement in a password policy that users must include at least one number in their password. :param pulumi.Input[bool] require_symbols: The requirement in a password policy that users must include at least one symbol in their password. @@ -1961,7 +1967,7 @@ def password_history_size(self) -> Optional[pulumi.Input[int]]: """ The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` . - Password history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. + Password history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. """ return pulumi.get(self, "password_history_size") @@ -2042,7 +2048,7 @@ class UserPoolPoliciesArgsDict(TypedDict): """ The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . """ elif False: UserPoolPoliciesArgsDict: TypeAlias = Mapping[str, Any] @@ -2056,7 +2062,7 @@ def __init__(__self__, *, :param pulumi.Input['UserPoolPasswordPolicyArgs'] password_policy: The password policy settings for a user pool, including complexity, history, and length requirements. :param pulumi.Input['UserPoolSignInPolicyArgs'] sign_in_policy: The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . """ if password_policy is not None: pulumi.set(__self__, "password_policy", password_policy) @@ -2081,7 +2087,7 @@ def sign_in_policy(self) -> Optional[pulumi.Input['UserPoolSignInPolicyArgs']]: """ The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . """ return pulumi.get(self, "sign_in_policy") @@ -2319,15 +2325,15 @@ def notify(self, value: pulumi.Input[bool]): class UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgsDict(TypedDict): high_action: NotRequired[pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgsDict']] """ - The action that you assign to a high-risk assessment by advanced security features. + The action that you assign to a high-risk assessment by threat protection. """ low_action: NotRequired[pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgsDict']] """ - The action that you assign to a low-risk assessment by advanced security features. + The action that you assign to a low-risk assessment by threat protection. """ medium_action: NotRequired[pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgsDict']] """ - The action that you assign to a medium-risk assessment by advanced security features. + The action that you assign to a medium-risk assessment by threat protection. """ elif False: UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgsDict: TypeAlias = Mapping[str, Any] @@ -2339,9 +2345,9 @@ def __init__(__self__, *, low_action: Optional[pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgs']] = None, medium_action: Optional[pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgs']] = None): """ - :param pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgs'] high_action: The action that you assign to a high-risk assessment by advanced security features. - :param pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgs'] low_action: The action that you assign to a low-risk assessment by advanced security features. - :param pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgs'] medium_action: The action that you assign to a medium-risk assessment by advanced security features. + :param pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgs'] high_action: The action that you assign to a high-risk assessment by threat protection. + :param pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgs'] low_action: The action that you assign to a low-risk assessment by threat protection. + :param pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgs'] medium_action: The action that you assign to a medium-risk assessment by threat protection. """ if high_action is not None: pulumi.set(__self__, "high_action", high_action) @@ -2354,7 +2360,7 @@ def __init__(__self__, *, @pulumi.getter(name="highAction") def high_action(self) -> Optional[pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgs']]: """ - The action that you assign to a high-risk assessment by advanced security features. + The action that you assign to a high-risk assessment by threat protection. """ return pulumi.get(self, "high_action") @@ -2366,7 +2372,7 @@ def high_action(self, value: Optional[pulumi.Input['UserPoolRiskConfigurationAtt @pulumi.getter(name="lowAction") def low_action(self) -> Optional[pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgs']]: """ - The action that you assign to a low-risk assessment by advanced security features. + The action that you assign to a low-risk assessment by threat protection. """ return pulumi.get(self, "low_action") @@ -2378,7 +2384,7 @@ def low_action(self, value: Optional[pulumi.Input['UserPoolRiskConfigurationAtta @pulumi.getter(name="mediumAction") def medium_action(self) -> Optional[pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionTypeArgs']]: """ - The action that you assign to a medium-risk assessment by advanced security features. + The action that you assign to a medium-risk assessment by threat protection. """ return pulumi.get(self, "medium_action") @@ -2391,11 +2397,11 @@ def medium_action(self, value: Optional[pulumi.Input['UserPoolRiskConfigurationA class UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgsDict(TypedDict): actions: pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgsDict'] """ - A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. + A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. """ notify_configuration: NotRequired[pulumi.Input['UserPoolRiskConfigurationAttachmentNotifyConfigurationTypeArgsDict']] """ - The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. + The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. """ elif False: UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgsDict: TypeAlias = Mapping[str, Any] @@ -2406,8 +2412,8 @@ def __init__(__self__, *, actions: pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgs'], notify_configuration: Optional[pulumi.Input['UserPoolRiskConfigurationAttachmentNotifyConfigurationTypeArgs']] = None): """ - :param pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgs'] actions: A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. - :param pulumi.Input['UserPoolRiskConfigurationAttachmentNotifyConfigurationTypeArgs'] notify_configuration: The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. + :param pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgs'] actions: A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. + :param pulumi.Input['UserPoolRiskConfigurationAttachmentNotifyConfigurationTypeArgs'] notify_configuration: The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. """ pulumi.set(__self__, "actions", actions) if notify_configuration is not None: @@ -2417,7 +2423,7 @@ def __init__(__self__, *, @pulumi.getter def actions(self) -> pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverActionsTypeArgs']: """ - A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. + A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. """ return pulumi.get(self, "actions") @@ -2429,7 +2435,7 @@ def actions(self, value: pulumi.Input['UserPoolRiskConfigurationAttachmentAccoun @pulumi.getter(name="notifyConfiguration") def notify_configuration(self) -> Optional[pulumi.Input['UserPoolRiskConfigurationAttachmentNotifyConfigurationTypeArgs']]: """ - The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. + The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. """ return pulumi.get(self, "notify_configuration") @@ -3170,7 +3176,7 @@ class UserPoolUserAttributeUpdateSettingsArgsDict(TypedDict): """ Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. - You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true. + You can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true. When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute. """ @@ -3184,7 +3190,7 @@ def __init__(__self__, *, """ :param pulumi.Input[Sequence[pulumi.Input[str]]] attributes_require_verification_before_update: Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. - You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true. + You can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true. When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute. """ @@ -3196,7 +3202,7 @@ def attributes_require_verification_before_update(self) -> pulumi.Input[Sequence """ Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. - You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true. + You can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true. When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute. """ diff --git a/sdk/python/pulumi_aws_native/cognito/get_user_pool.py b/sdk/python/pulumi_aws_native/cognito/get_user_pool.py index b882c5c5bf..074b7a34a5 100644 --- a/sdk/python/pulumi_aws_native/cognito/get_user_pool.py +++ b/sdk/python/pulumi_aws_native/cognito/get_user_pool.py @@ -137,7 +137,7 @@ def admin_create_user_config(self) -> Optional['outputs.UserPoolAdminCreateUserC """ The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . """ return pulumi.get(self, "admin_create_user_config") @@ -145,7 +145,7 @@ def admin_create_user_config(self) -> Optional['outputs.UserPoolAdminCreateUserC @pulumi.getter(name="aliasAttributes") def alias_attributes(self) -> Optional[Sequence[str]]: """ - Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . """ return pulumi.get(self, "alias_attributes") @@ -161,7 +161,7 @@ def arn(self) -> Optional[str]: @pulumi.getter(name="autoVerifiedAttributes") def auto_verified_attributes(self) -> Optional[Sequence[str]]: """ - The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . """ return pulumi.get(self, "auto_verified_attributes") @@ -233,11 +233,9 @@ def lambda_config(self) -> Optional['outputs.UserPoolLambdaConfig']: @pulumi.getter(name="mfaConfiguration") def mfa_configuration(self) -> Optional[str]: """ - The multi-factor authentication (MFA) configuration. Valid values include: + Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . - - `OFF` MFA won't be used for any users. - - `ON` MFA is required for all users to sign in. - - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. """ return pulumi.get(self, "mfa_configuration") @@ -247,7 +245,7 @@ def policies(self) -> Optional['outputs.UserPoolPolicies']: """ A list of user pool policies. Contains the policy that sets password-complexity requirements. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . """ return pulumi.get(self, "policies") @@ -287,7 +285,7 @@ def sms_authentication_message(self) -> Optional[str]: @pulumi.getter(name="smsConfiguration") def sms_configuration(self) -> Optional['outputs.UserPoolSmsConfiguration']: """ - The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . """ return pulumi.get(self, "sms_configuration") @@ -313,7 +311,7 @@ def user_attribute_update_settings(self) -> Optional['outputs.UserPoolUserAttrib @pulumi.getter(name="userPoolAddOns") def user_pool_add_ons(self) -> Optional['outputs.UserPoolAddOns']: """ - User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . """ @@ -331,7 +329,7 @@ def user_pool_id(self) -> Optional[str]: @pulumi.getter(name="userPoolName") def user_pool_name(self) -> Optional[str]: """ - A friendlhy name for your user pool. + A friendly name for your user pool. """ return pulumi.get(self, "user_pool_name") diff --git a/sdk/python/pulumi_aws_native/cognito/get_user_pool_client.py b/sdk/python/pulumi_aws_native/cognito/get_user_pool_client.py index 4309493e6c..1835345e40 100644 --- a/sdk/python/pulumi_aws_native/cognito/get_user_pool_client.py +++ b/sdk/python/pulumi_aws_native/cognito/get_user_pool_client.py @@ -115,11 +115,11 @@ def access_token_validity(self) -> Optional[int]: @pulumi.getter(name="allowedOAuthFlows") def allowed_o_auth_flows(self) -> Optional[Sequence[str]]: """ - The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. + - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. """ return pulumi.get(self, "allowed_o_auth_flows") @@ -127,16 +127,16 @@ def allowed_o_auth_flows(self) -> Optional[Sequence[str]]: @pulumi.getter(name="allowedOAuthFlowsUserPoolClient") def allowed_o_auth_flows_user_pool_client(self) -> Optional[bool]: """ - Set to `true` to use OAuth 2.0 features in your user pool app client. + Set to `true` to use OAuth 2.0 authorization server features in your app client. - `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + This parameter must have a value of `true` before you can configure the following features in your app client. - `CallBackURLs` : Callback URLs. - `LogoutURLs` : Sign-out redirect URLs. - `AllowedOAuthScopes` : OAuth 2.0 scopes. - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. - To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . + To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. """ return pulumi.get(self, "allowed_o_auth_flows_user_pool_client") @@ -144,7 +144,7 @@ def allowed_o_auth_flows_user_pool_client(self) -> Optional[bool]: @pulumi.getter(name="allowedOAuthScopes") def allowed_o_auth_scopes(self) -> Optional[Sequence[str]]: """ - The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. """ return pulumi.get(self, "allowed_o_auth_scopes") @@ -170,9 +170,9 @@ def auth_session_validity(self) -> Optional[int]: @pulumi.getter(name="callbackUrls") def callback_urls(self) -> Optional[Sequence[str]]: """ - A list of allowed redirect (callback) URLs for the IdPs. + A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. - A redirect URI must: + A redirect URI must meet the following requirements: - Be an absolute URI. - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -219,7 +219,7 @@ def default_redirect_uri(self) -> Optional[str]: @pulumi.getter(name="enablePropagateAdditionalUserContextData") def enable_propagate_additional_user_context_data(self) -> Optional[bool]: """ - Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. """ return pulumi.get(self, "enable_propagate_additional_user_context_data") @@ -227,7 +227,9 @@ def enable_propagate_additional_user_context_data(self) -> Optional[bool]: @pulumi.getter(name="enableTokenRevocation") def enable_token_revocation(self) -> Optional[bool]: """ - Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + + Revoke tokens with `API_RevokeToken` . If you don't include this parameter, token revocation is automatically activated for the new user pool client. """ @@ -237,11 +239,11 @@ def enable_token_revocation(self) -> Optional[bool]: @pulumi.getter(name="explicitAuthFlows") def explicit_auth_flows(self) -> Optional[Sequence[str]]: """ - The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. - > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . - Valid values include: + The values for authentication flow options include the following. - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . @@ -276,7 +278,7 @@ def id_token_validity(self) -> Optional[int]: @pulumi.getter(name="logoutUrls") def logout_urls(self) -> Optional[Sequence[str]]: """ - A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . """ return pulumi.get(self, "logout_urls") @@ -304,9 +306,11 @@ def prevent_user_existence_errors(self) -> Optional[str]: @pulumi.getter(name="readAttributes") def read_attributes(self) -> Optional[Sequence[str]]: """ - The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. - When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + + When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. """ return pulumi.get(self, "read_attributes") @@ -332,7 +336,7 @@ def supported_identity_providers(self) -> Optional[Sequence[str]]: """ A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . - This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . """ return pulumi.get(self, "supported_identity_providers") @@ -348,7 +352,9 @@ def token_validity_units(self) -> Optional['outputs.UserPoolClientTokenValidityU @pulumi.getter(name="writeAttributes") def write_attributes(self) -> Optional[Sequence[str]]: """ - The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + + An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. diff --git a/sdk/python/pulumi_aws_native/cognito/get_user_pool_domain.py b/sdk/python/pulumi_aws_native/cognito/get_user_pool_domain.py index 85da8be8d2..bb9cf52b43 100644 --- a/sdk/python/pulumi_aws_native/cognito/get_user_pool_domain.py +++ b/sdk/python/pulumi_aws_native/cognito/get_user_pool_domain.py @@ -50,9 +50,11 @@ def cloud_front_distribution(self) -> Optional[str]: @pulumi.getter(name="customDomainConfig") def custom_domain_config(self) -> Optional['outputs.UserPoolDomainCustomDomainConfigType']: """ - The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . - When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. + When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. + + Update the RP ID in a `API_SetUserPoolMfaConfig` request. """ return pulumi.get(self, "custom_domain_config") diff --git a/sdk/python/pulumi_aws_native/cognito/get_user_pool_risk_configuration_attachment.py b/sdk/python/pulumi_aws_native/cognito/get_user_pool_risk_configuration_attachment.py index 1b2dae3978..286ea02eef 100644 --- a/sdk/python/pulumi_aws_native/cognito/get_user_pool_risk_configuration_attachment.py +++ b/sdk/python/pulumi_aws_native/cognito/get_user_pool_risk_configuration_attachment.py @@ -39,7 +39,7 @@ def __init__(__self__, account_takeover_risk_configuration=None, compromised_cre @pulumi.getter(name="accountTakeoverRiskConfiguration") def account_takeover_risk_configuration(self) -> Optional['outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType']: """ - The settings for automated responses and notification templates for adaptive authentication with advanced security features. + The settings for automated responses and notification templates for adaptive authentication with threat protection. """ return pulumi.get(self, "account_takeover_risk_configuration") @@ -47,7 +47,7 @@ def account_takeover_risk_configuration(self) -> Optional['outputs.UserPoolRiskC @pulumi.getter(name="compromisedCredentialsRiskConfiguration") def compromised_credentials_risk_configuration(self) -> Optional['outputs.UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType']: """ - Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. """ return pulumi.get(self, "compromised_credentials_risk_configuration") diff --git a/sdk/python/pulumi_aws_native/cognito/get_user_pool_ui_customization_attachment.py b/sdk/python/pulumi_aws_native/cognito/get_user_pool_ui_customization_attachment.py index c0782b1ffb..fa8480b280 100644 --- a/sdk/python/pulumi_aws_native/cognito/get_user_pool_ui_customization_attachment.py +++ b/sdk/python/pulumi_aws_native/cognito/get_user_pool_ui_customization_attachment.py @@ -32,7 +32,7 @@ def __init__(__self__, css=None): @pulumi.getter def css(self) -> Optional[str]: """ - The CSS values in the UI customization. + A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . """ return pulumi.get(self, "css") @@ -54,7 +54,7 @@ def get_user_pool_ui_customization_attachment(client_id: Optional[str] = None, :param str client_id: The app client ID for your UI customization. When this value isn't present, the customization applies to all user pool app clients that don't have client-level settings.. - :param str user_pool_id: The ID of the user pool. + :param str user_pool_id: The ID of the user pool where you want to apply branding to the classic hosted UI. """ __args__ = dict() __args__['clientId'] = client_id @@ -72,7 +72,7 @@ def get_user_pool_ui_customization_attachment_output(client_id: Optional[pulumi. :param str client_id: The app client ID for your UI customization. When this value isn't present, the customization applies to all user pool app clients that don't have client-level settings.. - :param str user_pool_id: The ID of the user pool. + :param str user_pool_id: The ID of the user pool where you want to apply branding to the classic hosted UI. """ __args__ = dict() __args__['clientId'] = client_id diff --git a/sdk/python/pulumi_aws_native/cognito/outputs.py b/sdk/python/pulumi_aws_native/cognito/outputs.py index ee9d62da63..4f1dcbb85b 100644 --- a/sdk/python/pulumi_aws_native/cognito/outputs.py +++ b/sdk/python/pulumi_aws_native/cognito/outputs.py @@ -652,8 +652,8 @@ def __init__(__self__, *, advanced_security_additional_flows: Optional['outputs.UserPoolAdvancedSecurityAdditionalFlows'] = None, advanced_security_mode: Optional[str] = None): """ - :param 'UserPoolAdvancedSecurityAdditionalFlows' advanced_security_additional_flows: Advanced security configuration options for additional authentication types in your user pool, including custom authentication. - :param str advanced_security_mode: The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. + :param 'UserPoolAdvancedSecurityAdditionalFlows' advanced_security_additional_flows: Threat protection configuration options for additional authentication types in your user pool, including custom authentication. + :param str advanced_security_mode: The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. """ if advanced_security_additional_flows is not None: pulumi.set(__self__, "advanced_security_additional_flows", advanced_security_additional_flows) @@ -664,7 +664,7 @@ def __init__(__self__, *, @pulumi.getter(name="advancedSecurityAdditionalFlows") def advanced_security_additional_flows(self) -> Optional['outputs.UserPoolAdvancedSecurityAdditionalFlows']: """ - Advanced security configuration options for additional authentication types in your user pool, including custom authentication. + Threat protection configuration options for additional authentication types in your user pool, including custom authentication. """ return pulumi.get(self, "advanced_security_additional_flows") @@ -672,7 +672,7 @@ def advanced_security_additional_flows(self) -> Optional['outputs.UserPoolAdvanc @pulumi.getter(name="advancedSecurityMode") def advanced_security_mode(self) -> Optional[str]: """ - The operating mode of advanced security features for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. + The operating mode of threat protection for standard authentication types in your user pool, including username-password and secure remote password (SRP) authentication. """ return pulumi.get(self, "advanced_security_mode") @@ -705,11 +705,13 @@ def __init__(__self__, *, invite_message_template: Optional['outputs.UserPoolInviteMessageTemplate'] = None, unused_account_validity_days: Optional[int] = None): """ - :param bool allow_admin_create_user_only: The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation. + :param bool allow_admin_create_user_only: The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation. :param 'UserPoolInviteMessageTemplate' invite_message_template: The template for the welcome message to new users. This template must include the `{####}` temporary password placeholder if you are creating users with passwords. If your users don't have passwords, you can omit the placeholder. See also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) . - :param int unused_account_validity_days: This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . + :param int unused_account_validity_days: This parameter is no longer in use. + + Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter. @@ -726,7 +728,7 @@ def __init__(__self__, *, @pulumi.getter(name="allowAdminCreateUserOnly") def allow_admin_create_user_only(self) -> Optional[bool]: """ - The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation. + The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the `SignUp` operation. """ return pulumi.get(self, "allow_admin_create_user_only") @@ -744,7 +746,9 @@ def invite_message_template(self) -> Optional['outputs.UserPoolInviteMessageTemp @pulumi.getter(name="unusedAccountValidityDays") def unused_account_validity_days(self) -> Optional[int]: """ - This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . + This parameter is no longer in use. + + Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of `API_PasswordPolicyType` . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` . The password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter. @@ -775,7 +779,7 @@ def get(self, key: str, default = None) -> Any: def __init__(__self__, *, custom_auth_mode: Optional[str] = None): """ - :param str custom_auth_mode: The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . + :param str custom_auth_mode: The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . """ if custom_auth_mode is not None: pulumi.set(__self__, "custom_auth_mode", custom_auth_mode) @@ -784,7 +788,7 @@ def __init__(__self__, *, @pulumi.getter(name="customAuthMode") def custom_auth_mode(self) -> Optional[str]: """ - The operating mode of advanced security features in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . + The operating mode of threat protection in custom authentication with [Custom authentication challenge Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) . """ return pulumi.get(self, "custom_auth_mode") @@ -1081,7 +1085,7 @@ def __init__(__self__, *, :param bool challenge_required_on_new_device: When true, a remembered device can sign in with device authentication instead of SMS and time-based one-time password (TOTP) factors for multi-factor authentication (MFA). > Whether or not `ChallengeRequiredOnNewDevice` is true, users who sign in with devices that have not been confirmed or remembered must still provide a second factor in a user pool that requires MFA. - :param bool device_only_remembered_on_user_prompt: When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request. + :param bool device_only_remembered_on_user_prompt: When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request. When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request. """ @@ -1104,7 +1108,7 @@ def challenge_required_on_new_device(self) -> Optional[bool]: @pulumi.getter(name="deviceOnlyRememberedOnUserPrompt") def device_only_remembered_on_user_prompt(self) -> Optional[bool]: """ - When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a [ConfirmDevice](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_ConfirmDevice.html) API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an [UpdateDeviceStatus](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateDeviceStatus.html) API request. + When true, Amazon Cognito doesn't automatically remember a user's device when your app sends a `ConfirmDevice` API request. In your app, create a prompt for your user to choose whether they want to remember their device. Return the user's choice in an `UpdateDeviceStatus` API request. When `DeviceOnlyRememberedOnUserPrompt` is `false` , Amazon Cognito immediately remembers devices that you register in a `ConfirmDevice` API request. """ @@ -1656,7 +1660,7 @@ def __init__(__self__, *, :param int minimum_length: The minimum length of the password in the policy that you have set. This value can't be less than 6. :param int password_history_size: The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` . - Password history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. + Password history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. :param bool require_lowercase: The requirement in a password policy that users must include at least one lowercase letter in their password. :param bool require_numbers: The requirement in a password policy that users must include at least one number in their password. :param bool require_symbols: The requirement in a password policy that users must include at least one symbol in their password. @@ -1694,7 +1698,7 @@ def password_history_size(self) -> Optional[int]: """ The number of previous passwords that you want Amazon Cognito to restrict each user from reusing. Users can't set a password that matches any of `n` previous passwords, where `n` is the value of `PasswordHistorySize` . - Password history isn't enforced and isn't displayed in [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. + Password history isn't enforced and isn't displayed in `API_DescribeUserPool` responses when you set this value to `0` or don't provide it. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. """ return pulumi.get(self, "password_history_size") @@ -1769,7 +1773,7 @@ def __init__(__self__, *, :param 'UserPoolPasswordPolicy' password_policy: The password policy settings for a user pool, including complexity, history, and length requirements. :param 'UserPoolSignInPolicy' sign_in_policy: The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . """ if password_policy is not None: pulumi.set(__self__, "password_policy", password_policy) @@ -1790,7 +1794,7 @@ def sign_in_policy(self) -> Optional['outputs.UserPoolSignInPolicy']: """ The policy for allowed types of authentication in a user pool. To activate this setting, your user pool must be in the [Essentials tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-essentials.html) or higher. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . """ return pulumi.get(self, "sign_in_policy") @@ -2012,9 +2016,9 @@ def __init__(__self__, *, low_action: Optional['outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverActionType'] = None, medium_action: Optional['outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverActionType'] = None): """ - :param 'UserPoolRiskConfigurationAttachmentAccountTakeoverActionType' high_action: The action that you assign to a high-risk assessment by advanced security features. - :param 'UserPoolRiskConfigurationAttachmentAccountTakeoverActionType' low_action: The action that you assign to a low-risk assessment by advanced security features. - :param 'UserPoolRiskConfigurationAttachmentAccountTakeoverActionType' medium_action: The action that you assign to a medium-risk assessment by advanced security features. + :param 'UserPoolRiskConfigurationAttachmentAccountTakeoverActionType' high_action: The action that you assign to a high-risk assessment by threat protection. + :param 'UserPoolRiskConfigurationAttachmentAccountTakeoverActionType' low_action: The action that you assign to a low-risk assessment by threat protection. + :param 'UserPoolRiskConfigurationAttachmentAccountTakeoverActionType' medium_action: The action that you assign to a medium-risk assessment by threat protection. """ if high_action is not None: pulumi.set(__self__, "high_action", high_action) @@ -2027,7 +2031,7 @@ def __init__(__self__, *, @pulumi.getter(name="highAction") def high_action(self) -> Optional['outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverActionType']: """ - The action that you assign to a high-risk assessment by advanced security features. + The action that you assign to a high-risk assessment by threat protection. """ return pulumi.get(self, "high_action") @@ -2035,7 +2039,7 @@ def high_action(self) -> Optional['outputs.UserPoolRiskConfigurationAttachmentAc @pulumi.getter(name="lowAction") def low_action(self) -> Optional['outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverActionType']: """ - The action that you assign to a low-risk assessment by advanced security features. + The action that you assign to a low-risk assessment by threat protection. """ return pulumi.get(self, "low_action") @@ -2043,7 +2047,7 @@ def low_action(self) -> Optional['outputs.UserPoolRiskConfigurationAttachmentAcc @pulumi.getter(name="mediumAction") def medium_action(self) -> Optional['outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverActionType']: """ - The action that you assign to a medium-risk assessment by advanced security features. + The action that you assign to a medium-risk assessment by threat protection. """ return pulumi.get(self, "medium_action") @@ -2071,8 +2075,8 @@ def __init__(__self__, *, actions: 'outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType', notify_configuration: Optional['outputs.UserPoolRiskConfigurationAttachmentNotifyConfigurationType'] = None): """ - :param 'UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType' actions: A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. - :param 'UserPoolRiskConfigurationAttachmentNotifyConfigurationType' notify_configuration: The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. + :param 'UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType' actions: A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. + :param 'UserPoolRiskConfigurationAttachmentNotifyConfigurationType' notify_configuration: The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. """ pulumi.set(__self__, "actions", actions) if notify_configuration is not None: @@ -2082,7 +2086,7 @@ def __init__(__self__, *, @pulumi.getter def actions(self) -> 'outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType': """ - A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features. + A list of account-takeover actions for each level of risk that Amazon Cognito might assess with threat protection. """ return pulumi.get(self, "actions") @@ -2090,7 +2094,7 @@ def actions(self) -> 'outputs.UserPoolRiskConfigurationAttachmentAccountTakeover @pulumi.getter(name="notifyConfiguration") def notify_configuration(self) -> Optional['outputs.UserPoolRiskConfigurationAttachmentNotifyConfigurationType']: """ - The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. + The settings for composing and sending an email message when threat protection assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type. """ return pulumi.get(self, "notify_configuration") @@ -2732,7 +2736,7 @@ def __init__(__self__, *, """ :param Sequence[str] attributes_require_verification_before_update: Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. - You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true. + You can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true. When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute. """ @@ -2744,7 +2748,7 @@ def attributes_require_verification_before_update(self) -> Sequence[str]: """ Requires that your user verifies their email address, phone number, or both before Amazon Cognito updates the value of that attribute. When you update a user attribute that has this option activated, Amazon Cognito sends a verification message to the new phone number or email address. Amazon Cognito doesn’t change the value of the attribute until your user responds to the verification message and confirms the new value. - You can verify an updated email address or phone number with a [VerifyUserAttribute](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerifyUserAttribute.html) API request. You can also call the [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) API and set `email_verified` or `phone_number_verified` to true. + You can verify an updated email address or phone number with a `API_VerifyUserAttribute` API request. You can also call the `API_AdminUpdateUserAttributes` API and set `email_verified` or `phone_number_verified` to true. When `AttributesRequireVerificationBeforeUpdate` is false, your user pool doesn't require that your users verify attribute changes before Amazon Cognito updates them. In a user pool where `AttributesRequireVerificationBeforeUpdate` is false, API operations that change attribute values can immediately update a user’s `email` or `phone_number` attribute. """ diff --git a/sdk/python/pulumi_aws_native/cognito/user_pool.py b/sdk/python/pulumi_aws_native/cognito/user_pool.py index b2f6e79f91..8227f12993 100644 --- a/sdk/python/pulumi_aws_native/cognito/user_pool.py +++ b/sdk/python/pulumi_aws_native/cognito/user_pool.py @@ -56,9 +56,9 @@ def __init__(__self__, *, :param pulumi.Input['UserPoolAccountRecoverySettingArgs'] account_recovery_setting: The available verified method a user can use to recover their password when they call `ForgotPassword` . You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn't qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email. :param pulumi.Input['UserPoolAdminCreateUserConfigArgs'] admin_create_user_config: The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . - :param pulumi.Input[Sequence[pulumi.Input[str]]] alias_attributes: Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . - :param pulumi.Input[Sequence[pulumi.Input[str]]] auto_verified_attributes: The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . + :param pulumi.Input[Sequence[pulumi.Input[str]]] alias_attributes: Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + :param pulumi.Input[Sequence[pulumi.Input[str]]] auto_verified_attributes: The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . :param pulumi.Input[str] deletion_protection: When active, `DeletionProtection` prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. @@ -78,25 +78,23 @@ def __init__(__self__, *, Allowed values: `SMS_MFA` | `SOFTWARE_TOKEN_MFA` | `EMAIL_OTP` :param pulumi.Input['UserPoolLambdaConfigArgs'] lambda_config: A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of authentication operations. Triggers can modify the outcome of the operations that invoked them. - :param pulumi.Input[str] mfa_configuration: The multi-factor authentication (MFA) configuration. Valid values include: + :param pulumi.Input[str] mfa_configuration: Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . - - `OFF` MFA won't be used for any users. - - `ON` MFA is required for all users to sign in. - - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. :param pulumi.Input['UserPoolPoliciesArgs'] policies: A list of user pool policies. Contains the policy that sets password-complexity requirements. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . :param pulumi.Input[Sequence[pulumi.Input['UserPoolSchemaAttributeArgs']]] schema: An array of attributes for the new user pool. You can add custom attributes and modify the properties of default attributes. The specifications in this parameter set the required attributes in your user pool. For more information, see [Working with user attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html) . :param pulumi.Input[str] sms_authentication_message: The contents of the SMS authentication message. - :param pulumi.Input['UserPoolSmsConfigurationArgs'] sms_configuration: The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + :param pulumi.Input['UserPoolSmsConfigurationArgs'] sms_configuration: The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . :param pulumi.Input[str] sms_verification_message: This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html) . :param pulumi.Input['UserPoolUserAttributeUpdateSettingsArgs'] user_attribute_update_settings: The settings for updates to user attributes. These settings include the property `AttributesRequireVerificationBeforeUpdate` , a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users' email address and phone number attributes. For more information, see [Verifying updates to email addresses and phone numbers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates) . - :param pulumi.Input['UserPoolAddOnsArgs'] user_pool_add_ons: User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + :param pulumi.Input['UserPoolAddOnsArgs'] user_pool_add_ons: Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . - :param pulumi.Input[str] user_pool_name: A friendlhy name for your user pool. + :param pulumi.Input[str] user_pool_name: A friendly name for your user pool. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] user_pool_tags: The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria. :param pulumi.Input['UserPoolTier'] user_pool_tier: The user pool [feature plan](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html) , or tier. This parameter determines the eligibility of the user pool for features like managed login, access-token customization, and threat protection. Defaults to `ESSENTIALS` . :param pulumi.Input[Sequence[pulumi.Input[str]]] username_attributes: Specifies whether a user can use an email address or phone number as a username when they sign up. @@ -194,7 +192,7 @@ def admin_create_user_config(self) -> Optional[pulumi.Input['UserPoolAdminCreate """ The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . """ return pulumi.get(self, "admin_create_user_config") @@ -206,7 +204,7 @@ def admin_create_user_config(self, value: Optional[pulumi.Input['UserPoolAdminCr @pulumi.getter(name="aliasAttributes") def alias_attributes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . """ return pulumi.get(self, "alias_attributes") @@ -218,7 +216,7 @@ def alias_attributes(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[st @pulumi.getter(name="autoVerifiedAttributes") def auto_verified_attributes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . """ return pulumi.get(self, "auto_verified_attributes") @@ -344,11 +342,9 @@ def lambda_config(self, value: Optional[pulumi.Input['UserPoolLambdaConfigArgs'] @pulumi.getter(name="mfaConfiguration") def mfa_configuration(self) -> Optional[pulumi.Input[str]]: """ - The multi-factor authentication (MFA) configuration. Valid values include: + Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . - - `OFF` MFA won't be used for any users. - - `ON` MFA is required for all users to sign in. - - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. """ return pulumi.get(self, "mfa_configuration") @@ -362,7 +358,7 @@ def policies(self) -> Optional[pulumi.Input['UserPoolPoliciesArgs']]: """ A list of user pool policies. Contains the policy that sets password-complexity requirements. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . """ return pulumi.get(self, "policies") @@ -398,7 +394,7 @@ def sms_authentication_message(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="smsConfiguration") def sms_configuration(self) -> Optional[pulumi.Input['UserPoolSmsConfigurationArgs']]: """ - The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . """ return pulumi.get(self, "sms_configuration") @@ -436,7 +432,7 @@ def user_attribute_update_settings(self, value: Optional[pulumi.Input['UserPoolU @pulumi.getter(name="userPoolAddOns") def user_pool_add_ons(self) -> Optional[pulumi.Input['UserPoolAddOnsArgs']]: """ - User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . """ @@ -450,7 +446,7 @@ def user_pool_add_ons(self, value: Optional[pulumi.Input['UserPoolAddOnsArgs']]) @pulumi.getter(name="userPoolName") def user_pool_name(self) -> Optional[pulumi.Input[str]]: """ - A friendlhy name for your user pool. + A friendly name for your user pool. """ return pulumi.get(self, "user_pool_name") @@ -598,9 +594,9 @@ def __init__(__self__, :param pulumi.Input[Union['UserPoolAccountRecoverySettingArgs', 'UserPoolAccountRecoverySettingArgsDict']] account_recovery_setting: The available verified method a user can use to recover their password when they call `ForgotPassword` . You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn't qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email. :param pulumi.Input[Union['UserPoolAdminCreateUserConfigArgs', 'UserPoolAdminCreateUserConfigArgsDict']] admin_create_user_config: The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . - :param pulumi.Input[Sequence[pulumi.Input[str]]] alias_attributes: Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . - :param pulumi.Input[Sequence[pulumi.Input[str]]] auto_verified_attributes: The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . + :param pulumi.Input[Sequence[pulumi.Input[str]]] alias_attributes: Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + :param pulumi.Input[Sequence[pulumi.Input[str]]] auto_verified_attributes: The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . :param pulumi.Input[str] deletion_protection: When active, `DeletionProtection` prevents accidental deletion of your user pool. Before you can delete a user pool that you have protected against deletion, you must deactivate this feature. @@ -620,25 +616,23 @@ def __init__(__self__, Allowed values: `SMS_MFA` | `SOFTWARE_TOKEN_MFA` | `EMAIL_OTP` :param pulumi.Input[Union['UserPoolLambdaConfigArgs', 'UserPoolLambdaConfigArgsDict']] lambda_config: A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of authentication operations. Triggers can modify the outcome of the operations that invoked them. - :param pulumi.Input[str] mfa_configuration: The multi-factor authentication (MFA) configuration. Valid values include: + :param pulumi.Input[str] mfa_configuration: Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . - - `OFF` MFA won't be used for any users. - - `ON` MFA is required for all users to sign in. - - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. :param pulumi.Input[Union['UserPoolPoliciesArgs', 'UserPoolPoliciesArgsDict']] policies: A list of user pool policies. Contains the policy that sets password-complexity requirements. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . :param pulumi.Input[Sequence[pulumi.Input[Union['UserPoolSchemaAttributeArgs', 'UserPoolSchemaAttributeArgsDict']]]] schema: An array of attributes for the new user pool. You can add custom attributes and modify the properties of default attributes. The specifications in this parameter set the required attributes in your user pool. For more information, see [Working with user attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html) . :param pulumi.Input[str] sms_authentication_message: The contents of the SMS authentication message. - :param pulumi.Input[Union['UserPoolSmsConfigurationArgs', 'UserPoolSmsConfigurationArgsDict']] sms_configuration: The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + :param pulumi.Input[Union['UserPoolSmsConfigurationArgs', 'UserPoolSmsConfigurationArgsDict']] sms_configuration: The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . :param pulumi.Input[str] sms_verification_message: This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html) . :param pulumi.Input[Union['UserPoolUserAttributeUpdateSettingsArgs', 'UserPoolUserAttributeUpdateSettingsArgsDict']] user_attribute_update_settings: The settings for updates to user attributes. These settings include the property `AttributesRequireVerificationBeforeUpdate` , a user-pool setting that tells Amazon Cognito how to handle changes to the value of your users' email address and phone number attributes. For more information, see [Verifying updates to email addresses and phone numbers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html#user-pool-settings-verifications-verify-attribute-updates) . - :param pulumi.Input[Union['UserPoolAddOnsArgs', 'UserPoolAddOnsArgsDict']] user_pool_add_ons: User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + :param pulumi.Input[Union['UserPoolAddOnsArgs', 'UserPoolAddOnsArgsDict']] user_pool_add_ons: Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . - :param pulumi.Input[str] user_pool_name: A friendlhy name for your user pool. + :param pulumi.Input[str] user_pool_name: A friendly name for your user pool. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] user_pool_tags: The tag keys and values to assign to the user pool. A tag is a label that you can use to categorize and manage user pools in different ways, such as by purpose, owner, environment, or other criteria. :param pulumi.Input['UserPoolTier'] user_pool_tier: The user pool [feature plan](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html) , or tier. This parameter determines the eligibility of the user pool for features like managed login, access-token customization, and threat protection. Defaults to `ESSENTIALS` . :param pulumi.Input[Sequence[pulumi.Input[str]]] username_attributes: Specifies whether a user can use an email address or phone number as a username when they sign up. @@ -825,7 +819,7 @@ def admin_create_user_config(self) -> pulumi.Output[Optional['outputs.UserPoolAd """ The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . """ return pulumi.get(self, "admin_create_user_config") @@ -833,7 +827,7 @@ def admin_create_user_config(self) -> pulumi.Output[Optional['outputs.UserPoolAd @pulumi.getter(name="aliasAttributes") def alias_attributes(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* . For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . + Attributes supported as an alias for this user pool. For more information about alias attributes, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . """ return pulumi.get(self, "alias_attributes") @@ -849,7 +843,7 @@ def arn(self) -> pulumi.Output[str]: @pulumi.getter(name="autoVerifiedAttributes") def auto_verified_attributes(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - The attributes that you want your user pool to automatically verify. Possible values: *email* , *phone_number* . For more information see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . + The attributes that you want your user pool to automatically verify. For more information, see [Verifying contact information at sign-up](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html#allowing-users-to-sign-up-and-confirm-themselves) . """ return pulumi.get(self, "auto_verified_attributes") @@ -935,11 +929,9 @@ def lambda_config(self) -> pulumi.Output[Optional['outputs.UserPoolLambdaConfig' @pulumi.getter(name="mfaConfiguration") def mfa_configuration(self) -> pulumi.Output[Optional[str]]: """ - The multi-factor authentication (MFA) configuration. Valid values include: + Displays the state of multi-factor authentication (MFA) as on, off, or optional. When `ON` , all users must set up MFA before they can sign in. When `OPTIONAL` , your application must make a client-side determination of whether a user wants to register an MFA device. For user pools with adaptive authentication with threat protection, choose `OPTIONAL` . - - `OFF` MFA won't be used for any users. - - `ON` MFA is required for all users to sign in. - - `OPTIONAL` MFA will be required only for individual users who have an MFA factor activated. + When `MfaConfiguration` is `OPTIONAL` , managed login doesn't automatically prompt users to set up MFA. Amazon Cognito generates MFA prompts in API responses and in managed login for users who have chosen and configured a preferred MFA factor. """ return pulumi.get(self, "mfa_configuration") @@ -949,7 +941,7 @@ def policies(self) -> pulumi.Output[Optional['outputs.UserPoolPolicies']]: """ A list of user pool policies. Contains the policy that sets password-complexity requirements. - This data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) . + This data type is a request and response parameter of `API_CreateUserPool` and `API_UpdateUserPool` , and a response parameter of `API_DescribeUserPool` . """ return pulumi.get(self, "policies") @@ -989,7 +981,7 @@ def sms_authentication_message(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="smsConfiguration") def sms_configuration(self) -> pulumi.Output[Optional['outputs.UserPoolSmsConfiguration']]: """ - The SMS configuration with the settings that your Amazon Cognito user pool must use to send an SMS message from your AWS account through Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . + The settings for your Amazon Cognito user pool to send SMS messages with Amazon Simple Notification Service. To send SMS messages with Amazon SNS in the AWS Region that you want, the Amazon Cognito user pool uses an AWS Identity and Access Management (IAM) role in your AWS account . For more information see [SMS message settings](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html) . """ return pulumi.get(self, "sms_configuration") @@ -1015,7 +1007,7 @@ def user_attribute_update_settings(self) -> pulumi.Output[Optional['outputs.User @pulumi.getter(name="userPoolAddOns") def user_pool_add_ons(self) -> pulumi.Output[Optional['outputs.UserPoolAddOns']]: """ - User pool add-ons. Contains settings for activation of threat protection. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to risky traffic to your user pool, set to `ENFORCED` . + Contains settings for activation of threat protection, including the operating mode and additional authentication types. To log user security information but take no action, set to `AUDIT` . To configure automatic security responses to potentially unwanted traffic to your user pool, set to `ENFORCED` . For more information, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-advanced-security.html) . To activate this setting, your user pool must be on the [Plus tier](https://docs.aws.amazon.com/cognito/latest/developerguide/feature-plans-features-plus.html) . """ @@ -1033,7 +1025,7 @@ def user_pool_id(self) -> pulumi.Output[str]: @pulumi.getter(name="userPoolName") def user_pool_name(self) -> pulumi.Output[Optional[str]]: """ - A friendlhy name for your user pool. + A friendly name for your user pool. """ return pulumi.get(self, "user_pool_name") diff --git a/sdk/python/pulumi_aws_native/cognito/user_pool_client.py b/sdk/python/pulumi_aws_native/cognito/user_pool_client.py index 921e23e8bf..3377b8f59d 100644 --- a/sdk/python/pulumi_aws_native/cognito/user_pool_client.py +++ b/sdk/python/pulumi_aws_native/cognito/user_pool_client.py @@ -55,29 +55,29 @@ def __init__(__self__, *, If you don't specify otherwise in the configuration of your app client, your access tokens are valid for one hour. - :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_o_auth_flows: The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_o_auth_flows: The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. - :param pulumi.Input[bool] allowed_o_auth_flows_user_pool_client: Set to `true` to use OAuth 2.0 features in your user pool app client. + - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. + :param pulumi.Input[bool] allowed_o_auth_flows_user_pool_client: Set to `true` to use OAuth 2.0 authorization server features in your app client. - `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + This parameter must have a value of `true` before you can configure the following features in your app client. - `CallBackURLs` : Callback URLs. - `LogoutURLs` : Sign-out redirect URLs. - `AllowedOAuthScopes` : OAuth 2.0 scopes. - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. - To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . - :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_o_auth_scopes: The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_o_auth_scopes: The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. :param pulumi.Input['UserPoolClientAnalyticsConfigurationArgs'] analytics_configuration: The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign. In AWS Regions where Amazon Pinpoint isn't available, user pools might not have access to analytics or might be configurable with campaigns in the US East (N. Virginia) Region. For more information, see [Using Amazon Pinpoint analytics](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html) . :param pulumi.Input[int] auth_session_validity: Amazon Cognito creates a session token for each API request in an authentication flow. `AuthSessionValidity` is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. - :param pulumi.Input[Sequence[pulumi.Input[str]]] callback_urls: A list of allowed redirect (callback) URLs for the IdPs. + :param pulumi.Input[Sequence[pulumi.Input[str]]] callback_urls: A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. - A redirect URI must: + A redirect URI must meet the following requirements: - Be an absolute URI. - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -90,15 +90,17 @@ def __init__(__self__, *, App callback URLs such as myapp://example are also supported. :param pulumi.Input[str] client_name: A friendly name for the app client that you want to create. :param pulumi.Input[str] default_redirect_uri: The default redirect URI. In app clients with one assigned IdP, replaces `redirect_uri` in authentication requests. Must be in the `CallbackURLs` list. - :param pulumi.Input[bool] enable_propagate_additional_user_context_data: Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. - :param pulumi.Input[bool] enable_token_revocation: Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + :param pulumi.Input[bool] enable_propagate_additional_user_context_data: When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + :param pulumi.Input[bool] enable_token_revocation: Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + + Revoke tokens with `API_RevokeToken` . If you don't include this parameter, token revocation is automatically activated for the new user pool client. - :param pulumi.Input[Sequence[pulumi.Input[str]]] explicit_auth_flows: The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + :param pulumi.Input[Sequence[pulumi.Input[str]]] explicit_auth_flows: The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. - > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . - Valid values include: + The values for authentication flow options include the following. - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . @@ -111,7 +113,7 @@ def __init__(__self__, *, In some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` , like `ALLOW_USER_SRP_AUTH` . - :param pulumi.Input[bool] generate_secret: When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . + :param pulumi.Input[bool] generate_secret: When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . :param pulumi.Input[int] id_token_validity: The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for `IdTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request. For example, when you set `IdTokenValidity` as `10` and `TokenValidityUnits` as `hours` , your user can authenticate their session with their ID token for 10 hours. @@ -120,7 +122,7 @@ def __init__(__self__, *, If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one hour. - :param pulumi.Input[Sequence[pulumi.Input[str]]] logout_urls: A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + :param pulumi.Input[Sequence[pulumi.Input[str]]] logout_urls: A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . :param pulumi.Input[str] prevent_user_existence_errors: Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to `ENABLED` and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs return a `UserNotFoundException` exception if the user doesn't exist in the user pool. Valid values include: @@ -129,9 +131,11 @@ def __init__(__self__, *, - `LEGACY` - This represents the early behavior of Amazon Cognito where user existence related errors aren't prevented. Defaults to `LEGACY` when you don't provide a value. - :param pulumi.Input[Sequence[pulumi.Input[str]]] read_attributes: The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + :param pulumi.Input[Sequence[pulumi.Input[str]]] read_attributes: The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. - When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + + When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. :param pulumi.Input[int] refresh_token_validity: The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for `RefreshTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request. For example, when you set `RefreshTokenValidity` as `10` and `TokenValidityUnits` as `days` , your user can refresh their session @@ -143,9 +147,11 @@ def __init__(__self__, *, tokens are valid for 30 days. :param pulumi.Input[Sequence[pulumi.Input[str]]] supported_identity_providers: A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . - This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . :param pulumi.Input['UserPoolClientTokenValidityUnitsArgs'] token_validity_units: The units that validity times are represented in. The default unit for refresh tokens is days, and the default for ID and access tokens are hours. - :param pulumi.Input[Sequence[pulumi.Input[str]]] write_attributes: The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + :param pulumi.Input[Sequence[pulumi.Input[str]]] write_attributes: The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + + An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. @@ -231,11 +237,11 @@ def access_token_validity(self, value: Optional[pulumi.Input[int]]): @pulumi.getter(name="allowedOAuthFlows") def allowed_o_auth_flows(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. + - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. """ return pulumi.get(self, "allowed_o_auth_flows") @@ -247,16 +253,16 @@ def allowed_o_auth_flows(self, value: Optional[pulumi.Input[Sequence[pulumi.Inpu @pulumi.getter(name="allowedOAuthFlowsUserPoolClient") def allowed_o_auth_flows_user_pool_client(self) -> Optional[pulumi.Input[bool]]: """ - Set to `true` to use OAuth 2.0 features in your user pool app client. + Set to `true` to use OAuth 2.0 authorization server features in your app client. - `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + This parameter must have a value of `true` before you can configure the following features in your app client. - `CallBackURLs` : Callback URLs. - `LogoutURLs` : Sign-out redirect URLs. - `AllowedOAuthScopes` : OAuth 2.0 scopes. - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. - To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . + To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. """ return pulumi.get(self, "allowed_o_auth_flows_user_pool_client") @@ -268,7 +274,7 @@ def allowed_o_auth_flows_user_pool_client(self, value: Optional[pulumi.Input[boo @pulumi.getter(name="allowedOAuthScopes") def allowed_o_auth_scopes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. """ return pulumi.get(self, "allowed_o_auth_scopes") @@ -306,9 +312,9 @@ def auth_session_validity(self, value: Optional[pulumi.Input[int]]): @pulumi.getter(name="callbackUrls") def callback_urls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - A list of allowed redirect (callback) URLs for the IdPs. + A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. - A redirect URI must: + A redirect URI must meet the following requirements: - Be an absolute URI. - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -354,7 +360,7 @@ def default_redirect_uri(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="enablePropagateAdditionalUserContextData") def enable_propagate_additional_user_context_data(self) -> Optional[pulumi.Input[bool]]: """ - Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. """ return pulumi.get(self, "enable_propagate_additional_user_context_data") @@ -366,7 +372,9 @@ def enable_propagate_additional_user_context_data(self, value: Optional[pulumi.I @pulumi.getter(name="enableTokenRevocation") def enable_token_revocation(self) -> Optional[pulumi.Input[bool]]: """ - Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + + Revoke tokens with `API_RevokeToken` . If you don't include this parameter, token revocation is automatically activated for the new user pool client. """ @@ -380,11 +388,11 @@ def enable_token_revocation(self, value: Optional[pulumi.Input[bool]]): @pulumi.getter(name="explicitAuthFlows") def explicit_auth_flows(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. - > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . - Valid values include: + The values for authentication flow options include the following. - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . @@ -408,7 +416,7 @@ def explicit_auth_flows(self, value: Optional[pulumi.Input[Sequence[pulumi.Input @pulumi.getter(name="generateSecret") def generate_secret(self) -> Optional[pulumi.Input[bool]]: """ - When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . + When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . """ return pulumi.get(self, "generate_secret") @@ -439,7 +447,7 @@ def id_token_validity(self, value: Optional[pulumi.Input[int]]): @pulumi.getter(name="logoutUrls") def logout_urls(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . """ return pulumi.get(self, "logout_urls") @@ -470,9 +478,11 @@ def prevent_user_existence_errors(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="readAttributes") def read_attributes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. - When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + + When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. """ return pulumi.get(self, "read_attributes") @@ -506,7 +516,7 @@ def supported_identity_providers(self) -> Optional[pulumi.Input[Sequence[pulumi. """ A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . - This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . """ return pulumi.get(self, "supported_identity_providers") @@ -530,7 +540,9 @@ def token_validity_units(self, value: Optional[pulumi.Input['UserPoolClientToken @pulumi.getter(name="writeAttributes") def write_attributes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + + An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. @@ -585,29 +597,29 @@ def __init__(__self__, If you don't specify otherwise in the configuration of your app client, your access tokens are valid for one hour. - :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_o_auth_flows: The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_o_auth_flows: The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. - :param pulumi.Input[bool] allowed_o_auth_flows_user_pool_client: Set to `true` to use OAuth 2.0 features in your user pool app client. + - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. + :param pulumi.Input[bool] allowed_o_auth_flows_user_pool_client: Set to `true` to use OAuth 2.0 authorization server features in your app client. - `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + This parameter must have a value of `true` before you can configure the following features in your app client. - `CallBackURLs` : Callback URLs. - `LogoutURLs` : Sign-out redirect URLs. - `AllowedOAuthScopes` : OAuth 2.0 scopes. - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. - To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . - :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_o_auth_scopes: The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. + :param pulumi.Input[Sequence[pulumi.Input[str]]] allowed_o_auth_scopes: The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. :param pulumi.Input[Union['UserPoolClientAnalyticsConfigurationArgs', 'UserPoolClientAnalyticsConfigurationArgsDict']] analytics_configuration: The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign. In AWS Regions where Amazon Pinpoint isn't available, user pools might not have access to analytics or might be configurable with campaigns in the US East (N. Virginia) Region. For more information, see [Using Amazon Pinpoint analytics](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html) . :param pulumi.Input[int] auth_session_validity: Amazon Cognito creates a session token for each API request in an authentication flow. `AuthSessionValidity` is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. - :param pulumi.Input[Sequence[pulumi.Input[str]]] callback_urls: A list of allowed redirect (callback) URLs for the IdPs. + :param pulumi.Input[Sequence[pulumi.Input[str]]] callback_urls: A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. - A redirect URI must: + A redirect URI must meet the following requirements: - Be an absolute URI. - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -620,15 +632,17 @@ def __init__(__self__, App callback URLs such as myapp://example are also supported. :param pulumi.Input[str] client_name: A friendly name for the app client that you want to create. :param pulumi.Input[str] default_redirect_uri: The default redirect URI. In app clients with one assigned IdP, replaces `redirect_uri` in authentication requests. Must be in the `CallbackURLs` list. - :param pulumi.Input[bool] enable_propagate_additional_user_context_data: Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. - :param pulumi.Input[bool] enable_token_revocation: Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + :param pulumi.Input[bool] enable_propagate_additional_user_context_data: When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + :param pulumi.Input[bool] enable_token_revocation: Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + + Revoke tokens with `API_RevokeToken` . If you don't include this parameter, token revocation is automatically activated for the new user pool client. - :param pulumi.Input[Sequence[pulumi.Input[str]]] explicit_auth_flows: The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + :param pulumi.Input[Sequence[pulumi.Input[str]]] explicit_auth_flows: The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. - > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . - Valid values include: + The values for authentication flow options include the following. - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . @@ -641,7 +655,7 @@ def __init__(__self__, In some environments, you will see the values `ADMIN_NO_SRP_AUTH` , `CUSTOM_AUTH_FLOW_ONLY` , or `USER_PASSWORD_AUTH` . You can't assign these legacy `ExplicitAuthFlows` values to user pool clients at the same time as values that begin with `ALLOW_` , like `ALLOW_USER_SRP_AUTH` . - :param pulumi.Input[bool] generate_secret: When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . + :param pulumi.Input[bool] generate_secret: When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . :param pulumi.Input[int] id_token_validity: The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for `IdTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request. For example, when you set `IdTokenValidity` as `10` and `TokenValidityUnits` as `hours` , your user can authenticate their session with their ID token for 10 hours. @@ -650,7 +664,7 @@ def __init__(__self__, If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one hour. - :param pulumi.Input[Sequence[pulumi.Input[str]]] logout_urls: A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + :param pulumi.Input[Sequence[pulumi.Input[str]]] logout_urls: A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . :param pulumi.Input[str] prevent_user_existence_errors: Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to `ENABLED` and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs return a `UserNotFoundException` exception if the user doesn't exist in the user pool. Valid values include: @@ -659,9 +673,11 @@ def __init__(__self__, - `LEGACY` - This represents the early behavior of Amazon Cognito where user existence related errors aren't prevented. Defaults to `LEGACY` when you don't provide a value. - :param pulumi.Input[Sequence[pulumi.Input[str]]] read_attributes: The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + :param pulumi.Input[Sequence[pulumi.Input[str]]] read_attributes: The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. - When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + + When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. :param pulumi.Input[int] refresh_token_validity: The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for `RefreshTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request. For example, when you set `RefreshTokenValidity` as `10` and `TokenValidityUnits` as `days` , your user can refresh their session @@ -673,10 +689,12 @@ def __init__(__self__, tokens are valid for 30 days. :param pulumi.Input[Sequence[pulumi.Input[str]]] supported_identity_providers: A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . - This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . :param pulumi.Input[Union['UserPoolClientTokenValidityUnitsArgs', 'UserPoolClientTokenValidityUnitsArgsDict']] token_validity_units: The units that validity times are represented in. The default unit for refresh tokens is days, and the default for ID and access tokens are hours. :param pulumi.Input[str] user_pool_id: The ID of the user pool where you want to create an app client. - :param pulumi.Input[Sequence[pulumi.Input[str]]] write_attributes: The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + :param pulumi.Input[Sequence[pulumi.Input[str]]] write_attributes: The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + + An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. @@ -835,11 +853,11 @@ def access_token_validity(self) -> pulumi.Output[Optional[int]]: @pulumi.getter(name="allowedOAuthFlows") def allowed_o_auth_flows(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - The OAuth grant types that you want your app client to generate. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. + The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add `client_credentials` as the only allowed OAuth flow. - **code** - Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the `/oauth2/token` endpoint. - - **implicit** - Issue the access token (and, optionally, ID token, based on scopes) directly to your user. - - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user using a combination of the client ID and client secret. + - **implicit** - Issue the access token, and the ID token when scopes like `openid` and `profile` are requested, directly to your user. + - **client_credentials** - Issue the access token from the `/oauth2/token` endpoint directly to a non-person user, authorized by a combination of the client ID and client secret. """ return pulumi.get(self, "allowed_o_auth_flows") @@ -847,16 +865,16 @@ def allowed_o_auth_flows(self) -> pulumi.Output[Optional[Sequence[str]]]: @pulumi.getter(name="allowedOAuthFlowsUserPoolClient") def allowed_o_auth_flows_user_pool_client(self) -> pulumi.Output[Optional[bool]]: """ - Set to `true` to use OAuth 2.0 features in your user pool app client. + Set to `true` to use OAuth 2.0 authorization server features in your app client. - `AllowedOAuthFlowsUserPoolClient` must be `true` before you can configure the following features in your app client. + This parameter must have a value of `true` before you can configure the following features in your app client. - `CallBackURLs` : Callback URLs. - `LogoutURLs` : Sign-out redirect URLs. - `AllowedOAuthScopes` : OAuth 2.0 scopes. - `AllowedOAuthFlows` : Support for authorization code, implicit, and client credentials OAuth 2.0 grants. - To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . + To use authorization server features, configure one of these features in the Amazon Cognito console or set `AllowedOAuthFlowsUserPoolClient` to `true` in a `CreateUserPoolClient` or `UpdateUserPoolClient` API request. If you don't set a value for `AllowedOAuthFlowsUserPoolClient` in a request with the AWS CLI or SDKs, it defaults to `false` . When `false` , only SDK-based API sign-in is permitted. """ return pulumi.get(self, "allowed_o_auth_flows_user_pool_client") @@ -864,7 +882,7 @@ def allowed_o_auth_flows_user_pool_client(self) -> pulumi.Output[Optional[bool]] @pulumi.getter(name="allowedOAuthScopes") def allowed_o_auth_scopes(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - The OAuth 2.0 scopes that you want to permit your app client to authorize. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Possible values provided by OAuth are `phone` , `email` , `openid` , and `profile` . Possible values provided by AWS are `aws.cognito.signin.user.admin` . Custom scopes created in Resource Servers are also supported. + The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the `userInfo` endpoint, and third-party APIs. Scope values include `phone` , `email` , `openid` , and `profile` . The `aws.cognito.signin.user.admin` scope authorizes user self-service operations. Custom scopes with resource servers authorize access to external APIs. """ return pulumi.get(self, "allowed_o_auth_scopes") @@ -890,9 +908,9 @@ def auth_session_validity(self) -> pulumi.Output[Optional[int]]: @pulumi.getter(name="callbackUrls") def callback_urls(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - A list of allowed redirect (callback) URLs for the IdPs. + A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. - A redirect URI must: + A redirect URI must meet the following requirements: - Be an absolute URI. - Be registered with the authorization server. Amazon Cognito doesn't accept authorization requests with `redirect_uri` values that aren't in the list of `CallbackURLs` that you provide in this parameter. @@ -939,7 +957,7 @@ def default_redirect_uri(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="enablePropagateAdditionalUserContextData") def enable_propagate_additional_user_context_data(self) -> pulumi.Output[Optional[bool]]: """ - Activates the propagation of additional user context data. For more information about propagation of user context data, see [Adding advanced security to a user pool](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-threat-protection.html) . If you don’t include this parameter, you can't send device fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. + When `true` , your application can include additional `UserContextData` in authentication requests. This data includes the IP address, and contributes to analysis by threat protection features. For more information about propagation of user context data, see [Adding session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) . If you don’t include this parameter, you can't send the source IP address to Amazon Cognito threat protection features. You can only activate `EnablePropagateAdditionalUserContextData` in an app client that has a client secret. """ return pulumi.get(self, "enable_propagate_additional_user_context_data") @@ -947,7 +965,9 @@ def enable_propagate_additional_user_context_data(self) -> pulumi.Output[Optiona @pulumi.getter(name="enableTokenRevocation") def enable_token_revocation(self) -> pulumi.Output[Optional[bool]]: """ - Activates or deactivates token revocation. For more information about revoking tokens, see [RevokeToken](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_RevokeToken.html) . + Activates or deactivates [token revocation](https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html) in the target app client. + + Revoke tokens with `API_RevokeToken` . If you don't include this parameter, token revocation is automatically activated for the new user pool client. """ @@ -957,11 +977,11 @@ def enable_token_revocation(self) -> pulumi.Output[Optional[bool]]: @pulumi.getter(name="explicitAuthFlows") def explicit_auth_flows(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. + The [authentication flows](https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html) that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. - > If you don't specify a value for `ExplicitAuthFlows` , your user client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . + > If you don't specify a value for `ExplicitAuthFlows` , your app client supports `ALLOW_REFRESH_TOKEN_AUTH` , `ALLOW_USER_SRP_AUTH` , and `ALLOW_CUSTOM_AUTH` . - Valid values include: + The values for authentication flow options include the following. - `ALLOW_USER_AUTH` : Enable selection-based sign-in with `USER_AUTH` . This setting covers username-password, secure remote password (SRP), passwordless, and passkey authentication. This authentiation flow can do username-password and SRP authentication without other `ExplicitAuthFlows` permitting them. For example users can complete an SRP challenge through `USER_AUTH` without the flow `USER_SRP_AUTH` being active for the app client. This flow doesn't include `CUSTOM_AUTH` . @@ -981,7 +1001,7 @@ def explicit_auth_flows(self) -> pulumi.Output[Optional[Sequence[str]]]: @pulumi.getter(name="generateSecret") def generate_secret(self) -> pulumi.Output[Optional[bool]]: """ - When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . + When `true` , generates a client secret for the app client. Client secrets are used with server-side and machine-to-machine applications. Client secrets are automatically generated; you can't specify a secret value. For more information, see [App client types](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html#user-pool-settings-client-app-client-types) . """ return pulumi.get(self, "generate_secret") @@ -1004,7 +1024,7 @@ def id_token_validity(self) -> pulumi.Output[Optional[int]]: @pulumi.getter(name="logoutUrls") def logout_urls(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - A list of allowed logout URLs for managed login authentication. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . + A list of allowed logout URLs for managed login authentication. When you pass `logout_uri` and `client_id` parameters to `/logout` , Amazon Cognito signs out your user and redirects them to the logout URL. This parameter describes the URLs that you want to be the permitted targets of `logout_uri` . A typical use of these URLs is when a user selects "Sign out" and you redirect them to your public homepage. For more information, see [Logout endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html) . """ return pulumi.get(self, "logout_urls") @@ -1032,9 +1052,11 @@ def prevent_user_existence_errors(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="readAttributes") def read_attributes(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data. + The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. - When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. + An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a `API_GetUser` API request to retrieve and display your user's profile data. + + When you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes. """ return pulumi.get(self, "read_attributes") @@ -1060,7 +1082,7 @@ def supported_identity_providers(self) -> pulumi.Output[Optional[Sequence[str]]] """ A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: `COGNITO` , `Facebook` , `Google` , `SignInWithApple` , and `LoginWithAmazon` . You can also specify the names that you configured for the SAML and OIDC IdPs in your user pool, for example `MySAMLIdP` or `MyOIDCIdP` . - This setting applies to providers that you can access with [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent API-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . + This parameter sets the IdPs that [managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) will display on the login page for your app client. The removal of `COGNITO` from this list doesn't prevent authentication operations for local users with the user pools API in an AWS SDK. The only way to prevent SDK-based authentication is to block access with a [AWS WAF rule](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-waf.html) . """ return pulumi.get(self, "supported_identity_providers") @@ -1084,7 +1106,9 @@ def user_pool_id(self) -> pulumi.Output[str]: @pulumi.getter(name="writeAttributes") def write_attributes(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an [UpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserAttributes.html) API request and sets `family_name` to the new value. + The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. + + An example of this kind of activity is when you present your user with a form to update their profile information and they change their last name. Your app then makes an `API_UpdateUserAttributes` API request and sets `family_name` to the new value. When you don't specify the `WriteAttributes` for your app client, your app can write the values of the Standard attributes of your user pool. When your user pool has write access to these default attributes, `WriteAttributes` doesn't return any information. Amazon Cognito only populates `WriteAttributes` in the API response if you have specified your own custom set of write attributes. diff --git a/sdk/python/pulumi_aws_native/cognito/user_pool_domain.py b/sdk/python/pulumi_aws_native/cognito/user_pool_domain.py index 78e44d75a8..4460a5fa0c 100644 --- a/sdk/python/pulumi_aws_native/cognito/user_pool_domain.py +++ b/sdk/python/pulumi_aws_native/cognito/user_pool_domain.py @@ -27,13 +27,13 @@ def __init__(__self__, *, managed_login_version: Optional[pulumi.Input[int]] = None): """ The set of arguments for constructing a UserPoolDomain resource. - :param pulumi.Input[str] domain: The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` . + :param pulumi.Input[str] domain: The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` . + :param pulumi.Input[str] user_pool_id: The ID of the user pool that is associated with the domain you're updating. + :param pulumi.Input['UserPoolDomainCustomDomainConfigTypeArgs'] custom_domain_config: The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . - This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names. - :param pulumi.Input[str] user_pool_id: The ID of the user pool that is associated with the custom domain whose certificate you're updating. - :param pulumi.Input['UserPoolDomainCustomDomainConfigTypeArgs'] custom_domain_config: The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. - When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. + Update the RP ID in a `API_SetUserPoolMfaConfig` request. :param pulumi.Input[int] managed_login_version: A version number that indicates the state of managed login for your domain. Version `1` is hosted UI (classic). Version `2` is the newer managed login with the branding designer. For more information, see [Managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . """ pulumi.set(__self__, "domain", domain) @@ -47,9 +47,7 @@ def __init__(__self__, *, @pulumi.getter def domain(self) -> pulumi.Input[str]: """ - The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` . - - This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names. + The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` . """ return pulumi.get(self, "domain") @@ -61,7 +59,7 @@ def domain(self, value: pulumi.Input[str]): @pulumi.getter(name="userPoolId") def user_pool_id(self) -> pulumi.Input[str]: """ - The ID of the user pool that is associated with the custom domain whose certificate you're updating. + The ID of the user pool that is associated with the domain you're updating. """ return pulumi.get(self, "user_pool_id") @@ -73,9 +71,11 @@ def user_pool_id(self, value: pulumi.Input[str]): @pulumi.getter(name="customDomainConfig") def custom_domain_config(self) -> Optional[pulumi.Input['UserPoolDomainCustomDomainConfigTypeArgs']]: """ - The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . + + When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. - When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. + Update the RP ID in a `API_SetUserPoolMfaConfig` request. """ return pulumi.get(self, "custom_domain_config") @@ -111,14 +111,14 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Union['UserPoolDomainCustomDomainConfigTypeArgs', 'UserPoolDomainCustomDomainConfigTypeArgsDict']] custom_domain_config: The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + :param pulumi.Input[Union['UserPoolDomainCustomDomainConfigTypeArgs', 'UserPoolDomainCustomDomainConfigTypeArgsDict']] custom_domain_config: The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . - When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. - :param pulumi.Input[str] domain: The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` . + When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. - This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names. + Update the RP ID in a `API_SetUserPoolMfaConfig` request. + :param pulumi.Input[str] domain: The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` . :param pulumi.Input[int] managed_login_version: A version number that indicates the state of managed login for your domain. Version `1` is hosted UI (classic). Version `2` is the newer managed login with the branding designer. For more information, see [Managed login](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html) . - :param pulumi.Input[str] user_pool_id: The ID of the user pool that is associated with the custom domain whose certificate you're updating. + :param pulumi.Input[str] user_pool_id: The ID of the user pool that is associated with the domain you're updating. """ ... @overload @@ -219,9 +219,11 @@ def cloud_front_distribution(self) -> pulumi.Output[str]: @pulumi.getter(name="customDomainConfig") def custom_domain_config(self) -> pulumi.Output[Optional['outputs.UserPoolDomainCustomDomainConfigType']]: """ - The configuration for a custom domain that hosts the sign-up and sign-in pages for your application. Use this object to specify an SSL certificate that is managed by ACM. + The configuration for a custom domain that hosts managed login for your application. In an `UpdateUserPoolDomain` request, this parameter specifies an SSL certificate for the managed login hosted webserver. The certificate must be an ACM ARN in `us-east-1` . - When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. Update the RP ID in a [SetUserPoolMfaConfig](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SetUserPoolMfaConfig.html) request. + When you create a custom domain, the passkey RP ID defaults to the custom domain. If you had a prefix domain active, this will cause passkey integration for your prefix domain to stop working due to a mismatch in RP ID. To keep the prefix domain passkey integration working, you can explicitly set RP ID to the prefix domain. + + Update the RP ID in a `API_SetUserPoolMfaConfig` request. """ return pulumi.get(self, "custom_domain_config") @@ -229,9 +231,7 @@ def custom_domain_config(self) -> pulumi.Output[Optional['outputs.UserPoolDomain @pulumi.getter def domain(self) -> pulumi.Output[str]: """ - The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` . - - This string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names. + The name of the domain that you want to update. For custom domains, this is the fully-qualified domain name, for example `auth.example.com` . For prefix domains, this is the prefix alone, such as `myprefix` . """ return pulumi.get(self, "domain") @@ -247,7 +247,7 @@ def managed_login_version(self) -> pulumi.Output[Optional[int]]: @pulumi.getter(name="userPoolId") def user_pool_id(self) -> pulumi.Output[str]: """ - The ID of the user pool that is associated with the custom domain whose certificate you're updating. + The ID of the user pool that is associated with the domain you're updating. """ return pulumi.get(self, "user_pool_id") diff --git a/sdk/python/pulumi_aws_native/cognito/user_pool_risk_configuration_attachment.py b/sdk/python/pulumi_aws_native/cognito/user_pool_risk_configuration_attachment.py index a289efbda0..238501c401 100644 --- a/sdk/python/pulumi_aws_native/cognito/user_pool_risk_configuration_attachment.py +++ b/sdk/python/pulumi_aws_native/cognito/user_pool_risk_configuration_attachment.py @@ -30,8 +30,8 @@ def __init__(__self__, *, The set of arguments for constructing a UserPoolRiskConfigurationAttachment resource. :param pulumi.Input[str] client_id: The app client where this configuration is applied. When this parameter isn't present, the risk configuration applies to all user pool app clients that don't have client-level settings. :param pulumi.Input[str] user_pool_id: The ID of the user pool that has the risk configuration applied. - :param pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgs'] account_takeover_risk_configuration: The settings for automated responses and notification templates for adaptive authentication with advanced security features. - :param pulumi.Input['UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationTypeArgs'] compromised_credentials_risk_configuration: Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + :param pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgs'] account_takeover_risk_configuration: The settings for automated responses and notification templates for adaptive authentication with threat protection. + :param pulumi.Input['UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationTypeArgs'] compromised_credentials_risk_configuration: Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. :param pulumi.Input['UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationTypeArgs'] risk_exception_configuration: Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges. """ pulumi.set(__self__, "client_id", client_id) @@ -71,7 +71,7 @@ def user_pool_id(self, value: pulumi.Input[str]): @pulumi.getter(name="accountTakeoverRiskConfiguration") def account_takeover_risk_configuration(self) -> Optional[pulumi.Input['UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgs']]: """ - The settings for automated responses and notification templates for adaptive authentication with advanced security features. + The settings for automated responses and notification templates for adaptive authentication with threat protection. """ return pulumi.get(self, "account_takeover_risk_configuration") @@ -83,7 +83,7 @@ def account_takeover_risk_configuration(self, value: Optional[pulumi.Input['User @pulumi.getter(name="compromisedCredentialsRiskConfiguration") def compromised_credentials_risk_configuration(self) -> Optional[pulumi.Input['UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationTypeArgs']]: """ - Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. """ return pulumi.get(self, "compromised_credentials_risk_configuration") @@ -120,9 +120,9 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[Union['UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgs', 'UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgsDict']] account_takeover_risk_configuration: The settings for automated responses and notification templates for adaptive authentication with advanced security features. + :param pulumi.Input[Union['UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgs', 'UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationTypeArgsDict']] account_takeover_risk_configuration: The settings for automated responses and notification templates for adaptive authentication with threat protection. :param pulumi.Input[str] client_id: The app client where this configuration is applied. When this parameter isn't present, the risk configuration applies to all user pool app clients that don't have client-level settings. - :param pulumi.Input[Union['UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationTypeArgs', 'UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationTypeArgsDict']] compromised_credentials_risk_configuration: Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + :param pulumi.Input[Union['UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationTypeArgs', 'UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationTypeArgsDict']] compromised_credentials_risk_configuration: Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. :param pulumi.Input[Union['UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationTypeArgs', 'UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationTypeArgsDict']] risk_exception_configuration: Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges. :param pulumi.Input[str] user_pool_id: The ID of the user pool that has the risk configuration applied. """ @@ -208,7 +208,7 @@ def get(resource_name: str, @pulumi.getter(name="accountTakeoverRiskConfiguration") def account_takeover_risk_configuration(self) -> pulumi.Output[Optional['outputs.UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType']]: """ - The settings for automated responses and notification templates for adaptive authentication with advanced security features. + The settings for automated responses and notification templates for adaptive authentication with threat protection. """ return pulumi.get(self, "account_takeover_risk_configuration") @@ -224,7 +224,7 @@ def client_id(self) -> pulumi.Output[str]: @pulumi.getter(name="compromisedCredentialsRiskConfiguration") def compromised_credentials_risk_configuration(self) -> pulumi.Output[Optional['outputs.UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType']]: """ - Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode. + Settings for compromised-credentials actions and authentication types with threat protection in full-function `ENFORCED` mode. """ return pulumi.get(self, "compromised_credentials_risk_configuration") diff --git a/sdk/python/pulumi_aws_native/cognito/user_pool_ui_customization_attachment.py b/sdk/python/pulumi_aws_native/cognito/user_pool_ui_customization_attachment.py index f07617d381..a69e24b56b 100644 --- a/sdk/python/pulumi_aws_native/cognito/user_pool_ui_customization_attachment.py +++ b/sdk/python/pulumi_aws_native/cognito/user_pool_ui_customization_attachment.py @@ -25,8 +25,8 @@ def __init__(__self__, *, """ The set of arguments for constructing a UserPoolUiCustomizationAttachment resource. :param pulumi.Input[str] client_id: The app client ID for your UI customization. When this value isn't present, the customization applies to all user pool app clients that don't have client-level settings.. - :param pulumi.Input[str] user_pool_id: The ID of the user pool. - :param pulumi.Input[str] css: The CSS values in the UI customization. + :param pulumi.Input[str] user_pool_id: The ID of the user pool where you want to apply branding to the classic hosted UI. + :param pulumi.Input[str] css: A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . """ pulumi.set(__self__, "client_id", client_id) pulumi.set(__self__, "user_pool_id", user_pool_id) @@ -49,7 +49,7 @@ def client_id(self, value: pulumi.Input[str]): @pulumi.getter(name="userPoolId") def user_pool_id(self) -> pulumi.Input[str]: """ - The ID of the user pool. + The ID of the user pool where you want to apply branding to the classic hosted UI. """ return pulumi.get(self, "user_pool_id") @@ -61,7 +61,7 @@ def user_pool_id(self, value: pulumi.Input[str]): @pulumi.getter def css(self) -> Optional[pulumi.Input[str]]: """ - The CSS values in the UI customization. + A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . """ return pulumi.get(self, "css") @@ -85,8 +85,8 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] client_id: The app client ID for your UI customization. When this value isn't present, the customization applies to all user pool app clients that don't have client-level settings.. - :param pulumi.Input[str] css: The CSS values in the UI customization. - :param pulumi.Input[str] user_pool_id: The ID of the user pool. + :param pulumi.Input[str] css: A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . + :param pulumi.Input[str] user_pool_id: The ID of the user pool where you want to apply branding to the classic hosted UI. """ ... @overload @@ -172,7 +172,7 @@ def client_id(self) -> pulumi.Output[str]: @pulumi.getter def css(self) -> pulumi.Output[Optional[str]]: """ - The CSS values in the UI customization. + A plaintext CSS file that contains the custom fields that you want to apply to your user pool or app client. To download a template, go to the Amazon Cognito console. Navigate to your user pool *App clients* tab, select *Login pages* , edit *Hosted UI (classic) style* , and select the link to `CSS template.css` . """ return pulumi.get(self, "css") @@ -180,7 +180,7 @@ def css(self) -> pulumi.Output[Optional[str]]: @pulumi.getter(name="userPoolId") def user_pool_id(self) -> pulumi.Output[str]: """ - The ID of the user pool. + The ID of the user pool where you want to apply branding to the classic hosted UI. """ return pulumi.get(self, "user_pool_id") diff --git a/sdk/python/pulumi_aws_native/cognito/user_pool_user.py b/sdk/python/pulumi_aws_native/cognito/user_pool_user.py index db7ef4cdb6..78fbc25d63 100644 --- a/sdk/python/pulumi_aws_native/cognito/user_pool_user.py +++ b/sdk/python/pulumi_aws_native/cognito/user_pool_user.py @@ -58,10 +58,12 @@ def __init__(__self__, *, You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` . - In your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) . + In your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply: - - *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `"EMAIL"` is specified in the `DesiredDeliveryMediums` parameter. - - *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `"SMS"` is specified in the `DesiredDeliveryMediums` parameter. + - **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter. + - **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter. + + You can also set attributes verified with `API_AdminUpdateUserAttributes` . :param pulumi.Input[str] username: The value that you want to set as the username sign-in attribute. The following conditions apply to the username parameter. - The username can't be a duplicate of another username in the same user pool. @@ -69,7 +71,7 @@ def __init__(__self__, *, - You can only provide a value if usernames are a valid sign-in attribute for your user pool. If your user pool only supports phone numbers or email addresses as sign-in attributes, Amazon Cognito automatically generates a username value. For more information, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . :param pulumi.Input[Sequence[pulumi.Input['UserPoolUserAttributeTypeArgs']]] validation_data: Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. - Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. + Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. For more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) . """ @@ -175,10 +177,12 @@ def user_attributes(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserPo You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` . - In your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) . + In your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply: + + - **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter. + - **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter. - - *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `"EMAIL"` is specified in the `DesiredDeliveryMediums` parameter. - - *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `"SMS"` is specified in the `DesiredDeliveryMediums` parameter. + You can also set attributes verified with `API_AdminUpdateUserAttributes` . """ return pulumi.get(self, "user_attributes") @@ -208,7 +212,7 @@ def validation_data(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['UserPo """ Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. - Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. + Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. For more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) . """ @@ -264,10 +268,12 @@ def __init__(__self__, You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` . - In your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) . + In your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply: - - *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `"EMAIL"` is specified in the `DesiredDeliveryMediums` parameter. - - *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `"SMS"` is specified in the `DesiredDeliveryMediums` parameter. + - **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter. + - **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter. + + You can also set attributes verified with `API_AdminUpdateUserAttributes` . :param pulumi.Input[str] user_pool_id: The ID of the user pool where you want to create a user. :param pulumi.Input[str] username: The value that you want to set as the username sign-in attribute. The following conditions apply to the username parameter. @@ -276,7 +282,7 @@ def __init__(__self__, - You can only provide a value if usernames are a valid sign-in attribute for your user pool. If your user pool only supports phone numbers or email addresses as sign-in attributes, Amazon Cognito automatically generates a username value. For more information, see [Customizing sign-in attributes](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases) . :param pulumi.Input[Sequence[pulumi.Input[Union['UserPoolUserAttributeTypeArgs', 'UserPoolUserAttributeTypeArgsDict']]]] validation_data: Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. - Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. + Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. For more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) . """ @@ -423,10 +429,12 @@ def user_attributes(self) -> pulumi.Output[Optional[Sequence['outputs.UserPoolUs You must also provide an email address or phone number when you expect the user to do passwordless sign-in with an email or SMS OTP. These attributes must be provided when passwordless options are the only available, or when you don't submit a `TemporaryPassword` . - In your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) . + In your `AdminCreateUser` request, you can set the `email_verified` and `phone_number_verified` attributes to `true` . The following conditions apply: + + - **email** - The email address where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `email_verified` to `true` , or if you set `EMAIL` in the `DesiredDeliveryMediums` parameter. + - **phone_number** - The phone number where you want the user to receive their confirmation code and username. You must provide a value for the `email` when you want to set `phone_number` to `true` , or if you set `SMS` in the `DesiredDeliveryMediums` parameter. - - *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `"EMAIL"` is specified in the `DesiredDeliveryMediums` parameter. - - *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `"SMS"` is specified in the `DesiredDeliveryMediums` parameter. + You can also set attributes verified with `API_AdminUpdateUserAttributes` . """ return pulumi.get(self, "user_attributes") @@ -456,7 +464,7 @@ def validation_data(self) -> pulumi.Output[Optional[Sequence['outputs.UserPoolUs """ Temporary user attributes that contribute to the outcomes of your pre sign-up Lambda trigger. This set of key-value pairs are for custom validation of information that you collect from your users but don't need to retain. - Your Lambda function can analyze this additional data and act on it. Your function might perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. Validation data might also affect the response that your function returns to Amazon Cognito, like automatically confirming the user if they sign up from within your network. + Your Lambda function can analyze this additional data and act on it. Your function can automatically confirm and verify select users or perform external API operations like logging user attributes and validation data to Amazon CloudWatch Logs. For more information about the pre sign-up Lambda trigger, see [Pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) . """ diff --git a/sdk/python/pulumi_aws_native/customerprofiles/__init__.py b/sdk/python/pulumi_aws_native/customerprofiles/__init__.py index 3c4d1f18a4..7710f3d321 100644 --- a/sdk/python/pulumi_aws_native/customerprofiles/__init__.py +++ b/sdk/python/pulumi_aws_native/customerprofiles/__init__.py @@ -9,9 +9,11 @@ from .calculated_attribute_definition import * from .domain import * from .event_stream import * +from .event_trigger import * from .get_calculated_attribute_definition import * from .get_domain import * from .get_event_stream import * +from .get_event_trigger import * from .get_integration import * from .get_object_type import * from .get_segment_definition import * diff --git a/sdk/python/pulumi_aws_native/customerprofiles/_enums.py b/sdk/python/pulumi_aws_native/customerprofiles/_enums.py index d7aff22882..166bd7009f 100644 --- a/sdk/python/pulumi_aws_native/customerprofiles/_enums.py +++ b/sdk/python/pulumi_aws_native/customerprofiles/_enums.py @@ -14,6 +14,9 @@ 'DomainRuleBasedMatchingStatus', 'EventStreamState', 'EventStreamStatus', + 'EventTriggerLogicalOperator', + 'EventTriggerObjectAttributeComparisonOperator', + 'EventTriggerPeriodUnit', 'IntegrationConnectorType', 'IntegrationMarketoConnectorOperator', 'IntegrationOperatorPropertiesKeys', @@ -119,6 +122,46 @@ class EventStreamStatus(str, Enum): UNHEALTHY = "UNHEALTHY" +class EventTriggerLogicalOperator(str, Enum): + """ + The operator used to combine multiple dimensions. + """ + ANY = "ANY" + ALL = "ALL" + NONE = "NONE" + + +class EventTriggerObjectAttributeComparisonOperator(str, Enum): + """ + The operator used to compare an attribute against a list of values. + """ + INCLUSIVE = "INCLUSIVE" + EXCLUSIVE = "EXCLUSIVE" + CONTAINS = "CONTAINS" + BEGINS_WITH = "BEGINS_WITH" + ENDS_WITH = "ENDS_WITH" + GREATER_THAN = "GREATER_THAN" + LESS_THAN = "LESS_THAN" + GREATER_THAN_OR_EQUAL = "GREATER_THAN_OR_EQUAL" + LESS_THAN_OR_EQUAL = "LESS_THAN_OR_EQUAL" + EQUAL = "EQUAL" + BEFORE = "BEFORE" + AFTER = "AFTER" + ON = "ON" + BETWEEN = "BETWEEN" + NOT_BETWEEN = "NOT_BETWEEN" + + +class EventTriggerPeriodUnit(str, Enum): + """ + The unit of time. + """ + HOURS = "HOURS" + DAYS = "DAYS" + WEEKS = "WEEKS" + MONTHS = "MONTHS" + + class IntegrationConnectorType(str, Enum): SALESFORCE = "Salesforce" MARKETO = "Marketo" diff --git a/sdk/python/pulumi_aws_native/customerprofiles/_inputs.py b/sdk/python/pulumi_aws_native/customerprofiles/_inputs.py index 61a2e8eff3..abc205bd35 100644 --- a/sdk/python/pulumi_aws_native/customerprofiles/_inputs.py +++ b/sdk/python/pulumi_aws_native/customerprofiles/_inputs.py @@ -46,6 +46,16 @@ 'DomainRuleBasedMatchingArgsDict', 'DomainS3ExportingConfigArgs', 'DomainS3ExportingConfigArgsDict', + 'EventTriggerConditionArgs', + 'EventTriggerConditionArgsDict', + 'EventTriggerDimensionArgs', + 'EventTriggerDimensionArgsDict', + 'EventTriggerLimitsArgs', + 'EventTriggerLimitsArgsDict', + 'EventTriggerObjectAttributeArgs', + 'EventTriggerObjectAttributeArgsDict', + 'EventTriggerPeriodArgs', + 'EventTriggerPeriodArgsDict', 'IntegrationConnectorOperatorArgs', 'IntegrationConnectorOperatorArgsDict', 'IntegrationFlowDefinitionArgs', @@ -1107,6 +1117,304 @@ def s3_key_name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "s3_key_name", value) +if not MYPY: + class EventTriggerConditionArgsDict(TypedDict): + """ + Specifies the circumstances under which the event should trigger the destination. + """ + event_trigger_dimensions: pulumi.Input[Sequence[pulumi.Input['EventTriggerDimensionArgsDict']]] + logical_operator: pulumi.Input['EventTriggerLogicalOperator'] +elif False: + EventTriggerConditionArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class EventTriggerConditionArgs: + def __init__(__self__, *, + event_trigger_dimensions: pulumi.Input[Sequence[pulumi.Input['EventTriggerDimensionArgs']]], + logical_operator: pulumi.Input['EventTriggerLogicalOperator']): + """ + Specifies the circumstances under which the event should trigger the destination. + """ + pulumi.set(__self__, "event_trigger_dimensions", event_trigger_dimensions) + pulumi.set(__self__, "logical_operator", logical_operator) + + @property + @pulumi.getter(name="eventTriggerDimensions") + def event_trigger_dimensions(self) -> pulumi.Input[Sequence[pulumi.Input['EventTriggerDimensionArgs']]]: + return pulumi.get(self, "event_trigger_dimensions") + + @event_trigger_dimensions.setter + def event_trigger_dimensions(self, value: pulumi.Input[Sequence[pulumi.Input['EventTriggerDimensionArgs']]]): + pulumi.set(self, "event_trigger_dimensions", value) + + @property + @pulumi.getter(name="logicalOperator") + def logical_operator(self) -> pulumi.Input['EventTriggerLogicalOperator']: + return pulumi.get(self, "logical_operator") + + @logical_operator.setter + def logical_operator(self, value: pulumi.Input['EventTriggerLogicalOperator']): + pulumi.set(self, "logical_operator", value) + + +if not MYPY: + class EventTriggerDimensionArgsDict(TypedDict): + """ + A specific event dimension to be assessed. + """ + object_attributes: pulumi.Input[Sequence[pulumi.Input['EventTriggerObjectAttributeArgsDict']]] +elif False: + EventTriggerDimensionArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class EventTriggerDimensionArgs: + def __init__(__self__, *, + object_attributes: pulumi.Input[Sequence[pulumi.Input['EventTriggerObjectAttributeArgs']]]): + """ + A specific event dimension to be assessed. + """ + pulumi.set(__self__, "object_attributes", object_attributes) + + @property + @pulumi.getter(name="objectAttributes") + def object_attributes(self) -> pulumi.Input[Sequence[pulumi.Input['EventTriggerObjectAttributeArgs']]]: + return pulumi.get(self, "object_attributes") + + @object_attributes.setter + def object_attributes(self, value: pulumi.Input[Sequence[pulumi.Input['EventTriggerObjectAttributeArgs']]]): + pulumi.set(self, "object_attributes", value) + + +if not MYPY: + class EventTriggerLimitsArgsDict(TypedDict): + """ + Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods. + """ + event_expiration: NotRequired[pulumi.Input[int]] + periods: NotRequired[pulumi.Input[Sequence[pulumi.Input['EventTriggerPeriodArgsDict']]]] +elif False: + EventTriggerLimitsArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class EventTriggerLimitsArgs: + def __init__(__self__, *, + event_expiration: Optional[pulumi.Input[int]] = None, + periods: Optional[pulumi.Input[Sequence[pulumi.Input['EventTriggerPeriodArgs']]]] = None): + """ + Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods. + """ + if event_expiration is not None: + pulumi.set(__self__, "event_expiration", event_expiration) + if periods is not None: + pulumi.set(__self__, "periods", periods) + + @property + @pulumi.getter(name="eventExpiration") + def event_expiration(self) -> Optional[pulumi.Input[int]]: + return pulumi.get(self, "event_expiration") + + @event_expiration.setter + def event_expiration(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "event_expiration", value) + + @property + @pulumi.getter + def periods(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['EventTriggerPeriodArgs']]]]: + return pulumi.get(self, "periods") + + @periods.setter + def periods(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['EventTriggerPeriodArgs']]]]): + pulumi.set(self, "periods", value) + + +if not MYPY: + class EventTriggerObjectAttributeArgsDict(TypedDict): + """ + The criteria that a specific object attribute must meet to trigger the destination. + """ + comparison_operator: pulumi.Input['EventTriggerObjectAttributeComparisonOperator'] + """ + The operator used to compare an attribute against a list of values. + """ + values: pulumi.Input[Sequence[pulumi.Input[str]]] + """ + A list of attribute values used for comparison. + """ + field_name: NotRequired[pulumi.Input[str]] + """ + A field defined within an object type. + """ + source: NotRequired[pulumi.Input[str]] + """ + An attribute contained within a source object. + """ +elif False: + EventTriggerObjectAttributeArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class EventTriggerObjectAttributeArgs: + def __init__(__self__, *, + comparison_operator: pulumi.Input['EventTriggerObjectAttributeComparisonOperator'], + values: pulumi.Input[Sequence[pulumi.Input[str]]], + field_name: Optional[pulumi.Input[str]] = None, + source: Optional[pulumi.Input[str]] = None): + """ + The criteria that a specific object attribute must meet to trigger the destination. + :param pulumi.Input['EventTriggerObjectAttributeComparisonOperator'] comparison_operator: The operator used to compare an attribute against a list of values. + :param pulumi.Input[Sequence[pulumi.Input[str]]] values: A list of attribute values used for comparison. + :param pulumi.Input[str] field_name: A field defined within an object type. + :param pulumi.Input[str] source: An attribute contained within a source object. + """ + pulumi.set(__self__, "comparison_operator", comparison_operator) + pulumi.set(__self__, "values", values) + if field_name is not None: + pulumi.set(__self__, "field_name", field_name) + if source is not None: + pulumi.set(__self__, "source", source) + + @property + @pulumi.getter(name="comparisonOperator") + def comparison_operator(self) -> pulumi.Input['EventTriggerObjectAttributeComparisonOperator']: + """ + The operator used to compare an attribute against a list of values. + """ + return pulumi.get(self, "comparison_operator") + + @comparison_operator.setter + def comparison_operator(self, value: pulumi.Input['EventTriggerObjectAttributeComparisonOperator']): + pulumi.set(self, "comparison_operator", value) + + @property + @pulumi.getter + def values(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + A list of attribute values used for comparison. + """ + return pulumi.get(self, "values") + + @values.setter + def values(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): + pulumi.set(self, "values", value) + + @property + @pulumi.getter(name="fieldName") + def field_name(self) -> Optional[pulumi.Input[str]]: + """ + A field defined within an object type. + """ + return pulumi.get(self, "field_name") + + @field_name.setter + def field_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "field_name", value) + + @property + @pulumi.getter + def source(self) -> Optional[pulumi.Input[str]]: + """ + An attribute contained within a source object. + """ + return pulumi.get(self, "source") + + @source.setter + def source(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "source", value) + + +if not MYPY: + class EventTriggerPeriodArgsDict(TypedDict): + """ + Defines a limit and the time period during which it is enforced. + """ + unit: pulumi.Input['EventTriggerPeriodUnit'] + """ + The unit of time. + """ + value: pulumi.Input[int] + """ + The amount of time of the specified unit. + """ + max_invocations_per_profile: NotRequired[pulumi.Input[int]] + """ + The maximum allowed number of destination invocations per profile. + """ + unlimited: NotRequired[pulumi.Input[bool]] + """ + If set to true, there is no limit on the number of destination invocations per profile. The default is false. + """ +elif False: + EventTriggerPeriodArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class EventTriggerPeriodArgs: + def __init__(__self__, *, + unit: pulumi.Input['EventTriggerPeriodUnit'], + value: pulumi.Input[int], + max_invocations_per_profile: Optional[pulumi.Input[int]] = None, + unlimited: Optional[pulumi.Input[bool]] = None): + """ + Defines a limit and the time period during which it is enforced. + :param pulumi.Input['EventTriggerPeriodUnit'] unit: The unit of time. + :param pulumi.Input[int] value: The amount of time of the specified unit. + :param pulumi.Input[int] max_invocations_per_profile: The maximum allowed number of destination invocations per profile. + :param pulumi.Input[bool] unlimited: If set to true, there is no limit on the number of destination invocations per profile. The default is false. + """ + pulumi.set(__self__, "unit", unit) + pulumi.set(__self__, "value", value) + if max_invocations_per_profile is not None: + pulumi.set(__self__, "max_invocations_per_profile", max_invocations_per_profile) + if unlimited is not None: + pulumi.set(__self__, "unlimited", unlimited) + + @property + @pulumi.getter + def unit(self) -> pulumi.Input['EventTriggerPeriodUnit']: + """ + The unit of time. + """ + return pulumi.get(self, "unit") + + @unit.setter + def unit(self, value: pulumi.Input['EventTriggerPeriodUnit']): + pulumi.set(self, "unit", value) + + @property + @pulumi.getter + def value(self) -> pulumi.Input[int]: + """ + The amount of time of the specified unit. + """ + return pulumi.get(self, "value") + + @value.setter + def value(self, value: pulumi.Input[int]): + pulumi.set(self, "value", value) + + @property + @pulumi.getter(name="maxInvocationsPerProfile") + def max_invocations_per_profile(self) -> Optional[pulumi.Input[int]]: + """ + The maximum allowed number of destination invocations per profile. + """ + return pulumi.get(self, "max_invocations_per_profile") + + @max_invocations_per_profile.setter + def max_invocations_per_profile(self, value: Optional[pulumi.Input[int]]): + pulumi.set(self, "max_invocations_per_profile", value) + + @property + @pulumi.getter + def unlimited(self) -> Optional[pulumi.Input[bool]]: + """ + If set to true, there is no limit on the number of destination invocations per profile. The default is false. + """ + return pulumi.get(self, "unlimited") + + @unlimited.setter + def unlimited(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "unlimited", value) + + if not MYPY: class IntegrationConnectorOperatorArgsDict(TypedDict): marketo: NotRequired[pulumi.Input['IntegrationMarketoConnectorOperator']] diff --git a/sdk/python/pulumi_aws_native/customerprofiles/event_trigger.py b/sdk/python/pulumi_aws_native/customerprofiles/event_trigger.py new file mode 100644 index 0000000000..61dc91ccd3 --- /dev/null +++ b/sdk/python/pulumi_aws_native/customerprofiles/event_trigger.py @@ -0,0 +1,293 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from . import outputs +from .. import _inputs as _root_inputs +from .. import outputs as _root_outputs +from ._enums import * +from ._inputs import * + +__all__ = ['EventTriggerArgs', 'EventTrigger'] + +@pulumi.input_type +class EventTriggerArgs: + def __init__(__self__, *, + domain_name: pulumi.Input[str], + event_trigger_conditions: pulumi.Input[Sequence[pulumi.Input['EventTriggerConditionArgs']]], + object_type_name: pulumi.Input[str], + description: Optional[pulumi.Input[str]] = None, + event_trigger_limits: Optional[pulumi.Input['EventTriggerLimitsArgs']] = None, + event_trigger_name: Optional[pulumi.Input[str]] = None, + segment_filter: Optional[pulumi.Input[str]] = None, + tags: Optional[pulumi.Input[Sequence[pulumi.Input['_root_inputs.TagArgs']]]] = None): + """ + The set of arguments for constructing a EventTrigger resource. + """ + pulumi.set(__self__, "domain_name", domain_name) + pulumi.set(__self__, "event_trigger_conditions", event_trigger_conditions) + pulumi.set(__self__, "object_type_name", object_type_name) + if description is not None: + pulumi.set(__self__, "description", description) + if event_trigger_limits is not None: + pulumi.set(__self__, "event_trigger_limits", event_trigger_limits) + if event_trigger_name is not None: + pulumi.set(__self__, "event_trigger_name", event_trigger_name) + if segment_filter is not None: + pulumi.set(__self__, "segment_filter", segment_filter) + if tags is not None: + pulumi.set(__self__, "tags", tags) + + @property + @pulumi.getter(name="domainName") + def domain_name(self) -> pulumi.Input[str]: + return pulumi.get(self, "domain_name") + + @domain_name.setter + def domain_name(self, value: pulumi.Input[str]): + pulumi.set(self, "domain_name", value) + + @property + @pulumi.getter(name="eventTriggerConditions") + def event_trigger_conditions(self) -> pulumi.Input[Sequence[pulumi.Input['EventTriggerConditionArgs']]]: + return pulumi.get(self, "event_trigger_conditions") + + @event_trigger_conditions.setter + def event_trigger_conditions(self, value: pulumi.Input[Sequence[pulumi.Input['EventTriggerConditionArgs']]]): + pulumi.set(self, "event_trigger_conditions", value) + + @property + @pulumi.getter(name="objectTypeName") + def object_type_name(self) -> pulumi.Input[str]: + return pulumi.get(self, "object_type_name") + + @object_type_name.setter + def object_type_name(self, value: pulumi.Input[str]): + pulumi.set(self, "object_type_name", value) + + @property + @pulumi.getter + def description(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "description") + + @description.setter + def description(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "description", value) + + @property + @pulumi.getter(name="eventTriggerLimits") + def event_trigger_limits(self) -> Optional[pulumi.Input['EventTriggerLimitsArgs']]: + return pulumi.get(self, "event_trigger_limits") + + @event_trigger_limits.setter + def event_trigger_limits(self, value: Optional[pulumi.Input['EventTriggerLimitsArgs']]): + pulumi.set(self, "event_trigger_limits", value) + + @property + @pulumi.getter(name="eventTriggerName") + def event_trigger_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "event_trigger_name") + + @event_trigger_name.setter + def event_trigger_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "event_trigger_name", value) + + @property + @pulumi.getter(name="segmentFilter") + def segment_filter(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "segment_filter") + + @segment_filter.setter + def segment_filter(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "segment_filter", value) + + @property + @pulumi.getter + def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['_root_inputs.TagArgs']]]]: + return pulumi.get(self, "tags") + + @tags.setter + def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['_root_inputs.TagArgs']]]]): + pulumi.set(self, "tags", value) + + +class EventTrigger(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + domain_name: Optional[pulumi.Input[str]] = None, + event_trigger_conditions: Optional[pulumi.Input[Sequence[pulumi.Input[Union['EventTriggerConditionArgs', 'EventTriggerConditionArgsDict']]]]] = None, + event_trigger_limits: Optional[pulumi.Input[Union['EventTriggerLimitsArgs', 'EventTriggerLimitsArgsDict']]] = None, + event_trigger_name: Optional[pulumi.Input[str]] = None, + object_type_name: Optional[pulumi.Input[str]] = None, + segment_filter: Optional[pulumi.Input[str]] = None, + tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['_root_inputs.TagArgs', '_root_inputs.TagArgsDict']]]]] = None, + __props__=None): + """ + An event trigger resource of Amazon Connect Customer Profiles + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: EventTriggerArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + An event trigger resource of Amazon Connect Customer Profiles + + :param str resource_name: The name of the resource. + :param EventTriggerArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(EventTriggerArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + description: Optional[pulumi.Input[str]] = None, + domain_name: Optional[pulumi.Input[str]] = None, + event_trigger_conditions: Optional[pulumi.Input[Sequence[pulumi.Input[Union['EventTriggerConditionArgs', 'EventTriggerConditionArgsDict']]]]] = None, + event_trigger_limits: Optional[pulumi.Input[Union['EventTriggerLimitsArgs', 'EventTriggerLimitsArgsDict']]] = None, + event_trigger_name: Optional[pulumi.Input[str]] = None, + object_type_name: Optional[pulumi.Input[str]] = None, + segment_filter: Optional[pulumi.Input[str]] = None, + tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['_root_inputs.TagArgs', '_root_inputs.TagArgsDict']]]]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = EventTriggerArgs.__new__(EventTriggerArgs) + + __props__.__dict__["description"] = description + if domain_name is None and not opts.urn: + raise TypeError("Missing required property 'domain_name'") + __props__.__dict__["domain_name"] = domain_name + if event_trigger_conditions is None and not opts.urn: + raise TypeError("Missing required property 'event_trigger_conditions'") + __props__.__dict__["event_trigger_conditions"] = event_trigger_conditions + __props__.__dict__["event_trigger_limits"] = event_trigger_limits + __props__.__dict__["event_trigger_name"] = event_trigger_name + if object_type_name is None and not opts.urn: + raise TypeError("Missing required property 'object_type_name'") + __props__.__dict__["object_type_name"] = object_type_name + __props__.__dict__["segment_filter"] = segment_filter + __props__.__dict__["tags"] = tags + __props__.__dict__["created_at"] = None + __props__.__dict__["last_updated_at"] = None + replace_on_changes = pulumi.ResourceOptions(replace_on_changes=["domainName", "eventTriggerName"]) + opts = pulumi.ResourceOptions.merge(opts, replace_on_changes) + super(EventTrigger, __self__).__init__( + 'aws-native:customerprofiles:EventTrigger', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'EventTrigger': + """ + Get an existing EventTrigger resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = EventTriggerArgs.__new__(EventTriggerArgs) + + __props__.__dict__["created_at"] = None + __props__.__dict__["description"] = None + __props__.__dict__["domain_name"] = None + __props__.__dict__["event_trigger_conditions"] = None + __props__.__dict__["event_trigger_limits"] = None + __props__.__dict__["event_trigger_name"] = None + __props__.__dict__["last_updated_at"] = None + __props__.__dict__["object_type_name"] = None + __props__.__dict__["segment_filter"] = None + __props__.__dict__["tags"] = None + return EventTrigger(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="createdAt") + def created_at(self) -> pulumi.Output[str]: + """ + The timestamp of when the event trigger was created. + """ + return pulumi.get(self, "created_at") + + @property + @pulumi.getter + def description(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="domainName") + def domain_name(self) -> pulumi.Output[str]: + return pulumi.get(self, "domain_name") + + @property + @pulumi.getter(name="eventTriggerConditions") + def event_trigger_conditions(self) -> pulumi.Output[Sequence['outputs.EventTriggerCondition']]: + return pulumi.get(self, "event_trigger_conditions") + + @property + @pulumi.getter(name="eventTriggerLimits") + def event_trigger_limits(self) -> pulumi.Output[Optional['outputs.EventTriggerLimits']]: + return pulumi.get(self, "event_trigger_limits") + + @property + @pulumi.getter(name="eventTriggerName") + def event_trigger_name(self) -> pulumi.Output[str]: + return pulumi.get(self, "event_trigger_name") + + @property + @pulumi.getter(name="lastUpdatedAt") + def last_updated_at(self) -> pulumi.Output[str]: + """ + The timestamp of when the event trigger was most recently updated. + """ + return pulumi.get(self, "last_updated_at") + + @property + @pulumi.getter(name="objectTypeName") + def object_type_name(self) -> pulumi.Output[str]: + return pulumi.get(self, "object_type_name") + + @property + @pulumi.getter(name="segmentFilter") + def segment_filter(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "segment_filter") + + @property + @pulumi.getter + def tags(self) -> pulumi.Output[Optional[Sequence['_root_outputs.Tag']]]: + return pulumi.get(self, "tags") + diff --git a/sdk/python/pulumi_aws_native/customerprofiles/get_event_trigger.py b/sdk/python/pulumi_aws_native/customerprofiles/get_event_trigger.py new file mode 100644 index 0000000000..f3d45e1ecc --- /dev/null +++ b/sdk/python/pulumi_aws_native/customerprofiles/get_event_trigger.py @@ -0,0 +1,158 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from . import outputs +from .. import outputs as _root_outputs +from ._enums import * + +__all__ = [ + 'GetEventTriggerResult', + 'AwaitableGetEventTriggerResult', + 'get_event_trigger', + 'get_event_trigger_output', +] + +@pulumi.output_type +class GetEventTriggerResult: + def __init__(__self__, created_at=None, description=None, event_trigger_conditions=None, event_trigger_limits=None, last_updated_at=None, object_type_name=None, segment_filter=None, tags=None): + if created_at and not isinstance(created_at, str): + raise TypeError("Expected argument 'created_at' to be a str") + pulumi.set(__self__, "created_at", created_at) + if description and not isinstance(description, str): + raise TypeError("Expected argument 'description' to be a str") + pulumi.set(__self__, "description", description) + if event_trigger_conditions and not isinstance(event_trigger_conditions, list): + raise TypeError("Expected argument 'event_trigger_conditions' to be a list") + pulumi.set(__self__, "event_trigger_conditions", event_trigger_conditions) + if event_trigger_limits and not isinstance(event_trigger_limits, dict): + raise TypeError("Expected argument 'event_trigger_limits' to be a dict") + pulumi.set(__self__, "event_trigger_limits", event_trigger_limits) + if last_updated_at and not isinstance(last_updated_at, str): + raise TypeError("Expected argument 'last_updated_at' to be a str") + pulumi.set(__self__, "last_updated_at", last_updated_at) + if object_type_name and not isinstance(object_type_name, str): + raise TypeError("Expected argument 'object_type_name' to be a str") + pulumi.set(__self__, "object_type_name", object_type_name) + if segment_filter and not isinstance(segment_filter, str): + raise TypeError("Expected argument 'segment_filter' to be a str") + pulumi.set(__self__, "segment_filter", segment_filter) + if tags and not isinstance(tags, list): + raise TypeError("Expected argument 'tags' to be a list") + pulumi.set(__self__, "tags", tags) + + @property + @pulumi.getter(name="createdAt") + def created_at(self) -> Optional[str]: + """ + The timestamp of when the event trigger was created. + """ + return pulumi.get(self, "created_at") + + @property + @pulumi.getter + def description(self) -> Optional[str]: + return pulumi.get(self, "description") + + @property + @pulumi.getter(name="eventTriggerConditions") + def event_trigger_conditions(self) -> Optional[Sequence['outputs.EventTriggerCondition']]: + return pulumi.get(self, "event_trigger_conditions") + + @property + @pulumi.getter(name="eventTriggerLimits") + def event_trigger_limits(self) -> Optional['outputs.EventTriggerLimits']: + return pulumi.get(self, "event_trigger_limits") + + @property + @pulumi.getter(name="lastUpdatedAt") + def last_updated_at(self) -> Optional[str]: + """ + The timestamp of when the event trigger was most recently updated. + """ + return pulumi.get(self, "last_updated_at") + + @property + @pulumi.getter(name="objectTypeName") + def object_type_name(self) -> Optional[str]: + return pulumi.get(self, "object_type_name") + + @property + @pulumi.getter(name="segmentFilter") + def segment_filter(self) -> Optional[str]: + return pulumi.get(self, "segment_filter") + + @property + @pulumi.getter + def tags(self) -> Optional[Sequence['_root_outputs.Tag']]: + return pulumi.get(self, "tags") + + +class AwaitableGetEventTriggerResult(GetEventTriggerResult): + # pylint: disable=using-constant-test + def __await__(self): + if False: + yield self + return GetEventTriggerResult( + created_at=self.created_at, + description=self.description, + event_trigger_conditions=self.event_trigger_conditions, + event_trigger_limits=self.event_trigger_limits, + last_updated_at=self.last_updated_at, + object_type_name=self.object_type_name, + segment_filter=self.segment_filter, + tags=self.tags) + + +def get_event_trigger(domain_name: Optional[str] = None, + event_trigger_name: Optional[str] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetEventTriggerResult: + """ + An event trigger resource of Amazon Connect Customer Profiles + """ + __args__ = dict() + __args__['domainName'] = domain_name + __args__['eventTriggerName'] = event_trigger_name + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke('aws-native:customerprofiles:getEventTrigger', __args__, opts=opts, typ=GetEventTriggerResult).value + + return AwaitableGetEventTriggerResult( + created_at=pulumi.get(__ret__, 'created_at'), + description=pulumi.get(__ret__, 'description'), + event_trigger_conditions=pulumi.get(__ret__, 'event_trigger_conditions'), + event_trigger_limits=pulumi.get(__ret__, 'event_trigger_limits'), + last_updated_at=pulumi.get(__ret__, 'last_updated_at'), + object_type_name=pulumi.get(__ret__, 'object_type_name'), + segment_filter=pulumi.get(__ret__, 'segment_filter'), + tags=pulumi.get(__ret__, 'tags')) +def get_event_trigger_output(domain_name: Optional[pulumi.Input[str]] = None, + event_trigger_name: Optional[pulumi.Input[str]] = None, + opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetEventTriggerResult]: + """ + An event trigger resource of Amazon Connect Customer Profiles + """ + __args__ = dict() + __args__['domainName'] = domain_name + __args__['eventTriggerName'] = event_trigger_name + opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke_output('aws-native:customerprofiles:getEventTrigger', __args__, opts=opts, typ=GetEventTriggerResult) + return __ret__.apply(lambda __response__: GetEventTriggerResult( + created_at=pulumi.get(__response__, 'created_at'), + description=pulumi.get(__response__, 'description'), + event_trigger_conditions=pulumi.get(__response__, 'event_trigger_conditions'), + event_trigger_limits=pulumi.get(__response__, 'event_trigger_limits'), + last_updated_at=pulumi.get(__response__, 'last_updated_at'), + object_type_name=pulumi.get(__response__, 'object_type_name'), + segment_filter=pulumi.get(__response__, 'segment_filter'), + tags=pulumi.get(__response__, 'tags'))) diff --git a/sdk/python/pulumi_aws_native/customerprofiles/outputs.py b/sdk/python/pulumi_aws_native/customerprofiles/outputs.py index e736147225..27ea4b294c 100644 --- a/sdk/python/pulumi_aws_native/customerprofiles/outputs.py +++ b/sdk/python/pulumi_aws_native/customerprofiles/outputs.py @@ -34,6 +34,11 @@ 'DomainRuleBasedMatching', 'DomainS3ExportingConfig', 'DomainStats', + 'EventTriggerCondition', + 'EventTriggerDimension', + 'EventTriggerLimits', + 'EventTriggerObjectAttribute', + 'EventTriggerPeriod', 'IntegrationConnectorOperator', 'IntegrationFlowDefinition', 'IntegrationIncrementalPullConfig', @@ -987,6 +992,279 @@ def total_size(self) -> Optional[float]: return pulumi.get(self, "total_size") +@pulumi.output_type +class EventTriggerCondition(dict): + """ + Specifies the circumstances under which the event should trigger the destination. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "eventTriggerDimensions": + suggest = "event_trigger_dimensions" + elif key == "logicalOperator": + suggest = "logical_operator" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in EventTriggerCondition. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + EventTriggerCondition.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + EventTriggerCondition.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + event_trigger_dimensions: Sequence['outputs.EventTriggerDimension'], + logical_operator: 'EventTriggerLogicalOperator'): + """ + Specifies the circumstances under which the event should trigger the destination. + """ + pulumi.set(__self__, "event_trigger_dimensions", event_trigger_dimensions) + pulumi.set(__self__, "logical_operator", logical_operator) + + @property + @pulumi.getter(name="eventTriggerDimensions") + def event_trigger_dimensions(self) -> Sequence['outputs.EventTriggerDimension']: + return pulumi.get(self, "event_trigger_dimensions") + + @property + @pulumi.getter(name="logicalOperator") + def logical_operator(self) -> 'EventTriggerLogicalOperator': + return pulumi.get(self, "logical_operator") + + +@pulumi.output_type +class EventTriggerDimension(dict): + """ + A specific event dimension to be assessed. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "objectAttributes": + suggest = "object_attributes" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in EventTriggerDimension. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + EventTriggerDimension.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + EventTriggerDimension.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + object_attributes: Sequence['outputs.EventTriggerObjectAttribute']): + """ + A specific event dimension to be assessed. + """ + pulumi.set(__self__, "object_attributes", object_attributes) + + @property + @pulumi.getter(name="objectAttributes") + def object_attributes(self) -> Sequence['outputs.EventTriggerObjectAttribute']: + return pulumi.get(self, "object_attributes") + + +@pulumi.output_type +class EventTriggerLimits(dict): + """ + Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "eventExpiration": + suggest = "event_expiration" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in EventTriggerLimits. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + EventTriggerLimits.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + EventTriggerLimits.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + event_expiration: Optional[int] = None, + periods: Optional[Sequence['outputs.EventTriggerPeriod']] = None): + """ + Defines limits controlling whether an event triggers the destination, based on ingestion latency and the number of invocations per profile over specific time periods. + """ + if event_expiration is not None: + pulumi.set(__self__, "event_expiration", event_expiration) + if periods is not None: + pulumi.set(__self__, "periods", periods) + + @property + @pulumi.getter(name="eventExpiration") + def event_expiration(self) -> Optional[int]: + return pulumi.get(self, "event_expiration") + + @property + @pulumi.getter + def periods(self) -> Optional[Sequence['outputs.EventTriggerPeriod']]: + return pulumi.get(self, "periods") + + +@pulumi.output_type +class EventTriggerObjectAttribute(dict): + """ + The criteria that a specific object attribute must meet to trigger the destination. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "comparisonOperator": + suggest = "comparison_operator" + elif key == "fieldName": + suggest = "field_name" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in EventTriggerObjectAttribute. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + EventTriggerObjectAttribute.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + EventTriggerObjectAttribute.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + comparison_operator: 'EventTriggerObjectAttributeComparisonOperator', + values: Sequence[str], + field_name: Optional[str] = None, + source: Optional[str] = None): + """ + The criteria that a specific object attribute must meet to trigger the destination. + :param 'EventTriggerObjectAttributeComparisonOperator' comparison_operator: The operator used to compare an attribute against a list of values. + :param Sequence[str] values: A list of attribute values used for comparison. + :param str field_name: A field defined within an object type. + :param str source: An attribute contained within a source object. + """ + pulumi.set(__self__, "comparison_operator", comparison_operator) + pulumi.set(__self__, "values", values) + if field_name is not None: + pulumi.set(__self__, "field_name", field_name) + if source is not None: + pulumi.set(__self__, "source", source) + + @property + @pulumi.getter(name="comparisonOperator") + def comparison_operator(self) -> 'EventTriggerObjectAttributeComparisonOperator': + """ + The operator used to compare an attribute against a list of values. + """ + return pulumi.get(self, "comparison_operator") + + @property + @pulumi.getter + def values(self) -> Sequence[str]: + """ + A list of attribute values used for comparison. + """ + return pulumi.get(self, "values") + + @property + @pulumi.getter(name="fieldName") + def field_name(self) -> Optional[str]: + """ + A field defined within an object type. + """ + return pulumi.get(self, "field_name") + + @property + @pulumi.getter + def source(self) -> Optional[str]: + """ + An attribute contained within a source object. + """ + return pulumi.get(self, "source") + + +@pulumi.output_type +class EventTriggerPeriod(dict): + """ + Defines a limit and the time period during which it is enforced. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "maxInvocationsPerProfile": + suggest = "max_invocations_per_profile" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in EventTriggerPeriod. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + EventTriggerPeriod.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + EventTriggerPeriod.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + unit: 'EventTriggerPeriodUnit', + value: int, + max_invocations_per_profile: Optional[int] = None, + unlimited: Optional[bool] = None): + """ + Defines a limit and the time period during which it is enforced. + :param 'EventTriggerPeriodUnit' unit: The unit of time. + :param int value: The amount of time of the specified unit. + :param int max_invocations_per_profile: The maximum allowed number of destination invocations per profile. + :param bool unlimited: If set to true, there is no limit on the number of destination invocations per profile. The default is false. + """ + pulumi.set(__self__, "unit", unit) + pulumi.set(__self__, "value", value) + if max_invocations_per_profile is not None: + pulumi.set(__self__, "max_invocations_per_profile", max_invocations_per_profile) + if unlimited is not None: + pulumi.set(__self__, "unlimited", unlimited) + + @property + @pulumi.getter + def unit(self) -> 'EventTriggerPeriodUnit': + """ + The unit of time. + """ + return pulumi.get(self, "unit") + + @property + @pulumi.getter + def value(self) -> int: + """ + The amount of time of the specified unit. + """ + return pulumi.get(self, "value") + + @property + @pulumi.getter(name="maxInvocationsPerProfile") + def max_invocations_per_profile(self) -> Optional[int]: + """ + The maximum allowed number of destination invocations per profile. + """ + return pulumi.get(self, "max_invocations_per_profile") + + @property + @pulumi.getter + def unlimited(self) -> Optional[bool]: + """ + If set to true, there is no limit on the number of destination invocations per profile. The default is false. + """ + return pulumi.get(self, "unlimited") + + @pulumi.output_type class IntegrationConnectorOperator(dict): @staticmethod diff --git a/sdk/python/pulumi_aws_native/efs/_enums.py b/sdk/python/pulumi_aws_native/efs/_enums.py index b1723c56e9..6a156b8f64 100644 --- a/sdk/python/pulumi_aws_native/efs/_enums.py +++ b/sdk/python/pulumi_aws_native/efs/_enums.py @@ -25,7 +25,7 @@ class FileSystemProtectionReplicationOverwriteProtection(str, Enum): The status of the file system's replication overwrite protection. + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. """ diff --git a/sdk/python/pulumi_aws_native/efs/_inputs.py b/sdk/python/pulumi_aws_native/efs/_inputs.py index d0d3d200d1..97c0a7383d 100644 --- a/sdk/python/pulumi_aws_native/efs/_inputs.py +++ b/sdk/python/pulumi_aws_native/efs/_inputs.py @@ -377,7 +377,7 @@ class FileSystemProtectionArgsDict(TypedDict): The status of the file system's replication overwrite protection. + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. """ @@ -393,7 +393,7 @@ def __init__(__self__, *, :param pulumi.Input['FileSystemProtectionReplicationOverwriteProtection'] replication_overwrite_protection: The status of the file system's replication overwrite protection. + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. """ @@ -407,7 +407,7 @@ def replication_overwrite_protection(self) -> Optional[pulumi.Input['FileSystemP The status of the file system's replication overwrite protection. + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. """ @@ -484,11 +484,11 @@ class FileSystemReplicationDestinationArgsDict(TypedDict): """ status: NotRequired[pulumi.Input[str]] """ - Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. """ status_message: NotRequired[pulumi.Input[str]] """ - Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. """ elif False: FileSystemReplicationDestinationArgsDict: TypeAlias = Mapping[str, Any] @@ -513,8 +513,8 @@ def __init__(__self__, *, :param pulumi.Input[str] region: The AWS-Region in which the destination file system is located. For One Zone file systems, the replication configuration must specify the AWS-Region in which the destination file system is located. :param pulumi.Input[str] role_arn: The Amazon Resource Name (ARN) of the current source file system in the replication configuration. - :param pulumi.Input[str] status: Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . - :param pulumi.Input[str] status_message: Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + :param pulumi.Input[str] status: Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. + :param pulumi.Input[str] status_message: Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. """ if availability_zone_name is not None: pulumi.set(__self__, "availability_zone_name", availability_zone_name) @@ -598,7 +598,7 @@ def role_arn(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def status(self) -> Optional[pulumi.Input[str]]: """ - Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. """ return pulumi.get(self, "status") @@ -610,7 +610,7 @@ def status(self, value: Optional[pulumi.Input[str]]): @pulumi.getter(name="statusMessage") def status_message(self) -> Optional[pulumi.Input[str]]: """ - Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. """ return pulumi.get(self, "status_message") diff --git a/sdk/python/pulumi_aws_native/efs/outputs.py b/sdk/python/pulumi_aws_native/efs/outputs.py index 6939ceab3c..3e8fd70a7a 100644 --- a/sdk/python/pulumi_aws_native/efs/outputs.py +++ b/sdk/python/pulumi_aws_native/efs/outputs.py @@ -337,7 +337,7 @@ def __init__(__self__, *, :param 'FileSystemProtectionReplicationOverwriteProtection' replication_overwrite_protection: The status of the file system's replication overwrite protection. + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. """ @@ -351,7 +351,7 @@ def replication_overwrite_protection(self) -> Optional['FileSystemProtectionRepl The status of the file system's replication overwrite protection. + ``ENABLED`` – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ``ENABLED`` by default. + ``DISABLED`` – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication. - + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication. + + ``REPLICATING`` – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is modified only by EFS replication. If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable. """ @@ -429,8 +429,8 @@ def __init__(__self__, *, :param str region: The AWS-Region in which the destination file system is located. For One Zone file systems, the replication configuration must specify the AWS-Region in which the destination file system is located. :param str role_arn: The Amazon Resource Name (ARN) of the current source file system in the replication configuration. - :param str status: Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . - :param str status_message: Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + :param str status: Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. + :param str status_message: Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. """ if availability_zone_name is not None: pulumi.set(__self__, "availability_zone_name", availability_zone_name) @@ -494,7 +494,7 @@ def role_arn(self) -> Optional[str]: @pulumi.getter def status(self) -> Optional[str]: """ - Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + Describes the status of the replication configuration. For more information about replication status, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. """ return pulumi.get(self, "status") @@ -502,7 +502,7 @@ def status(self) -> Optional[str]: @pulumi.getter(name="statusMessage") def status_message(self) -> Optional[str]: """ - Message that provides details about the `PAUSED` or `ERRROR` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide* . + Message that provides details about the ``PAUSED`` or ``ERRROR`` state of the replication destination configuration. For more information about replication status messages, see [Viewing replication details](https://docs.aws.amazon.com//efs/latest/ug/awsbackup.html#restoring-backup-efsmonitoring-replication-status.html) in the *Amazon EFS User Guide*. """ return pulumi.get(self, "status_message") diff --git a/sdk/python/pulumi_aws_native/lex/_inputs.py b/sdk/python/pulumi_aws_native/lex/_inputs.py index e5e628a8b7..d618507ee4 100644 --- a/sdk/python/pulumi_aws_native/lex/_inputs.py +++ b/sdk/python/pulumi_aws_native/lex/_inputs.py @@ -136,6 +136,8 @@ 'BotPromptAttemptSpecificationArgsDict', 'BotPromptSpecificationArgs', 'BotPromptSpecificationArgsDict', + 'BotReplicationArgs', + 'BotReplicationArgsDict', 'BotResponseSpecificationArgs', 'BotResponseSpecificationArgsDict', 'BotS3BucketLogDestinationArgs', @@ -4564,6 +4566,41 @@ def prompt_attempts_specification(self, value: Optional[pulumi.Input[Mapping[str pulumi.set(self, "prompt_attempts_specification", value) +if not MYPY: + class BotReplicationArgsDict(TypedDict): + """ + Parameter used to create a replication of the source bot in the secondary region. + """ + replica_regions: pulumi.Input[Sequence[pulumi.Input[str]]] + """ + List of secondary regions for bot replication. + """ +elif False: + BotReplicationArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class BotReplicationArgs: + def __init__(__self__, *, + replica_regions: pulumi.Input[Sequence[pulumi.Input[str]]]): + """ + Parameter used to create a replication of the source bot in the secondary region. + :param pulumi.Input[Sequence[pulumi.Input[str]]] replica_regions: List of secondary regions for bot replication. + """ + pulumi.set(__self__, "replica_regions", replica_regions) + + @property + @pulumi.getter(name="replicaRegions") + def replica_regions(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + List of secondary regions for bot replication. + """ + return pulumi.get(self, "replica_regions") + + @replica_regions.setter + def replica_regions(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): + pulumi.set(self, "replica_regions", value) + + if not MYPY: class BotResponseSpecificationArgsDict(TypedDict): """ diff --git a/sdk/python/pulumi_aws_native/lex/bot.py b/sdk/python/pulumi_aws_native/lex/bot.py index 1e05711f2f..45c68866d7 100644 --- a/sdk/python/pulumi_aws_native/lex/bot.py +++ b/sdk/python/pulumi_aws_native/lex/bot.py @@ -31,6 +31,7 @@ def __init__(__self__, *, bot_tags: Optional[pulumi.Input[Sequence[pulumi.Input['BotTagArgs']]]] = None, description: Optional[pulumi.Input[str]] = None, name: Optional[pulumi.Input[str]] = None, + replication: Optional[pulumi.Input['BotReplicationArgs']] = None, test_bot_alias_settings: Optional[pulumi.Input['BotTestBotAliasSettingsArgs']] = None, test_bot_alias_tags: Optional[pulumi.Input[Sequence[pulumi.Input['BotTagArgs']]]] = None): """ @@ -62,6 +63,8 @@ def __init__(__self__, *, pulumi.set(__self__, "description", description) if name is not None: pulumi.set(__self__, "name", name) + if replication is not None: + pulumi.set(__self__, "replication", replication) if test_bot_alias_settings is not None: pulumi.set(__self__, "test_bot_alias_settings", test_bot_alias_settings) if test_bot_alias_tags is not None: @@ -175,6 +178,15 @@ def name(self) -> Optional[pulumi.Input[str]]: def name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "name", value) + @property + @pulumi.getter + def replication(self) -> Optional[pulumi.Input['BotReplicationArgs']]: + return pulumi.get(self, "replication") + + @replication.setter + def replication(self, value: Optional[pulumi.Input['BotReplicationArgs']]): + pulumi.set(self, "replication", value) + @property @pulumi.getter(name="testBotAliasSettings") def test_bot_alias_settings(self) -> Optional[pulumi.Input['BotTestBotAliasSettingsArgs']]: @@ -213,6 +225,7 @@ def __init__(__self__, description: Optional[pulumi.Input[str]] = None, idle_session_ttl_in_seconds: Optional[pulumi.Input[int]] = None, name: Optional[pulumi.Input[str]] = None, + replication: Optional[pulumi.Input[Union['BotReplicationArgs', 'BotReplicationArgsDict']]] = None, role_arn: Optional[pulumi.Input[str]] = None, test_bot_alias_settings: Optional[pulumi.Input[Union['BotTestBotAliasSettingsArgs', 'BotTestBotAliasSettingsArgsDict']]] = None, test_bot_alias_tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BotTagArgs', 'BotTagArgsDict']]]]] = None, @@ -266,6 +279,7 @@ def _internal_init(__self__, description: Optional[pulumi.Input[str]] = None, idle_session_ttl_in_seconds: Optional[pulumi.Input[int]] = None, name: Optional[pulumi.Input[str]] = None, + replication: Optional[pulumi.Input[Union['BotReplicationArgs', 'BotReplicationArgsDict']]] = None, role_arn: Optional[pulumi.Input[str]] = None, test_bot_alias_settings: Optional[pulumi.Input[Union['BotTestBotAliasSettingsArgs', 'BotTestBotAliasSettingsArgsDict']]] = None, test_bot_alias_tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['BotTagArgs', 'BotTagArgsDict']]]]] = None, @@ -290,6 +304,7 @@ def _internal_init(__self__, raise TypeError("Missing required property 'idle_session_ttl_in_seconds'") __props__.__dict__["idle_session_ttl_in_seconds"] = idle_session_ttl_in_seconds __props__.__dict__["name"] = name + __props__.__dict__["replication"] = replication if role_arn is None and not opts.urn: raise TypeError("Missing required property 'role_arn'") __props__.__dict__["role_arn"] = role_arn @@ -329,6 +344,7 @@ def get(resource_name: str, __props__.__dict__["description"] = None __props__.__dict__["idle_session_ttl_in_seconds"] = None __props__.__dict__["name"] = None + __props__.__dict__["replication"] = None __props__.__dict__["role_arn"] = None __props__.__dict__["test_bot_alias_settings"] = None __props__.__dict__["test_bot_alias_tags"] = None @@ -414,6 +430,11 @@ def name(self) -> pulumi.Output[str]: """ return pulumi.get(self, "name") + @property + @pulumi.getter + def replication(self) -> pulumi.Output[Optional['outputs.BotReplication']]: + return pulumi.get(self, "replication") + @property @pulumi.getter(name="roleArn") def role_arn(self) -> pulumi.Output[str]: diff --git a/sdk/python/pulumi_aws_native/lex/outputs.py b/sdk/python/pulumi_aws_native/lex/outputs.py index b6d7bbddd9..948e0fa897 100644 --- a/sdk/python/pulumi_aws_native/lex/outputs.py +++ b/sdk/python/pulumi_aws_native/lex/outputs.py @@ -77,6 +77,7 @@ 'BotPostFulfillmentStatusSpecification', 'BotPromptAttemptSpecification', 'BotPromptSpecification', + 'BotReplication', 'BotResponseSpecification', 'BotS3BucketLogDestination', 'BotS3Location', @@ -3785,6 +3786,45 @@ def prompt_attempts_specification(self) -> Optional[Mapping[str, 'outputs.BotPro return pulumi.get(self, "prompt_attempts_specification") +@pulumi.output_type +class BotReplication(dict): + """ + Parameter used to create a replication of the source bot in the secondary region. + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "replicaRegions": + suggest = "replica_regions" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in BotReplication. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + BotReplication.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + BotReplication.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + replica_regions: Sequence[str]): + """ + Parameter used to create a replication of the source bot in the secondary region. + :param Sequence[str] replica_regions: List of secondary regions for bot replication. + """ + pulumi.set(__self__, "replica_regions", replica_regions) + + @property + @pulumi.getter(name="replicaRegions") + def replica_regions(self) -> Sequence[str]: + """ + List of secondary regions for bot replication. + """ + return pulumi.get(self, "replica_regions") + + @pulumi.output_type class BotResponseSpecification(dict): """ diff --git a/sdk/python/pulumi_aws_native/resiliencehub/app.py b/sdk/python/pulumi_aws_native/resiliencehub/app.py index 28aa32934a..075626d356 100644 --- a/sdk/python/pulumi_aws_native/resiliencehub/app.py +++ b/sdk/python/pulumi_aws_native/resiliencehub/app.py @@ -29,6 +29,7 @@ def __init__(__self__, *, event_subscriptions: Optional[pulumi.Input[Sequence[pulumi.Input['AppEventSubscriptionArgs']]]] = None, name: Optional[pulumi.Input[str]] = None, permission_model: Optional[pulumi.Input['AppPermissionModelArgs']] = None, + regulatory_policy_arn: Optional[pulumi.Input[str]] = None, resiliency_policy_arn: Optional[pulumi.Input[str]] = None, tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): """ @@ -40,6 +41,7 @@ def __init__(__self__, *, :param pulumi.Input[Sequence[pulumi.Input['AppEventSubscriptionArgs']]] event_subscriptions: The list of events you would like to subscribe and get notification for. :param pulumi.Input[str] name: Name of the app. :param pulumi.Input['AppPermissionModelArgs'] permission_model: Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment. + :param pulumi.Input[str] regulatory_policy_arn: Amazon Resource Name (ARN) of the Regulatory Policy. :param pulumi.Input[str] resiliency_policy_arn: Amazon Resource Name (ARN) of the Resiliency Policy. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] tags: Tags assigned to the resource. A tag is a label that you assign to an AWS resource. Each tag consists of a key/value pair. """ @@ -55,6 +57,8 @@ def __init__(__self__, *, pulumi.set(__self__, "name", name) if permission_model is not None: pulumi.set(__self__, "permission_model", permission_model) + if regulatory_policy_arn is not None: + pulumi.set(__self__, "regulatory_policy_arn", regulatory_policy_arn) if resiliency_policy_arn is not None: pulumi.set(__self__, "resiliency_policy_arn", resiliency_policy_arn) if tags is not None: @@ -144,6 +148,18 @@ def permission_model(self) -> Optional[pulumi.Input['AppPermissionModelArgs']]: def permission_model(self, value: Optional[pulumi.Input['AppPermissionModelArgs']]): pulumi.set(self, "permission_model", value) + @property + @pulumi.getter(name="regulatoryPolicyArn") + def regulatory_policy_arn(self) -> Optional[pulumi.Input[str]]: + """ + Amazon Resource Name (ARN) of the Regulatory Policy. + """ + return pulumi.get(self, "regulatory_policy_arn") + + @regulatory_policy_arn.setter + def regulatory_policy_arn(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "regulatory_policy_arn", value) + @property @pulumi.getter(name="resiliencyPolicyArn") def resiliency_policy_arn(self) -> Optional[pulumi.Input[str]]: @@ -180,6 +196,7 @@ def __init__(__self__, event_subscriptions: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AppEventSubscriptionArgs', 'AppEventSubscriptionArgsDict']]]]] = None, name: Optional[pulumi.Input[str]] = None, permission_model: Optional[pulumi.Input[Union['AppPermissionModelArgs', 'AppPermissionModelArgsDict']]] = None, + regulatory_policy_arn: Optional[pulumi.Input[str]] = None, resiliency_policy_arn: Optional[pulumi.Input[str]] = None, resource_mappings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AppResourceMappingArgs', 'AppResourceMappingArgsDict']]]]] = None, tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, @@ -195,6 +212,7 @@ def __init__(__self__, :param pulumi.Input[Sequence[pulumi.Input[Union['AppEventSubscriptionArgs', 'AppEventSubscriptionArgsDict']]]] event_subscriptions: The list of events you would like to subscribe and get notification for. :param pulumi.Input[str] name: Name of the app. :param pulumi.Input[Union['AppPermissionModelArgs', 'AppPermissionModelArgsDict']] permission_model: Defines the roles and credentials that AWS Resilience Hub would use while creating the application, importing its resources, and running an assessment. + :param pulumi.Input[str] regulatory_policy_arn: Amazon Resource Name (ARN) of the Regulatory Policy. :param pulumi.Input[str] resiliency_policy_arn: Amazon Resource Name (ARN) of the Resiliency Policy. :param pulumi.Input[Sequence[pulumi.Input[Union['AppResourceMappingArgs', 'AppResourceMappingArgsDict']]]] resource_mappings: An array of ResourceMapping objects. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] tags: Tags assigned to the resource. A tag is a label that you assign to an AWS resource. Each tag consists of a key/value pair. @@ -229,6 +247,7 @@ def _internal_init(__self__, event_subscriptions: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AppEventSubscriptionArgs', 'AppEventSubscriptionArgsDict']]]]] = None, name: Optional[pulumi.Input[str]] = None, permission_model: Optional[pulumi.Input[Union['AppPermissionModelArgs', 'AppPermissionModelArgsDict']]] = None, + regulatory_policy_arn: Optional[pulumi.Input[str]] = None, resiliency_policy_arn: Optional[pulumi.Input[str]] = None, resource_mappings: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AppResourceMappingArgs', 'AppResourceMappingArgsDict']]]]] = None, tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, @@ -249,6 +268,7 @@ def _internal_init(__self__, __props__.__dict__["event_subscriptions"] = event_subscriptions __props__.__dict__["name"] = name __props__.__dict__["permission_model"] = permission_model + __props__.__dict__["regulatory_policy_arn"] = regulatory_policy_arn __props__.__dict__["resiliency_policy_arn"] = resiliency_policy_arn if resource_mappings is None and not opts.urn: raise TypeError("Missing required property 'resource_mappings'") @@ -288,6 +308,7 @@ def get(resource_name: str, __props__.__dict__["event_subscriptions"] = None __props__.__dict__["name"] = None __props__.__dict__["permission_model"] = None + __props__.__dict__["regulatory_policy_arn"] = None __props__.__dict__["resiliency_policy_arn"] = None __props__.__dict__["resource_mappings"] = None __props__.__dict__["tags"] = None @@ -357,6 +378,14 @@ def permission_model(self) -> pulumi.Output[Optional['outputs.AppPermissionModel """ return pulumi.get(self, "permission_model") + @property + @pulumi.getter(name="regulatoryPolicyArn") + def regulatory_policy_arn(self) -> pulumi.Output[Optional[str]]: + """ + Amazon Resource Name (ARN) of the Regulatory Policy. + """ + return pulumi.get(self, "regulatory_policy_arn") + @property @pulumi.getter(name="resiliencyPolicyArn") def resiliency_policy_arn(self) -> pulumi.Output[Optional[str]]: diff --git a/sdk/python/pulumi_aws_native/resiliencehub/get_app.py b/sdk/python/pulumi_aws_native/resiliencehub/get_app.py index fd72e17409..566e01f091 100644 --- a/sdk/python/pulumi_aws_native/resiliencehub/get_app.py +++ b/sdk/python/pulumi_aws_native/resiliencehub/get_app.py @@ -25,7 +25,7 @@ @pulumi.output_type class GetAppResult: - def __init__(__self__, app_arn=None, app_assessment_schedule=None, app_template_body=None, description=None, drift_status=None, event_subscriptions=None, permission_model=None, resiliency_policy_arn=None, resource_mappings=None, tags=None): + def __init__(__self__, app_arn=None, app_assessment_schedule=None, app_template_body=None, description=None, drift_status=None, event_subscriptions=None, permission_model=None, regulatory_policy_arn=None, resiliency_policy_arn=None, resource_mappings=None, tags=None): if app_arn and not isinstance(app_arn, str): raise TypeError("Expected argument 'app_arn' to be a str") pulumi.set(__self__, "app_arn", app_arn) @@ -47,6 +47,9 @@ def __init__(__self__, app_arn=None, app_assessment_schedule=None, app_template_ if permission_model and not isinstance(permission_model, dict): raise TypeError("Expected argument 'permission_model' to be a dict") pulumi.set(__self__, "permission_model", permission_model) + if regulatory_policy_arn and not isinstance(regulatory_policy_arn, str): + raise TypeError("Expected argument 'regulatory_policy_arn' to be a str") + pulumi.set(__self__, "regulatory_policy_arn", regulatory_policy_arn) if resiliency_policy_arn and not isinstance(resiliency_policy_arn, str): raise TypeError("Expected argument 'resiliency_policy_arn' to be a str") pulumi.set(__self__, "resiliency_policy_arn", resiliency_policy_arn) @@ -113,6 +116,14 @@ def permission_model(self) -> Optional['outputs.AppPermissionModel']: """ return pulumi.get(self, "permission_model") + @property + @pulumi.getter(name="regulatoryPolicyArn") + def regulatory_policy_arn(self) -> Optional[str]: + """ + Amazon Resource Name (ARN) of the Regulatory Policy. + """ + return pulumi.get(self, "regulatory_policy_arn") + @property @pulumi.getter(name="resiliencyPolicyArn") def resiliency_policy_arn(self) -> Optional[str]: @@ -151,6 +162,7 @@ def __await__(self): drift_status=self.drift_status, event_subscriptions=self.event_subscriptions, permission_model=self.permission_model, + regulatory_policy_arn=self.regulatory_policy_arn, resiliency_policy_arn=self.resiliency_policy_arn, resource_mappings=self.resource_mappings, tags=self.tags) @@ -177,6 +189,7 @@ def get_app(app_arn: Optional[str] = None, drift_status=pulumi.get(__ret__, 'drift_status'), event_subscriptions=pulumi.get(__ret__, 'event_subscriptions'), permission_model=pulumi.get(__ret__, 'permission_model'), + regulatory_policy_arn=pulumi.get(__ret__, 'regulatory_policy_arn'), resiliency_policy_arn=pulumi.get(__ret__, 'resiliency_policy_arn'), resource_mappings=pulumi.get(__ret__, 'resource_mappings'), tags=pulumi.get(__ret__, 'tags')) @@ -200,6 +213,7 @@ def get_app_output(app_arn: Optional[pulumi.Input[str]] = None, drift_status=pulumi.get(__response__, 'drift_status'), event_subscriptions=pulumi.get(__response__, 'event_subscriptions'), permission_model=pulumi.get(__response__, 'permission_model'), + regulatory_policy_arn=pulumi.get(__response__, 'regulatory_policy_arn'), resiliency_policy_arn=pulumi.get(__response__, 'resiliency_policy_arn'), resource_mappings=pulumi.get(__response__, 'resource_mappings'), tags=pulumi.get(__response__, 'tags'))) diff --git a/sdk/python/pulumi_aws_native/rolesanywhere/get_profile.py b/sdk/python/pulumi_aws_native/rolesanywhere/get_profile.py index b1d4636d11..137e2afe86 100644 --- a/sdk/python/pulumi_aws_native/rolesanywhere/get_profile.py +++ b/sdk/python/pulumi_aws_native/rolesanywhere/get_profile.py @@ -26,7 +26,7 @@ @pulumi.output_type class GetProfileResult: - def __init__(__self__, accept_role_session_name=None, attribute_mappings=None, duration_seconds=None, enabled=None, managed_policy_arns=None, name=None, profile_arn=None, profile_id=None, require_instance_properties=None, role_arns=None, session_policy=None, tags=None): + def __init__(__self__, accept_role_session_name=None, attribute_mappings=None, duration_seconds=None, enabled=None, managed_policy_arns=None, name=None, profile_arn=None, profile_id=None, role_arns=None, session_policy=None, tags=None): if accept_role_session_name and not isinstance(accept_role_session_name, bool): raise TypeError("Expected argument 'accept_role_session_name' to be a bool") pulumi.set(__self__, "accept_role_session_name", accept_role_session_name) @@ -51,9 +51,6 @@ def __init__(__self__, accept_role_session_name=None, attribute_mappings=None, d if profile_id and not isinstance(profile_id, str): raise TypeError("Expected argument 'profile_id' to be a str") pulumi.set(__self__, "profile_id", profile_id) - if require_instance_properties and not isinstance(require_instance_properties, bool): - raise TypeError("Expected argument 'require_instance_properties' to be a bool") - pulumi.set(__self__, "require_instance_properties", require_instance_properties) if role_arns and not isinstance(role_arns, list): raise TypeError("Expected argument 'role_arns' to be a list") pulumi.set(__self__, "role_arns", role_arns) @@ -128,14 +125,6 @@ def profile_id(self) -> Optional[str]: """ return pulumi.get(self, "profile_id") - @property - @pulumi.getter(name="requireInstanceProperties") - def require_instance_properties(self) -> Optional[bool]: - """ - Specifies whether instance properties are required in CreateSession requests with this profile. - """ - return pulumi.get(self, "require_instance_properties") - @property @pulumi.getter(name="roleArns") def role_arns(self) -> Optional[Sequence[str]]: @@ -175,7 +164,6 @@ def __await__(self): name=self.name, profile_arn=self.profile_arn, profile_id=self.profile_id, - require_instance_properties=self.require_instance_properties, role_arns=self.role_arns, session_policy=self.session_policy, tags=self.tags) @@ -203,7 +191,6 @@ def get_profile(profile_id: Optional[str] = None, name=pulumi.get(__ret__, 'name'), profile_arn=pulumi.get(__ret__, 'profile_arn'), profile_id=pulumi.get(__ret__, 'profile_id'), - require_instance_properties=pulumi.get(__ret__, 'require_instance_properties'), role_arns=pulumi.get(__ret__, 'role_arns'), session_policy=pulumi.get(__ret__, 'session_policy'), tags=pulumi.get(__ret__, 'tags')) @@ -228,7 +215,6 @@ def get_profile_output(profile_id: Optional[pulumi.Input[str]] = None, name=pulumi.get(__response__, 'name'), profile_arn=pulumi.get(__response__, 'profile_arn'), profile_id=pulumi.get(__response__, 'profile_id'), - require_instance_properties=pulumi.get(__response__, 'require_instance_properties'), role_arns=pulumi.get(__response__, 'role_arns'), session_policy=pulumi.get(__response__, 'session_policy'), tags=pulumi.get(__response__, 'tags'))) diff --git a/sdk/python/pulumi_aws_native/rolesanywhere/profile.py b/sdk/python/pulumi_aws_native/rolesanywhere/profile.py index ceab6a3c82..1f8b48ea56 100644 --- a/sdk/python/pulumi_aws_native/rolesanywhere/profile.py +++ b/sdk/python/pulumi_aws_native/rolesanywhere/profile.py @@ -277,6 +277,8 @@ def _internal_init(__self__, __props__.__dict__["tags"] = tags __props__.__dict__["profile_arn"] = None __props__.__dict__["profile_id"] = None + replace_on_changes = pulumi.ResourceOptions(replace_on_changes=["requireInstanceProperties"]) + opts = pulumi.ResourceOptions.merge(opts, replace_on_changes) super(Profile, __self__).__init__( 'aws-native:rolesanywhere:Profile', resource_name, diff --git a/sdk/python/pulumi_aws_native/ses/_inputs.py b/sdk/python/pulumi_aws_native/ses/_inputs.py index d7dcc461c1..d6821d74ba 100644 --- a/sdk/python/pulumi_aws_native/ses/_inputs.py +++ b/sdk/python/pulumi_aws_native/ses/_inputs.py @@ -837,19 +837,27 @@ class ConfigurationSetTrackingOptionsArgsDict(TypedDict): """ The domain to use for tracking open and click events. """ + https_policy: NotRequired[pulumi.Input[str]] + """ + The https policy to use for tracking open and click events. + """ elif False: ConfigurationSetTrackingOptionsArgsDict: TypeAlias = Mapping[str, Any] @pulumi.input_type class ConfigurationSetTrackingOptionsArgs: def __init__(__self__, *, - custom_redirect_domain: Optional[pulumi.Input[str]] = None): + custom_redirect_domain: Optional[pulumi.Input[str]] = None, + https_policy: Optional[pulumi.Input[str]] = None): """ An object that defines the open and click tracking options for emails that you send using the configuration set. :param pulumi.Input[str] custom_redirect_domain: The domain to use for tracking open and click events. + :param pulumi.Input[str] https_policy: The https policy to use for tracking open and click events. """ if custom_redirect_domain is not None: pulumi.set(__self__, "custom_redirect_domain", custom_redirect_domain) + if https_policy is not None: + pulumi.set(__self__, "https_policy", https_policy) @property @pulumi.getter(name="customRedirectDomain") @@ -863,6 +871,18 @@ def custom_redirect_domain(self) -> Optional[pulumi.Input[str]]: def custom_redirect_domain(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "custom_redirect_domain", value) + @property + @pulumi.getter(name="httpsPolicy") + def https_policy(self) -> Optional[pulumi.Input[str]]: + """ + The https policy to use for tracking open and click events. + """ + return pulumi.get(self, "https_policy") + + @https_policy.setter + def https_policy(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "https_policy", value) + if not MYPY: class ConfigurationSetVdmOptionsArgsDict(TypedDict): diff --git a/sdk/python/pulumi_aws_native/ses/outputs.py b/sdk/python/pulumi_aws_native/ses/outputs.py index 0986155869..00b0a63b87 100644 --- a/sdk/python/pulumi_aws_native/ses/outputs.py +++ b/sdk/python/pulumi_aws_native/ses/outputs.py @@ -731,6 +731,8 @@ def __key_warning(key: str): suggest = None if key == "customRedirectDomain": suggest = "custom_redirect_domain" + elif key == "httpsPolicy": + suggest = "https_policy" if suggest: pulumi.log.warn(f"Key '{key}' not found in ConfigurationSetTrackingOptions. Access the value via the '{suggest}' property getter instead.") @@ -744,13 +746,17 @@ def get(self, key: str, default = None) -> Any: return super().get(key, default) def __init__(__self__, *, - custom_redirect_domain: Optional[str] = None): + custom_redirect_domain: Optional[str] = None, + https_policy: Optional[str] = None): """ An object that defines the open and click tracking options for emails that you send using the configuration set. :param str custom_redirect_domain: The domain to use for tracking open and click events. + :param str https_policy: The https policy to use for tracking open and click events. """ if custom_redirect_domain is not None: pulumi.set(__self__, "custom_redirect_domain", custom_redirect_domain) + if https_policy is not None: + pulumi.set(__self__, "https_policy", https_policy) @property @pulumi.getter(name="customRedirectDomain") @@ -760,6 +766,14 @@ def custom_redirect_domain(self) -> Optional[str]: """ return pulumi.get(self, "custom_redirect_domain") + @property + @pulumi.getter(name="httpsPolicy") + def https_policy(self) -> Optional[str]: + """ + The https policy to use for tracking open and click events. + """ + return pulumi.get(self, "https_policy") + @pulumi.output_type class ConfigurationSetVdmOptions(dict): diff --git a/sdk/python/pulumi_aws_native/sso/get_permission_set.py b/sdk/python/pulumi_aws_native/sso/get_permission_set.py index 007e2ecf70..80ef5f0bfb 100644 --- a/sdk/python/pulumi_aws_native/sso/get_permission_set.py +++ b/sdk/python/pulumi_aws_native/sso/get_permission_set.py @@ -84,7 +84,7 @@ def inline_policy(self) -> Optional[Any]: @pulumi.getter(name="managedPolicies") def managed_policies(self) -> Optional[Sequence[str]]: """ - A structure that stores the details of the AWS managed policy. + A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. """ return pulumi.get(self, "managed_policies") diff --git a/sdk/python/pulumi_aws_native/sso/permission_set.py b/sdk/python/pulumi_aws_native/sso/permission_set.py index b9b3095422..c0ca27dc20 100644 --- a/sdk/python/pulumi_aws_native/sso/permission_set.py +++ b/sdk/python/pulumi_aws_native/sso/permission_set.py @@ -41,7 +41,7 @@ def __init__(__self__, *, :param Any inline_policy: The inline policy to put in permission set. Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SSO::PermissionSet` for more information about the expected schema for this property. - :param pulumi.Input[Sequence[pulumi.Input[str]]] managed_policies: A structure that stores the details of the AWS managed policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] managed_policies: A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. :param pulumi.Input[str] name: The name you want to assign to this permission set. :param pulumi.Input['PermissionSetPermissionsBoundaryArgs'] permissions_boundary: Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either `CustomerManagedPolicyReference` to use the name and path of a customer managed policy, or `ManagedPolicyArn` to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* . @@ -124,7 +124,7 @@ def inline_policy(self, value: Optional[Any]): @pulumi.getter(name="managedPolicies") def managed_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: """ - A structure that stores the details of the AWS managed policy. + A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. """ return pulumi.get(self, "managed_policies") @@ -222,7 +222,7 @@ def __init__(__self__, Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SSO::PermissionSet` for more information about the expected schema for this property. :param pulumi.Input[str] instance_arn: The sso instance arn that the permission set is owned. - :param pulumi.Input[Sequence[pulumi.Input[str]]] managed_policies: A structure that stores the details of the AWS managed policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] managed_policies: A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. :param pulumi.Input[str] name: The name you want to assign to this permission set. :param pulumi.Input[Union['PermissionSetPermissionsBoundaryArgs', 'PermissionSetPermissionsBoundaryArgsDict']] permissions_boundary: Specifies the configuration of the AWS managed or customer managed policy that you want to set as a permissions boundary. Specify either `CustomerManagedPolicyReference` to use the name and path of a customer managed policy, or `ManagedPolicyArn` to use the ARN of an AWS managed policy. A permissions boundary represents the maximum permissions that any policy can grant your role. For more information, see [Permissions boundaries for IAM entities](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html) in the *IAM User Guide* . @@ -362,7 +362,7 @@ def instance_arn(self) -> pulumi.Output[str]: @pulumi.getter(name="managedPolicies") def managed_policies(self) -> pulumi.Output[Optional[Sequence[str]]]: """ - A structure that stores the details of the AWS managed policy. + A structure that stores a list of managed policy ARNs that describe the associated AWS managed policy. """ return pulumi.get(self, "managed_policies") diff --git a/sdk/python/pulumi_aws_native/voiceid/get_domain.py b/sdk/python/pulumi_aws_native/voiceid/get_domain.py index 7c4ee9b5d2..dccaccbf45 100644 --- a/sdk/python/pulumi_aws_native/voiceid/get_domain.py +++ b/sdk/python/pulumi_aws_native/voiceid/get_domain.py @@ -13,6 +13,7 @@ else: from typing_extensions import NotRequired, TypedDict, TypeAlias from .. import _utilities +from . import outputs from .. import outputs as _root_outputs __all__ = [ @@ -24,14 +25,31 @@ @pulumi.output_type class GetDomainResult: - def __init__(__self__, domain_id=None, tags=None): + def __init__(__self__, description=None, domain_id=None, name=None, server_side_encryption_configuration=None, tags=None): + if description and not isinstance(description, str): + raise TypeError("Expected argument 'description' to be a str") + pulumi.set(__self__, "description", description) if domain_id and not isinstance(domain_id, str): raise TypeError("Expected argument 'domain_id' to be a str") pulumi.set(__self__, "domain_id", domain_id) + if name and not isinstance(name, str): + raise TypeError("Expected argument 'name' to be a str") + pulumi.set(__self__, "name", name) + if server_side_encryption_configuration and not isinstance(server_side_encryption_configuration, dict): + raise TypeError("Expected argument 'server_side_encryption_configuration' to be a dict") + pulumi.set(__self__, "server_side_encryption_configuration", server_side_encryption_configuration) if tags and not isinstance(tags, list): raise TypeError("Expected argument 'tags' to be a list") pulumi.set(__self__, "tags", tags) + @property + @pulumi.getter + def description(self) -> Optional[str]: + """ + The description of the domain. + """ + return pulumi.get(self, "description") + @property @pulumi.getter(name="domainId") def domain_id(self) -> Optional[str]: @@ -40,6 +58,22 @@ def domain_id(self) -> Optional[str]: """ return pulumi.get(self, "domain_id") + @property + @pulumi.getter + def name(self) -> Optional[str]: + """ + The name for the domain. + """ + return pulumi.get(self, "name") + + @property + @pulumi.getter(name="serverSideEncryptionConfiguration") + def server_side_encryption_configuration(self) -> Optional['outputs.DomainServerSideEncryptionConfiguration']: + """ + The server-side encryption configuration containing the KMS key identifier you want Voice ID to use to encrypt your data. + """ + return pulumi.get(self, "server_side_encryption_configuration") + @property @pulumi.getter def tags(self) -> Optional[Sequence['_root_outputs.Tag']]: @@ -55,7 +89,10 @@ def __await__(self): if False: yield self return GetDomainResult( + description=self.description, domain_id=self.domain_id, + name=self.name, + server_side_encryption_configuration=self.server_side_encryption_configuration, tags=self.tags) @@ -73,7 +110,10 @@ def get_domain(domain_id: Optional[str] = None, __ret__ = pulumi.runtime.invoke('aws-native:voiceid:getDomain', __args__, opts=opts, typ=GetDomainResult).value return AwaitableGetDomainResult( + description=pulumi.get(__ret__, 'description'), domain_id=pulumi.get(__ret__, 'domain_id'), + name=pulumi.get(__ret__, 'name'), + server_side_encryption_configuration=pulumi.get(__ret__, 'server_side_encryption_configuration'), tags=pulumi.get(__ret__, 'tags')) def get_domain_output(domain_id: Optional[pulumi.Input[str]] = None, opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDomainResult]: @@ -88,5 +128,8 @@ def get_domain_output(domain_id: Optional[pulumi.Input[str]] = None, opts = pulumi.InvokeOutputOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('aws-native:voiceid:getDomain', __args__, opts=opts, typ=GetDomainResult) return __ret__.apply(lambda __response__: GetDomainResult( + description=pulumi.get(__response__, 'description'), domain_id=pulumi.get(__response__, 'domain_id'), + name=pulumi.get(__response__, 'name'), + server_side_encryption_configuration=pulumi.get(__response__, 'server_side_encryption_configuration'), tags=pulumi.get(__response__, 'tags')))