From 795bda907904ce63fab466dc7e91e1b0e7463250 Mon Sep 17 00:00:00 2001 From: awstools Date: Thu, 3 Oct 2024 19:14:15 +0000 Subject: [PATCH] feat(client-iot): This release adds support for Custom Authentication with X.509 Client Certificates, support for Custom Client Certificate validation, and support for selecting application protocol and authentication type without requiring TLS ALPN for customer's AWS IoT Domain Configurations. --- .../AssociateSbomWithPackageVersionCommand.ts | 2 +- .../src/commands/CreateBillingGroupCommand.ts | 4 +- .../CreateDomainConfigurationCommand.ts | 5 + .../src/commands/CreateRoleAliasCommand.ts | 8 + .../src/commands/CreateThingTypeCommand.ts | 5 +- .../src/commands/DeleteBillingGroupCommand.ts | 2 +- .../DescribeDomainConfigurationCommand.ts | 5 + ...sassociateSbomFromPackageVersionCommand.ts | 2 +- .../ListManagedJobTemplatesCommand.ts | 3 +- .../src/commands/ListMetricValuesCommand.ts | 3 +- .../UpdateDomainConfigurationCommand.ts | 5 + .../src/commands/UpdateRoleAliasCommand.ts | 8 + clients/client-iot/src/models/models_0.ts | 179 ++++++++++----- clients/client-iot/src/models/models_1.ts | 216 ++++++++++-------- clients/client-iot/src/models/models_2.ts | 174 +++++++++++++- .../client-iot/src/protocols/Aws_restJson1.ts | 18 +- codegen/sdk-codegen/aws-models/iot.json | 168 ++++++++++++-- 17 files changed, 638 insertions(+), 169 deletions(-) diff --git a/clients/client-iot/src/commands/AssociateSbomWithPackageVersionCommand.ts b/clients/client-iot/src/commands/AssociateSbomWithPackageVersionCommand.ts index db931888b90dc..69f1c8967a966 100644 --- a/clients/client-iot/src/commands/AssociateSbomWithPackageVersionCommand.ts +++ b/clients/client-iot/src/commands/AssociateSbomWithPackageVersionCommand.ts @@ -33,7 +33,7 @@ export interface AssociateSbomWithPackageVersionCommandOutput __MetadataBearer {} /** - *

Associates a software bill of materials (SBOM) with a specific software package version.

+ *

Associates the selected software bill of materials (SBOM) with a specific software package version.

*

Requires permission to access the AssociateSbomWithPackageVersion action.

* @example * Use a bare-bones client and the command you need to make an API call. diff --git a/clients/client-iot/src/commands/CreateBillingGroupCommand.ts b/clients/client-iot/src/commands/CreateBillingGroupCommand.ts index 3e4898d6907f5..01854beca7547 100644 --- a/clients/client-iot/src/commands/CreateBillingGroupCommand.ts +++ b/clients/client-iot/src/commands/CreateBillingGroupCommand.ts @@ -28,7 +28,9 @@ export interface CreateBillingGroupCommandInput extends CreateBillingGroupReques export interface CreateBillingGroupCommandOutput extends CreateBillingGroupResponse, __MetadataBearer {} /** - *

Creates a billing group.

+ *

Creates a billing group. If this call is made multiple times using + * the same billing group name and configuration, the call will succeed. If this call is made with + * the same billing group name but different configuration a ResourceAlreadyExistsException is thrown.

*

Requires permission to access the CreateBillingGroup action.

* @example * Use a bare-bones client and the command you need to make an API call. diff --git a/clients/client-iot/src/commands/CreateDomainConfigurationCommand.ts b/clients/client-iot/src/commands/CreateDomainConfigurationCommand.ts index 039e9cc5b7b5c..b6c70c7d1c483 100644 --- a/clients/client-iot/src/commands/CreateDomainConfigurationCommand.ts +++ b/clients/client-iot/src/commands/CreateDomainConfigurationCommand.ts @@ -60,6 +60,11 @@ export interface CreateDomainConfigurationCommandOutput extends CreateDomainConf * serverCertificateConfig: { // ServerCertificateConfig * enableOCSPCheck: true || false, * }, + * authenticationType: "CUSTOM_AUTH_X509" || "CUSTOM_AUTH" || "AWS_X509" || "AWS_SIGV4" || "DEFAULT", + * applicationProtocol: "SECURE_MQTT" || "MQTT_WSS" || "HTTPS" || "DEFAULT", + * clientCertificateConfig: { // ClientCertificateConfig + * clientCertificateCallbackArn: "STRING_VALUE", + * }, * }; * const command = new CreateDomainConfigurationCommand(input); * const response = await client.send(command); diff --git a/clients/client-iot/src/commands/CreateRoleAliasCommand.ts b/clients/client-iot/src/commands/CreateRoleAliasCommand.ts index 55952eef26a03..d569185d5de6d 100644 --- a/clients/client-iot/src/commands/CreateRoleAliasCommand.ts +++ b/clients/client-iot/src/commands/CreateRoleAliasCommand.ts @@ -30,6 +30,14 @@ export interface CreateRoleAliasCommandOutput extends CreateRoleAliasResponse, _ /** *

Creates a role alias.

*

Requires permission to access the CreateRoleAlias action.

+ * + *

The value of + * credentialDurationSeconds + * must be less than or equal to the maximum session + * duration of the IAM role that the role alias references. For more information, see + * + * Modifying a role maximum session duration (Amazon Web Services API) from the Amazon Web Services Identity and Access Management User Guide.

+ * * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-iot/src/commands/CreateThingTypeCommand.ts b/clients/client-iot/src/commands/CreateThingTypeCommand.ts index caf8850826c30..02c9dc4f95d42 100644 --- a/clients/client-iot/src/commands/CreateThingTypeCommand.ts +++ b/clients/client-iot/src/commands/CreateThingTypeCommand.ts @@ -28,7 +28,10 @@ export interface CreateThingTypeCommandInput extends CreateThingTypeRequest {} export interface CreateThingTypeCommandOutput extends CreateThingTypeResponse, __MetadataBearer {} /** - *

Creates a new thing type.

+ *

Creates a new thing type. If this call is made multiple times using + * the same thing type name and configuration, the call will succeed. If this call is made with + * the same thing type name but different configuration a ResourceAlreadyExistsException is thrown. + *

*

Requires permission to access the CreateThingType action.

* @example * Use a bare-bones client and the command you need to make an API call. diff --git a/clients/client-iot/src/commands/DeleteBillingGroupCommand.ts b/clients/client-iot/src/commands/DeleteBillingGroupCommand.ts index e2f45177c9a30..f5d98f978afe7 100644 --- a/clients/client-iot/src/commands/DeleteBillingGroupCommand.ts +++ b/clients/client-iot/src/commands/DeleteBillingGroupCommand.ts @@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { commonParams } from "../endpoint/EndpointParameters"; import { IoTClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IoTClient"; -import { DeleteBillingGroupRequest, DeleteBillingGroupResponse } from "../models/models_0"; +import { DeleteBillingGroupRequest, DeleteBillingGroupResponse } from "../models/models_1"; import { de_DeleteBillingGroupCommand, se_DeleteBillingGroupCommand } from "../protocols/Aws_restJson1"; /** diff --git a/clients/client-iot/src/commands/DescribeDomainConfigurationCommand.ts b/clients/client-iot/src/commands/DescribeDomainConfigurationCommand.ts index 0309d1b173127..eb6f9258e8154 100644 --- a/clients/client-iot/src/commands/DescribeDomainConfigurationCommand.ts +++ b/clients/client-iot/src/commands/DescribeDomainConfigurationCommand.ts @@ -71,6 +71,11 @@ export interface DescribeDomainConfigurationCommandOutput * // serverCertificateConfig: { // ServerCertificateConfig * // enableOCSPCheck: true || false, * // }, + * // authenticationType: "CUSTOM_AUTH_X509" || "CUSTOM_AUTH" || "AWS_X509" || "AWS_SIGV4" || "DEFAULT", + * // applicationProtocol: "SECURE_MQTT" || "MQTT_WSS" || "HTTPS" || "DEFAULT", + * // clientCertificateConfig: { // ClientCertificateConfig + * // clientCertificateCallbackArn: "STRING_VALUE", + * // }, * // }; * * ``` diff --git a/clients/client-iot/src/commands/DisassociateSbomFromPackageVersionCommand.ts b/clients/client-iot/src/commands/DisassociateSbomFromPackageVersionCommand.ts index b448a9ef0b974..3b51f0dcc2db9 100644 --- a/clients/client-iot/src/commands/DisassociateSbomFromPackageVersionCommand.ts +++ b/clients/client-iot/src/commands/DisassociateSbomFromPackageVersionCommand.ts @@ -36,7 +36,7 @@ export interface DisassociateSbomFromPackageVersionCommandOutput __MetadataBearer {} /** - *

Disassociates a software bill of materials (SBOM) from a specific software package version.

+ *

Disassociates the selected software bill of materials (SBOM) from a specific software package version.

*

Requires permission to access the DisassociateSbomWithPackageVersion action.

* @example * Use a bare-bones client and the command you need to make an API call. diff --git a/clients/client-iot/src/commands/ListManagedJobTemplatesCommand.ts b/clients/client-iot/src/commands/ListManagedJobTemplatesCommand.ts index 02e0e900874b8..2fa6cbbfcea2e 100644 --- a/clients/client-iot/src/commands/ListManagedJobTemplatesCommand.ts +++ b/clients/client-iot/src/commands/ListManagedJobTemplatesCommand.ts @@ -6,7 +6,8 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { commonParams } from "../endpoint/EndpointParameters"; import { IoTClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IoTClient"; -import { ListManagedJobTemplatesRequest, ListManagedJobTemplatesResponse } from "../models/models_1"; +import { ListManagedJobTemplatesRequest } from "../models/models_1"; +import { ListManagedJobTemplatesResponse } from "../models/models_2"; import { de_ListManagedJobTemplatesCommand, se_ListManagedJobTemplatesCommand } from "../protocols/Aws_restJson1"; /** diff --git a/clients/client-iot/src/commands/ListMetricValuesCommand.ts b/clients/client-iot/src/commands/ListMetricValuesCommand.ts index 6d605d074128f..27cbf985ad6f3 100644 --- a/clients/client-iot/src/commands/ListMetricValuesCommand.ts +++ b/clients/client-iot/src/commands/ListMetricValuesCommand.ts @@ -6,8 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types"; import { commonParams } from "../endpoint/EndpointParameters"; import { IoTClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IoTClient"; -import { ListMetricValuesRequest } from "../models/models_1"; -import { ListMetricValuesResponse } from "../models/models_2"; +import { ListMetricValuesRequest, ListMetricValuesResponse } from "../models/models_2"; import { de_ListMetricValuesCommand, se_ListMetricValuesCommand } from "../protocols/Aws_restJson1"; /** diff --git a/clients/client-iot/src/commands/UpdateDomainConfigurationCommand.ts b/clients/client-iot/src/commands/UpdateDomainConfigurationCommand.ts index 3724af07aee07..8fdb6688abebb 100644 --- a/clients/client-iot/src/commands/UpdateDomainConfigurationCommand.ts +++ b/clients/client-iot/src/commands/UpdateDomainConfigurationCommand.ts @@ -51,6 +51,11 @@ export interface UpdateDomainConfigurationCommandOutput extends UpdateDomainConf * serverCertificateConfig: { // ServerCertificateConfig * enableOCSPCheck: true || false, * }, + * authenticationType: "CUSTOM_AUTH_X509" || "CUSTOM_AUTH" || "AWS_X509" || "AWS_SIGV4" || "DEFAULT", + * applicationProtocol: "SECURE_MQTT" || "MQTT_WSS" || "HTTPS" || "DEFAULT", + * clientCertificateConfig: { // ClientCertificateConfig + * clientCertificateCallbackArn: "STRING_VALUE", + * }, * }; * const command = new UpdateDomainConfigurationCommand(input); * const response = await client.send(command); diff --git a/clients/client-iot/src/commands/UpdateRoleAliasCommand.ts b/clients/client-iot/src/commands/UpdateRoleAliasCommand.ts index feab66af558db..ffc28330b59e8 100644 --- a/clients/client-iot/src/commands/UpdateRoleAliasCommand.ts +++ b/clients/client-iot/src/commands/UpdateRoleAliasCommand.ts @@ -30,6 +30,14 @@ export interface UpdateRoleAliasCommandOutput extends UpdateRoleAliasResponse, _ /** *

Updates a role alias.

*

Requires permission to access the UpdateRoleAlias action.

+ * + *

The value of + * credentialDurationSeconds + * must be less than or equal to the + * maximum session duration of the IAM role that the role alias references. For more + * information, see Modifying a role maximum session duration (Amazon Web Services API) from the Amazon Web Services + * Identity and Access Management User Guide.

+ * * @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-iot/src/models/models_0.ts b/clients/client-iot/src/models/models_0.ts index dc8489ab3fbe5..b5f1d9c28427d 100644 --- a/clients/client-iot/src/models/models_0.ts +++ b/clients/client-iot/src/models/models_0.ts @@ -2301,6 +2301,22 @@ export interface Allowed { policies?: Policy[]; } +/** + * @public + * @enum + */ +export const ApplicationProtocol = { + DEFAULT: "DEFAULT", + HTTPS: "HTTPS", + MQTT_WSS: "MQTT_WSS", + SECURE_MQTT: "SECURE_MQTT", +} as const; + +/** + * @public + */ +export type ApplicationProtocol = (typeof ApplicationProtocol)[keyof typeof ApplicationProtocol]; + /** *

The S3 location.

* @public @@ -2326,7 +2342,7 @@ export interface S3Location { } /** - *

The Amazon S3 location for the software bill of materials associated with a software + *

A specific software bill of matrerials associated with a software * package version.

* @public */ @@ -2355,7 +2371,7 @@ export interface AssociateSbomWithPackageVersionRequest { versionName: string | undefined; /** - *

The Amazon S3 location for the software bill of materials associated with a software + *

A specific software bill of matrerials associated with a software * package version.

* @public */ @@ -2400,14 +2416,14 @@ export interface AssociateSbomWithPackageVersionResponse { versionName?: string; /** - *

The Amazon S3 location for the software bill of materials associated with a software + *

A specific software bill of matrerials associated with a software * package version.

* @public */ sbom?: Sbom; /** - *

The status of the initial validation for the SBOM against the Software Package Data Exchange (SPDX) and CycloneDX industry standard format.

+ *

The status of the initial validation for the software bill of materials against the Software Package Data Exchange (SPDX) and CycloneDX industry standard formats.

* @public */ sbomValidationStatus?: SbomValidationStatus; @@ -3414,6 +3430,23 @@ export const AuthDecision = { */ export type AuthDecision = (typeof AuthDecision)[keyof typeof AuthDecision]; +/** + * @public + * @enum + */ +export const AuthenticationType = { + AWS_SIGV4: "AWS_SIGV4", + AWS_X509: "AWS_X509", + CUSTOM_AUTH: "CUSTOM_AUTH", + CUSTOM_AUTH_X509: "CUSTOM_AUTH_X509", + DEFAULT: "DEFAULT", +} as const; + +/** + * @public + */ +export type AuthenticationType = (typeof AuthenticationType)[keyof typeof AuthenticationType]; + /** *

A collection of authorization information.

* @public @@ -4448,6 +4481,18 @@ export class CertificateValidationException extends __BaseException { } } +/** + *

An object that specifies the client certificate configuration for a domain.

+ * @public + */ +export interface ClientCertificateConfig { + /** + *

The ARN of the Lambda function that IoT invokes after mutual TLS authentication during the connection.

+ * @public + */ + clientCertificateCallbackArn?: string; +} + /** *

The server certificate configuration.

* @public @@ -4561,6 +4606,82 @@ export interface CreateDomainConfigurationRequest { * @public */ serverCertificateConfig?: ServerCertificateConfig; + + /** + *

An enumerated string that specifies the authentication type.

+ * + * + * + * + * + * @public + */ + authenticationType?: AuthenticationType; + + /** + *

An enumerated string that specifies the application-layer protocol.

+ * + * + * + * + * @public + */ + applicationProtocol?: ApplicationProtocol; + + /** + *

An object that specifies the client certificate configuration for a domain.

+ * @public + */ + clientCertificateConfig?: ClientCertificateConfig; } /** @@ -6300,8 +6421,7 @@ export interface CreatePackageResponse { } /** - *

The Amazon S3 location for the artifacts associated with a software package - * version.

+ *

A specific package version artifact associated with a software package version.

* @public */ export interface PackageVersionArtifact { @@ -6350,7 +6470,7 @@ export interface CreatePackageVersionRequest { /** *

The inline job document associated with a software package version used for a quick job - * deployment via IoT Jobs.

+ * deployment.

* @public */ recipe?: string; @@ -7710,51 +7830,6 @@ export class DeleteConflictException extends __BaseException { } } -/** - * @public - */ -export interface DeleteBillingGroupRequest { - /** - *

The name of the billing group.

- * @public - */ - billingGroupName: string | undefined; - - /** - *

The expected version of the billing group. If the version of the billing group does - * not match the expected version specified in the request, the - * DeleteBillingGroup request is rejected with a - * VersionConflictException.

- * @public - */ - expectedVersion?: number; -} - -/** - * @public - */ -export interface DeleteBillingGroupResponse {} - -/** - *

The certificate operation is not allowed.

- * @public - */ -export class CertificateStateException extends __BaseException { - readonly name: "CertificateStateException" = "CertificateStateException"; - readonly $fault: "client" = "client"; - /** - * @internal - */ - constructor(opts: __ExceptionOptionType) { - super({ - name: "CertificateStateException", - $fault: "client", - ...opts, - }); - Object.setPrototypeOf(this, CertificateStateException.prototype); - } -} - /** * @internal */ diff --git a/clients/client-iot/src/models/models_1.ts b/clients/client-iot/src/models/models_1.ts index 3d672a38a4952..1b6235559a228 100644 --- a/clients/client-iot/src/models/models_1.ts +++ b/clients/client-iot/src/models/models_1.ts @@ -10,6 +10,7 @@ import { AggregationType, AlertTarget, AlertTargetType, + ApplicationProtocol, AuditCheckConfiguration, AuditCheckDetails, AuditFinding, @@ -25,6 +26,7 @@ import { AuditTaskMetadata, AuditTaskStatus, AuditTaskType, + AuthenticationType, AuthorizerConfig, AuthorizerDescription, AuthorizerStatus, @@ -35,10 +37,10 @@ import { Behavior, BillingGroupProperties, CertificateProviderOperation, + ClientCertificateConfig, CustomMetricType, DayOfWeek, DimensionType, - DimensionValueOperator, FleetMetricUnit, JobExecutionsRetryConfig, JobExecutionsRolloutConfig, @@ -46,7 +48,6 @@ import { MaintenanceWindow, MetricsExportConfig, MetricToRetain, - MetricValue, MitigationActionParams, OTAUpdateFile, OTAUpdateStatus, @@ -74,6 +75,51 @@ import { VerificationState, } from "./models_0"; +/** + * @public + */ +export interface DeleteBillingGroupRequest { + /** + *

The name of the billing group.

+ * @public + */ + billingGroupName: string | undefined; + + /** + *

The expected version of the billing group. If the version of the billing group does + * not match the expected version specified in the request, the + * DeleteBillingGroup request is rejected with a + * VersionConflictException.

+ * @public + */ + expectedVersion?: number; +} + +/** + * @public + */ +export interface DeleteBillingGroupResponse {} + +/** + *

The certificate operation is not allowed.

+ * @public + */ +export class CertificateStateException extends __BaseException { + readonly name: "CertificateStateException" = "CertificateStateException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "CertificateStateException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, CertificateStateException.prototype); + } +} + /** *

Input for the DeleteCACertificate operation.

* @public @@ -2047,6 +2093,82 @@ export interface DescribeDomainConfigurationResponse { * @public */ serverCertificateConfig?: ServerCertificateConfig; + + /** + *

An enumerated string that specifies the authentication type.

+ *
    + *
  • + *

    + * CUSTOM_AUTH_X509 - Use custom authentication and authorization with additional details from the X.509 client certificate.

    + *
    • + *
+ * + *
    + *
  • + *

    + * AWS_X509 - Use X.509 client certificates without custom authentication and authorization. For more information, + * see X.509 client certificates.

    + *
    • + *
+ * + *
    + *
  • + *

    + * DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type. + * For more information, see Device communication protocols.

    + *
    • + *
+ * @public + */ + authenticationType?: AuthenticationType; + + /** + *

An enumerated string that specifies the application-layer protocol.

+ *
    + *
  • + *

    + * SECURE_MQTT - MQTT over TLS.

    + *
    • + *
+ *
    + *
  • + *

    + * MQTT_WSS - MQTT over WebSocket.

    + *
    • + *
+ *
    + *
  • + *

    + * HTTPS - HTTP over TLS.

    + *
    • + *
+ *
    + *
  • + *

    + * DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol. + * For more information, see Device communication protocols.

    + *
    • + *
+ * @public + */ + applicationProtocol?: ApplicationProtocol; + + /** + *

An object that specifies the client certificate configuration for a domain.

+ * @public + */ + clientCertificateConfig?: ClientCertificateConfig; } /** @@ -5124,7 +5246,7 @@ export interface GetPackageVersionResponse { /** *

The inline job document associated with a software package version used for a quick job - * deployment via IoT Jobs.

+ * deployment.

* @public */ recipe?: string; @@ -7367,94 +7489,6 @@ export interface ManagedJobTemplateSummary { templateVersion?: string; } -/** - * @public - */ -export interface ListManagedJobTemplatesResponse { - /** - *

A list of managed job templates that are returned.

- * @public - */ - managedJobTemplates?: ManagedJobTemplateSummary[]; - - /** - *

The token to retrieve the next set of results.

- * @public - */ - nextToken?: string; -} - -/** - * @public - */ -export interface ListMetricValuesRequest { - /** - *

The name of the thing for which security profile metric values are returned.

- * @public - */ - thingName: string | undefined; - - /** - *

The name of the security profile metric for which values are returned.

- * @public - */ - metricName: string | undefined; - - /** - *

The dimension name.

- * @public - */ - dimensionName?: string; - - /** - *

The dimension value operator.

- * @public - */ - dimensionValueOperator?: DimensionValueOperator; - - /** - *

The start of the time period for which metric values are returned.

- * @public - */ - startTime: Date | undefined; - - /** - *

The end of the time period for which metric values are returned.

- * @public - */ - endTime: Date | undefined; - - /** - *

The maximum number of results to return at one time.

- * @public - */ - maxResults?: number; - - /** - *

The token for the next set of results.

- * @public - */ - nextToken?: string; -} - -/** - *

A metric.

- * @public - */ -export interface MetricDatum { - /** - *

The time the metric value was reported.

- * @public - */ - timestamp?: Date; - - /** - *

The value reported for the metric.

- * @public - */ - value?: MetricValue; -} - /** * @internal */ diff --git a/clients/client-iot/src/models/models_2.ts b/clients/client-iot/src/models/models_2.ts index 85f8ccdd57d3a..6bea8b02965d5 100644 --- a/clients/client-iot/src/models/models_2.ts +++ b/clients/client-iot/src/models/models_2.ts @@ -8,12 +8,14 @@ import { AggregationType, AlertTarget, AlertTargetType, + ApplicationProtocol, AttributePayload, AuditCheckConfiguration, AuditFrequency, AuditMitigationActionsTaskTarget, AuditNotificationTarget, AuditNotificationType, + AuthenticationType, AuthInfo, AuthorizerConfig, AuthorizerStatus, @@ -22,9 +24,11 @@ import { Behavior, BillingGroupProperties, CertificateProviderOperation, + ClientCertificateConfig, CustomMetricType, DayOfWeek, DimensionType, + DimensionValueOperator, FleetMetricUnit, JobExecutionsRetryConfig, JobExecutionsRolloutConfig, @@ -66,7 +70,7 @@ import { EventType, GroupNameAndArn, LogTargetType, - MetricDatum, + ManagedJobTemplateSummary, MitigationActionType, RegistrationConfig, Status, @@ -77,6 +81,94 @@ import { ViolationEventOccurrenceRange, } from "./models_1"; +/** + * @public + */ +export interface ListManagedJobTemplatesResponse { + /** + *

A list of managed job templates that are returned.

+ * @public + */ + managedJobTemplates?: ManagedJobTemplateSummary[]; + + /** + *

The token to retrieve the next set of results.

+ * @public + */ + nextToken?: string; +} + +/** + * @public + */ +export interface ListMetricValuesRequest { + /** + *

The name of the thing for which security profile metric values are returned.

+ * @public + */ + thingName: string | undefined; + + /** + *

The name of the security profile metric for which values are returned.

+ * @public + */ + metricName: string | undefined; + + /** + *

The dimension name.

+ * @public + */ + dimensionName?: string; + + /** + *

The dimension value operator.

+ * @public + */ + dimensionValueOperator?: DimensionValueOperator; + + /** + *

The start of the time period for which metric values are returned.

+ * @public + */ + startTime: Date | undefined; + + /** + *

The end of the time period for which metric values are returned.

+ * @public + */ + endTime: Date | undefined; + + /** + *

The maximum number of results to return at one time.

+ * @public + */ + maxResults?: number; + + /** + *

The token for the next set of results.

+ * @public + */ + nextToken?: string; +} + +/** + *

A metric.

+ * @public + */ +export interface MetricDatum { + /** + *

The time the metric value was reported.

+ * @public + */ + timestamp?: Date; + + /** + *

The value reported for the metric.

+ * @public + */ + value?: MetricValue; +} + /** * @public */ @@ -2982,7 +3074,7 @@ export interface ThingDocument { thingTypeName?: string; /** - *

Thing group names.

+ *

Thing group and billing group names.

* @public */ thingGroupNames?: string[]; @@ -4163,6 +4255,82 @@ export interface UpdateDomainConfigurationRequest { * @public */ serverCertificateConfig?: ServerCertificateConfig; + + /** + *

An enumerated string that specifies the authentication type.

+ *
    + *
  • + *

    + * CUSTOM_AUTH_X509 - Use custom authentication and authorization with additional details from the X.509 client certificate.

    + *
    • + *
+ * + *
    + *
  • + *

    + * AWS_X509 - Use X.509 client certificates without custom authentication and authorization. For more information, + * see X.509 client certificates.

    + *
    • + *
+ * + *
    + *
  • + *

    + * DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type. + * For more information, see Device communication protocols.

    + *
    • + *
+ * @public + */ + authenticationType?: AuthenticationType; + + /** + *

An enumerated string that specifies the application-layer protocol.

+ *
    + *
  • + *

    + * SECURE_MQTT - MQTT over TLS.

    + *
    • + *
+ *
    + *
  • + *

    + * MQTT_WSS - MQTT over WebSocket.

    + *
    • + *
+ *
    + *
  • + *

    + * HTTPS - HTTP over TLS.

    + *
    • + *
+ *
    + *
  • + *

    + * DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol. + * For more information, see Device communication protocols.

    + *
    • + *
+ * @public + */ + applicationProtocol?: ApplicationProtocol; + + /** + *

An object that specifies the client certificate configuration for a domain.

+ * @public + */ + clientCertificateConfig?: ClientCertificateConfig; } /** @@ -4584,7 +4752,7 @@ export interface UpdatePackageVersionRequest { /** *

The inline job document associated with a software package version used for a quick job - * deployment via IoT Jobs.

+ * deployment.

* @public */ recipe?: string; diff --git a/clients/client-iot/src/protocols/Aws_restJson1.ts b/clients/client-iot/src/protocols/Aws_restJson1.ts index e73effc8938c4..34487adeb8713 100644 --- a/clients/client-iot/src/protocols/Aws_restJson1.ts +++ b/clients/client-iot/src/protocols/Aws_restJson1.ts @@ -779,8 +779,8 @@ import { BehaviorCriteria, BillingGroupProperties, CertificateProviderOperation, - CertificateStateException, CertificateValidationException, + ClientCertificateConfig, CloudwatchAlarmAction, CloudwatchLogsAction, CloudwatchMetricAction, @@ -898,6 +898,7 @@ import { CACertificateDescription, Certificate, CertificateDescription, + CertificateStateException, CertificateValidity, Configuration, DetectMitigationActionExecution, @@ -914,7 +915,6 @@ import { JobExecutionSummaryForThing, JobSummary, JobTemplateSummary, - MetricDatum, NotConfiguredException, OTAUpdateInfo, PercentPair, @@ -938,6 +938,7 @@ import { InvalidResponseException, LoggingOptionsPayload, LogTarget, + MetricDatum, MitigationActionIdentifier, MqttContext, OTAUpdateSummary, @@ -1509,7 +1510,10 @@ export const se_CreateDomainConfigurationCommand = async ( let body: any; body = JSON.stringify( take(input, { + applicationProtocol: [], + authenticationType: [], authorizerConfig: (_) => _json(_), + clientCertificateConfig: (_) => _json(_), domainName: [], serverCertificateArns: (_) => _json(_), serverCertificateConfig: (_) => _json(_), @@ -5925,7 +5929,10 @@ export const se_UpdateDomainConfigurationCommand = async ( let body: any; body = JSON.stringify( take(input, { + applicationProtocol: [], + authenticationType: [], authorizerConfig: (_) => _json(_), + clientCertificateConfig: (_) => _json(_), domainConfigurationStatus: [], removeAuthorizerConfig: [], serverCertificateConfig: (_) => _json(_), @@ -8388,7 +8395,10 @@ export const de_DescribeDomainConfigurationCommand = async ( }); const data: Record = __expectNonNull(__expectObject(await parseBody(output.body, context)), "body"); const doc = take(data, { + applicationProtocol: __expectString, + authenticationType: __expectString, authorizerConfig: _json, + clientCertificateConfig: _json, domainConfigurationArn: __expectString, domainConfigurationName: __expectString, domainConfigurationStatus: __expectString, @@ -12828,6 +12838,8 @@ const se_Behaviors = (input: Behavior[], context: __SerdeContext): any => { // se_Cidrs omitted. +// se_ClientCertificateConfig omitted. + // se_ClientProperties omitted. // se_CloudwatchAlarmAction omitted. @@ -13720,6 +13732,8 @@ const de_CertificateValidity = (output: any, context: __SerdeContext): Certifica // de_Cidrs omitted. +// de_ClientCertificateConfig omitted. + // de_ClientProperties omitted. // de_CloudwatchAlarmAction omitted. diff --git a/codegen/sdk-codegen/aws-models/iot.json b/codegen/sdk-codegen/aws-models/iot.json index 2283c5b328e0b..5d7a0df3451b1 100644 --- a/codegen/sdk-codegen/aws-models/iot.json +++ b/codegen/sdk-codegen/aws-models/iot.json @@ -2590,6 +2590,35 @@ "smithy.api#documentation": "

Contains information that allowed the authorization.

" } }, + "com.amazonaws.iot#ApplicationProtocol": { + "type": "enum", + "members": { + "SECURE_MQTT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "SECURE_MQTT" + } + }, + "MQTT_WSS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "MQTT_WSS" + } + }, + "HTTPS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "HTTPS" + } + }, + "DEFAULT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DEFAULT" + } + } + } + }, "com.amazonaws.iot#ApproximateSecondsBeforeTimedOut": { "type": "long" }, @@ -2764,7 +2793,7 @@ } ], "traits": { - "smithy.api#documentation": "

Associates a software bill of materials (SBOM) with a specific software package version.

\n

Requires permission to access the AssociateSbomWithPackageVersion action.

", + "smithy.api#documentation": "

Associates the selected software bill of materials (SBOM) with a specific software package version.

\n

Requires permission to access the AssociateSbomWithPackageVersion action.

", "smithy.api#http": { "method": "PUT", "uri": "/packages/{packageName}/versions/{versionName}/sbom", @@ -2832,7 +2861,7 @@ "sbomValidationStatus": { "target": "com.amazonaws.iot#SbomValidationStatus", "traits": { - "smithy.api#documentation": "

The status of the initial validation for the SBOM against the Software Package Data Exchange (SPDX) and CycloneDX industry standard format.

" + "smithy.api#documentation": "

The status of the initial validation for the software bill of materials against the Software Package Data Exchange (SPDX) and CycloneDX industry standard formats.

" } } }, @@ -4045,6 +4074,41 @@ "target": "com.amazonaws.iot#AuthResult" } }, + "com.amazonaws.iot#AuthenticationType": { + "type": "enum", + "members": { + "CUSTOM_AUTH_X509": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "CUSTOM_AUTH_X509" + } + }, + "CUSTOM_AUTH": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "CUSTOM_AUTH" + } + }, + "AWS_X509": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "AWS_X509" + } + }, + "AWS_SIGV4": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "AWS_SIGV4" + } + }, + "DEFAULT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DEFAULT" + } + } + } + }, "com.amazonaws.iot#AuthorizerArn": { "type": "string", "traits": { @@ -5881,6 +5945,30 @@ "smithy.api#output": {} } }, + "com.amazonaws.iot#ClientCertificateCallbackArn": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 0, + "max": 2048 + }, + "smithy.api#pattern": "^[\\s\\S]*$" + } + }, + "com.amazonaws.iot#ClientCertificateConfig": { + "type": "structure", + "members": { + "clientCertificateCallbackArn": { + "target": "com.amazonaws.iot#ClientCertificateCallbackArn", + "traits": { + "smithy.api#documentation": "

The ARN of the Lambda function that IoT invokes after mutual TLS authentication during the connection.

" + } + } + }, + "traits": { + "smithy.api#documentation": "

An object that specifies the client certificate configuration for a domain.

" + } + }, "com.amazonaws.iot#ClientId": { "type": "string" }, @@ -6583,7 +6671,7 @@ } ], "traits": { - "smithy.api#documentation": "

Creates a billing group.

\n

Requires permission to access the CreateBillingGroup action.

", + "smithy.api#documentation": "

Creates a billing group. If this call is made multiple times using\n\t\t\tthe same billing group name and configuration, the call will succeed. If this call is made with\n\t\t\tthe same billing group name but different configuration a ResourceAlreadyExistsException is thrown.

\n

Requires permission to access the CreateBillingGroup action.

", "smithy.api#http": { "method": "POST", "uri": "/billing-groups/{billingGroupName}", @@ -7129,6 +7217,24 @@ "traits": { "smithy.api#documentation": "

The server certificate configuration.

" } + }, + "authenticationType": { + "target": "com.amazonaws.iot#AuthenticationType", + "traits": { + "smithy.api#documentation": "

An enumerated string that specifies the authentication type.

\n
    \n
  • \n

    \n CUSTOM_AUTH_X509 - Use custom authentication and authorization with additional details from the X.509 client certificate.

    \n
    • \n
\n \n
    \n
  • \n

    \n AWS_X509 - Use X.509 client certificates without custom authentication and authorization. For more information,\n see X.509 client certificates.

    \n
    • \n
\n \n
    \n
  • \n

    \n DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type.\n For more information, see Device communication protocols.

    \n
    • \n
" + } + }, + "applicationProtocol": { + "target": "com.amazonaws.iot#ApplicationProtocol", + "traits": { + "smithy.api#documentation": "

An enumerated string that specifies the application-layer protocol.

\n
    \n
  • \n

    \n SECURE_MQTT - MQTT over TLS.

    \n
    • \n
\n
    \n
  • \n

    \n MQTT_WSS - MQTT over WebSocket.

    \n
    • \n
\n
    \n
  • \n

    \n HTTPS - HTTP over TLS.

    \n
    • \n
\n
    \n
  • \n

    \n DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol. \n For more information, see Device communication protocols.

    \n
    • \n
" + } + }, + "clientCertificateConfig": { + "target": "com.amazonaws.iot#ClientCertificateConfig", + "traits": { + "smithy.api#documentation": "

An object that specifies the client certificate configuration for a domain.

" + } } }, "traits": { @@ -8260,7 +8366,7 @@ "recipe": { "target": "com.amazonaws.iot#PackageVersionRecipe", "traits": { - "smithy.api#documentation": "

The inline job document associated with a software package version used for a quick job\n deployment via IoT Jobs.

" + "smithy.api#documentation": "

The inline job document associated with a software package version used for a quick job\n deployment.

" } }, "tags": { @@ -8887,7 +8993,7 @@ } ], "traits": { - "smithy.api#documentation": "

Creates a role alias.

\n

Requires permission to access the CreateRoleAlias action.

", + "smithy.api#documentation": "

Creates a role alias.

\n

Requires permission to access the CreateRoleAlias action.

\n \n

The value of \n credentialDurationSeconds\n must be less than or equal to the maximum session \n duration of the IAM role that the role alias references. For more information, see \n \n Modifying a role maximum session duration (Amazon Web Services API) from the Amazon Web Services Identity and Access Management User Guide.

\n ", "smithy.api#http": { "method": "POST", "uri": "/role-aliases/{roleAlias}", @@ -9497,7 +9603,7 @@ } ], "traits": { - "smithy.api#documentation": "

Creates a new thing type.

\n

Requires permission to access the CreateThingType action.

", + "smithy.api#documentation": "

Creates a new thing type. If this call is made multiple times using\n\t\t\tthe same thing type name and configuration, the call will succeed. If this call is made with\n\t\t\tthe same thing type name but different configuration a ResourceAlreadyExistsException is thrown.\n\t\t

\n

Requires permission to access the CreateThingType action.

", "smithy.api#http": { "method": "POST", "uri": "/thing-types/{thingTypeName}", @@ -13288,6 +13394,24 @@ "traits": { "smithy.api#documentation": "

The server certificate configuration.

" } + }, + "authenticationType": { + "target": "com.amazonaws.iot#AuthenticationType", + "traits": { + "smithy.api#documentation": "

An enumerated string that specifies the authentication type.

\n
    \n
  • \n

    \n CUSTOM_AUTH_X509 - Use custom authentication and authorization with additional details from the X.509 client certificate.

    \n
    • \n
\n \n
    \n
  • \n

    \n AWS_X509 - Use X.509 client certificates without custom authentication and authorization. For more information,\n see X.509 client certificates.

    \n
    • \n
\n \n
    \n
  • \n

    \n DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type.\n For more information, see Device communication protocols.

    \n
    • \n
" + } + }, + "applicationProtocol": { + "target": "com.amazonaws.iot#ApplicationProtocol", + "traits": { + "smithy.api#documentation": "

An enumerated string that specifies the application-layer protocol.

\n
    \n
  • \n

    \n SECURE_MQTT - MQTT over TLS.

    \n
    • \n
\n
    \n
  • \n

    \n MQTT_WSS - MQTT over WebSocket.

    \n
    • \n
\n
    \n
  • \n

    \n HTTPS - HTTP over TLS.

    \n
    • \n
\n
    \n
  • \n

    \n DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol. \n For more information, see Device communication protocols.

    \n
    • \n
" + } + }, + "clientCertificateConfig": { + "target": "com.amazonaws.iot#ClientCertificateConfig", + "traits": { + "smithy.api#documentation": "

An object that specifies the client certificate configuration for a domain.

" + } } }, "traits": { @@ -15894,7 +16018,7 @@ } ], "traits": { - "smithy.api#documentation": "

Disassociates a software bill of materials (SBOM) from a specific software package version.

\n

Requires permission to access the DisassociateSbomWithPackageVersion action.

", + "smithy.api#documentation": "

Disassociates the selected software bill of materials (SBOM) from a specific software package version.

\n

Requires permission to access the DisassociateSbomWithPackageVersion action.

", "smithy.api#http": { "method": "DELETE", "uri": "/packages/{packageName}/versions/{versionName}/sbom", @@ -17978,7 +18102,7 @@ "recipe": { "target": "com.amazonaws.iot#PackageVersionRecipe", "traits": { - "smithy.api#documentation": "

The inline job document associated with a software package version used for a quick job\n deployment via IoT Jobs.

" + "smithy.api#documentation": "

The inline job document associated with a software package version used for a quick job\n deployment.

" } } }, @@ -27463,7 +27587,7 @@ } }, "traits": { - "smithy.api#documentation": "

The Amazon S3 location for the artifacts associated with a software package\n version.

" + "smithy.api#documentation": "

A specific package version artifact associated with a software package version.

" } }, "com.amazonaws.iot#PackageVersionErrorReason": { @@ -29791,7 +29915,7 @@ } }, "traits": { - "smithy.api#documentation": "

The Amazon S3 location for the software bill of materials associated with a software\n package version.

" + "smithy.api#documentation": "

A specific software bill of matrerials associated with a software\n package version.

" } }, "com.amazonaws.iot#SbomValidationErrorCode": { @@ -32417,7 +32541,7 @@ "thingGroupNames": { "target": "com.amazonaws.iot#ThingGroupNameList", "traits": { - "smithy.api#documentation": "

Thing group names.

" + "smithy.api#documentation": "

Thing group and billing group names.

" } }, "attributes": { @@ -34526,6 +34650,24 @@ "traits": { "smithy.api#documentation": "

The server certificate configuration.

" } + }, + "authenticationType": { + "target": "com.amazonaws.iot#AuthenticationType", + "traits": { + "smithy.api#documentation": "

An enumerated string that specifies the authentication type.

\n
    \n
  • \n

    \n CUSTOM_AUTH_X509 - Use custom authentication and authorization with additional details from the X.509 client certificate.

    \n
    • \n
\n \n
    \n
  • \n

    \n AWS_X509 - Use X.509 client certificates without custom authentication and authorization. For more information,\n see X.509 client certificates.

    \n
    • \n
\n \n
    \n
  • \n

    \n DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type.\n For more information, see Device communication protocols.

    \n
    • \n
" + } + }, + "applicationProtocol": { + "target": "com.amazonaws.iot#ApplicationProtocol", + "traits": { + "smithy.api#documentation": "

An enumerated string that specifies the application-layer protocol.

\n
    \n
  • \n

    \n SECURE_MQTT - MQTT over TLS.

    \n
    • \n
\n
    \n
  • \n

    \n MQTT_WSS - MQTT over WebSocket.

    \n
    • \n
\n
    \n
  • \n

    \n HTTPS - HTTP over TLS.

    \n
    • \n
\n
    \n
  • \n

    \n DEFAULT - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol. \n For more information, see Device communication protocols.

    \n
    • \n
" + } + }, + "clientCertificateConfig": { + "target": "com.amazonaws.iot#ClientCertificateConfig", + "traits": { + "smithy.api#documentation": "

An object that specifies the client certificate configuration for a domain.

" + } } }, "traits": { @@ -35276,7 +35418,7 @@ "recipe": { "target": "com.amazonaws.iot#PackageVersionRecipe", "traits": { - "smithy.api#documentation": "

The inline job document associated with a software package version used for a quick job\n deployment via IoT Jobs.

" + "smithy.api#documentation": "

The inline job document associated with a software package version used for a quick job\n deployment.

" } }, "clientToken": { @@ -35421,7 +35563,7 @@ } ], "traits": { - "smithy.api#documentation": "

Updates a role alias.

\n

Requires permission to access the UpdateRoleAlias action.

", + "smithy.api#documentation": "

Updates a role alias.

\n

Requires permission to access the UpdateRoleAlias action.

\n \n

The value of \n credentialDurationSeconds\n must be less than or equal to the\n maximum session duration of the IAM role that the role alias references. For more\n information, see Modifying a role maximum session duration (Amazon Web Services API) from the Amazon Web Services\n Identity and Access Management User Guide.

\n ", "smithy.api#http": { "method": "PUT", "uri": "/role-aliases/{roleAlias}",