feat(client-iot): This release adds support for Custom Authentication with X.509 Client Certificates, support for Custom Client Certificate validation, and support for selecting application protocol and authentication type without requiring TLS ALPN for customer's AWS IoT Domain Configurations.

Author: awstools

clients/client-iot/src/commands/AssociateSbomWithPackageVersionCommand.ts

@@ -33,7 +33,7 @@ export interface AssociateSbomWithPackageVersionCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>Associates a software bill of materials (SBOM) with a specific software package version.</p>
+ * <p>Associates the selected software bill of materials (SBOM) with a specific software package version.</p>
  *          <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">AssociateSbomWithPackageVersion</a> action.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-iot/src/commands/CreateBillingGroupCommand.ts

@@ -28,7 +28,9 @@ export interface CreateBillingGroupCommandInput extends CreateBillingGroupReques
 export interface CreateBillingGroupCommandOutput extends CreateBillingGroupResponse, __MetadataBearer {}
 
 /**
- * <p>Creates a billing group.</p>
+ * <p>Creates a billing group. If this call is made multiple times using
+ * 			the same billing group name and configuration, the call will succeed. If this call is made with
+ * 			the same billing group name but different configuration a <code>ResourceAlreadyExistsException</code> is thrown.</p>
  *          <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">CreateBillingGroup</a> action.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-iot/src/commands/CreateDomainConfigurationCommand.ts

@@ -60,6 +60,11 @@ export interface CreateDomainConfigurationCommandOutput extends CreateDomainConf
  *   serverCertificateConfig: { // ServerCertificateConfig
  *     enableOCSPCheck: true || false,
  *   },
+ *   authenticationType: "CUSTOM_AUTH_X509" || "CUSTOM_AUTH" || "AWS_X509" || "AWS_SIGV4" || "DEFAULT",
+ *   applicationProtocol: "SECURE_MQTT" || "MQTT_WSS" || "HTTPS" || "DEFAULT",
+ *   clientCertificateConfig: { // ClientCertificateConfig
+ *     clientCertificateCallbackArn: "STRING_VALUE",
+ *   },
  * };
  * const command = new CreateDomainConfigurationCommand(input);
  * const response = await client.send(command);

clients/client-iot/src/commands/CreateRoleAliasCommand.ts

@@ -30,6 +30,14 @@ export interface CreateRoleAliasCommandOutput extends CreateRoleAliasResponse, _
 /**
  * <p>Creates a role alias.</p>
  *          <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">CreateRoleAlias</a> action.</p>
+ *          <important>
+ *             <p>The value of <a href="https://docs.aws.amazon.com/iot/latest/apireference/API_CreateRoleAlias.html#iot-CreateRoleAlias-request-credentialDurationSeconds">
+ *                   <code>credentialDurationSeconds</code>
+ *                </a> must be less than or equal to the maximum session
+ *             duration of the IAM role that the role alias references. For more information, see
+ *             <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing-api.html#roles-modify_max-session-duration-api">
+ *                Modifying a role maximum session duration (Amazon Web Services API)</a> from the Amazon Web Services Identity and Access Management User Guide.</p>
+ *          </important>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-iot/src/commands/CreateThingTypeCommand.ts

@@ -28,7 +28,10 @@ export interface CreateThingTypeCommandInput extends CreateThingTypeRequest {}
 export interface CreateThingTypeCommandOutput extends CreateThingTypeResponse, __MetadataBearer {}
 
 /**
- * <p>Creates a new thing type.</p>
+ * <p>Creates a new thing type. If this call is made multiple times using
+ * 			the same thing type name and configuration, the call will succeed. If this call is made with
+ * 			the same thing type name but different configuration a <code>ResourceAlreadyExistsException</code> is thrown.
+ * 		</p>
  *          <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">CreateThingType</a> action.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-iot/src/commands/DeleteBillingGroupCommand.ts

@@ -6,7 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { commonParams } from "../endpoint/EndpointParameters";
 import { IoTClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IoTClient";
-import { DeleteBillingGroupRequest, DeleteBillingGroupResponse } from "../models/models_0";
+import { DeleteBillingGroupRequest, DeleteBillingGroupResponse } from "../models/models_1";
 import { de_DeleteBillingGroupCommand, se_DeleteBillingGroupCommand } from "../protocols/Aws_restJson1";
 
 /**

clients/client-iot/src/commands/DescribeDomainConfigurationCommand.ts

@@ -71,6 +71,11 @@ export interface DescribeDomainConfigurationCommandOutput
  * //   serverCertificateConfig: { // ServerCertificateConfig
  * //     enableOCSPCheck: true || false,
  * //   },
+ * //   authenticationType: "CUSTOM_AUTH_X509" || "CUSTOM_AUTH" || "AWS_X509" || "AWS_SIGV4" || "DEFAULT",
+ * //   applicationProtocol: "SECURE_MQTT" || "MQTT_WSS" || "HTTPS" || "DEFAULT",
+ * //   clientCertificateConfig: { // ClientCertificateConfig
+ * //     clientCertificateCallbackArn: "STRING_VALUE",
+ * //   },
  * // };
  *
  * ```

clients/client-iot/src/commands/DisassociateSbomFromPackageVersionCommand.ts

@@ -36,7 +36,7 @@ export interface DisassociateSbomFromPackageVersionCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>Disassociates a software bill of materials (SBOM) from a specific software package version.</p>
+ * <p>Disassociates the selected software bill of materials (SBOM) from a specific software package version.</p>
  *          <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">DisassociateSbomWithPackageVersion</a> action.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-iot/src/commands/ListManagedJobTemplatesCommand.ts

@@ -6,7 +6,8 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { commonParams } from "../endpoint/EndpointParameters";
 import { IoTClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IoTClient";
-import { ListManagedJobTemplatesRequest, ListManagedJobTemplatesResponse } from "../models/models_1";
+import { ListManagedJobTemplatesRequest } from "../models/models_1";
+import { ListManagedJobTemplatesResponse } from "../models/models_2";
 import { de_ListManagedJobTemplatesCommand, se_ListManagedJobTemplatesCommand } from "../protocols/Aws_restJson1";
 
 /**

clients/client-iot/src/commands/ListMetricValuesCommand.ts

@@ -6,8 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { commonParams } from "../endpoint/EndpointParameters";
 import { IoTClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IoTClient";
-import { ListMetricValuesRequest } from "../models/models_1";
-import { ListMetricValuesResponse } from "../models/models_2";
+import { ListMetricValuesRequest, ListMetricValuesResponse } from "../models/models_2";
 import { de_ListMetricValuesCommand, se_ListMetricValuesCommand } from "../protocols/Aws_restJson1";
 
 /**

clients/client-iot/src/commands/UpdateDomainConfigurationCommand.ts

@@ -51,6 +51,11 @@ export interface UpdateDomainConfigurationCommandOutput extends UpdateDomainConf
  *   serverCertificateConfig: { // ServerCertificateConfig
  *     enableOCSPCheck: true || false,
  *   },
+ *   authenticationType: "CUSTOM_AUTH_X509" || "CUSTOM_AUTH" || "AWS_X509" || "AWS_SIGV4" || "DEFAULT",
+ *   applicationProtocol: "SECURE_MQTT" || "MQTT_WSS" || "HTTPS" || "DEFAULT",
+ *   clientCertificateConfig: { // ClientCertificateConfig
+ *     clientCertificateCallbackArn: "STRING_VALUE",
+ *   },
  * };
  * const command = new UpdateDomainConfigurationCommand(input);
  * const response = await client.send(command);

clients/client-iot/src/commands/UpdateRoleAliasCommand.ts

@@ -30,6 +30,14 @@ export interface UpdateRoleAliasCommandOutput extends UpdateRoleAliasResponse, _
 /**
  * <p>Updates a role alias.</p>
  *          <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">UpdateRoleAlias</a> action.</p>
+ *          <important>
+ *             <p>The value of <a href="https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateRoleAlias.html#iot-UpdateRoleAlias-request-credentialDurationSeconds">
+ *                   <code>credentialDurationSeconds</code>
+ *                </a> must be less than or equal to the
+ *             maximum session duration of the IAM role that the role alias references. For more
+ *             information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/roles-managingrole-editing-api.html#roles-modify_max-session-duration-api"> Modifying a role maximum session duration (Amazon Web Services API)</a> from the Amazon Web Services
+ *             Identity and Access Management User Guide.</p>
+ *          </important>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-iot/src/models/models_0.ts

@@ -2301,6 +2301,22 @@ export interface Allowed {
   policies?: Policy[];
 }
 
+/**
+ * @public
+ * @enum
+ */
+export const ApplicationProtocol = {
+  DEFAULT: "DEFAULT",
+  HTTPS: "HTTPS",
+  MQTT_WSS: "MQTT_WSS",
+  SECURE_MQTT: "SECURE_MQTT",
+} as const;
+
+/**
+ * @public
+ */
+export type ApplicationProtocol = (typeof ApplicationProtocol)[keyof typeof ApplicationProtocol];
+
 /**
  * <p>The S3 location.</p>
  * @public
@@ -2326,7 +2342,7 @@ export interface S3Location {
 }
 
 /**
- * <p>The Amazon S3 location for the software bill of materials associated with a software
+ * <p>A specific software bill of matrerials associated with a software
  *          package version.</p>
  * @public
  */
@@ -2355,7 +2371,7 @@ export interface AssociateSbomWithPackageVersionRequest {
   versionName: string | undefined;
 
   /**
-   * <p>The Amazon S3 location for the software bill of materials associated with a software
+   * <p>A specific software bill of matrerials associated with a software
    *          package version.</p>
    * @public
    */
@@ -2400,14 +2416,14 @@ export interface AssociateSbomWithPackageVersionResponse {
   versionName?: string;
 
   /**
-   * <p>The Amazon S3 location for the software bill of materials associated with a software
+   * <p>A specific software bill of matrerials associated with a software
    *          package version.</p>
    * @public
    */
   sbom?: Sbom;
 
   /**
-   * <p>The status of the initial validation for the SBOM against the Software Package Data Exchange (SPDX) and CycloneDX industry standard format.</p>
+   * <p>The status of the initial validation for the software bill of materials against the Software Package Data Exchange (SPDX) and CycloneDX industry standard formats.</p>
    * @public
    */
   sbomValidationStatus?: SbomValidationStatus;
@@ -3414,6 +3430,23 @@ export const AuthDecision = {
  */
 export type AuthDecision = (typeof AuthDecision)[keyof typeof AuthDecision];
 
+/**
+ * @public
+ * @enum
+ */
+export const AuthenticationType = {
+  AWS_SIGV4: "AWS_SIGV4",
+  AWS_X509: "AWS_X509",
+  CUSTOM_AUTH: "CUSTOM_AUTH",
+  CUSTOM_AUTH_X509: "CUSTOM_AUTH_X509",
+  DEFAULT: "DEFAULT",
+} as const;
+
+/**
+ * @public
+ */
+export type AuthenticationType = (typeof AuthenticationType)[keyof typeof AuthenticationType];
+
 /**
  * <p>A collection of authorization information.</p>
  * @public
@@ -4448,6 +4481,18 @@ export class CertificateValidationException extends __BaseException {
   }
 }
 
+/**
+ * <p>An object that specifies the client certificate configuration for a domain.</p>
+ * @public
+ */
+export interface ClientCertificateConfig {
+  /**
+   * <p>The ARN of the Lambda function that IoT invokes after mutual TLS authentication during the connection.</p>
+   * @public
+   */
+  clientCertificateCallbackArn?: string;
+}
+
 /**
  * <p>The server certificate configuration.</p>
  * @public
@@ -4561,6 +4606,82 @@ export interface CreateDomainConfigurationRequest {
    * @public
    */
   serverCertificateConfig?: ServerCertificateConfig;
+
+  /**
+   * <p>An enumerated string that specifies the authentication type.</p>
+   *          <ul>
+   *             <li>
+   *                <p>
+   *                   <code>CUSTOM_AUTH_X509</code> - Use custom authentication and authorization with additional details from the X.509 client certificate.</p>
+   *             </li>
+   *          </ul>
+   *          <ul>
+   *             <li>
+   *                <p>
+   *                   <code>CUSTOM_AUTH</code> - Use custom authentication and authorization. For more
+   *                information, see <a href="https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html">Custom authentication and authorization</a>.</p>
+   *             </li>
+   *          </ul>
+   *          <ul>
+   *             <li>
+   *                <p>
+   *                   <code>AWS_X509</code> - Use X.509 client certificates without custom authentication and authorization. For more information,
+   *                see <a href="https://docs.aws.amazon.com/iot/latest/developerguide/x509-client-certs.html">X.509 client certificates</a>.</p>
+   *             </li>
+   *          </ul>
+   *          <ul>
+   *             <li>
+   *                <p>
+   *                   <code>AWS_SIGV4</code> - Use Amazon Web Services Signature Version 4. For more information, see <a href="https://docs.aws.amazon.com/iot/latest/developerguide/custom-authentication.html">IAM users, groups, and roles</a>.</p>
+   *             </li>
+   *          </ul>
+   *          <ul>
+   *             <li>
+   *                <p>
+   *                   <code>DEFAULT</code> - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify authentication type.
+   *                For more information, see <a href="https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html">Device communication protocols</a>.</p>
+   *             </li>
+   *          </ul>
+   * @public
+   */
+  authenticationType?: AuthenticationType;
+
+  /**
+   * <p>An enumerated string that specifies the application-layer protocol.</p>
+   *          <ul>
+   *             <li>
+   *                <p>
+   *                   <code>SECURE_MQTT</code> - MQTT over TLS.</p>
+   *             </li>
+   *          </ul>
+   *          <ul>
+   *             <li>
+   *                <p>
+   *                   <code>MQTT_WSS</code> - MQTT over WebSocket.</p>
+   *             </li>
+   *          </ul>
+   *          <ul>
+   *             <li>
+   *                <p>
+   *                   <code>HTTPS</code> - HTTP over TLS.</p>
+   *             </li>
+   *          </ul>
+   *          <ul>
+   *             <li>
+   *                <p>
+   *                   <code>DEFAULT</code> - Use a combination of port and Application Layer Protocol Negotiation (ALPN) to specify application_layer protocol.
+   *                For more information, see <a href="https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html">Device communication protocols</a>.</p>
+   *             </li>
+   *          </ul>
+   * @public
+   */
+  applicationProtocol?: ApplicationProtocol;
+
+  /**
+   * <p>An object that specifies the client certificate configuration for a domain.</p>
+   * @public
+   */
+  clientCertificateConfig?: ClientCertificateConfig;
 }
 
 /**
@@ -6300,8 +6421,7 @@ export interface CreatePackageResponse {
 }
 
 /**
- * <p>The Amazon S3 location for the artifacts associated with a software package
- *          version.</p>
+ * <p>A specific package version artifact associated with a software package version.</p>
  * @public
  */
 export interface PackageVersionArtifact {
@@ -6350,7 +6470,7 @@ export interface CreatePackageVersionRequest {
 
   /**
    * <p>The inline job document associated with a software package version used for a quick job
-   *          deployment via IoT Jobs.</p>
+   *          deployment.</p>
    * @public
    */
   recipe?: string;
@@ -7710,51 +7830,6 @@ export class DeleteConflictException extends __BaseException {
   }
 }
 
-/**
- * @public
- */
-export interface DeleteBillingGroupRequest {
-  /**
-   * <p>The name of the billing group.</p>
-   * @public
-   */
-  billingGroupName: string | undefined;
-
-  /**
-   * <p>The expected version of the billing group. If the version of the billing group does
-   * 			not match the expected version specified in the request, the
-   * 				<code>DeleteBillingGroup</code> request is rejected with a
-   * 				<code>VersionConflictException</code>.</p>
-   * @public
-   */
-  expectedVersion?: number;
-}
-
-/**
- * @public
- */
-export interface DeleteBillingGroupResponse {}
-
-/**
- * <p>The certificate operation is not allowed.</p>
- * @public
- */
-export class CertificateStateException extends __BaseException {
-  readonly name: "CertificateStateException" = "CertificateStateException";
-  readonly $fault: "client" = "client";
-  /**
-   * @internal
-   */
-  constructor(opts: __ExceptionOptionType<CertificateStateException, __BaseException>) {
-    super({
-      name: "CertificateStateException",
-      $fault: "client",
-      ...opts,
-    });
-    Object.setPrototypeOf(this, CertificateStateException.prototype);
-  }
-}
-
 /**
  * @internal
  */