feat(client-cognito-identity-provider): Added email MFA option to user pools with advanced security features.

Author: awstools

clients/client-cognito-identity-provider/src/commands/AdminCreateUserCommand.ts

@@ -48,7 +48,7 @@ export interface AdminCreateUserCommandOutput extends AdminCreateUserResponse, _
  *             Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
  *             receive SMS messages might not be able to sign up, activate their accounts, or sign
  *             in.</p>
- *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
+ *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
  *             Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
  *                   <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
  *                     mode</a>

clients/client-cognito-identity-provider/src/commands/AdminInitiateAuthCommand.ts

@@ -46,7 +46,7 @@ export interface AdminInitiateAuthCommandOutput extends AdminInitiateAuthRespons
  *             Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
  *             receive SMS messages might not be able to sign up, activate their accounts, or sign
  *             in.</p>
- *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
+ *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
  *             Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
  *                   <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
  *                     mode</a>
@@ -110,7 +110,7 @@ export interface AdminInitiateAuthCommandOutput extends AdminInitiateAuthRespons
  * const command = new AdminInitiateAuthCommand(input);
  * const response = await client.send(command);
  * // { // AdminInitiateAuthResponse
- * //   ChallengeName: "SMS_MFA" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
+ * //   ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
  * //   Session: "STRING_VALUE",
  * //   ChallengeParameters: { // ChallengeParametersType
  * //     "<keys>": "STRING_VALUE",
@@ -139,6 +139,10 @@ export interface AdminInitiateAuthCommandOutput extends AdminInitiateAuthRespons
  * @throws {@link InternalErrorException} (server fault)
  *  <p>This exception is thrown when Amazon Cognito encounters an internal error.</p>
  *
+ * @throws {@link InvalidEmailRoleAccessPolicyException} (client fault)
+ *  <p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP
+ *             status code: 400.</p>
+ *
  * @throws {@link InvalidLambdaResponseException} (client fault)
  *  <p>This exception is thrown when Amazon Cognito encounters an invalid Lambda response.</p>
  *

clients/client-cognito-identity-provider/src/commands/AdminResetUserPasswordCommand.ts

@@ -48,7 +48,7 @@ export interface AdminResetUserPasswordCommandOutput extends AdminResetUserPassw
  *             Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
  *             receive SMS messages might not be able to sign up, activate their accounts, or sign
  *             in.</p>
- *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
+ *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
  *             Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
  *                   <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
  *                     mode</a>

clients/client-cognito-identity-provider/src/commands/AdminRespondToAuthChallengeCommand.ts

@@ -54,7 +54,7 @@ export interface AdminRespondToAuthChallengeCommandOutput
  *             Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
  *             receive SMS messages might not be able to sign up, activate their accounts, or sign
  *             in.</p>
- *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
+ *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
  *             Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
  *                   <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
  *                     mode</a>
@@ -92,7 +92,7 @@ export interface AdminRespondToAuthChallengeCommandOutput
  * const input = { // AdminRespondToAuthChallengeRequest
  *   UserPoolId: "STRING_VALUE", // required
  *   ClientId: "STRING_VALUE", // required
- *   ChallengeName: "SMS_MFA" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED", // required
+ *   ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED", // required
  *   ChallengeResponses: { // ChallengeResponsesType
  *     "<keys>": "STRING_VALUE",
  *   },
@@ -119,7 +119,7 @@ export interface AdminRespondToAuthChallengeCommandOutput
  * const command = new AdminRespondToAuthChallengeCommand(input);
  * const response = await client.send(command);
  * // { // AdminRespondToAuthChallengeResponse
- * //   ChallengeName: "SMS_MFA" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
+ * //   ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
  * //   Session: "STRING_VALUE",
  * //   ChallengeParameters: { // ChallengeParametersType
  * //     "<keys>": "STRING_VALUE",
@@ -162,6 +162,10 @@ export interface AdminRespondToAuthChallengeCommandOutput
  * @throws {@link InternalErrorException} (server fault)
  *  <p>This exception is thrown when Amazon Cognito encounters an internal error.</p>
  *
+ * @throws {@link InvalidEmailRoleAccessPolicyException} (client fault)
+ *  <p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP
+ *             status code: 400.</p>
+ *
  * @throws {@link InvalidLambdaResponseException} (client fault)
  *  <p>This exception is thrown when Amazon Cognito encounters an invalid Lambda response.</p>
  *

clients/client-cognito-identity-provider/src/commands/AdminSetUserMFAPreferenceCommand.ts

@@ -36,11 +36,11 @@ export interface AdminSetUserMFAPreferenceCommandInput extends AdminSetUserMFAPr
 export interface AdminSetUserMFAPreferenceCommandOutput extends AdminSetUserMFAPreferenceResponse, __MetadataBearer {}
 
 /**
- * <p>The user's multi-factor authentication (MFA) preference, including which MFA options
- *             are activated, and if any are preferred. Only one factor can be set as preferred. The
- *             preferred MFA factor will be used to authenticate a user if multiple factors are
- *             activated. If multiple options are activated and no preference is set, a challenge to
- *             choose an MFA option will be returned during sign-in.</p>
+ * <p>Sets the user's multi-factor authentication (MFA) preference, including which MFA
+ *             options are activated, and if any are preferred. Only one factor can be set as
+ *             preferred. The preferred MFA factor will be used to authenticate a user if multiple
+ *             factors are activated. If multiple options are activated and no preference is set, a
+ *             challenge to choose an MFA option will be returned during sign-in.</p>
  *          <note>
  *             <p>Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For
  *     this operation, you must use IAM credentials to authorize requests, and you must
@@ -76,6 +76,10 @@ export interface AdminSetUserMFAPreferenceCommandOutput extends AdminSetUserMFAP
  *     Enabled: true || false,
  *     PreferredMfa: true || false,
  *   },
+ *   EmailMfaSettings: { // EmailMfaSettingsType
+ *     Enabled: true || false,
+ *     PreferredMfa: true || false,
+ *   },
  *   Username: "STRING_VALUE", // required
  *   UserPoolId: "STRING_VALUE", // required
  * };

clients/client-cognito-identity-provider/src/commands/AdminUpdateUserAttributesCommand.ts

@@ -44,7 +44,7 @@ export interface AdminUpdateUserAttributesCommandOutput extends AdminUpdateUserA
  *             Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
  *             receive SMS messages might not be able to sign up, activate their accounts, or sign
  *             in.</p>
- *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
+ *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
  *             Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
  *                   <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
  *                     mode</a>

clients/client-cognito-identity-provider/src/commands/CreateUserPoolCommand.ts

@@ -40,7 +40,7 @@ export interface CreateUserPoolCommandOutput extends CreateUserPoolResponse, __M
  *             Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
  *             receive SMS messages might not be able to sign up, activate their accounts, or sign
  *             in.</p>
- *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
+ *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
  *             Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
  *                   <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
  *                     mode</a>

clients/client-cognito-identity-provider/src/commands/ForgotPasswordCommand.ts

@@ -62,7 +62,7 @@ export interface ForgotPasswordCommandOutput extends ForgotPasswordResponse, __M
  *             Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
  *             receive SMS messages might not be able to sign up, activate their accounts, or sign
  *             in.</p>
- *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
+ *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
  *             Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
  *                   <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
  *                     mode</a>

clients/client-cognito-identity-provider/src/commands/GetUserAttributeVerificationCodeCommand.ts

@@ -59,7 +59,7 @@ export interface GetUserAttributeVerificationCodeCommandOutput
  *             Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
  *             receive SMS messages might not be able to sign up, activate their accounts, or sign
  *             in.</p>
- *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
+ *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
  *             Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
  *                   <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
  *                     mode</a>

clients/client-cognito-identity-provider/src/commands/GetUserPoolMfaConfigCommand.ts

@@ -56,6 +56,10 @@ export interface GetUserPoolMfaConfigCommandOutput extends GetUserPoolMfaConfigR
  * //   SoftwareTokenMfaConfiguration: { // SoftwareTokenMfaConfigType
  * //     Enabled: true || false,
  * //   },
+ * //   EmailMfaConfiguration: { // EmailMfaConfigType
+ * //     Message: "STRING_VALUE",
+ * //     Subject: "STRING_VALUE",
+ * //   },
  * //   MfaConfiguration: "OFF" || "ON" || "OPTIONAL",
  * // };
  *

clients/client-cognito-identity-provider/src/commands/InitiateAuthCommand.ts

@@ -53,7 +53,7 @@ export interface InitiateAuthCommandOutput extends InitiateAuthResponse, __Metad
  *             Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
  *             receive SMS messages might not be able to sign up, activate their accounts, or sign
  *             in.</p>
- *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
+ *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
  *             Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
  *                   <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
  *                     mode</a>
@@ -88,7 +88,7 @@ export interface InitiateAuthCommandOutput extends InitiateAuthResponse, __Metad
  * const command = new InitiateAuthCommand(input);
  * const response = await client.send(command);
  * // { // InitiateAuthResponse
- * //   ChallengeName: "SMS_MFA" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
+ * //   ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
  * //   Session: "STRING_VALUE",
  * //   ChallengeParameters: { // ChallengeParametersType
  * //     "<keys>": "STRING_VALUE",
@@ -121,6 +121,10 @@ export interface InitiateAuthCommandOutput extends InitiateAuthResponse, __Metad
  * @throws {@link InternalErrorException} (server fault)
  *  <p>This exception is thrown when Amazon Cognito encounters an internal error.</p>
  *
+ * @throws {@link InvalidEmailRoleAccessPolicyException} (client fault)
+ *  <p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP
+ *             status code: 400.</p>
+ *
  * @throws {@link InvalidLambdaResponseException} (client fault)
  *  <p>This exception is thrown when Amazon Cognito encounters an invalid Lambda response.</p>
  *

clients/client-cognito-identity-provider/src/commands/ResendConfirmationCodeCommand.ts

@@ -52,7 +52,7 @@ export interface ResendConfirmationCodeCommandOutput extends ResendConfirmationC
  *             Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
  *             receive SMS messages might not be able to sign up, activate their accounts, or sign
  *             in.</p>
- *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
+ *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
  *             Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
  *                   <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
  *                     mode</a>

clients/client-cognito-identity-provider/src/commands/RespondToAuthChallengeCommand.ts

@@ -10,12 +10,8 @@ import {
   ServiceOutputTypes,
 } from "../CognitoIdentityProviderClient";
 import { commonParams } from "../endpoint/EndpointParameters";
-import {
-  RespondToAuthChallengeRequest,
-  RespondToAuthChallengeRequestFilterSensitiveLog,
-  RespondToAuthChallengeResponse,
-  RespondToAuthChallengeResponseFilterSensitiveLog,
-} from "../models/models_0";
+import { RespondToAuthChallengeRequest, RespondToAuthChallengeRequestFilterSensitiveLog } from "../models/models_0";
+import { RespondToAuthChallengeResponse, RespondToAuthChallengeResponseFilterSensitiveLog } from "../models/models_1";
 import { de_RespondToAuthChallengeCommand, se_RespondToAuthChallengeCommand } from "../protocols/Aws_json1_1";
 
 /**
@@ -58,7 +54,7 @@ export interface RespondToAuthChallengeCommandOutput extends RespondToAuthChalle
  *             Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must
  *             receive SMS messages might not be able to sign up, activate their accounts, or sign
  *             in.</p>
- *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Services service,
+ *             <p>If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
  *             Amazon Simple Notification Service might place your account in the SMS sandbox. In <i>
  *                   <a href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
  *                     mode</a>
@@ -75,7 +71,7 @@ export interface RespondToAuthChallengeCommandOutput extends RespondToAuthChalle
  * const client = new CognitoIdentityProviderClient(config);
  * const input = { // RespondToAuthChallengeRequest
  *   ClientId: "STRING_VALUE", // required
- *   ChallengeName: "SMS_MFA" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED", // required
+ *   ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED", // required
  *   Session: "STRING_VALUE",
  *   ChallengeResponses: { // ChallengeResponsesType
  *     "<keys>": "STRING_VALUE",
@@ -94,7 +90,7 @@ export interface RespondToAuthChallengeCommandOutput extends RespondToAuthChalle
  * const command = new RespondToAuthChallengeCommand(input);
  * const response = await client.send(command);
  * // { // RespondToAuthChallengeResponse
- * //   ChallengeName: "SMS_MFA" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
+ * //   ChallengeName: "SMS_MFA" || "EMAIL_OTP" || "SOFTWARE_TOKEN_MFA" || "SELECT_MFA_TYPE" || "MFA_SETUP" || "PASSWORD_VERIFIER" || "CUSTOM_CHALLENGE" || "DEVICE_SRP_AUTH" || "DEVICE_PASSWORD_VERIFIER" || "ADMIN_NO_SRP_AUTH" || "NEW_PASSWORD_REQUIRED",
  * //   Session: "STRING_VALUE",
  * //   ChallengeParameters: { // ChallengeParametersType
  * //     "<keys>": "STRING_VALUE",
@@ -141,6 +137,10 @@ export interface RespondToAuthChallengeCommandOutput extends RespondToAuthChalle
  * @throws {@link InternalErrorException} (server fault)
  *  <p>This exception is thrown when Amazon Cognito encounters an internal error.</p>
  *
+ * @throws {@link InvalidEmailRoleAccessPolicyException} (client fault)
+ *  <p>This exception is thrown when Amazon Cognito isn't allowed to use your email identity. HTTP
+ *             status code: 400.</p>
+ *
  * @throws {@link InvalidLambdaResponseException} (client fault)
  *  <p>This exception is thrown when Amazon Cognito encounters an invalid Lambda response.</p>
  *

clients/client-cognito-identity-provider/src/commands/RevokeTokenCommand.ts

@@ -10,8 +10,7 @@ import {
   ServiceOutputTypes,
 } from "../CognitoIdentityProviderClient";
 import { commonParams } from "../endpoint/EndpointParameters";
-import { RevokeTokenRequest, RevokeTokenRequestFilterSensitiveLog } from "../models/models_0";
-import { RevokeTokenResponse } from "../models/models_1";
+import { RevokeTokenRequest, RevokeTokenRequestFilterSensitiveLog, RevokeTokenResponse } from "../models/models_1";
 import { de_RevokeTokenCommand, se_RevokeTokenCommand } from "../protocols/Aws_json1_1";
 
 /**