feat(client-iot): This release allows AWS IoT Core users to enable On…

…line Certificate Status Protocol (OCSP) Stapling for TLS X.509 Server Certificates when creating and updating AWS IoT Domain Configurations with Custom Domain.

clients/client-iot/src/commands/CreateDomainConfigurationCommand.ts

@@ -57,6 +57,9 @@ export interface CreateDomainConfigurationCommandOutput extends CreateDomainConf
  *   tlsConfig: { // TlsConfig
  *     securityPolicy: "STRING_VALUE",
  *   },
+ *   serverCertificateConfig: { // ServerCertificateConfig
+ *     enableOCSPCheck: true || false,
+ *   },
  * };
  * const command = new CreateDomainConfigurationCommand(input);
  * const response = await client.send(command);

clients/client-iot/src/commands/DeleteCustomMetricCommand.ts

@@ -6,8 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { commonParams } from "../endpoint/EndpointParameters";
 import { IoTClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IoTClient";
-import { DeleteCustomMetricRequest } from "../models/models_0";
-import { DeleteCustomMetricResponse } from "../models/models_1";
+import { DeleteCustomMetricRequest, DeleteCustomMetricResponse } from "../models/models_1";
 import { de_DeleteCustomMetricCommand, se_DeleteCustomMetricCommand } from "../protocols/Aws_restJson1";
 
 /**

clients/client-iot/src/commands/DescribeDomainConfigurationCommand.ts

@@ -68,6 +68,9 @@ export interface DescribeDomainConfigurationCommandOutput
  * //   tlsConfig: { // TlsConfig
  * //     securityPolicy: "STRING_VALUE",
  * //   },
+ * //   serverCertificateConfig: { // ServerCertificateConfig
+ * //     enableOCSPCheck: true || false,
+ * //   },
  * // };
  *
  * ```

clients/client-iot/src/commands/DescribeEndpointCommand.ts

@@ -28,7 +28,11 @@ export interface DescribeEndpointCommandOutput extends DescribeEndpointResponse,
 
 /**
  * @public
- * <p>Returns a unique endpoint specific to the Amazon Web Services account making the call.</p>
+ * <p>Returns or creates a unique endpoint specific to the Amazon Web Services account making the
+ *          call.</p>
+ *          <note>
+ *             <p>The first time <code>DescribeEndpoint</code> is called, an endpoint is created. All subsequent calls to <code>DescribeEndpoint</code> return the same endpoint.</p>
+ *          </note>
  *          <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">DescribeEndpoint</a> action.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-iot/src/commands/GetRegistrationCodeCommand.ts

@@ -29,6 +29,9 @@ export interface GetRegistrationCodeCommandOutput extends GetRegistrationCodeRes
 /**
  * @public
  * <p>Gets a registration code used to register a CA certificate with IoT.</p>
+ *          <p>IoT will create a registration code as part of this API call if the registration
+ *          code doesn't exist or has been deleted. If you already have a registration code, this API
+ *          call will return the same registration code.</p>
  *          <p>Requires permission to access the <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions">GetRegistrationCode</a> action.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-iot/src/commands/ListOutgoingCertificatesCommand.ts

@@ -6,8 +6,7 @@ import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { commonParams } from "../endpoint/EndpointParameters";
 import { IoTClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../IoTClient";
-import { ListOutgoingCertificatesRequest } from "../models/models_1";
-import { ListOutgoingCertificatesResponse } from "../models/models_2";
+import { ListOutgoingCertificatesRequest, ListOutgoingCertificatesResponse } from "../models/models_2";
 import { de_ListOutgoingCertificatesCommand, se_ListOutgoingCertificatesCommand } from "../protocols/Aws_restJson1";
 
 /**

clients/client-iot/src/commands/UpdateDomainConfigurationCommand.ts

@@ -48,6 +48,9 @@ export interface UpdateDomainConfigurationCommandOutput extends UpdateDomainConf
  *   tlsConfig: { // TlsConfig
  *     securityPolicy: "STRING_VALUE",
  *   },
+ *   serverCertificateConfig: { // ServerCertificateConfig
+ *     enableOCSPCheck: true || false,
+ *   },
  * };
  * const command = new UpdateDomainConfigurationCommand(input);
  * const response = await client.send(command);

clients/client-iot/src/models/models_0.ts

@@ -4245,6 +4245,21 @@ export class CertificateValidationException extends __BaseException {
   }
 }
 
+/**
+ * @public
+ * <p>The server certificate configuration.</p>
+ */
+export interface ServerCertificateConfig {
+  /**
+   * @public
+   * <p>A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server
+   *          certificate check is enabled or not.</p>
+   *          <p>For more information, see <a href="https://docs.aws.amazon.com/iot/latest/developerguide/iot-custom-domain-ocsp-config.html">Configuring OCSP server-certificate stapling in domain
+   *          configuration</a> from Amazon Web Services IoT Core Developer Guide.</p>
+   */
+  enableOCSPCheck?: boolean;
+}
+
 /**
  * @public
  * @enum
@@ -4337,6 +4352,12 @@ export interface CreateDomainConfigurationRequest {
    * <p>An object that specifies the TLS configuration for a domain.</p>
    */
   tlsConfig?: TlsConfig;
+
+  /**
+   * @public
+   * <p>The server certificate configuration.</p>
+   */
+  serverCertificateConfig?: ServerCertificateConfig;
 }
 
 /**
@@ -7668,19 +7689,6 @@ export interface DeleteCertificateProviderRequest {
  */
 export interface DeleteCertificateProviderResponse {}
 
-/**
- * @public
- */
-export interface DeleteCustomMetricRequest {
-  /**
-   * @public
-   * <p>
-   *       The name of the custom metric.
-   *     </p>
-   */
-  metricName: string | undefined;
-}
-
 /**
  * @internal
  */

clients/client-iot/src/models/models_1.ts

@@ -57,6 +57,7 @@ import {
   ProvisioningHook,
   ResourceIdentifier,
   SchedulingConfig,
+  ServerCertificateConfig,
   ServiceType,
   StreamFile,
   TargetSelection,
@@ -70,6 +71,19 @@ import {
   VerificationState,
 } from "./models_0";
 
+/**
+ * @public
+ */
+export interface DeleteCustomMetricRequest {
+  /**
+   * @public
+   * <p>
+   *       The name of the custom metric.
+   *     </p>
+   */
+  metricName: string | undefined;
+}
+
 /**
  * @public
  */
@@ -1963,6 +1977,12 @@ export interface DescribeDomainConfigurationResponse {
    * <p>An object that specifies the TLS configuration for a domain.</p>
    */
   tlsConfig?: TlsConfig;
+
+  /**
+   * @public
+   * <p>The server certificate configuration.</p>
+   */
+  serverCertificateConfig?: ServerCertificateConfig;
 }
 
 /**
@@ -7443,31 +7463,6 @@ export interface ListOTAUpdatesResponse {
   nextToken?: string;
 }
 
-/**
- * @public
- * <p>The input to the ListOutgoingCertificates operation.</p>
- */
-export interface ListOutgoingCertificatesRequest {
-  /**
-   * @public
-   * <p>The result page size.</p>
-   */
-  pageSize?: number;
-
-  /**
-   * @public
-   * <p>The marker for the next set of results.</p>
-   */
-  marker?: string;
-
-  /**
-   * @public
-   * <p>Specifies the order for results. If True, the results are returned in ascending
-   *          order, based on the creation date.</p>
-   */
-  ascendingOrder?: boolean;
-}
-
 /**
  * @internal
  */

clients/client-iot/src/models/models_2.ts

@@ -39,6 +39,7 @@ import {
   ProvisioningHook,
   RelatedResource,
   ResourceIdentifier,
+  ServerCertificateConfig,
   StreamFile,
   Tag,
   TemplateType,
@@ -72,6 +73,31 @@ import {
   ViolationEventOccurrenceRange,
 } from "./models_1";
 
+/**
+ * @public
+ * <p>The input to the ListOutgoingCertificates operation.</p>
+ */
+export interface ListOutgoingCertificatesRequest {
+  /**
+   * @public
+   * <p>The result page size.</p>
+   */
+  pageSize?: number;
+
+  /**
+   * @public
+   * <p>The marker for the next set of results.</p>
+   */
+  marker?: string;
+
+  /**
+   * @public
+   * <p>Specifies the order for results. If True, the results are returned in ascending
+   *          order, based on the creation date.</p>
+   */
+  ascendingOrder?: boolean;
+}
+
 /**
  * @public
  * <p>A certificate that has been transferred but not yet accepted.</p>
@@ -3865,6 +3891,12 @@ export interface UpdateDomainConfigurationRequest {
    * <p>An object that specifies the TLS configuration for a domain.</p>
    */
   tlsConfig?: TlsConfig;
+
+  /**
+   * @public
+   * <p>The server certificate configuration.</p>
+   */
+  serverCertificateConfig?: ServerCertificateConfig;
 }
 
 /**

clients/client-iot/src/protocols/Aws_restJson1.ts

@@ -839,6 +839,7 @@ import {
   S3Location,
   SalesforceAction,
   SchedulingConfig,
+  ServerCertificateConfig,
   ServiceQuotaExceededException,
   ServiceUnavailableException,
   SigningProfileParameter,
@@ -1470,6 +1471,7 @@ export const se_CreateDomainConfigurationCommand = async (
       authorizerConfig: (_) => _json(_),
       domainName: [],
       serverCertificateArns: (_) => _json(_),
+      serverCertificateConfig: (_) => _json(_),
       serviceType: [],
       tags: (_) => _json(_),
       tlsConfig: (_) => _json(_),
@@ -5892,6 +5894,7 @@ export const se_UpdateDomainConfigurationCommand = async (
       authorizerConfig: (_) => _json(_),
       domainConfigurationStatus: [],
       removeAuthorizerConfig: [],
+      serverCertificateConfig: (_) => _json(_),
       tlsConfig: (_) => _json(_),
     })
   );
@@ -8332,6 +8335,7 @@ export const de_DescribeDomainConfigurationCommand = async (
     domainName: __expectString,
     domainType: __expectString,
     lastStatusChangeDate: (_) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
+    serverCertificateConfig: _json,
     serverCertificates: _json,
     serviceType: __expectString,
     tlsConfig: _json,
@@ -13024,6 +13028,8 @@ const se_PercentList = (input: number[], context: __SerdeContext): any => {
 
 // se_ServerCertificateArns omitted.
 
+// se_ServerCertificateConfig omitted.
+
 // se_SigningProfileParameter omitted.
 
 // se_SigV4Authorization omitted.
@@ -14492,6 +14498,8 @@ const de_RoleAliasDescription = (output: any, context: __SerdeContext): RoleAlia
 
 // de_SecurityProfileTargets omitted.
 
+// de_ServerCertificateConfig omitted.
+
 // de_ServerCertificates omitted.
 
 // de_ServerCertificateSummary omitted.

codegen/sdk-codegen/aws-models/iot.json

@@ -7003,6 +7003,12 @@
           "traits": {
             "smithy.api#documentation": "<p>An object that specifies the TLS configuration for a domain.</p>"
           }
+        },
+        "serverCertificateConfig": {
+          "target": "com.amazonaws.iot#ServerCertificateConfig",
+          "traits": {
+            "smithy.api#documentation": "<p>The server certificate configuration.</p>"
+          }
         }
       },
       "traits": {
@@ -13144,6 +13150,12 @@
           "traits": {
             "smithy.api#documentation": "<p>An object that specifies the TLS configuration for a domain.</p>"
           }
+        },
+        "serverCertificateConfig": {
+          "target": "com.amazonaws.iot#ServerCertificateConfig",
+          "traits": {
+            "smithy.api#documentation": "<p>The server certificate configuration.</p>"
+          }
         }
       },
       "traits": {
@@ -13173,7 +13185,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Returns a unique endpoint specific to the Amazon Web Services account making the call.</p>\n         <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">DescribeEndpoint</a> action.</p>",
+        "smithy.api#documentation": "<p>Returns or creates a unique endpoint specific to the Amazon Web Services account making the\n         call.</p>\n         <note>\n            <p>The first time <code>DescribeEndpoint</code> is called, an endpoint is created. All subsequent calls to <code>DescribeEndpoint</code> return the same endpoint.</p>\n         </note>\n         <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">DescribeEndpoint</a> action.</p>",
         "smithy.api#http": {
           "method": "GET",
           "uri": "/endpoint",
@@ -16123,6 +16135,9 @@
         "smithy.api#documentation": "<p>Parameters used when defining a mitigation action that enable Amazon Web Services IoT Core logging.</p>"
       }
     },
+    "com.amazonaws.iot#EnableOCSPCheck": {
+      "type": "boolean"
+    },
     "com.amazonaws.iot#EnableTopicRule": {
       "type": "operation",
       "input": {
@@ -18075,7 +18090,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Gets a registration code used to register a CA certificate with IoT.</p>\n         <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">GetRegistrationCode</a> action.</p>",
+        "smithy.api#documentation": "<p>Gets a registration code used to register a CA certificate with IoT.</p>\n         <p>IoT will create a registration code as part of this API call if the registration\n         code doesn't exist or has been deleted. If you already have a registration code, this API\n         call will return the same registration code.</p>\n         <p>Requires permission to access the <a href=\"https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions\">GetRegistrationCode</a> action.</p>",
         "smithy.api#http": {
           "method": "GET",
           "uri": "/registrationcode",
@@ -29757,6 +29772,20 @@
         }
       }
     },
+    "com.amazonaws.iot#ServerCertificateConfig": {
+      "type": "structure",
+      "members": {
+        "enableOCSPCheck": {
+          "target": "com.amazonaws.iot#EnableOCSPCheck",
+          "traits": {
+            "smithy.api#documentation": "<p>A Boolean value that indicates whether Online Certificate Status Protocol (OCSP) server\n         certificate check is enabled or not.</p>\n         <p>For more information, see <a href=\"https://docs.aws.amazon.com/iot/latest/developerguide/iot-custom-domain-ocsp-config.html\">Configuring OCSP server-certificate stapling in domain\n         configuration</a> from Amazon Web Services IoT Core Developer Guide.</p>"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>The server certificate configuration.</p>"
+      }
+    },
     "com.amazonaws.iot#ServerCertificateStatus": {
       "type": "enum",
       "members": {
@@ -34005,6 +34034,12 @@
           "traits": {
             "smithy.api#documentation": "<p>An object that specifies the TLS configuration for a domain.</p>"
           }
+        },
+        "serverCertificateConfig": {
+          "target": "com.amazonaws.iot#ServerCertificateConfig",
+          "traits": {
+            "smithy.api#documentation": "<p>The server certificate configuration.</p>"
+          }
         }
       },
       "traits": {