AWS Glue is introducing two new optimizers for Apache Iceberg tables:…

… snapshot retention and orphan file deletion. Customers can enable these optimizers and customize their configurations to perform daily maintenance tasks on their Iceberg tables based on their specific requirements.

The S3 File Gateway now supports DSSE-KMS encryption. A new parameter EncryptionType is added to these APIs: CreateSmbFileShare, CreateNfsFileShare, UpdateSmbFileShare, UpdateNfsFileShare, DescribeSmbFileShares, DescribeNfsFileShares. Also, in favor of EncryptionType, KmsEncrypted is deprecated.
This release adds support for the os-upgrade pending maintenance action for Amazon Aurora DB clusters.
Added email MFA option to user pools with advanced security features.
Update APIs to allow modification of ODCR options, allocation strategy, and InstanceTypeConfigs on running InstanceFleet clusters.
Correct incorrectly mapped error in ELBv2 waiters
This release includes support for dynamic video overlay workflows, including picture-in-picture and squeezeback
This release introduces two features. The first is tag replication, which allows for the propagation of canary tags onto Synthetics related resources, such as Lambda functions. The second is a limit increase in canary name length, which has now been increased from 21 to 255 characters.

VERSION

@@ -1 +1 @@
-1.11.403
+1.11.404

generated/src/aws-cpp-sdk-cognito-idp/include/aws/cognito-idp/CognitoIdentityProviderClient.h

@@ -254,7 +254,7 @@ namespace CognitoIdentityProvider
          * Pinpoint</a>. Amazon Cognito uses the registered number automatically.
          * Otherwise, Amazon Cognito users who must receive SMS messages might not be able
          * to sign up, activate their accounts, or sign in.</p> <p>If you have never used
-         * SMS text messages with Amazon Cognito or any other Amazon Web Services service,
+         * SMS text messages with Amazon Cognito or any other Amazon Web Servicesservice,
          * Amazon Simple Notification Service might place your account in the SMS sandbox.
          * In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
@@ -616,7 +616,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you
@@ -855,7 +855,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you
@@ -922,7 +922,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you
@@ -964,9 +964,9 @@ namespace CognitoIdentityProvider
         }
 
         /**
-         * <p>The user's multi-factor authentication (MFA) preference, including which MFA
-         * options are activated, and if any are preferred. Only one factor can be set as
-         * preferred. The preferred MFA factor will be used to authenticate a user if
+         * <p>Sets the user's multi-factor authentication (MFA) preference, including which
+         * MFA options are activated, and if any are preferred. Only one factor can be set
+         * as preferred. The preferred MFA factor will be used to authenticate a user if
          * multiple factors are activated. If multiple options are activated and no
          * preference is set, a challenge to choose an MFA option will be returned during
          * sign-in.</p>  <p>Amazon Cognito evaluates Identity and Access Management
@@ -1173,7 +1173,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you
@@ -1616,7 +1616,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you
@@ -2216,7 +2216,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you
@@ -2499,7 +2499,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you
@@ -2628,7 +2628,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you
@@ -3017,7 +3017,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you
@@ -3073,7 +3073,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you
@@ -3283,7 +3283,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you
@@ -3370,7 +3370,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you
@@ -3715,7 +3715,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you
@@ -3756,7 +3756,7 @@ namespace CognitoIdentityProvider
          * Cognito uses the registered number automatically. Otherwise, Amazon Cognito
          * users who must receive SMS messages might not be able to sign up, activate their
          * accounts, or sign in.</p> <p>If you have never used SMS text messages with
-         * Amazon Cognito or any other Amazon Web Services service, Amazon Simple
+         * Amazon Cognito or any other Amazon Web Servicesservice, Amazon Simple
          * Notification Service might place your account in the SMS sandbox. In <i> <a
          * href="https://docs.aws.amazon.com/sns/latest/dg/sns-sms-sandbox.html">sandbox
          * mode</a> </i>, you can send messages only to verified phone numbers. After you

generated/src/aws-cpp-sdk-cognito-idp/include/aws/cognito-idp/model/AdminGetUserResult.h

@@ -153,7 +153,8 @@ namespace Model
     ///@{
     /**
      * <p>The MFA options that are activated for the user. The possible values in this
-     * list are <code>SMS_MFA</code> and <code>SOFTWARE_TOKEN_MFA</code>.</p>
+     * list are <code>SMS_MFA</code>, <code>EMAIL_OTP</code>, and
+     * <code>SOFTWARE_TOKEN_MFA</code>.</p>
      */
     inline const Aws::Vector<Aws::String>& GetUserMFASettingList() const{ return m_userMFASettingList; }
     inline void SetUserMFASettingList(const Aws::Vector<Aws::String>& value) { m_userMFASettingList = value; }

generated/src/aws-cpp-sdk-cognito-idp/include/aws/cognito-idp/model/AdminInitiateAuthResult.h

@@ -49,20 +49,24 @@ namespace Model
      * who don't have at least one of the MFA methods set up are presented with an
      * <code>MFA_SETUP</code> challenge. The user must set up at least one MFA type to
      * continue to authenticate.</p> </li> <li> <p> <code>SELECT_MFA_TYPE</code>:
-     * Selects the MFA type. Valid MFA options are <code>SMS_MFA</code> for text SMS
-     * MFA, and <code>SOFTWARE_TOKEN_MFA</code> for time-based one-time password (TOTP)
-     * software token MFA.</p> </li> <li> <p> <code>SMS_MFA</code>: Next challenge is
-     * to supply an <code>SMS_MFA_CODE</code>, delivered via SMS.</p> </li> <li> <p>
-     * <code>PASSWORD_VERIFIER</code>: Next challenge is to supply
-     * <code>PASSWORD_CLAIM_SIGNATURE</code>, <code>PASSWORD_CLAIM_SECRET_BLOCK</code>,
-     * and <code>TIMESTAMP</code> after the client-side SRP calculations.</p> </li>
-     * <li> <p> <code>CUSTOM_CHALLENGE</code>: This is returned if your custom
-     * authentication flow determines that the user should pass another challenge
-     * before tokens are issued.</p> </li> <li> <p> <code>DEVICE_SRP_AUTH</code>: If
-     * device tracking was activated in your user pool and the previous challenges were
-     * passed, this challenge is returned so that Amazon Cognito can start tracking
-     * this device.</p> </li> <li> <p> <code>DEVICE_PASSWORD_VERIFIER</code>: Similar
-     * to <code>PASSWORD_VERIFIER</code>, but for devices only.</p> </li> <li> <p>
+     * Selects the MFA type. Valid MFA options are <code>SMS_MFA</code> for SMS message
+     * MFA, <code>EMAIL_OTP</code> for email message MFA, and
+     * <code>SOFTWARE_TOKEN_MFA</code> for time-based one-time password (TOTP) software
+     * token MFA.</p> </li> <li> <p> <code>SMS_MFA</code>: Next challenge is to supply
+     * an <code>SMS_MFA_CODE</code>that your user pool delivered in an SMS message.</p>
+     * </li> <li> <p> <code>EMAIL_OTP</code>: Next challenge is to supply an
+     * <code>EMAIL_OTP_CODE</code> that your user pool delivered in an email
+     * message.</p> </li> <li> <p> <code>PASSWORD_VERIFIER</code>: Next challenge is to
+     * supply <code>PASSWORD_CLAIM_SIGNATURE</code>,
+     * <code>PASSWORD_CLAIM_SECRET_BLOCK</code>, and <code>TIMESTAMP</code> after the
+     * client-side SRP calculations.</p> </li> <li> <p> <code>CUSTOM_CHALLENGE</code>:
+     * This is returned if your custom authentication flow determines that the user
+     * should pass another challenge before tokens are issued.</p> </li> <li> <p>
+     * <code>DEVICE_SRP_AUTH</code>: If device tracking was activated in your user pool
+     * and the previous challenges were passed, this challenge is returned so that
+     * Amazon Cognito can start tracking this device.</p> </li> <li> <p>
+     * <code>DEVICE_PASSWORD_VERIFIER</code>: Similar to
+     * <code>PASSWORD_VERIFIER</code>, but for devices only.</p> </li> <li> <p>
      * <code>ADMIN_NO_SRP_AUTH</code>: This is returned if you must authenticate with
      * <code>USERNAME</code> and <code>PASSWORD</code> directly. An app client must be
      * enabled to use this flow.</p> </li> <li> <p> <code>NEW_PASSWORD_REQUIRED</code>:

generated/src/aws-cpp-sdk-cognito-idp/include/aws/cognito-idp/model/AdminRespondToAuthChallengeRequest.h

@@ -91,14 +91,20 @@ namespace Model
      * parameters.</p>  <p>You must provide a SECRET_HASH parameter in all
      * challenge responses to an app client that has a client secret.</p> 
      * <dl> <dt>SMS_MFA</dt> <dd> <p> <code>"ChallengeName": "SMS_MFA",
-     * "ChallengeResponses": {"SMS_MFA_CODE": "[SMS_code]", "USERNAME":
-     * "[username]"}</code> </p> </dd> <dt>PASSWORD_VERIFIER</dt> <dd> <p>
-     * <code>"ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses":
-     * {"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK":
-     * "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}</code>
-     * </p> <p>Add <code>"DEVICE_KEY"</code> when you sign in with a remembered
-     * device.</p> </dd> <dt>CUSTOM_CHALLENGE</dt> <dd> <p> <code>"ChallengeName":
-     * "CUSTOM_CHALLENGE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER":
+     * "ChallengeResponses": {"SMS_MFA_CODE": "[code]", "USERNAME":
+     * "[username]"}</code> </p> </dd> <dt>EMAIL_OTP</dt> <dd> <p>
+     * <code>"ChallengeName": "EMAIL_OTP", "ChallengeResponses": {"EMAIL_OTP_CODE":
+     * "[code]", "USERNAME": "[username]"}</code> </p> </dd> <dt>PASSWORD_VERIFIER</dt>
+     * <dd> <p>This challenge response is part of the SRP flow. Amazon Cognito requires
+     * that your application respond to this challenge within a few seconds. When the
+     * response time exceeds this period, your user pool returns a
+     * <code>NotAuthorizedException</code> error.</p> <p> <code>"ChallengeName":
+     * "PASSWORD_VERIFIER", "ChallengeResponses": {"PASSWORD_CLAIM_SIGNATURE":
+     * "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]",
+     * "TIMESTAMP": [timestamp], "USERNAME": "[username]"}</code> </p> <p>Add
+     * <code>"DEVICE_KEY"</code> when you sign in with a remembered device.</p> </dd>
+     * <dt>CUSTOM_CHALLENGE</dt> <dd> <p> <code>"ChallengeName": "CUSTOM_CHALLENGE",
+     * "ChallengeResponses": {"USERNAME": "[username]", "ANSWER":
      * "[challenge_answer]"}</code> </p> <p>Add <code>"DEVICE_KEY"</code> when you sign
      * in with a remembered device.</p> </dd> <dt>NEW_PASSWORD_REQUIRED</dt> <dd> <p>
      * <code>"ChallengeName": "NEW_PASSWORD_REQUIRED", "ChallengeResponses":