lib/aws-sdk-iam/client.rb in aws-sdk-iam-1.56.0 vs lib/aws-sdk-iam/client.rb in aws-sdk-iam-1.57.0

@@ -1248,10 +1248,20 @@
     #   IdP uses
     #
     # You get all of this information from the OIDC IdP that you want to use
     # to access Amazon Web Services.
     #
+    # <note markdown="1"> Amazon Web Services secures communication with some OIDC identity
+    # providers (IdPs) through our library of trusted certificate
+    # authorities (CAs) instead of using a certificate thumbprint to verify
+    # your IdP server certificate. These OIDC IdPs include Google, and those
+    # that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS)
+    # endpoint. In these cases, your legacy thumbprint remains in your
+    # configuration, but is no longer used for validation.
+    #
+    #  </note>
+    #
     # <note markdown="1"> The trust for the OIDC provider is derived from the IAM provider that
     # this operation creates. Therefore, it is best to limit access to the
     # CreateOpenIDConnectProvider operation to highly privileged users.
     #
     #  </note>
@@ -12165,22 +12175,32 @@
     #
     # The list that you pass with this operation completely replaces the
     # existing list of thumbprints. (The lists are not merged.)
     #
     # Typically, you need to update a thumbprint only when the identity
-    # provider's certificate changes, which occurs rarely. However, if the
+    # provider certificate changes, which occurs rarely. However, if the
     # provider's certificate *does* change, any attempt to assume an IAM
     # role that specifies the OIDC provider as a principal fails until the
     # certificate thumbprint is updated.
     #
-    # <note markdown="1"> Trust for the OIDC provider is derived from the provider's
-    # certificate and is validated by the thumbprint. Therefore, it is best
-    # to limit access to the `UpdateOpenIDConnectProviderThumbprint`
-    # operation to highly privileged users.
+    # <note markdown="1"> Amazon Web Services secures communication with some OIDC identity
+    # providers (IdPs) through our library of trusted certificate
+    # authorities (CAs) instead of using a certificate thumbprint to verify
+    # your IdP server certificate. These OIDC IdPs include Google, and those
+    # that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS)
+    # endpoint. In these cases, your legacy thumbprint remains in your
+    # configuration, but is no longer used for validation.
     #
     #  </note>
     #
+    # <note markdown="1"> Trust for the OIDC provider is derived from the provider certificate
+    # and is validated by the thumbprint. Therefore, it is best to limit
+    # access to the `UpdateOpenIDConnectProviderThumbprint` operation to
+    # highly privileged users.
+    #
+    #  </note>
+    #
     # @option params [required, String] :open_id_connect_provider_arn
     #   The Amazon Resource Name (ARN) of the IAM OIDC provider resource
     #   object for which you want to update the thumbprint. You can get a list
     #   of OIDC provider ARNs by using the ListOpenIDConnectProviders
     #   operation.
@@ -13138,10 +13158,10 @@
         operation: config.api.operation(operation_name),
         client: self,
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-iam'
-      context[:gem_version] = '1.56.0'
+      context[:gem_version] = '1.57.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 
     # Polls an API operation until a resource enters a desired state.
     #