feat(client-kendra): This release adds AccessControlConfigurations which allow you to redefine your document level access control without the need for content re-indexing.

Author: awstools

clients/client-kendra/src/Kendra.ts

@@ -74,6 +74,10 @@ import {
   ClearQuerySuggestionsCommandInput,
   ClearQuerySuggestionsCommandOutput,
 } from "./commands/ClearQuerySuggestionsCommand";
+import {
+  CreateAccessControlConfigurationCommandInput,
+  CreateAccessControlConfigurationCommandOutput,
+} from "./commands/CreateAccessControlConfigurationCommand";
 import { CreateDataSourceCommandInput, CreateDataSourceCommandOutput } from "./commands/CreateDataSourceCommand";
 import { CreateExperienceCommandInput, CreateExperienceCommandOutput } from "./commands/CreateExperienceCommand";
 import { CreateFaqCommandInput, CreateFaqCommandOutput } from "./commands/CreateFaqCommand";
@@ -83,6 +87,10 @@ import {
   CreateQuerySuggestionsBlockListCommandOutput,
 } from "./commands/CreateQuerySuggestionsBlockListCommand";
 import { CreateThesaurusCommandInput, CreateThesaurusCommandOutput } from "./commands/CreateThesaurusCommand";
+import {
+  DeleteAccessControlConfigurationCommandInput,
+  DeleteAccessControlConfigurationCommandOutput,
+} from "./commands/DeleteAccessControlConfigurationCommand";
 import { DeleteDataSourceCommandInput, DeleteDataSourceCommandOutput } from "./commands/DeleteDataSourceCommand";
 import { DeleteExperienceCommandInput, DeleteExperienceCommandOutput } from "./commands/DeleteExperienceCommand";
 import { DeleteFaqCommandInput, DeleteFaqCommandOutput } from "./commands/DeleteFaqCommand";
@@ -96,6 +104,10 @@ import {
   DeleteQuerySuggestionsBlockListCommandOutput,
 } from "./commands/DeleteQuerySuggestionsBlockListCommand";
 import { DeleteThesaurusCommandInput, DeleteThesaurusCommandOutput } from "./commands/DeleteThesaurusCommand";
+import {
+  DescribeAccessControlConfigurationCommandInput,
+  DescribeAccessControlConfigurationCommandOutput,
+} from "./commands/DescribeAccessControlConfigurationCommand";
 import { DescribeDataSourceCommandInput, DescribeDataSourceCommandOutput } from "./commands/DescribeDataSourceCommand";
 import { DescribeExperienceCommandInput, DescribeExperienceCommandOutput } from "./commands/DescribeExperienceCommand";
 import { DescribeFaqCommandInput, DescribeFaqCommandOutput } from "./commands/DescribeFaqCommand";
@@ -126,6 +138,10 @@ import {
   GetQuerySuggestionsCommandOutput,
 } from "./commands/GetQuerySuggestionsCommand";
 import { GetSnapshotsCommandInput, GetSnapshotsCommandOutput } from "./commands/GetSnapshotsCommand";
+import {
+  ListAccessControlConfigurationsCommandInput,
+  ListAccessControlConfigurationsCommandOutput,
+} from "./commands/ListAccessControlConfigurationsCommand";
 import { ListDataSourcesCommandInput, ListDataSourcesCommandOutput } from "./commands/ListDataSourcesCommand";
 import {
   ListDataSourceSyncJobsCommandInput,
@@ -168,6 +184,10 @@ import {
 import { SubmitFeedbackCommandInput, SubmitFeedbackCommandOutput } from "./commands/SubmitFeedbackCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
 import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
+import {
+  UpdateAccessControlConfigurationCommandInput,
+  UpdateAccessControlConfigurationCommandOutput,
+} from "./commands/UpdateAccessControlConfigurationCommand";
 import { UpdateDataSourceCommandInput, UpdateDataSourceCommandOutput } from "./commands/UpdateDataSourceCommand";
 import { UpdateExperienceCommandInput, UpdateExperienceCommandOutput } from "./commands/UpdateExperienceCommand";
 import { UpdateIndexCommandInput, UpdateIndexCommandOutput } from "./commands/UpdateIndexCommand";
@@ -189,19 +209,22 @@ export type ServiceInputTypes =
   | BatchGetDocumentStatusCommandInput
   | BatchPutDocumentCommandInput
   | ClearQuerySuggestionsCommandInput
+  | CreateAccessControlConfigurationCommandInput
   | CreateDataSourceCommandInput
   | CreateExperienceCommandInput
   | CreateFaqCommandInput
   | CreateIndexCommandInput
   | CreateQuerySuggestionsBlockListCommandInput
   | CreateThesaurusCommandInput
+  | DeleteAccessControlConfigurationCommandInput
   | DeleteDataSourceCommandInput
   | DeleteExperienceCommandInput
   | DeleteFaqCommandInput
   | DeleteIndexCommandInput
   | DeletePrincipalMappingCommandInput
   | DeleteQuerySuggestionsBlockListCommandInput
   | DeleteThesaurusCommandInput
+  | DescribeAccessControlConfigurationCommandInput
   | DescribeDataSourceCommandInput
   | DescribeExperienceCommandInput
   | DescribeFaqCommandInput
@@ -214,6 +237,7 @@ export type ServiceInputTypes =
   | DisassociatePersonasFromEntitiesCommandInput
   | GetQuerySuggestionsCommandInput
   | GetSnapshotsCommandInput
+  | ListAccessControlConfigurationsCommandInput
   | ListDataSourceSyncJobsCommandInput
   | ListDataSourcesCommandInput
   | ListEntityPersonasCommandInput
@@ -232,6 +256,7 @@ export type ServiceInputTypes =
   | SubmitFeedbackCommandInput
   | TagResourceCommandInput
   | UntagResourceCommandInput
+  | UpdateAccessControlConfigurationCommandInput
   | UpdateDataSourceCommandInput
   | UpdateExperienceCommandInput
   | UpdateIndexCommandInput
@@ -246,19 +271,22 @@ export type ServiceOutputTypes =
   | BatchGetDocumentStatusCommandOutput
   | BatchPutDocumentCommandOutput
   | ClearQuerySuggestionsCommandOutput
+  | CreateAccessControlConfigurationCommandOutput
   | CreateDataSourceCommandOutput
   | CreateExperienceCommandOutput
   | CreateFaqCommandOutput
   | CreateIndexCommandOutput
   | CreateQuerySuggestionsBlockListCommandOutput
   | CreateThesaurusCommandOutput
+  | DeleteAccessControlConfigurationCommandOutput
   | DeleteDataSourceCommandOutput
   | DeleteExperienceCommandOutput
   | DeleteFaqCommandOutput
   | DeleteIndexCommandOutput
   | DeletePrincipalMappingCommandOutput
   | DeleteQuerySuggestionsBlockListCommandOutput
   | DeleteThesaurusCommandOutput
+  | DescribeAccessControlConfigurationCommandOutput
   | DescribeDataSourceCommandOutput
   | DescribeExperienceCommandOutput
   | DescribeFaqCommandOutput
@@ -271,6 +299,7 @@ export type ServiceOutputTypes =
   | DisassociatePersonasFromEntitiesCommandOutput
   | GetQuerySuggestionsCommandOutput
   | GetSnapshotsCommandOutput
+  | ListAccessControlConfigurationsCommandOutput
   | ListDataSourceSyncJobsCommandOutput
   | ListDataSourcesCommandOutput
   | ListEntityPersonasCommandOutput
@@ -289,6 +318,7 @@ export type ServiceOutputTypes =
   | SubmitFeedbackCommandOutput
   | TagResourceCommandOutput
   | UntagResourceCommandOutput
+  | UpdateAccessControlConfigurationCommandOutput
   | UpdateDataSourceCommandOutput
   | UpdateExperienceCommandOutput
   | UpdateIndexCommandOutput

clients/client-kendra/src/KendraClient.ts

@@ -0,0 +1,128 @@
+// smithy-typescript generated code
+import { getSerdePlugin } from "@aws-sdk/middleware-serde";
+import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import {
+  FinalizeHandlerArguments,
+  Handler,
+  HandlerExecutionContext,
+  HttpHandlerOptions as __HttpHandlerOptions,
+  MetadataBearer as __MetadataBearer,
+  MiddlewareStack,
+  SerdeContext as __SerdeContext,
+} from "@aws-sdk/types";
+
+import { KendraClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KendraClient";
+import { CreateAccessControlConfigurationRequest, CreateAccessControlConfigurationResponse } from "../models/models_0";
+import {
+  deserializeAws_json1_1CreateAccessControlConfigurationCommand,
+  serializeAws_json1_1CreateAccessControlConfigurationCommand,
+} from "../protocols/Aws_json1_1";
+
+export interface CreateAccessControlConfigurationCommandInput extends CreateAccessControlConfigurationRequest {}
+export interface CreateAccessControlConfigurationCommandOutput
+  extends CreateAccessControlConfigurationResponse,
+    __MetadataBearer {}
+
+/**
+ * <p>Creates an access configuration for your documents. This includes
+ *             user and group access information for your documents. This is useful
+ *             for user context filtering, where search results are filtered based
+ *             on the user or their group access to documents.</p>
+ *         <p>You can use this to re-configure your existing document level access
+ *             control without indexing all of your documents again. For example, your
+ *             index contains top-secret company documents that only certain employees
+ *             or users should access. One of these users leaves the company or switches
+ *             to a team that should be blocked from access to top-secret documents.
+ *             Your documents in your index still give this user access to top-secret
+ *             documents due to the user having access at the time your documents were
+ *             indexed. You can create a specific access control configuration for this
+ *             user with deny access. You can later update the access control
+ *             configuration to allow access in the case the user returns to the company
+ *             and re-joins the 'top-secret' team. You can re-configure access control
+ *             for your documents circumstances change.</p>
+ *         <p>To apply your access control configuration to certain documents, you call
+ *             the <a href="https://docs.aws.amazon.com/kendra/latest/dg/API_BatchPutDocument.html">BatchPutDocument</a>
+ *             API with the <code>AccessControlConfigurationId</code> included in the
+ *             <a href="https://docs.aws.amazon.com/kendra/latest/dg/API_Document.html">Document</a>
+ *             object. If you use an S3 bucket as a data source, you update the
+ *             <code>.metadata.json</code> with the <code>AccessControlConfigurationId</code>
+ *             and synchronize your data source. Amazon Kendra currently only supports
+ *             access control configuration for S3 data sources and documents indexed using the
+ *             <code>BatchPutDocument</code> API.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { KendraClient, CreateAccessControlConfigurationCommand } from "@aws-sdk/client-kendra"; // ES Modules import
+ * // const { KendraClient, CreateAccessControlConfigurationCommand } = require("@aws-sdk/client-kendra"); // CommonJS import
+ * const client = new KendraClient(config);
+ * const command = new CreateAccessControlConfigurationCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @see {@link CreateAccessControlConfigurationCommandInput} for command's `input` shape.
+ * @see {@link CreateAccessControlConfigurationCommandOutput} for command's `response` shape.
+ * @see {@link KendraClientResolvedConfig | config} for KendraClient's `config` shape.
+ *
+ */
+export class CreateAccessControlConfigurationCommand extends $Command<
+  CreateAccessControlConfigurationCommandInput,
+  CreateAccessControlConfigurationCommandOutput,
+  KendraClientResolvedConfig
+> {
+  // Start section: command_properties
+  // End section: command_properties
+
+  constructor(readonly input: CreateAccessControlConfigurationCommandInput) {
+    // Start section: command_constructor
+    super();
+    // End section: command_constructor
+  }
+
+  /**
+   * @internal
+   */
+  resolveMiddleware(
+    clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
+    configuration: KendraClientResolvedConfig,
+    options?: __HttpHandlerOptions
+  ): Handler<CreateAccessControlConfigurationCommandInput, CreateAccessControlConfigurationCommandOutput> {
+    this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+
+    const stack = clientStack.concat(this.middlewareStack);
+
+    const { logger } = configuration;
+    const clientName = "KendraClient";
+    const commandName = "CreateAccessControlConfigurationCommand";
+    const handlerExecutionContext: HandlerExecutionContext = {
+      logger,
+      clientName,
+      commandName,
+      inputFilterSensitiveLog: CreateAccessControlConfigurationRequest.filterSensitiveLog,
+      outputFilterSensitiveLog: CreateAccessControlConfigurationResponse.filterSensitiveLog,
+    };
+    const { requestHandler } = configuration;
+    return stack.resolve(
+      (request: FinalizeHandlerArguments<any>) =>
+        requestHandler.handle(request.request as __HttpRequest, options || {}),
+      handlerExecutionContext
+    );
+  }
+
+  private serialize(
+    input: CreateAccessControlConfigurationCommandInput,
+    context: __SerdeContext
+  ): Promise<__HttpRequest> {
+    return serializeAws_json1_1CreateAccessControlConfigurationCommand(input, context);
+  }
+
+  private deserialize(
+    output: __HttpResponse,
+    context: __SerdeContext
+  ): Promise<CreateAccessControlConfigurationCommandOutput> {
+    return deserializeAws_json1_1CreateAccessControlConfigurationCommand(output, context);
+  }
+
+  // Start section: command_body_extra
+  // End section: command_body_extra
+}

clients/client-kendra/src/commands/CreateAccessControlConfigurationCommand.ts

@@ -23,7 +23,7 @@ export interface CreateFaqCommandOutput extends CreateFaqResponse, __MetadataBea
  * <p>Creates an new set of frequently asked question (FAQ) questions and answers.</p>
  *         <p>Adding FAQs to an index is an asynchronous operation.</p>
  *         <p>For an example of adding an FAQ to an index using Python and Java SDKs,
- *             see <a href="https://docs.aws.amazon.com/kendra/latest/dg/in-creating-faq.html#using-faq-file">Using you
+ *             see <a href="https://docs.aws.amazon.com/kendra/latest/dg/in-creating-faq.html#using-faq-file">Using your
  *                 FAQ file</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

clients/client-kendra/src/commands/CreateFaqCommand.ts

@@ -23,7 +23,7 @@ export interface CreateIndexCommandInput extends CreateIndexRequest {}
 export interface CreateIndexCommandOutput extends CreateIndexResponse, __MetadataBearer {}
 
 /**
- * <p>Creates a new Amazon Kendra index. Index creation is an asynchronous
+ * <p>Creates an Amazon Kendra index. Index creation is an asynchronous
  *       API. To determine if index creation has completed, check the
  *         <code>Status</code> field returned from a call to
  *         <code>DescribeIndex</code>. The <code>Status</code> field is set to

clients/client-kendra/src/commands/CreateIndexCommand.ts

@@ -0,0 +1,107 @@
+// smithy-typescript generated code
+import { getSerdePlugin } from "@aws-sdk/middleware-serde";
+import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
+import { Command as $Command } from "@aws-sdk/smithy-client";
+import {
+  FinalizeHandlerArguments,
+  Handler,
+  HandlerExecutionContext,
+  HttpHandlerOptions as __HttpHandlerOptions,
+  MetadataBearer as __MetadataBearer,
+  MiddlewareStack,
+  SerdeContext as __SerdeContext,
+} from "@aws-sdk/types";
+
+import { KendraClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KendraClient";
+import { DeleteAccessControlConfigurationRequest, DeleteAccessControlConfigurationResponse } from "../models/models_0";
+import {
+  deserializeAws_json1_1DeleteAccessControlConfigurationCommand,
+  serializeAws_json1_1DeleteAccessControlConfigurationCommand,
+} from "../protocols/Aws_json1_1";
+
+export interface DeleteAccessControlConfigurationCommandInput extends DeleteAccessControlConfigurationRequest {}
+export interface DeleteAccessControlConfigurationCommandOutput
+  extends DeleteAccessControlConfigurationResponse,
+    __MetadataBearer {}
+
+/**
+ * <p>Deletes an access control configuration that you created for your
+ *             documents in an index. This includes user and group access information
+ *             for your documents. This is useful for user context filtering, where search
+ *             results are filtered based on the user or their group access to documents.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { KendraClient, DeleteAccessControlConfigurationCommand } from "@aws-sdk/client-kendra"; // ES Modules import
+ * // const { KendraClient, DeleteAccessControlConfigurationCommand } = require("@aws-sdk/client-kendra"); // CommonJS import
+ * const client = new KendraClient(config);
+ * const command = new DeleteAccessControlConfigurationCommand(input);
+ * const response = await client.send(command);
+ * ```
+ *
+ * @see {@link DeleteAccessControlConfigurationCommandInput} for command's `input` shape.
+ * @see {@link DeleteAccessControlConfigurationCommandOutput} for command's `response` shape.
+ * @see {@link KendraClientResolvedConfig | config} for KendraClient's `config` shape.
+ *
+ */
+export class DeleteAccessControlConfigurationCommand extends $Command<
+  DeleteAccessControlConfigurationCommandInput,
+  DeleteAccessControlConfigurationCommandOutput,
+  KendraClientResolvedConfig
+> {
+  // Start section: command_properties
+  // End section: command_properties
+
+  constructor(readonly input: DeleteAccessControlConfigurationCommandInput) {
+    // Start section: command_constructor
+    super();
+    // End section: command_constructor
+  }
+
+  /**
+   * @internal
+   */
+  resolveMiddleware(
+    clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
+    configuration: KendraClientResolvedConfig,
+    options?: __HttpHandlerOptions
+  ): Handler<DeleteAccessControlConfigurationCommandInput, DeleteAccessControlConfigurationCommandOutput> {
+    this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
+
+    const stack = clientStack.concat(this.middlewareStack);
+
+    const { logger } = configuration;
+    const clientName = "KendraClient";
+    const commandName = "DeleteAccessControlConfigurationCommand";
+    const handlerExecutionContext: HandlerExecutionContext = {
+      logger,
+      clientName,
+      commandName,
+      inputFilterSensitiveLog: DeleteAccessControlConfigurationRequest.filterSensitiveLog,
+      outputFilterSensitiveLog: DeleteAccessControlConfigurationResponse.filterSensitiveLog,
+    };
+    const { requestHandler } = configuration;
+    return stack.resolve(
+      (request: FinalizeHandlerArguments<any>) =>
+        requestHandler.handle(request.request as __HttpRequest, options || {}),
+      handlerExecutionContext
+    );
+  }
+
+  private serialize(
+    input: DeleteAccessControlConfigurationCommandInput,
+    context: __SerdeContext
+  ): Promise<__HttpRequest> {
+    return serializeAws_json1_1DeleteAccessControlConfigurationCommand(input, context);
+  }
+
+  private deserialize(
+    output: __HttpResponse,
+    context: __SerdeContext
+  ): Promise<DeleteAccessControlConfigurationCommandOutput> {
+    return deserializeAws_json1_1DeleteAccessControlConfigurationCommand(output, context);
+  }
+
+  // Start section: command_body_extra
+  // End section: command_body_extra
+}