From 14fc94cdbd3a649d144f06a8d7f220b5890906bc Mon Sep 17 00:00:00 2001
From: awstools <awstools@amazon.com>
Date: Fri, 22 Nov 2024 19:18:06 +0000
Subject: [PATCH] feat(client-ses): This release adds support for starting
 email contacts in your Amazon Connect instance as an email receiving action.

---
 .../src/commands/CreateReceiptRuleCommand.ts  |  4 ++
 .../DescribeActiveReceiptRuleSetCommand.ts    |  4 ++
 .../commands/DescribeReceiptRuleCommand.ts    |  4 ++
 .../commands/DescribeReceiptRuleSetCommand.ts |  4 ++
 .../src/commands/UpdateReceiptRuleCommand.ts  |  4 ++
 clients/client-ses/src/models/models_0.ts     | 64 ++++++++++++++-----
 clients/client-ses/src/protocols/Aws_query.ts | 41 ++++++++++++
 codegen/sdk-codegen/aws-models/ses.json       | 40 +++++++++++-
 8 files changed, 147 insertions(+), 18 deletions(-)

diff --git a/clients/client-ses/src/commands/CreateReceiptRuleCommand.ts b/clients/client-ses/src/commands/CreateReceiptRuleCommand.ts
index c43345552153..99b899e0b1a7 100644
--- a/clients/client-ses/src/commands/CreateReceiptRuleCommand.ts
+++ b/clients/client-ses/src/commands/CreateReceiptRuleCommand.ts
@@ -85,6 +85,10 @@ export interface CreateReceiptRuleCommandOutput extends CreateReceiptRuleRespons
  *           TopicArn: "STRING_VALUE", // required
  *           Encoding: "UTF-8" || "Base64",
  *         },
+ *         ConnectAction: { // ConnectAction
+ *           InstanceARN: "STRING_VALUE", // required
+ *           IAMRoleARN: "STRING_VALUE", // required
+ *         },
  *       },
  *     ],
  *     ScanEnabled: true || false,
diff --git a/clients/client-ses/src/commands/DescribeActiveReceiptRuleSetCommand.ts b/clients/client-ses/src/commands/DescribeActiveReceiptRuleSetCommand.ts
index 3eb24c6065ba..06fc29ad12b6 100644
--- a/clients/client-ses/src/commands/DescribeActiveReceiptRuleSetCommand.ts
+++ b/clients/client-ses/src/commands/DescribeActiveReceiptRuleSetCommand.ts
@@ -93,6 +93,10 @@ export interface DescribeActiveReceiptRuleSetCommandOutput
  * //             TopicArn: "STRING_VALUE", // required
  * //             Encoding: "UTF-8" || "Base64",
  * //           },
+ * //           ConnectAction: { // ConnectAction
+ * //             InstanceARN: "STRING_VALUE", // required
+ * //             IAMRoleARN: "STRING_VALUE", // required
+ * //           },
  * //         },
  * //       ],
  * //       ScanEnabled: true || false,
diff --git a/clients/client-ses/src/commands/DescribeReceiptRuleCommand.ts b/clients/client-ses/src/commands/DescribeReceiptRuleCommand.ts
index 27fb2aa7272c..b4453b23d2f6 100644
--- a/clients/client-ses/src/commands/DescribeReceiptRuleCommand.ts
+++ b/clients/client-ses/src/commands/DescribeReceiptRuleCommand.ts
@@ -89,6 +89,10 @@ export interface DescribeReceiptRuleCommandOutput extends DescribeReceiptRuleRes
  * //           TopicArn: "STRING_VALUE", // required
  * //           Encoding: "UTF-8" || "Base64",
  * //         },
+ * //         ConnectAction: { // ConnectAction
+ * //           InstanceARN: "STRING_VALUE", // required
+ * //           IAMRoleARN: "STRING_VALUE", // required
+ * //         },
  * //       },
  * //     ],
  * //     ScanEnabled: true || false,
diff --git a/clients/client-ses/src/commands/DescribeReceiptRuleSetCommand.ts b/clients/client-ses/src/commands/DescribeReceiptRuleSetCommand.ts
index 2d3a4d9c20c6..78593f8118e0 100644
--- a/clients/client-ses/src/commands/DescribeReceiptRuleSetCommand.ts
+++ b/clients/client-ses/src/commands/DescribeReceiptRuleSetCommand.ts
@@ -93,6 +93,10 @@ export interface DescribeReceiptRuleSetCommandOutput extends DescribeReceiptRule
  * //             TopicArn: "STRING_VALUE", // required
  * //             Encoding: "UTF-8" || "Base64",
  * //           },
+ * //           ConnectAction: { // ConnectAction
+ * //             InstanceARN: "STRING_VALUE", // required
+ * //             IAMRoleARN: "STRING_VALUE", // required
+ * //           },
  * //         },
  * //       ],
  * //       ScanEnabled: true || false,
diff --git a/clients/client-ses/src/commands/UpdateReceiptRuleCommand.ts b/clients/client-ses/src/commands/UpdateReceiptRuleCommand.ts
index 15632b8f86b8..818163696f18 100644
--- a/clients/client-ses/src/commands/UpdateReceiptRuleCommand.ts
+++ b/clients/client-ses/src/commands/UpdateReceiptRuleCommand.ts
@@ -84,6 +84,10 @@ export interface UpdateReceiptRuleCommandOutput extends UpdateReceiptRuleRespons
  *           TopicArn: "STRING_VALUE", // required
  *           Encoding: "UTF-8" || "Base64",
  *         },
+ *         ConnectAction: { // ConnectAction
+ *           InstanceARN: "STRING_VALUE", // required
+ *           IAMRoleARN: "STRING_VALUE", // required
+ *         },
  *       },
  *     ],
  *     ScanEnabled: true || false,
diff --git a/clients/client-ses/src/models/models_0.ts b/clients/client-ses/src/models/models_0.ts
index ffff5e281083..ef800dc4990a 100644
--- a/clients/client-ses/src/models/models_0.ts
+++ b/clients/client-ses/src/models/models_0.ts
@@ -912,6 +912,36 @@ export class ConfigurationSetSendingPausedException extends __BaseException {
   }
 }
 
+/**
+ * <p>When included in a receipt rule, this action parses the received message and
+ *             starts an email contact in Amazon Connect on your behalf.</p>
+ *          <note>
+ *             <p>When you receive emails, the maximum email size (including headers) is 40 MB.
+ *                 Additionally, emails may only have up to 10 attachments.
+ *                 Emails larger than 40 MB or with more than 10 attachments will be bounced.</p>
+ *          </note>
+ *          <p>We recommend that you configure this action via Amazon Connect.</p>
+ * @public
+ */
+export interface ConnectAction {
+  /**
+   * <p>The Amazon Resource Name (ARN) for the Amazon Connect instance that Amazon SES integrates with for starting
+   *             email contacts.</p>
+   *          <p>For more information about Amazon Connect instances, see the <a href="https://docs.aws.amazon.com/connect/latest/adminguide/amazon-connect-instances.html">Amazon Connect Administrator Guide</a>
+   *          </p>
+   * @public
+   */
+  InstanceARN: string | undefined;
+
+  /**
+   * <p> The Amazon Resource Name (ARN) of the IAM role to be used by Amazon Simple Email Service while starting email contacts
+   *             to the Amazon Connect instance. This role should have permission to invoke <code>connect:StartEmailContact</code>
+   *             for the given Amazon Connect instance.</p>
+   * @public
+   */
+  IAMRoleARN: string | undefined;
+}
+
 /**
  * <p>Represents a request to create a configuration set. Configuration sets enable you to
  *             publish email sending events. For information about using configuration sets, see the
@@ -1722,28 +1752,28 @@ export interface S3Action {
 
   /**
    * <p>The customer managed key that Amazon SES should use to encrypt your emails before saving
-   *             them to the Amazon S3 bucket. You can use the default managed key or a custom managed key that
-   *             you created in Amazon Web Services KMS as follows:</p>
+   *             them to the Amazon S3 bucket. You can use the Amazon Web Services managed key or a customer managed key
+   *             that you created in Amazon Web Services KMS as follows:</p>
    *          <ul>
    *             <li>
-   *                <p>To use the default managed key, provide an ARN in the form of
+   *                <p>To use the Amazon Web Services managed key, provide an ARN in the form of
    *                         <code>arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses</code>.
    *                     For example, if your Amazon Web Services account ID is 123456789012 and you want to use the
-   *                     default managed key in the US West (Oregon) Region, the ARN of the default master
+   *                     Amazon Web Services managed key in the US West (Oregon) Region, the ARN of the Amazon Web Services managed
    *                     key would be <code>arn:aws:kms:us-west-2:123456789012:alias/aws/ses</code>. If
-   *                     you use the default managed key, you don't need to perform any extra steps to
-   *                     give Amazon SES permission to use the key.</p>
+   *                     you use the Amazon Web Services managed key, you don't need to perform any extra steps to give
+   *                     Amazon SES permission to use the key.</p>
    *             </li>
    *             <li>
-   *                <p>To use a custom managed key that you created in Amazon Web Services KMS, provide the ARN of
-   *                     the managed key and ensure that you add a statement to your key's policy to give
-   *                     Amazon SES permission to use it. For more information about giving permissions, see
-   *                     the <a href="https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html">Amazon SES Developer
+   *                <p>To use a customer managed key that you created in Amazon Web Services KMS, provide the ARN
+   *                     of the customer managed key and ensure that you add a statement to your key's
+   *                     policy to give Amazon SES permission to use it. For more information about giving
+   *                     permissions, see the <a href="https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html">Amazon SES Developer
    *                         Guide</a>.</p>
    *             </li>
    *          </ul>
    *          <p>For more information about key policies, see the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html">Amazon Web Services KMS Developer Guide</a>. If
-   *             you do not specify a managed key, Amazon SES does not encrypt your emails.</p>
+   *             you do not specify an Amazon Web Services KMS key, Amazon SES does not encrypt your emails.</p>
    *          <important>
    *             <p>Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail
    *                 is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side
@@ -1762,14 +1792,12 @@ export interface S3Action {
   /**
    * <p> The ARN of the IAM role to be used by Amazon Simple Email Service while writing to the Amazon S3 bucket,
    *             optionally encrypting your mail via the provided customer managed key, and publishing to
-   *             the Amazon SNS topic.
-   *             This role should have access to the following APIs:
-   *         </p>
+   *             the Amazon SNS topic. This role should have access to the following APIs: </p>
    *          <ul>
    *             <li>
    *                <p>
    *                   <code>s3:PutObject</code>, <code>kms:Encrypt</code> and
-   *                     <code>kms:GenerateDataKey</code> for the given Amazon S3 bucket.</p>
+   *                         <code>kms:GenerateDataKey</code> for the given Amazon S3 bucket.</p>
    *             </li>
    *             <li>
    *                <p>
@@ -1967,6 +1995,12 @@ export interface ReceiptAction {
    * @public
    */
   SNSAction?: SNSAction | undefined;
+
+  /**
+   * <p>Parses the received message and starts an email contact in Amazon Connect on your behalf.</p>
+   * @public
+   */
+  ConnectAction?: ConnectAction | undefined;
 }
 
 /**
diff --git a/clients/client-ses/src/protocols/Aws_query.ts b/clients/client-ses/src/protocols/Aws_query.ts
index d5d21d8dc7da..94608cd05d0c 100644
--- a/clients/client-ses/src/protocols/Aws_query.ts
+++ b/clients/client-ses/src/protocols/Aws_query.ts
@@ -262,6 +262,7 @@ import {
   ConfigurationSetAttribute,
   ConfigurationSetDoesNotExistException,
   ConfigurationSetSendingPausedException,
+  ConnectAction,
   Content,
   CreateConfigurationSetEventDestinationRequest,
   CreateConfigurationSetEventDestinationResponse,
@@ -3996,6 +3997,20 @@ const se_ConfigurationSetAttributeList = (input: ConfigurationSetAttribute[], co
   return entries;
 };
 
+/**
+ * serializeAws_queryConnectAction
+ */
+const se_ConnectAction = (input: ConnectAction, context: __SerdeContext): any => {
+  const entries: any = {};
+  if (input[_IARN] != null) {
+    entries[_IARN] = input[_IARN];
+  }
+  if (input[_IAMRARN] != null) {
+    entries[_IAMRARN] = input[_IAMRARN];
+  }
+  return entries;
+};
+
 /**
  * serializeAws_queryContent
  */
@@ -4964,6 +4979,13 @@ const se_ReceiptAction = (input: ReceiptAction, context: __SerdeContext): any =>
       entries[loc] = value;
     });
   }
+  if (input[_CAo] != null) {
+    const memberEntries = se_ConnectAction(input[_CAo], context);
+    Object.entries(memberEntries).forEach(([key, value]) => {
+      const loc = `ConnectAction.${key}`;
+      entries[loc] = value;
+    });
+  }
   return entries;
 };
 
@@ -6108,6 +6130,20 @@ const de_ConfigurationSetSendingPausedException = (
   return contents;
 };
 
+/**
+ * deserializeAws_queryConnectAction
+ */
+const de_ConnectAction = (output: any, context: __SerdeContext): ConnectAction => {
+  const contents: any = {};
+  if (output[_IARN] != null) {
+    contents[_IARN] = __expectString(output[_IARN]);
+  }
+  if (output[_IAMRARN] != null) {
+    contents[_IAMRARN] = __expectString(output[_IAMRARN]);
+  }
+  return contents;
+};
+
 /**
  * deserializeAws_queryCreateConfigurationSetEventDestinationResponse
  */
@@ -7293,6 +7329,9 @@ const de_ReceiptAction = (output: any, context: __SerdeContext): ReceiptAction =
   if (output[_SNSA] != null) {
     contents[_SNSA] = de_SNSAction(output[_SNSA], context);
   }
+  if (output[_CAo] != null) {
+    contents[_CAo] = de_ConnectAction(output[_CAo], context);
+  }
   return contents;
 };
 
@@ -7998,6 +8037,7 @@ const _Bo = "Bounces";
 const _Bu = "Bucket";
 const _C = "Charset";
 const _CA = "CcAddresses";
+const _CAo = "ConnectAction";
 const _CCS = "CreateConfigurationSet";
 const _CCSED = "CreateConfigurationSetEventDestination";
 const _CCSTO = "CreateConfigurationSetTrackingOptions";
@@ -8090,6 +8130,7 @@ const _HP = "HtmlPart";
 const _HV = "HeaderValue";
 const _I = "Identity";
 const _IAMRARN = "IAMRoleARN";
+const _IARN = "InstanceARN";
 const _IF = "IpFilter";
 const _IRA = "IamRoleArn";
 const _IT = "InvocationType";
diff --git a/codegen/sdk-codegen/aws-models/ses.json b/codegen/sdk-codegen/aws-models/ses.json
index b47879c925a3..c39520357a3b 100644
--- a/codegen/sdk-codegen/aws-models/ses.json
+++ b/codegen/sdk-codegen/aws-models/ses.json
@@ -697,6 +697,34 @@
         "target": "com.amazonaws.ses#ConfigurationSet"
       }
     },
+    "com.amazonaws.ses#ConnectAction": {
+      "type": "structure",
+      "members": {
+        "InstanceARN": {
+          "target": "com.amazonaws.ses#ConnectInstanceArn",
+          "traits": {
+            "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) for the Amazon Connect instance that Amazon SES integrates with for starting\n            email contacts.</p>\n         <p>For more information about Amazon Connect instances, see the <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/amazon-connect-instances.html\">Amazon Connect Administrator Guide</a>\n         </p>",
+            "smithy.api#required": {}
+          }
+        },
+        "IAMRoleARN": {
+          "target": "com.amazonaws.ses#IAMRoleARN",
+          "traits": {
+            "smithy.api#documentation": "<p> The Amazon Resource Name (ARN) of the IAM role to be used by Amazon Simple Email Service while starting email contacts\n            to the Amazon Connect instance. This role should have permission to invoke <code>connect:StartEmailContact</code>\n            for the given Amazon Connect instance.</p>",
+            "smithy.api#required": {}
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>When included in a receipt rule, this action parses the received message and\n            starts an email contact in Amazon Connect on your behalf.</p>\n         <note>\n            <p>When you receive emails, the maximum email size (including headers) is 40 MB.\n                Additionally, emails may only have up to 10 attachments.\n                Emails larger than 40 MB or with more than 10 attachments will be bounced.</p>\n         </note>\n         <p>We recommend that you configure this action via Amazon Connect.</p>"
+      }
+    },
+    "com.amazonaws.ses#ConnectInstanceArn": {
+      "type": "string",
+      "traits": {
+        "smithy.api#pattern": "^arn:(aws|aws-us-gov):connect:[a-z]{2}-[a-z]+-[0-9-]{1}:[0-9]{1,20}:instance/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$"
+      }
+    },
     "com.amazonaws.ses#Content": {
       "type": "structure",
       "members": {
@@ -3157,7 +3185,7 @@
           "min": 20,
           "max": 2048
         },
-        "smithy.api#pattern": "^arn:[\\w-]+:iam::[0-9]+:role/[\\w-]+$"
+        "smithy.api#pattern": "^arn:[\\w-]+:iam::[0-9]+:role(\\u002F)([\\u0021-\\u007E]+\\u002F)?([\\w+=,.@-]+)$"
       }
     },
     "com.amazonaws.ses#Identity": {
@@ -4590,6 +4618,12 @@
           "traits": {
             "smithy.api#documentation": "<p>Publishes the email content within a notification to Amazon SNS.</p>"
           }
+        },
+        "ConnectAction": {
+          "target": "com.amazonaws.ses#ConnectAction",
+          "traits": {
+            "smithy.api#documentation": "<p>Parses the received message and starts an email contact in Amazon Connect on your behalf.</p>"
+          }
         }
       },
       "traits": {
@@ -4996,13 +5030,13 @@
         "KmsKeyArn": {
           "target": "com.amazonaws.ses#AmazonResourceName",
           "traits": {
-            "smithy.api#documentation": "<p>The customer managed key that Amazon SES should use to encrypt your emails before saving\n            them to the Amazon S3 bucket. You can use the default managed key or a custom managed key that\n            you created in Amazon Web Services KMS as follows:</p>\n         <ul>\n            <li>\n               <p>To use the default managed key, provide an ARN in the form of\n                        <code>arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses</code>.\n                    For example, if your Amazon Web Services account ID is 123456789012 and you want to use the\n                    default managed key in the US West (Oregon) Region, the ARN of the default master\n                    key would be <code>arn:aws:kms:us-west-2:123456789012:alias/aws/ses</code>. If\n                    you use the default managed key, you don't need to perform any extra steps to\n                    give Amazon SES permission to use the key.</p>\n            </li>\n            <li>\n               <p>To use a custom managed key that you created in Amazon Web Services KMS, provide the ARN of\n                    the managed key and ensure that you add a statement to your key's policy to give\n                    Amazon SES permission to use it. For more information about giving permissions, see\n                    the <a href=\"https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html\">Amazon SES Developer\n                        Guide</a>.</p>\n            </li>\n         </ul>\n         <p>For more information about key policies, see the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html\">Amazon Web Services KMS Developer Guide</a>. If\n            you do not specify a managed key, Amazon SES does not encrypt your emails.</p>\n         <important>\n            <p>Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail\n                is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side\n                encryption. This means that you must use the Amazon S3 encryption client to decrypt the\n                email after retrieving it from Amazon S3, as the service has no access to use your\n                Amazon Web Services KMS keys for decryption. This encryption client is currently available with\n                the <a href=\"http://aws.amazon.com/sdk-for-java/\">Amazon Web Services SDK for Java</a> and\n                    <a href=\"http://aws.amazon.com/sdk-for-ruby/\">Amazon Web Services SDK for Ruby</a> only. For\n                more information about client-side encryption using Amazon Web Services KMS managed keys, see the\n                    <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html\">Amazon S3 Developer Guide</a>.</p>\n         </important>"
+            "smithy.api#documentation": "<p>The customer managed key that Amazon SES should use to encrypt your emails before saving\n            them to the Amazon S3 bucket. You can use the Amazon Web Services managed key or a customer managed key\n            that you created in Amazon Web Services KMS as follows:</p>\n         <ul>\n            <li>\n               <p>To use the Amazon Web Services managed key, provide an ARN in the form of\n                        <code>arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses</code>.\n                    For example, if your Amazon Web Services account ID is 123456789012 and you want to use the\n                    Amazon Web Services managed key in the US West (Oregon) Region, the ARN of the Amazon Web Services managed\n                    key would be <code>arn:aws:kms:us-west-2:123456789012:alias/aws/ses</code>. If\n                    you use the Amazon Web Services managed key, you don't need to perform any extra steps to give\n                    Amazon SES permission to use the key.</p>\n            </li>\n            <li>\n               <p>To use a customer managed key that you created in Amazon Web Services KMS, provide the ARN\n                    of the customer managed key and ensure that you add a statement to your key's\n                    policy to give Amazon SES permission to use it. For more information about giving\n                    permissions, see the <a href=\"https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html\">Amazon SES Developer\n                        Guide</a>.</p>\n            </li>\n         </ul>\n         <p>For more information about key policies, see the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html\">Amazon Web Services KMS Developer Guide</a>. If\n            you do not specify an Amazon Web Services KMS key, Amazon SES does not encrypt your emails.</p>\n         <important>\n            <p>Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail\n                is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side\n                encryption. This means that you must use the Amazon S3 encryption client to decrypt the\n                email after retrieving it from Amazon S3, as the service has no access to use your\n                Amazon Web Services KMS keys for decryption. This encryption client is currently available with\n                the <a href=\"http://aws.amazon.com/sdk-for-java/\">Amazon Web Services SDK for Java</a> and\n                    <a href=\"http://aws.amazon.com/sdk-for-ruby/\">Amazon Web Services SDK for Ruby</a> only. For\n                more information about client-side encryption using Amazon Web Services KMS managed keys, see the\n                    <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html\">Amazon S3 Developer Guide</a>.</p>\n         </important>"
           }
         },
         "IamRoleArn": {
           "target": "com.amazonaws.ses#IAMRoleARN",
           "traits": {
-            "smithy.api#documentation": "<p> The ARN of the IAM role to be used by Amazon Simple Email Service while writing to the Amazon S3 bucket,\n            optionally encrypting your mail via the provided customer managed key, and publishing to\n            the Amazon SNS topic.\n            This role should have access to the following APIs:\n        </p>\n         <ul>\n            <li>\n               <p>\n                  <code>s3:PutObject</code>, <code>kms:Encrypt</code> and\n                    <code>kms:GenerateDataKey</code> for the given Amazon S3 bucket.</p>\n            </li>\n            <li>\n               <p>\n                  <code>kms:GenerateDataKey</code> for the given Amazon Web Services KMS customer managed key.\n                </p>\n            </li>\n            <li>\n               <p>\n                  <code>sns:Publish</code> for the given Amazon SNS topic.</p>\n            </li>\n         </ul>\n         <note>\n            <p>If an IAM role ARN is provided, the role (and only the role) is used to access all\n                the given resources (Amazon S3 bucket, Amazon Web Services KMS customer managed key and Amazon SNS topic).\n                Therefore, setting up individual resource access permissions is not required.</p>\n         </note>"
+            "smithy.api#documentation": "<p> The ARN of the IAM role to be used by Amazon Simple Email Service while writing to the Amazon S3 bucket,\n            optionally encrypting your mail via the provided customer managed key, and publishing to\n            the Amazon SNS topic. This role should have access to the following APIs: </p>\n         <ul>\n            <li>\n               <p>\n                  <code>s3:PutObject</code>, <code>kms:Encrypt</code> and\n                        <code>kms:GenerateDataKey</code> for the given Amazon S3 bucket.</p>\n            </li>\n            <li>\n               <p>\n                  <code>kms:GenerateDataKey</code> for the given Amazon Web Services KMS customer managed key.\n                </p>\n            </li>\n            <li>\n               <p>\n                  <code>sns:Publish</code> for the given Amazon SNS topic.</p>\n            </li>\n         </ul>\n         <note>\n            <p>If an IAM role ARN is provided, the role (and only the role) is used to access all\n                the given resources (Amazon S3 bucket, Amazon Web Services KMS customer managed key and Amazon SNS topic).\n                Therefore, setting up individual resource access permissions is not required.</p>\n         </note>"
           }
         }
       },