Amazon Simple Email Service Update: This release adds support for starting email contacts in your Amazon Connect instance as an email receiving action.

Author: AWS

.changes/next-release/feature-AmazonSimpleEmailService-2f51d19.json

@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "Amazon Simple Email Service",
+    "contributor": "",
+    "description": "This release adds support for starting email contacts in your Amazon Connect instance as an email receiving action."
+}

services/ses/src/main/resources/codegen-resources/service-2.json

@@ -1450,6 +1450,28 @@
       "type":"list",
       "member":{"shape":"ConfigurationSet"}
     },
+    "ConnectAction":{
+      "type":"structure",
+      "required":[
+        "InstanceARN",
+        "IAMRoleARN"
+      ],
+      "members":{
+        "InstanceARN":{
+          "shape":"ConnectInstanceArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) for the Amazon Connect instance that Amazon SES integrates with for starting email contacts.</p> <p>For more information about Amazon Connect instances, see the <a href=\"https://docs.aws.amazon.com/connect/latest/adminguide/amazon-connect-instances.html\">Amazon Connect Administrator Guide</a> </p>"
+        },
+        "IAMRoleARN":{
+          "shape":"IAMRoleARN",
+          "documentation":"<p> The Amazon Resource Name (ARN) of the IAM role to be used by Amazon Simple Email Service while starting email contacts to the Amazon Connect instance. This role should have permission to invoke <code>connect:StartEmailContact</code> for the given Amazon Connect instance.</p>"
+        }
+      },
+      "documentation":"<p>When included in a receipt rule, this action parses the received message and starts an email contact in Amazon Connect on your behalf.</p> <note> <p>When you receive emails, the maximum email size (including headers) is 40 MB. Additionally, emails may only have up to 10 attachments. Emails larger than 40 MB or with more than 10 attachments will be bounced.</p> </note> <p>We recommend that you configure this action via Amazon Connect.</p>"
+    },
+    "ConnectInstanceArn":{
+      "type":"string",
+      "pattern":"arn:(aws|aws-us-gov):connect:[a-z]{2}-[a-z]+-[0-9-]{1}:[0-9]{1,20}:instance/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"
+    },
     "Content":{
       "type":"structure",
       "required":["Data"],
@@ -2450,7 +2472,7 @@
       "type":"string",
       "max":2048,
       "min":20,
-      "pattern":"arn:[\\w-]+:iam::[0-9]+:role/[\\w-]+"
+      "pattern":"arn:[\\w-]+:iam::[0-9]+:role(\\u002F)([\\u0021-\\u007E]+\\u002F)?([\\w+=,.@-]+)"
     },
     "Identity":{"type":"string"},
     "IdentityDkimAttributes":{
@@ -3243,6 +3265,10 @@
         "SNSAction":{
           "shape":"SNSAction",
           "documentation":"<p>Publishes the email content within a notification to Amazon SNS.</p>"
+        },
+        "ConnectAction":{
+          "shape":"ConnectAction",
+          "documentation":"<p>Parses the received message and starts an email contact in Amazon Connect on your behalf.</p>"
         }
       },
       "documentation":"<p>An action that Amazon SES can take when it receives an email on behalf of one or more email addresses or domains that you own. An instance of this data type can represent only one action.</p> <p>For information about setting up receipt rules, see the <a href=\"https://docs.aws.amazon.com/ses/latest/dg/receiving-email-receipt-rules-console-walkthrough.html\">Amazon SES Developer Guide</a>.</p>"
@@ -3497,7 +3523,7 @@
         },
         "KmsKeyArn":{
           "shape":"AmazonResourceName",
-          "documentation":"<p>The customer managed key that Amazon SES should use to encrypt your emails before saving them to the Amazon S3 bucket. You can use the default managed key or a custom managed key that you created in Amazon Web Services KMS as follows:</p> <ul> <li> <p>To use the default managed key, provide an ARN in the form of <code>arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses</code>. For example, if your Amazon Web Services account ID is 123456789012 and you want to use the default managed key in the US West (Oregon) Region, the ARN of the default master key would be <code>arn:aws:kms:us-west-2:123456789012:alias/aws/ses</code>. If you use the default managed key, you don't need to perform any extra steps to give Amazon SES permission to use the key.</p> </li> <li> <p>To use a custom managed key that you created in Amazon Web Services KMS, provide the ARN of the managed key and ensure that you add a statement to your key's policy to give Amazon SES permission to use it. For more information about giving permissions, see the <a href=\"https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html\">Amazon SES Developer Guide</a>.</p> </li> </ul> <p>For more information about key policies, see the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html\">Amazon Web Services KMS Developer Guide</a>. If you do not specify a managed key, Amazon SES does not encrypt your emails.</p> <important> <p>Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side encryption. This means that you must use the Amazon S3 encryption client to decrypt the email after retrieving it from Amazon S3, as the service has no access to use your Amazon Web Services KMS keys for decryption. This encryption client is currently available with the <a href=\"http://aws.amazon.com/sdk-for-java/\">Amazon Web Services SDK for Java</a> and <a href=\"http://aws.amazon.com/sdk-for-ruby/\">Amazon Web Services SDK for Ruby</a> only. For more information about client-side encryption using Amazon Web Services KMS managed keys, see the <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html\">Amazon S3 Developer Guide</a>.</p> </important>"
+          "documentation":"<p>The customer managed key that Amazon SES should use to encrypt your emails before saving them to the Amazon S3 bucket. You can use the Amazon Web Services managed key or a customer managed key that you created in Amazon Web Services KMS as follows:</p> <ul> <li> <p>To use the Amazon Web Services managed key, provide an ARN in the form of <code>arn:aws:kms:REGION:ACCOUNT-ID-WITHOUT-HYPHENS:alias/aws/ses</code>. For example, if your Amazon Web Services account ID is 123456789012 and you want to use the Amazon Web Services managed key in the US West (Oregon) Region, the ARN of the Amazon Web Services managed key would be <code>arn:aws:kms:us-west-2:123456789012:alias/aws/ses</code>. If you use the Amazon Web Services managed key, you don't need to perform any extra steps to give Amazon SES permission to use the key.</p> </li> <li> <p>To use a customer managed key that you created in Amazon Web Services KMS, provide the ARN of the customer managed key and ensure that you add a statement to your key's policy to give Amazon SES permission to use it. For more information about giving permissions, see the <a href=\"https://docs.aws.amazon.com/ses/latest/dg/receiving-email-permissions.html\">Amazon SES Developer Guide</a>.</p> </li> </ul> <p>For more information about key policies, see the <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html\">Amazon Web Services KMS Developer Guide</a>. If you do not specify an Amazon Web Services KMS key, Amazon SES does not encrypt your emails.</p> <important> <p>Your mail is encrypted by Amazon SES using the Amazon S3 encryption client before the mail is submitted to Amazon S3 for storage. It is not encrypted using Amazon S3 server-side encryption. This means that you must use the Amazon S3 encryption client to decrypt the email after retrieving it from Amazon S3, as the service has no access to use your Amazon Web Services KMS keys for decryption. This encryption client is currently available with the <a href=\"http://aws.amazon.com/sdk-for-java/\">Amazon Web Services SDK for Java</a> and <a href=\"http://aws.amazon.com/sdk-for-ruby/\">Amazon Web Services SDK for Ruby</a> only. For more information about client-side encryption using Amazon Web Services KMS managed keys, see the <a href=\"https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html\">Amazon S3 Developer Guide</a>.</p> </important>"
         },
         "IamRoleArn":{
           "shape":"IAMRoleARN",